Chnaged to authenticate identity by using Bearer token or cookie and better handling of unauthorized calls
This commit is contained in:
parent
e9061b5fee
commit
1c1f8ea18e
|
@ -2,7 +2,6 @@ package org.gcube.keycloak.avatar;
|
|||
|
||||
import java.io.InputStream;
|
||||
|
||||
import javax.ws.rs.core.Response;
|
||||
import javax.ws.rs.core.StreamingOutput;
|
||||
|
||||
import org.apache.commons.io.IOUtils;
|
||||
|
@ -46,14 +45,6 @@ public abstract class AbstractAvatarResource {
|
|||
return keycloakSession.getProvider(AvatarStorageProvider.class);
|
||||
}
|
||||
|
||||
protected Response unauthorized() {
|
||||
return Response.status(Response.Status.UNAUTHORIZED).build();
|
||||
}
|
||||
|
||||
protected Response invalidState() {
|
||||
return Response.status(Response.Status.FORBIDDEN).build();
|
||||
}
|
||||
|
||||
protected void saveUserImage(RealmModel realm, UserModel user, InputStream imageInputStream) {
|
||||
getAvatarStorageProvider().saveAvatarImage(realm, user, imageInputStream);
|
||||
}
|
||||
|
|
|
@ -4,7 +4,9 @@ import java.io.InputStream;
|
|||
import java.util.Objects;
|
||||
|
||||
import javax.ws.rs.Consumes;
|
||||
import javax.ws.rs.ForbiddenException;
|
||||
import javax.ws.rs.GET;
|
||||
import javax.ws.rs.NotAuthorizedException;
|
||||
import javax.ws.rs.POST;
|
||||
import javax.ws.rs.Path;
|
||||
import javax.ws.rs.Produces;
|
||||
|
@ -17,9 +19,9 @@ import org.jboss.resteasy.annotations.cache.NoCache;
|
|||
import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataInput;
|
||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.services.managers.AppAuthManager;
|
||||
import org.keycloak.services.managers.AuthenticationManager;
|
||||
import org.keycloak.services.managers.AuthenticationManager.AuthResult;
|
||||
import org.keycloak.services.resources.RealmsResource;
|
||||
|
||||
public class AvatarResource extends AbstractAvatarResource {
|
||||
|
@ -31,14 +33,17 @@ public class AvatarResource extends AbstractAvatarResource {
|
|||
|
||||
public AvatarResource(KeycloakSession session) {
|
||||
super(session);
|
||||
this.auth = resolveAuthentication(session);
|
||||
auth = authenticate(session);
|
||||
}
|
||||
|
||||
private AuthenticationManager.AuthResult resolveAuthentication(KeycloakSession keycloakSession) {
|
||||
AppAuthManager appAuthManager = new AppAuthManager();
|
||||
RealmModel realm = keycloakSession.getContext().getRealm();
|
||||
|
||||
return appAuthManager.authenticateIdentityCookie(keycloakSession, realm);
|
||||
private AuthResult authenticate(KeycloakSession session) {
|
||||
logger.debug("Authenticating with bearer token");
|
||||
AuthResult auth = new AppAuthManager().authenticateBearerToken(session, session.getContext().getRealm());
|
||||
if (auth == null) {
|
||||
logger.debug("Authenticating with identity cookie");
|
||||
auth = new AppAuthManager().authenticateIdentityCookie(session, session.getContext().getRealm());
|
||||
}
|
||||
return auth;
|
||||
}
|
||||
|
||||
@Path("/admin")
|
||||
|
@ -53,8 +58,10 @@ public class AvatarResource extends AbstractAvatarResource {
|
|||
@Produces({ "image/png", "image/jpeg", "image/gif" })
|
||||
public Response downloadCurrentUserAvatarImage() {
|
||||
if (auth == null) {
|
||||
return unauthorized();
|
||||
logger.debug("Unhautorized call to get avatar");
|
||||
throw new NotAuthorizedException("Bearer");
|
||||
}
|
||||
logger.debugf("Getting avatar for user %s in realm %s", auth.getUser(), auth.getSession().getRealm());
|
||||
return Response.ok(fetchUserImage(auth.getSession().getRealm(), auth.getUser())).build();
|
||||
}
|
||||
|
||||
|
@ -63,13 +70,14 @@ public class AvatarResource extends AbstractAvatarResource {
|
|||
@Consumes(MediaType.MULTIPART_FORM_DATA)
|
||||
public Response uploadCurrentUserAvatarImage(MultipartFormDataInput input, @Context UriInfo uriInfo) {
|
||||
if (auth == null) {
|
||||
return unauthorized();
|
||||
throw new NotAuthorizedException("Bearer");
|
||||
}
|
||||
|
||||
if (!isValidStateChecker(input)) {
|
||||
return invalidState();
|
||||
throw new ForbiddenException("State");
|
||||
}
|
||||
|
||||
logger.debugf("Uploading new avatar for user %s in realm %s", auth.getUser(), auth.getSession().getRealm());
|
||||
try {
|
||||
InputStream imageInputStream = input.getFormDataPart(AVATAR_IMAGE_PARAMETER, InputStream.class, null);
|
||||
|
||||
|
|
Loading…
Reference in New Issue