public static KeycloakPrincipal<RefreshableKeycloakSecurityContext> createPrincipal(KeycloakDeployment deployment, RefreshableKeycloakSecurityContext securityContext) { return new KeycloakPrincipal<RefreshableKeycloakSecurityContext>(getPrincipalName(deployment, securityContext.getToken()), securityContext); } }
public void authenticatedRequest(KeycloakUndertowAccount account, HttpServerExchange exchange) throws Exception { if (account != null) { IDToken idToken = account.getKeycloakSecurityContext().getToken(); if (idToken == null) return; if (idToken.getSubject() != null) { exchange.getRequestHeaders().put(httpHeaderNames.get(KEYCLOAK_SUBJECT), idToken.getSubject()); } if (idToken.getPreferredUsername() != null) { exchange.getRequestHeaders().put(httpHeaderNames.get(KEYCLOAK_USERNAME), idToken.getPreferredUsername()); } if (idToken.getEmail() != null) { exchange.getRequestHeaders().put(httpHeaderNames.get(KEYCLOAK_EMAIL), idToken.getEmail()); } if (idToken.getName() != null) { exchange.getRequestHeaders().put(httpHeaderNames.get(KEYCLOAK_NAME), idToken.getName()); } if (sendAccessToken) { exchange.getRequestHeaders().put(httpHeaderNames.get(KEYCLOAK_ACCESS_TOKEN), account.getKeycloakSecurityContext().getTokenString()); } } next.handleRequest(exchange); } }
public static Set<String> getRolesFromSecurityContext(RefreshableKeycloakSecurityContext session) { Set<String> roles = null; AccessToken accessToken = session.getToken(); if (session.getDeployment().isUseResourceRoleMappings()) { if (log.isTraceEnabled()) { log.trace("useResourceRoleMappings"); } AccessToken.Access access = accessToken.getResourceAccess(session.getDeployment().getResourceName()); if (access != null) roles = access.getRoles(); } else { if (log.isTraceEnabled()) { log.trace("use realm role mappings"); } AccessToken.Access access = accessToken.getRealmAccess(); if (access != null) roles = access.getRoles(); } if (roles == null) roles = Collections.emptySet(); if (log.isTraceEnabled()) { log.trace("Setting roles: "); for (String role : roles) { log.trace(" role: " + role); } } return roles; }
@Override public void saveAccountInfo(OidcKeycloakAccount account) { RefreshableKeycloakSecurityContext securityContext = (RefreshableKeycloakSecurityContext) account.getKeycloakSecurityContext(); Set<String> roles = account.getRoles(); GenericPrincipal principal = principalFactory.createPrincipal(request.getContext().getRealm(), account.getPrincipal(), roles); SerializableKeycloakAccount sAccount = new SerializableKeycloakAccount(roles, account.getPrincipal(), securityContext); Session session = request.getSessionInternal(true); session.setPrincipal(principal); session.setAuthType("KEYCLOAK"); session.getSession().setAttribute(SerializableKeycloakAccount.class.getName(), sAccount); session.getSession().setAttribute(KeycloakSecurityContext.class.getName(), account.getKeycloakSecurityContext()); String username = securityContext.getToken().getSubject(); log.fine("userSessionManagement.login: " + username); this.sessionManagement.login(session); }
@Override public void saveAccountInfo(OidcKeycloakAccount account) { RefreshableKeycloakSecurityContext securityContext = (RefreshableKeycloakSecurityContext) account.getKeycloakSecurityContext(); Set<String> roles = account.getRoles(); GenericPrincipal principal = principalFactory.createPrincipal(request.getContext().getRealm(), account.getPrincipal(), roles); SerializableKeycloakAccount sAccount = new SerializableKeycloakAccount(roles, account.getPrincipal(), securityContext); Session session = request.getSessionInternal(true); session.setPrincipal(principal); session.setAuthType("KEYCLOAK"); session.getSession().setAttribute(SerializableKeycloakAccount.class.getName(), sAccount); session.getSession().setAttribute(KeycloakSecurityContext.class.getName(), account.getKeycloakSecurityContext()); String username = securityContext.getToken().getSubject(); log.fine("userSessionManagement.login: " + username); this.sessionManagement.login(session); }
@SuppressWarnings("unchecked") private Object createUserDetails(NativeWebRequest webRequest) { KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = (KeycloakPrincipal<RefreshableKeycloakSecurityContext>) webRequest.getUserPrincipal(); AccessToken token = principal.getKeycloakSecurityContext().getToken(); return new UserDetails(token.getId(), token.getGivenName(), token.getFamilyName(), token.getEmail(), token.getRealmAccess().getRoles()); }