private boolean keycloakIsLoggedIn() { return keycloakSecurityContext != null && keycloakSecurityContext.getToken() != null; }
public KeycloakLoggedInUser(HttpServletRequest httpServletRequest) { try { KeycloakSecurityContext keycloakSecurityContext = (KeycloakSecurityContext) httpServletRequest.getAttribute(KeycloakSecurityContext.class.getName()); if(keycloakSecurityContext == null) { handleAuthenticationProblem("KeycloakSecurityContext not available in the HttpServletRequest."); } else { this.auth = keycloakSecurityContext.getToken(); this.tokenString = keycloakSecurityContext.getTokenString(); } } catch (NoClassDefFoundError ncdfe) { handleAuthenticationProblem(ncdfe.getMessage(), ncdfe); } }
return Arrays.asList(securityContext.getTokenString()); return Arrays.asList(securityContext.getIdTokenString()); jsonNode = JsonSerialization.mapper.valueToTree(securityContext.getToken()); } else if (source.startsWith("id_token[")) { jsonNode = JsonSerialization.mapper.valueToTree(securityContext.getIdToken()); } else { throw new RuntimeException("Invalid placeholder [" + placeHolder + "]");
@Override public Optional<String> accessToken() { KeycloakSecurityContext ksc = (KeycloakSecurityContext) sr .getAttribute(KeycloakSecurityContext.class.getName()); if (ksc == null) { return Optional.empty(); } return Optional.of(ksc.getTokenString()); } }
@Override public boolean isCached(RequestAuthenticator authenticator) { logger.debug("Checking if {} is cached", authenticator); SecurityContext context = SecurityContextHolder.getContext(); KeycloakAuthenticationToken token; KeycloakSecurityContext keycloakSecurityContext; if (context == null || context.getAuthentication() == null) { return false; } if (!KeycloakAuthenticationToken.class.isAssignableFrom(context.getAuthentication().getClass())) { logger.warn("Expected a KeycloakAuthenticationToken, but found {}", context.getAuthentication()); return false; } logger.debug("Remote logged in already. Establishing state from security context."); token = (KeycloakAuthenticationToken) context.getAuthentication(); keycloakSecurityContext = token.getAccount().getKeycloakSecurityContext(); if (!deployment.getRealm().equals(keycloakSecurityContext.getRealm())) { logger.debug("Account from security context is from a different realm than for the request."); logout(); return false; } if (keycloakSecurityContext.getToken().isExpired()) { logger.warn("Security token expired ... not returning from cache"); return false; } request.setAttribute(KeycloakSecurityContext.class.getName(), keycloakSecurityContext); return true; }
@Before public void setup() throws Exception { when(request.getAttribute(KeycloakSecurityContext.class.getName())).thenReturn(context); when(request.getSession()).thenReturn(session); when(session.getAttribute(KeycloakSecurityContext.class.getName())).thenReturn(context); when(context.getTokenString()).thenReturn("token1"); when(context.getRealm()).thenReturn("realm1"); this.tested = new KCAdapterContextTokenManager(request); }
@GET // @RolesAllowed("user") public DrawView show() { KeycloakSecurityContext session = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName()); DrawBean bean = new DrawBean(); DrawView view = new DrawView(bean); bean.setIdToken(session.getIdToken()); return view; }
@Override public String getRealm() { return getKCSessionContext().getRealm(); }
public Optional<String> token() { return Optional.ofNullable(contextHolder.get()).map(c -> c.getTokenString()); }
@Before public void setup() throws Exception { when(request.getAttribute(KeycloakSecurityContext.class.getName())).thenReturn(context); when(request.getSession()).thenReturn(session); when(session.getAttribute(KeycloakSecurityContext.class.getName())).thenReturn(context); when(context.getTokenString()).thenReturn("token1"); when(context.getRealm()).thenReturn("realm1"); this.tested = new KCAdapterContextTokenManager(request); }
@POST @Path("/draw") @RolesAllowed("user") public DrawView draw(@FormParam("date") String dateAsString) { KeycloakSecurityContext session = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName()); DrawBean bean = new DrawBean(); LocalDate date = LocalDate.parse(dateAsString); bean.setDraw(DrawingService.drawNumbers(date)); DrawView view = new DrawView(bean); bean.setIdToken(session.getIdToken()); return view; }
@Override public String getRealm() { return getKCSessionContext().getRealm(); }
private Optional<AccessToken> token() { KeycloakSecurityContext ksc = (KeycloakSecurityContext) sr .getAttribute(KeycloakSecurityContext.class.getName()); if (ksc == null) { return Optional.empty(); } return Optional.of(ksc.getToken()); }
/** * @see io.apicurio.hub.api.security.ILinkedAccountsProvider#deleteLinkedAccount(io.apicurio.hub.api.beans.LinkedAccountType) */ @Override public void deleteLinkedAccount(LinkedAccountType type) throws IOException { try { KeycloakSecurityContext session = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName()); String authServerRootUrl = config.getKeycloakAuthUrl(); String realm = config.getKeycloakRealm(); String provider = type.alias(); session.getToken().getSessionState(); String url = KeycloakUriBuilder.fromUri(authServerRootUrl) .path("/realms/{realm}/account/federated-identity-update") .queryParam("action", "REMOVE").queryParam("provider_id", provider).build(realm) .toString(); logger.debug("Deleting identity provider using URL: {}", url); HttpGet get = new HttpGet(url); get.addHeader("Accept", "application/json"); get.addHeader("Authorization", "Bearer " + session.getTokenString()); try (CloseableHttpResponse response = httpClient.execute(get)) { if (response.getStatusLine().getStatusCode() != 200) { logger.debug("HTTP Response Status Code when deleting identity provider: {}", response.getStatusLine().getStatusCode()); } } } catch (Exception e) { throw new IOException("Error deleting linked account.", e); } }
@Override public String getTokenString() { refreshExpiredToken(true); return super.getTokenString(); }
/** * Create a successful result. * * @param authentication valid credentials */ public AuthResults(Authentication authentication) { Object username = null; Object details = null; if (authentication.getDetails() instanceof SimpleKeycloakAccount) { details = (SimpleKeycloakAccount) authentication.getDetails(); assert ((SimpleKeycloakAccount) details).getPrincipal() instanceof KeycloakPrincipal; final KeycloakPrincipal principal = (KeycloakPrincipal) ((SimpleKeycloakAccount) details).getPrincipal(); username = principal.getName(); if (principal.getKeycloakSecurityContext().getIdToken() != null) { username = principal.getKeycloakSecurityContext().getIdToken().getPreferredUsername(); } } else { username = authentication.getPrincipal(); details = authentication.getDetails(); } this.authentication = new UsernamePasswordAuthenticationToken( username, authentication.getCredentials(), authentication.getAuthorities()); ((UsernamePasswordAuthenticationToken) this.authentication).setDetails(details); this.challenge = null; }
@Override public AccessToken getToken() { refreshExpiredToken(true); return super.getToken(); }
auth.setType(StudioConfigAuthType.token); auth.setLogoutUrl(((HttpServletRequest) request).getContextPath() + "/logout"); auth.setToken(session.getTokenString()); auth.setTokenRefreshPeriod(expirationToRefreshPeriod(session.getToken().getExpiration())); httpSession.setAttribute(RequestAttributeKeys.AUTH_KEY, auth); AccessToken token = session.getToken(); if (token != null) { User user = new User();
@Override public String getAccessTokenString() { return getKCSessionContext().getTokenString(); }
/** * @see io.apiman.manager.api.security.impl.DefaultSecurityContext#getFullName() */ @Override public String getFullName() { HttpServletRequest request = DefaultSecurityContext.servletRequest.get(); org.keycloak.KeycloakSecurityContext session = (org.keycloak.KeycloakSecurityContext) request.getAttribute(org.keycloak.KeycloakSecurityContext.class.getName()); if (session != null) { return session.getToken().getName(); } else { return null; } }