95 final AuthenticatedClientSessionModel clientSession = clientSessionCtx.getClientSession();
96 final ClientModel client = clientSession.getClient();
98 DockerResponseToken responseToken =
new DockerResponseToken()
99 .id(KeycloakModelUtils.generateId())
100 .type(TokenUtil.TOKEN_TYPE_BEARER)
102 .subject(userSession.getUser().getUsername())
104 .audience(client.getClientId())
105 .issuedFor(client.getClientId());
108 final int accessTokenLifespan =
realm.getAccessTokenLifespan();
109 responseToken.notBefore(responseToken.getIssuedAt())
110 .expiration(responseToken.getIssuedAt() + accessTokenLifespan);
113 final Set<ProtocolMapperModel> mappings = clientSessionCtx.getProtocolMappers();
114 for (
final ProtocolMapperModel mapping : mappings) {
115 final ProtocolMapper mapper = (ProtocolMapper)
session.getKeycloakSessionFactory().getProviderFactory(ProtocolMapper.class, mapping.getProtocolMapper());
116 if (mapper instanceof DockerAuthV2AttributeMapper) {
117 final DockerAuthV2AttributeMapper dockerAttributeMapper = (DockerAuthV2AttributeMapper) mapper;
118 if (dockerAttributeMapper.appliesTo(responseToken)) {
119 responseToken = dockerAttributeMapper.transformDockerResponseToken(responseToken, mapping,
session, userSession, clientSession);
126 if (
event.getEvent() != null && EventType.LOGIN.equals(
event.getEvent().getType())) {
127 final KeyManager.ActiveRsaKey activeKey =
session.keys().getActiveRsaKey(
realm);
128 final String encodedToken =
new JWSBuilder()
129 .kid(
new DockerKeyIdentifier(activeKey.getPublicKey()).toString())
131 .jsonContent(responseToken)
132 .rsa256(activeKey.getPrivateKey());
133 final String expiresInIso8601String =
new SimpleDateFormat(
ISO_8601_DATE_FORMAT).format(
new Date(responseToken.getIssuedAt() * 1000L));
135 final DockerResponse responseEntity =
new DockerResponse()
136 .setToken(encodedToken)
137 .setExpires_in(accessTokenLifespan)
138 .setIssued_at(expiresInIso8601String);
139 return new ResponseBuilderImpl().status(Response.Status.OK).header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON).entity(responseEntity).build();
141 logger.errorv(
"Unable to handle request for event type {0}. Currently only LOGIN event types are supported by docker protocol.",
event.getEvent() == null ?
"null" :
event.getEvent().getType());
142 throw new ErrorResponseException(
"invalid_request",
"Event type not supported", Response.Status.BAD_REQUEST);
144 }
catch (
final InstantiationException e) {
145 logger.errorv(
"Error attempting to create Key ID for Docker JOSE header: ", e.getMessage());
146 throw new ErrorResponseException(
"token_error",
"Unable to construct JOSE header for JWT", Response.Status.INTERNAL_SERVER_ERROR);
static final String ISO_8601_DATE_FORMAT
Definition: DockerAuthV2Protocol.java:43
KeycloakSession session
Definition: DockerAuthV2Protocol.java:45
DockerAuthV2Protocol()
Definition: DockerAuthV2Protocol.java:51
EventBuilder event
Definition: DockerAuthV2Protocol.java:49
static final Logger logger
Definition: DockerAuthV2Protocol.java:36
RealmModel realm
Definition: DockerAuthV2Protocol.java:46