Make sure the Keycloak KEYCLOAK_ADAPTER_STATE cookie is updated after…

… a successfull login

src/modules/rest/impl/src/main/java/it/geosolutions/geostore/services/rest/security/keycloak/GeoStoreKeycloakAuthProvider.java

@@ -76,7 +76,6 @@ public GeoStoreKeycloakAuthProvider(KeyCloakConfiguration configuration) {
     @Override
     public Authentication authenticate(Authentication authentication)
             throws AuthenticationException {
-
         KeycloakAuthenticationToken token = (KeycloakAuthenticationToken) authentication;
         OidcKeycloakAccount account = token.getAccount();
         KeycloakSecurityContext context = account.getKeycloakSecurityContext();
@@ -127,7 +126,7 @@ public Authentication authenticate(Authentication authentication)
         User user = retrieveUser(username, "", grantedAuthoritiesMapper, keycloakGroups);
         addEveryOne(user.getGroups());
         if (user.getRole() == null) {
-            // no role get the one configured to be default for authenticated users.
+            // no role gets the one configured to be default for authenticated users.
             Role defRole = configuration.getAuthenticatedDefaultRole();
             user.setRole(defRole);
         }

src/modules/rest/impl/src/main/java/it/geosolutions/geostore/services/rest/security/keycloak/KeyCloakFilter.java

@@ -29,12 +29,13 @@
 
 import static it.geosolutions.geostore.services.rest.SessionServiceDelegate.PROVIDER_KEY;
 import static it.geosolutions.geostore.services.rest.security.keycloak.KeyCloakLoginService.KEYCLOAK_REDIRECT;
-import static it.geosolutions.geostore.services.rest.security.oauth2.OAuth2Utils.ACCESS_TOKEN_PARAM;
-import static it.geosolutions.geostore.services.rest.security.oauth2.OAuth2Utils.REFRESH_TOKEN_PARAM;
+import static it.geosolutions.geostore.services.rest.security.oauth2.OAuth2Utils.*;
+import static it.geosolutions.geostore.services.rest.security.oauth2.OAuth2Utils.getResponse;
 
 import it.geosolutions.geostore.services.UserService;
 import it.geosolutions.geostore.services.rest.security.TokenAuthenticationCache;
 import it.geosolutions.geostore.services.rest.security.oauth2.OAuth2Utils;
+import it.geosolutions.geostore.services.rest.utils.GeoStoreContext;
 import java.io.IOException;
 import java.util.Date;
 import javax.servlet.FilterChain;
@@ -48,6 +49,8 @@
 import org.keycloak.adapters.KeycloakDeployment;
 import org.keycloak.adapters.RequestAuthenticator;
 import org.keycloak.adapters.spi.AuthOutcome;
+import org.keycloak.adapters.spi.HttpFacade;
+import org.keycloak.adapters.springsecurity.facade.SimpleHttpFacade;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -160,10 +163,16 @@ protected Authentication authenticateAndUpdateCache(
     protected void updateCache(Authentication authentication) {
         Object details = authentication.getDetails();
         if (details instanceof KeycloakTokenDetails) {
+            KeyCloakHelper helper = GeoStoreContext.bean(KeyCloakHelper.class);
             KeycloakTokenDetails keycloakDetails = (KeycloakTokenDetails) details;
             String accessToken = keycloakDetails.getAccessToken();
             if (accessToken != null) {
                 cache.putCacheEntry(accessToken, authentication);
+                if (helper != null) {
+                    HttpFacade facade = new SimpleHttpFacade(getRequest(), getResponse());
+                    KeycloakDeployment deployment = helper.getDeployment(facade);
+                    KeycloakCookieUtils.setTokenCookie(deployment, facade, keycloakDetails);
+                }
             }
         }
     }

src/modules/rest/impl/src/main/java/it/geosolutions/geostore/services/rest/security/keycloak/KeycloakCookieUtils.java

@@ -45,7 +45,7 @@ static void setTokenCookie(
         String cookie = accessToken + SEPARATOR + idToken + SEPARATOR + refreshToken;
 
         String cookiePath = getCookiePath(deployment, facade);
-        // forces the expiration of the old keycloak cookie after refresh token. Keycloak doesn't do
+        // Forces the expiration of the old keycloak cookie after refresh token. Keycloak doesn't do
         // it for us.
         facade.getResponse()
                 .setCookie(