Java Code Examples for org.keycloak.representations.idm.RealmRepresentation#setRevokeRefreshToken()

The following examples show how to use org.keycloak.representations.idm.RealmRepresentation#setRevokeRefreshToken() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: KeycloakRealmResourceManager.java    From quarkus with Apache License 2.0 6 votes vote down vote up 
@Override
public Map<String, String> start() {

    try {

        RealmRepresentation realm = createRealm(KEYCLOAK_REALM);
        createRealmInKeycloak(realm);
        realms.add(realm);

        RealmRepresentation logoutRealm = createRealm("logout-realm");
        // revoke refresh tokens so that they can only be used once
        logoutRealm.setRevokeRefreshToken(true);
        logoutRealm.setRefreshTokenMaxReuse(0);
        logoutRealm.setSsoSessionMaxLifespan(15);
        logoutRealm.setAccessTokenLifespan(5);
        createRealmInKeycloak(logoutRealm);
        realms.add(logoutRealm);

    } catch (IOException e) {
        throw new RuntimeException(e);
    }
    return Collections.emptyMap();
}
Example 2
Source File: DemoServletsAdapterTest.java    From keycloak with Apache License 2.0 4 votes vote down vote up 
@Test
public void testTokenConcurrentRefresh() {
    RealmResource demoRealm = adminClient.realm("demo");
    RealmRepresentation demo = demoRealm.toRepresentation();

    demo.setAccessTokenLifespan(2);
    demo.setRevokeRefreshToken(true);
    demo.setRefreshTokenMaxReuse(0);

    demoRealm.update(demo);

    // Login
    tokenRefreshPage.navigateTo();
    assertTrue(testRealmLoginPage.form().isUsernamePresent());
    assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
    testRealmLoginPage.form().login("[email protected]", "password");
    assertCurrentUrlEquals(tokenRefreshPage);

    setAdapterAndServerTimeOffset(5, tokenRefreshPage.toString());

    BasicCookieStore cookieStore = new BasicCookieStore();
    BasicClientCookie jsessionid = new BasicClientCookie("JSESSIONID", driver.manage().getCookieNamed("JSESSIONID").getValue());

    jsessionid.setDomain("localhost");
    jsessionid.setPath("/");
    cookieStore.addCookie(jsessionid);

    ExecutorService executor = Executors.newWorkStealingPool();
    CompletableFuture future = CompletableFuture.completedFuture(null);

    try {
        for (int i = 0; i < 5; i++) {
            future = CompletableFuture.allOf(future, CompletableFuture.runAsync(() -> {
                try (CloseableHttpClient client = HttpClientBuilder.create().setDefaultCookieStore(cookieStore)
                        .build()) {
                    HttpUriRequest request = new HttpGet(tokenRefreshPage.getInjectedUrl().toString());
                    try (CloseableHttpResponse httpResponse = client.execute(request)) {
                        assertTrue("Token not refreshed", EntityUtils.toString(httpResponse.getEntity()).contains("accessToken"));
                    }
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }, executor));
        }
        
        future.join();
    } finally {
        executor.shutdownNow();
    }

    // Revert times
    setAdapterAndServerTimeOffset(0, tokenRefreshPage.toString());
}
Example 3
Source File: RealmManager.java    From keycloak with Apache License 2.0 4 votes vote down vote up 
public RealmManager revokeRefreshToken(boolean enable) {
    RealmRepresentation rep = realm.toRepresentation();
    rep.setRevokeRefreshToken(enable);
    realm.update(rep);
    return this;
}
Example 4
Source File: LastSessionRefreshCrossDCTest.java    From keycloak with Apache License 2.0 4 votes vote down vote up 
@Test
public void testRevokeRefreshToken(@JmxInfinispanCacheStatistics(dc=DC.FIRST, managementPortProperty = "cache.server.management.port", cacheName=InfinispanConnectionProvider.USER_SESSION_CACHE_NAME) InfinispanStatistics sessionCacheDc1Stats,
                                   @JmxInfinispanCacheStatistics(dc=DC.SECOND, managementPortProperty = "cache.server.2.management.port", cacheName=InfinispanConnectionProvider.USER_SESSION_CACHE_NAME) InfinispanStatistics sessionCacheDc2Stats,
                                   @JmxInfinispanCacheStatistics(dc=DC.FIRST, managementPortProperty = "cache.server.management.port", cacheName=InfinispanConnectionProvider.CLIENT_SESSION_CACHE_NAME) InfinispanStatistics clientSessionCacheDc1Stats,
                                   @JmxInfinispanCacheStatistics(dc=DC.SECOND, managementPortProperty = "cache.server.2.management.port", cacheName=InfinispanConnectionProvider.CLIENT_SESSION_CACHE_NAME) InfinispanStatistics clientSessionCacheDc2Stats

) {
    // Enable revokeRefreshToken
    RealmRepresentation realmRep = testRealm().toRepresentation();
    realmRep.setRevokeRefreshToken(true);
    testRealm().update(realmRep);

    // Enable second DC
    enableDcOnLoadBalancer(DC.SECOND);

    sessionCacheDc1Stats.reset();
    sessionCacheDc2Stats.reset();
    clientSessionCacheDc1Stats.reset();
    clientSessionCacheDc2Stats.reset();

    // Get statistics
    AtomicLong sessionStoresDc1 = new AtomicLong(getStores(sessionCacheDc1Stats));
    AtomicLong sessionStoresDc2 = new AtomicLong(getStores(sessionCacheDc2Stats));
    AtomicLong clientSessionStoresDc1 = new AtomicLong(getStores(clientSessionCacheDc1Stats));
    AtomicLong clientSessionStoresDc2 = new AtomicLong(getStores(clientSessionCacheDc2Stats));
    AtomicInteger lsrDc1 = new AtomicInteger(-1);
    AtomicInteger lsrDc2 = new AtomicInteger(-1);

    // Login
    OAuthClient.AuthorizationEndpointResponse response1 = oauth.doLogin("test-user@localhost", "password");
    String code = response1.getCode();
    OAuthClient.AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code, "password");
    Assert.assertNotNull(tokenResponse.getAccessToken());
    String sessionId = oauth.verifyToken(tokenResponse.getAccessToken()).getSessionState();
    String refreshToken1 = tokenResponse.getRefreshToken();


    // Assert statistics - sessions created on both DCs and created on remoteCaches too
    assertStatistics("After session created", sessionId, sessionCacheDc1Stats, sessionCacheDc2Stats, clientSessionCacheDc1Stats, clientSessionCacheDc2Stats,
            sessionStoresDc1, sessionStoresDc2, clientSessionStoresDc1, clientSessionStoresDc2,
            lsrDc1, lsrDc2, true, true, true, false);


    // Set time offset to some point in future. TODO This won't be needed once we have single-use cache based solution for refresh tokens
    setTimeOffset(10);

    // refresh token on DC1
    disableDcOnLoadBalancer(DC.SECOND);
    tokenResponse = oauth.doRefreshTokenRequest(refreshToken1, "password");
    String refreshToken2 = tokenResponse.getRefreshToken();

    // Assert statistics - sessions updated on both DCs and on remoteCaches too
    assertStatistics("After time offset 10", sessionId, sessionCacheDc1Stats, sessionCacheDc2Stats, clientSessionCacheDc1Stats, clientSessionCacheDc2Stats,
            sessionStoresDc1, sessionStoresDc2, clientSessionStoresDc1, clientSessionStoresDc2,
            lsrDc1, lsrDc2, true, true, true, false);

    // try refresh with old token on DC2. It should fail.
    disableDcOnLoadBalancer(DC.FIRST);
    enableDcOnLoadBalancer(DC.SECOND);
    tokenResponse = oauth.doRefreshTokenRequest(refreshToken1, "password");
    Assert.assertNull("Expecting no access token present", tokenResponse.getAccessToken());
    Assert.assertNotNull(tokenResponse.getError());

    // try refresh with new token on DC2. It should pass.
    tokenResponse = oauth.doRefreshTokenRequest(refreshToken2, "password");
    Assert.assertNotNull(tokenResponse.getAccessToken());
    Assert.assertNull(tokenResponse.getError());

    // Revert
    realmRep = testRealm().toRepresentation();
    realmRep.setRevokeRefreshToken(false);
    testRealm().update(realmRep);
}