KEYCLOAK-180 Renamed JWT prn to sub

core/src/main/java/org/keycloak/RSATokenVerifier.java

@@ -32,7 +32,7 @@ public class RSATokenVerifier {
         if (!token.isActive()) {
             throw new VerificationException("Token is not active.");
         }
-        String user = token.getPrincipal();
+        String user = token.getSubject();
         if (user == null) {
             throw new VerificationException("Token user was null");
         }

core/src/main/java/org/keycloak/representations/JsonWebToken.java

@@ -22,8 +22,8 @@ public class JsonWebToken implements Serializable {
     protected String issuer;
     @JsonProperty("aud")
     protected String audience;
-    @JsonProperty("prn")
+    @JsonProperty("sub")
-    protected String principal;
+    protected String subject;
     @JsonProperty("typ")
     protected String type;
 
@@ -116,12 +116,12 @@ public class JsonWebToken implements Serializable {
         return this;
     }
 
-    public String getPrincipal() {
+    public String getSubject() {
-        return principal;
+        return subject;
     }
 
     public JsonWebToken principal(String principal) {
-        this.principal = principal;
+        this.subject = principal;
         return this;
     }
 

core/src/test/java/org/keycloak/RSAVerifierTest.java

@@ -97,7 +97,7 @@ public class RSAVerifierTest {
                 .rsa256(idpPair.getPrivate());
         SkeletonKeyToken token = verifySkeletonKeyToken(encoded);
         Assert.assertTrue(token.getResourceAccess("service").getRoles().contains("admin"));
-        Assert.assertEquals("CN=Client", token.getPrincipal());
+        Assert.assertEquals("CN=Client", token.getSubject());
     }
 
     private SkeletonKeyToken verifySkeletonKeyToken(String encoded) throws VerificationException {

integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/CatalinaBearerTokenAuthenticator.java

@@ -102,7 +102,7 @@ public class CatalinaBearerTokenAuthenticator {
             }
             surrogate = chain[0].getSubjectX500Principal().getName();
         }
-        SkeletonKeyPrincipal skeletonKeyPrincipal = new SkeletonKeyPrincipal(token.getPrincipal(), surrogate);
+        SkeletonKeyPrincipal skeletonKeyPrincipal = new SkeletonKeyPrincipal(token.getSubject(), surrogate);
         principal = new CatalinaSecurityContextHelper().createPrincipal(request.getContext().getRealm(), skeletonKeyPrincipal, roles);
         request.setUserPrincipal(principal);
         request.setAuthType("OAUTH_BEARER");

integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/CatalinaSecurityContextHelper.java

@@ -65,11 +65,11 @@ public class CatalinaSecurityContextHelper {
     }
 
     /**
-     * Get the Principal given the authenticated Subject. Currently the first principal that is not of type {@code Group} is
+     * Get the Principal given the authenticated Subject. Currently the first subject that is not of type {@code Group} is
-     * considered or the single principal inside the CallerPrincipal group.
+     * considered or the single subject inside the CallerPrincipal group.
      *
      * @param subject
-     * @return the authenticated principal
+     * @return the authenticated subject
      */
     protected Principal getPrincipal(Subject subject) {
         Principal principal = null;

integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthAuthenticatorValve.java

@@ -227,7 +227,7 @@ public class OAuthAuthenticatorValve extends FormAuthenticator implements Lifecy
                 SkeletonKeyToken.Access access = token.getRealmAccess();
                 if (access != null) roles.addAll(access.getRoles());
             }
-            SkeletonKeyPrincipal skp = new SkeletonKeyPrincipal(token.getPrincipal(), null);
+            SkeletonKeyPrincipal skp = new SkeletonKeyPrincipal(token.getSubject(), null);
             GenericPrincipal principal = new CatalinaSecurityContextHelper().createPrincipal(context.getRealm(), skp, roles);
             Session session = request.getSessionInternal(true);
             session.setPrincipal(principal);
@@ -235,7 +235,7 @@ public class OAuthAuthenticatorValve extends FormAuthenticator implements Lifecy
             SkeletonKeySession skSession = new SkeletonKeySession(oauth.getTokenString(), token, realmConfiguration.getMetadata());
             session.setNote(SkeletonKeySession.class.getName(), skSession);
 
-            String username = token.getPrincipal();
+            String username = token.getSubject();
             log.debug("userSessionManage.login: " + username);
             userSessionManagement.login(session, username);
         }

integration/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsBearerTokenFilter.java

@@ -71,7 +71,7 @@ public class JaxrsBearerTokenFilter implements ContainerRequestFilter {
             ResteasyProviderFactory.pushContext(SkeletonKeySession.class, skSession);
             String callerPrincipal = securityContext.getUserPrincipal() != null ? securityContext.getUserPrincipal().getName() : null;
 
-            final SkeletonKeyPrincipal principal = new SkeletonKeyPrincipal(token.getPrincipal(), callerPrincipal);
+            final SkeletonKeyPrincipal principal = new SkeletonKeyPrincipal(token.getSubject(), callerPrincipal);
             final boolean isSecure = securityContext.isSecure();
             final SkeletonKeyToken.Access access;
             if (resourceMetadata.getResourceName() != null) {

integration/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakAuthenticationMechanism.java

@@ -98,7 +98,7 @@ public class KeycloakAuthenticationMechanism implements AuthenticationMechanism
     }
 
     protected SkeletonKeyPrincipal completeAuthentication(SecurityContext securityContext, SkeletonKeyToken token, String surrogate) {
-        final SkeletonKeyPrincipal skeletonKeyPrincipal = new SkeletonKeyPrincipal(token.getPrincipal(), surrogate);
+        final SkeletonKeyPrincipal skeletonKeyPrincipal = new SkeletonKeyPrincipal(token.getSubject(), surrogate);
         Set<String> roles = null;
         if (adapterConfig.isUseResourceRoleMappings()) {
             SkeletonKeyToken.Access access = token.getResourceAccess(resourceMetadata.getResourceName());

services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java

@@ -172,7 +172,7 @@ public class AuthenticationManager {
 
             Auth auth = new Auth(token);
 
-            UserModel user = realm.getUser(token.getPrincipal());
+            UserModel user = realm.getUser(token.getSubject());
             if (user == null || !user.isEnabled()) {
                 logger.debug("Unknown user in identity cookie");
                 expireIdentityCookie(realm, uriInfo);
@@ -219,7 +219,7 @@ public class AuthenticationManager {
 
             Auth auth = new Auth(token);
 
-            UserModel user = realm.getUser(token.getPrincipal());
+            UserModel user = realm.getUser(token.getSubject());
             if (user == null || !user.isEnabled()) {
                 throw new NotAuthorizedException("invalid_user");
             }

testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java

@@ -69,7 +69,7 @@ public class AccessTokenTest {
 
         SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken());
 
-        Assert.assertEquals("test-user@localhost", token.getPrincipal());
+        Assert.assertEquals("test-user@localhost", token.getSubject());
 
         Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
         Assert.assertTrue(token.getRealmAccess().isUserInRole("user"));

testsuite/integration/src/test/java/org/keycloak/testsuite/social/SocialLoginTest.java

@@ -102,7 +102,7 @@ public class SocialLoginTest {
 
         SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken());
 
-        Assert.assertEquals("dummy-user", token.getPrincipal());
+        Assert.assertEquals("dummy-user", token.getSubject());
     }
 
     @Test