@POST @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) @Path("/items") public LibraryItem addItem(@Context SecurityContext context, LibraryItem item) throws URISyntaxException { KeycloakPrincipal principal = (KeycloakPrincipal) context.getUserPrincipal(); item.setUserId(principal.getName()); em.persist(item); return item; } }
public void get(@Suspended final AsyncResponse asyncResponse, @Context SecurityContext context) { KeycloakPrincipal principal = (KeycloakPrincipal) context.getUserPrincipal(); String userId = principal.getName(); TypedQuery<LibraryItem> q = this.em.createQuery("SELECT li FROM LibraryItem li WHERE li.userId = :userId", LibraryItem.class); List<LibraryItem> items = q.setParameter("userId", userId).getResultList();
/** * Verify if we already have authenticated and active principal in cookie. Perform refresh if it's not active * * @return valid principal */ protected KeycloakPrincipal<RefreshableKeycloakSecurityContext> checkPrincipalFromCookie() { KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = CookieTokenStore.getPrincipalFromCookie(deployment, facade, this); if (principal == null) { log.fine("Account was not in cookie or was invalid"); return null; } RefreshableKeycloakSecurityContext session = principal.getKeycloakSecurityContext(); if (session.isActive() && !session.getDeployment().isAlwaysRefreshToken()) return principal; boolean success = session.refreshExpiredToken(false); if (success && session.isActive()) return principal; log.fine("Cleanup and expire cookie for user " + principal.getName() + " after failed refresh"); request.setUserPrincipal(null); request.setAuthType(null); CookieTokenStore.removeCookie(deployment, facade); return null; } }
/** * Verify if we already have authenticated and active principal in cookie. Perform refresh if it's not active * * @return valid principal */ protected KeycloakPrincipal<RefreshableKeycloakSecurityContext> checkPrincipalFromCookie() { KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = CookieTokenStore.getPrincipalFromCookie(deployment, facade, this); if (principal == null) { log.fine("Account was not in cookie or was invalid"); return null; } RefreshableKeycloakSecurityContext session = principal.getKeycloakSecurityContext(); if (session.isActive() && !session.getDeployment().isAlwaysRefreshToken()) return principal; boolean success = session.refreshExpiredToken(false); if (success && session.isActive()) return principal; log.fine("Cleanup and expire cookie for user " + principal.getName() + " after failed refresh"); request.setUserPrincipal(null); request.setAuthType(null); CookieTokenStore.removeCookie(deployment, facade); return null; } }
/** * Verify if we already have authenticated and active principal in cookie. Perform refresh if it's not active * * @return valid principal */ protected KeycloakPrincipal<RefreshableKeycloakSecurityContext> checkPrincipalFromCookie() { KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = CookieTokenStore.getPrincipalFromCookie(deployment, facade, this); if (principal == null) { log.debug("Account was not in cookie or was invalid"); return null; } RefreshableKeycloakSecurityContext session = principal.getKeycloakSecurityContext(); if (session.isActive() && !session.getDeployment().isAlwaysRefreshToken()) return principal; boolean success = session.refreshExpiredToken(false); if (success && session.isActive()) return principal; log.debugf("Cleanup and expire cookie for user %s after failed refresh", principal.getName()); CookieTokenStore.removeCookie(deployment, facade); return null; }
/** * Verify if we already have authenticated and active principal in cookie. Perform refresh if it's not active * * @return valid principal */ protected KeycloakPrincipal<RefreshableKeycloakSecurityContext> checkPrincipalFromCookie() { KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = CookieTokenStore.getPrincipalFromCookie(deployment, facade, this); if (principal == null) { log.debug("Account was not in cookie or was invalid"); return null; } RefreshableKeycloakSecurityContext session = principal.getKeycloakSecurityContext(); if (session.isActive() && !session.getDeployment().isAlwaysRefreshToken()) return principal; boolean success = session.refreshExpiredToken(false); if (success && session.isActive()) return principal; log.debugf("Cleanup and expire cookie for user %s after failed refresh", principal.getName()); CookieTokenStore.removeCookie(deployment, facade); return null; }
/** * Create a successful result. * * @param authentication valid credentials */ public AuthResults(Authentication authentication) { Object username = null; Object details = null; if (authentication.getDetails() instanceof SimpleKeycloakAccount) { details = (SimpleKeycloakAccount) authentication.getDetails(); assert ((SimpleKeycloakAccount) details).getPrincipal() instanceof KeycloakPrincipal; final KeycloakPrincipal principal = (KeycloakPrincipal) ((SimpleKeycloakAccount) details).getPrincipal(); username = principal.getName(); if (principal.getKeycloakSecurityContext().getIdToken() != null) { username = principal.getKeycloakSecurityContext().getIdToken().getPreferredUsername(); } } else { username = authentication.getPrincipal(); details = authentication.getDetails(); } this.authentication = new UsernamePasswordAuthenticationToken( username, authentication.getCredentials(), authentication.getAuthorities()); ((UsernamePasswordAuthenticationToken) this.authentication).setDetails(details); this.challenge = null; }
protected void completeAuthentication(BearerTokenRequestAuthenticator bearer, String method) { RefreshableKeycloakSecurityContext session = new RefreshableKeycloakSecurityContext(deployment, null, bearer.getTokenString(), bearer.getToken(), null, null, null); final KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = new KeycloakPrincipal<RefreshableKeycloakSecurityContext>(AdapterUtils.getPrincipalName(deployment, bearer.getToken()), session); completeBearerAuthentication(principal, method); log.debugv("User ''{0}'' invoking ''{1}'' on client ''{2}''", principal.getName(), facade.getRequest().getURI(), deployment.getResourceName()); }
@Produces @CurrentUser @Override public HawkularUser getCurrent() { Principal p = sessionContext.getCallerPrincipal(); if (!(p instanceof KeycloakPrincipal)) { logger.nonAuthRequestWantsPersona(); return null; } KeycloakPrincipal principal = (KeycloakPrincipal) p; String id = principal.getName(); String name = principal.getKeycloakSecurityContext().getToken().getName(); String email = principal.getKeycloakSecurityContext().getToken().getEmail(); HawkularUser user = getOrCreateByIdAndName(id, name); boolean needsUpdate = false; if (!name.equals(user.getName())) { logger.settingUsersName(id, name, user.getName()); user.setName(name); needsUpdate = true; } if (null != email && !email.equals(user.getEmail())) { logger.settingUsersEmail(id, email, user.getEmail()); user.setEmail(email); needsUpdate = true; } if (needsUpdate) { return update(user); } return user; }
protected void completeAuthentication(OAuthRequestAuthenticator oauth) { RefreshableKeycloakSecurityContext session = new RefreshableKeycloakSecurityContext(deployment, tokenStore, oauth.getTokenString(), oauth.getToken(), oauth.getIdTokenString(), oauth.getIdToken(), oauth.getRefreshToken()); final KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = new KeycloakPrincipal<RefreshableKeycloakSecurityContext>(AdapterUtils.getPrincipalName(deployment, oauth.getToken()), session); completeOAuthAuthentication(principal); log.debugv("User ''{0}'' invoking ''{1}'' on client ''{2}''", principal.getName(), facade.getRequest().getURI(), deployment.getResourceName()); }