@Override public Object getCredentials() { return this.getAccount().getKeycloakSecurityContext(); }
@Override public void saveAccountInfo(OidcKeycloakAccount account) { RefreshableKeycloakSecurityContext securityContext = (RefreshableKeycloakSecurityContext) account.getKeycloakSecurityContext(); Set<String> roles = account.getRoles(); SerializableKeycloakAccount sAccount = new SerializableKeycloakAccount(roles, account.getPrincipal(), securityContext); HttpSession httpSession = request.getSession(); httpSession.setAttribute(KeycloakAccount.class.getName(), sAccount); httpSession.setAttribute(KeycloakSecurityContext.class.getName(), sAccount.getKeycloakSecurityContext()); if (idMapper != null) idMapper.map(account.getKeycloakSecurityContext().getToken().getSessionState(), account.getPrincipal().getName(), httpSession.getId()); //String username = securityContext.getToken().getSubject(); //log.fine("userSessionManagement.login: " + username); }
@Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { KeycloakAuthenticationToken token = (KeycloakAuthenticationToken) authentication; List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>(); for (String role : token.getAccount().getRoles()) { grantedAuthorities.add(new KeycloakRole(role)); } return new KeycloakAuthenticationToken(token.getAccount(), token.isInteractive(), mapAuthorities(grantedAuthorities)); }
@Override public void saveAccountInfo(OidcKeycloakAccount account) { RefreshableKeycloakSecurityContext securityContext = (RefreshableKeycloakSecurityContext) account.getKeycloakSecurityContext(); request.getSession().setAttribute(KeycloakSecurityContext.class.getName(), securityContext); }
@Override public void saveAccountInfo(OidcKeycloakAccount account) { RefreshableKeycloakSecurityContext securityContext = (RefreshableKeycloakSecurityContext) account.getKeycloakSecurityContext(); Set<String> roles = account.getRoles(); GenericPrincipal principal = principalFactory.createPrincipal(request.getContext().getRealm(), account.getPrincipal(), roles); SerializableKeycloakAccount sAccount = new SerializableKeycloakAccount(roles, account.getPrincipal(), securityContext); Session session = request.getSessionInternal(true); session.setPrincipal(principal); session.setAuthType("KEYCLOAK"); session.getSession().setAttribute(SerializableKeycloakAccount.class.getName(), sAccount); session.getSession().setAttribute(KeycloakSecurityContext.class.getName(), account.getKeycloakSecurityContext()); String username = securityContext.getToken().getSubject(); log.fine("userSessionManagement.login: " + username); this.sessionManagement.login(session); }
@Override public void saveAccountInfo(OidcKeycloakAccount account) { RefreshableKeycloakSecurityContext securityContext = (RefreshableKeycloakSecurityContext)account.getKeycloakSecurityContext(); CookieTokenStore.setTokenCookie(deployment, facade, securityContext); }
@Override public void saveAccountInfo(OidcKeycloakAccount account) { RefreshableKeycloakSecurityContext securityContext = (RefreshableKeycloakSecurityContext) account.getKeycloakSecurityContext(); Set<String> roles = account.getRoles(); GenericPrincipal principal = principalFactory.createPrincipal(request.getContext().getRealm(), account.getPrincipal(), roles); SerializableKeycloakAccount sAccount = new SerializableKeycloakAccount(roles, account.getPrincipal(), securityContext); Session session = request.getSessionInternal(true); session.setPrincipal(principal); session.setAuthType("KEYCLOAK"); session.getSession().setAttribute(SerializableKeycloakAccount.class.getName(), sAccount); session.getSession().setAttribute(KeycloakSecurityContext.class.getName(), account.getKeycloakSecurityContext()); String username = securityContext.getToken().getSubject(); log.fine("userSessionManagement.login: " + username); this.sessionManagement.login(session); }
@Override public void saveAccountInfo(OidcKeycloakAccount account) { RefreshableKeycloakSecurityContext secContext = (RefreshableKeycloakSecurityContext)account.getKeycloakSecurityContext(); CookieTokenStore.setTokenCookie(deployment, facade, secContext); }
@Override public KeycloakSecurityContext getSecurityContext() { SecurityContext context = SecurityContextHolder.getContext(); if (context != null && context.getAuthentication() != null) { KeycloakAuthenticationToken authentication = (KeycloakAuthenticationToken) context.getAuthentication(); return authentication.getAccount().getKeycloakSecurityContext(); } return null; }
@Override public void saveAccountInfo(OidcKeycloakAccount account) { RefreshableKeycloakSecurityContext securityContext = (RefreshableKeycloakSecurityContext) account.getKeycloakSecurityContext(); request.getSession().setAttribute(KeycloakSecurityContext.class.getName(), securityContext); }
@Override public void saveAccountInfo(OidcKeycloakAccount account) { RefreshableKeycloakSecurityContext securityContext = (RefreshableKeycloakSecurityContext)account.getKeycloakSecurityContext(); CookieTokenStore.setTokenCookie(deployment, facade, securityContext); }
@Override public void saveAccountInfo(OidcKeycloakAccount account) { RefreshableKeycloakSecurityContext securityContext = (RefreshableKeycloakSecurityContext)account.getKeycloakSecurityContext(); CookieTokenStore.setTokenCookie(deployment, facade, securityContext); }
@Override public void saveAccountInfo(OidcKeycloakAccount account) { RefreshableKeycloakSecurityContext securityContext = (RefreshableKeycloakSecurityContext)account.getKeycloakSecurityContext(); CookieTokenStore.setTokenCookie(deployment, facade, securityContext); }
@Override public void saveAccountInfo(OidcKeycloakAccount account) { RefreshableKeycloakSecurityContext secContext = (RefreshableKeycloakSecurityContext)account.getKeycloakSecurityContext(); CookieTokenStore.setTokenCookie(deployment, facade, secContext); }
/** * Returns the {@link KeycloakSecurityContext} from the Spring {@link SecurityContextHolder}'s {@link Authentication}. * * @return the current <code>KeycloakSecurityContext</code> */ protected KeycloakSecurityContext getKeycloakSecurityContext() { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); KeycloakAuthenticationToken token; KeycloakSecurityContext context; if (authentication == null) { throw new IllegalStateException("Cannot set authorization header because there is no authenticated principal"); } if (!KeycloakAuthenticationToken.class.isAssignableFrom(authentication.getClass())) { throw new IllegalStateException( String.format( "Cannot set authorization header because Authentication is of type %s but %s is required", authentication.getClass(), KeycloakAuthenticationToken.class) ); } token = (KeycloakAuthenticationToken) authentication; context = token.getAccount().getKeycloakSecurityContext(); return context; } }
private String getProfileAccessToken(@NonNull KeycloakAuthenticationToken token, @NonNull Provider provider) { HttpClient httpclient = HttpClientBuilder.create().build(); // the http-client, that will send the request HttpGet httpGet = new HttpGet(keycloakUrl + "/realms/fundrequest/broker/" + provider.name().toLowerCase() + "/token"); // the http GET request httpGet.addHeader("Authorization", "Bearer " + token.getAccount().getKeycloakSecurityContext().getTokenString()); try { HttpResponse response = httpclient.execute(httpGet); if (response.getStatusLine().getStatusCode() != 200) { throw new RuntimeException("An error occurred when contacting IDP"); } return getProviderAccessToken(provider, response); } catch (IOException e) { throw new RuntimeException(e); } }
@Nonnull @Override protected SimpleSessionInfo newSessionInfo() { final OidcKeycloakAccount account = _authService.getAccount(); final String userID = account.getKeycloakSecurityContext().getToken().getId(); final String sessionID = UUID.randomUUID().toString(); return new SimpleSessionInfo( userID, sessionID ); } }
@Override public void saveAccountInfo(OidcKeycloakAccount account) { final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); HttpSession session = getSession(true); session.setAttribute(KeycloakUndertowAccount.class.getName(), account); session.setAttribute(KeycloakSecurityContext.class.getName(), account.getKeycloakSecurityContext()); sessionManagement.login(servletRequestContext.getDeployment().getSessionManager()); }
@Override public void saveAccountInfo(OidcKeycloakAccount account) { final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); HttpSession session = getSession(true); session.setAttribute(KeycloakUndertowAccount.class.getName(), account); session.setAttribute(KeycloakSecurityContext.class.getName(), account.getKeycloakSecurityContext()); sessionManagement.login(servletRequestContext.getDeployment().getSessionManager()); }
@Override public boolean isCached(RequestAuthenticator authenticator) { logger.debug("Checking if {} is cached", authenticator); SecurityContext context = SecurityContextHolder.getContext(); KeycloakAuthenticationToken token; KeycloakSecurityContext keycloakSecurityContext; if (context == null || context.getAuthentication() == null) { return false; } if (!KeycloakAuthenticationToken.class.isAssignableFrom(context.getAuthentication().getClass())) { logger.warn("Expected a KeycloakAuthenticationToken, but found {}", context.getAuthentication()); return false; } logger.debug("Remote logged in already. Establishing state from security context."); token = (KeycloakAuthenticationToken) context.getAuthentication(); keycloakSecurityContext = token.getAccount().getKeycloakSecurityContext(); if (!deployment.getRealm().equals(keycloakSecurityContext.getRealm())) { logger.debug("Account from security context is from a different realm than for the request."); logout(); return false; } if (keycloakSecurityContext.getToken().isExpired()) { logger.warn("Security token expired ... not returning from cache"); return false; } request.setAttribute(KeycloakSecurityContext.class.getName(), keycloakSecurityContext); return true; }