KEYCLOAK-180 Renamed JWT prn to sub
This commit is contained in:
parent
f14931d234
commit
0a57ba026b
11 changed files with 19 additions and 19 deletions
|
@ -32,7 +32,7 @@ public class RSATokenVerifier {
|
||||||
if (!token.isActive()) {
|
if (!token.isActive()) {
|
||||||
throw new VerificationException("Token is not active.");
|
throw new VerificationException("Token is not active.");
|
||||||
}
|
}
|
||||||
String user = token.getPrincipal();
|
String user = token.getSubject();
|
||||||
if (user == null) {
|
if (user == null) {
|
||||||
throw new VerificationException("Token user was null");
|
throw new VerificationException("Token user was null");
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,8 +22,8 @@ public class JsonWebToken implements Serializable {
|
||||||
protected String issuer;
|
protected String issuer;
|
||||||
@JsonProperty("aud")
|
@JsonProperty("aud")
|
||||||
protected String audience;
|
protected String audience;
|
||||||
@JsonProperty("prn")
|
@JsonProperty("sub")
|
||||||
protected String principal;
|
protected String subject;
|
||||||
@JsonProperty("typ")
|
@JsonProperty("typ")
|
||||||
protected String type;
|
protected String type;
|
||||||
|
|
||||||
|
@ -116,12 +116,12 @@ public class JsonWebToken implements Serializable {
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getPrincipal() {
|
public String getSubject() {
|
||||||
return principal;
|
return subject;
|
||||||
}
|
}
|
||||||
|
|
||||||
public JsonWebToken principal(String principal) {
|
public JsonWebToken principal(String principal) {
|
||||||
this.principal = principal;
|
this.subject = principal;
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -97,7 +97,7 @@ public class RSAVerifierTest {
|
||||||
.rsa256(idpPair.getPrivate());
|
.rsa256(idpPair.getPrivate());
|
||||||
SkeletonKeyToken token = verifySkeletonKeyToken(encoded);
|
SkeletonKeyToken token = verifySkeletonKeyToken(encoded);
|
||||||
Assert.assertTrue(token.getResourceAccess("service").getRoles().contains("admin"));
|
Assert.assertTrue(token.getResourceAccess("service").getRoles().contains("admin"));
|
||||||
Assert.assertEquals("CN=Client", token.getPrincipal());
|
Assert.assertEquals("CN=Client", token.getSubject());
|
||||||
}
|
}
|
||||||
|
|
||||||
private SkeletonKeyToken verifySkeletonKeyToken(String encoded) throws VerificationException {
|
private SkeletonKeyToken verifySkeletonKeyToken(String encoded) throws VerificationException {
|
||||||
|
|
|
@ -102,7 +102,7 @@ public class CatalinaBearerTokenAuthenticator {
|
||||||
}
|
}
|
||||||
surrogate = chain[0].getSubjectX500Principal().getName();
|
surrogate = chain[0].getSubjectX500Principal().getName();
|
||||||
}
|
}
|
||||||
SkeletonKeyPrincipal skeletonKeyPrincipal = new SkeletonKeyPrincipal(token.getPrincipal(), surrogate);
|
SkeletonKeyPrincipal skeletonKeyPrincipal = new SkeletonKeyPrincipal(token.getSubject(), surrogate);
|
||||||
principal = new CatalinaSecurityContextHelper().createPrincipal(request.getContext().getRealm(), skeletonKeyPrincipal, roles);
|
principal = new CatalinaSecurityContextHelper().createPrincipal(request.getContext().getRealm(), skeletonKeyPrincipal, roles);
|
||||||
request.setUserPrincipal(principal);
|
request.setUserPrincipal(principal);
|
||||||
request.setAuthType("OAUTH_BEARER");
|
request.setAuthType("OAUTH_BEARER");
|
||||||
|
|
|
@ -65,11 +65,11 @@ public class CatalinaSecurityContextHelper {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the Principal given the authenticated Subject. Currently the first principal that is not of type {@code Group} is
|
* Get the Principal given the authenticated Subject. Currently the first subject that is not of type {@code Group} is
|
||||||
* considered or the single principal inside the CallerPrincipal group.
|
* considered or the single subject inside the CallerPrincipal group.
|
||||||
*
|
*
|
||||||
* @param subject
|
* @param subject
|
||||||
* @return the authenticated principal
|
* @return the authenticated subject
|
||||||
*/
|
*/
|
||||||
protected Principal getPrincipal(Subject subject) {
|
protected Principal getPrincipal(Subject subject) {
|
||||||
Principal principal = null;
|
Principal principal = null;
|
||||||
|
|
|
@ -227,7 +227,7 @@ public class OAuthAuthenticatorValve extends FormAuthenticator implements Lifecy
|
||||||
SkeletonKeyToken.Access access = token.getRealmAccess();
|
SkeletonKeyToken.Access access = token.getRealmAccess();
|
||||||
if (access != null) roles.addAll(access.getRoles());
|
if (access != null) roles.addAll(access.getRoles());
|
||||||
}
|
}
|
||||||
SkeletonKeyPrincipal skp = new SkeletonKeyPrincipal(token.getPrincipal(), null);
|
SkeletonKeyPrincipal skp = new SkeletonKeyPrincipal(token.getSubject(), null);
|
||||||
GenericPrincipal principal = new CatalinaSecurityContextHelper().createPrincipal(context.getRealm(), skp, roles);
|
GenericPrincipal principal = new CatalinaSecurityContextHelper().createPrincipal(context.getRealm(), skp, roles);
|
||||||
Session session = request.getSessionInternal(true);
|
Session session = request.getSessionInternal(true);
|
||||||
session.setPrincipal(principal);
|
session.setPrincipal(principal);
|
||||||
|
@ -235,7 +235,7 @@ public class OAuthAuthenticatorValve extends FormAuthenticator implements Lifecy
|
||||||
SkeletonKeySession skSession = new SkeletonKeySession(oauth.getTokenString(), token, realmConfiguration.getMetadata());
|
SkeletonKeySession skSession = new SkeletonKeySession(oauth.getTokenString(), token, realmConfiguration.getMetadata());
|
||||||
session.setNote(SkeletonKeySession.class.getName(), skSession);
|
session.setNote(SkeletonKeySession.class.getName(), skSession);
|
||||||
|
|
||||||
String username = token.getPrincipal();
|
String username = token.getSubject();
|
||||||
log.debug("userSessionManage.login: " + username);
|
log.debug("userSessionManage.login: " + username);
|
||||||
userSessionManagement.login(session, username);
|
userSessionManagement.login(session, username);
|
||||||
}
|
}
|
||||||
|
|
|
@ -71,7 +71,7 @@ public class JaxrsBearerTokenFilter implements ContainerRequestFilter {
|
||||||
ResteasyProviderFactory.pushContext(SkeletonKeySession.class, skSession);
|
ResteasyProviderFactory.pushContext(SkeletonKeySession.class, skSession);
|
||||||
String callerPrincipal = securityContext.getUserPrincipal() != null ? securityContext.getUserPrincipal().getName() : null;
|
String callerPrincipal = securityContext.getUserPrincipal() != null ? securityContext.getUserPrincipal().getName() : null;
|
||||||
|
|
||||||
final SkeletonKeyPrincipal principal = new SkeletonKeyPrincipal(token.getPrincipal(), callerPrincipal);
|
final SkeletonKeyPrincipal principal = new SkeletonKeyPrincipal(token.getSubject(), callerPrincipal);
|
||||||
final boolean isSecure = securityContext.isSecure();
|
final boolean isSecure = securityContext.isSecure();
|
||||||
final SkeletonKeyToken.Access access;
|
final SkeletonKeyToken.Access access;
|
||||||
if (resourceMetadata.getResourceName() != null) {
|
if (resourceMetadata.getResourceName() != null) {
|
||||||
|
|
|
@ -98,7 +98,7 @@ public class KeycloakAuthenticationMechanism implements AuthenticationMechanism
|
||||||
}
|
}
|
||||||
|
|
||||||
protected SkeletonKeyPrincipal completeAuthentication(SecurityContext securityContext, SkeletonKeyToken token, String surrogate) {
|
protected SkeletonKeyPrincipal completeAuthentication(SecurityContext securityContext, SkeletonKeyToken token, String surrogate) {
|
||||||
final SkeletonKeyPrincipal skeletonKeyPrincipal = new SkeletonKeyPrincipal(token.getPrincipal(), surrogate);
|
final SkeletonKeyPrincipal skeletonKeyPrincipal = new SkeletonKeyPrincipal(token.getSubject(), surrogate);
|
||||||
Set<String> roles = null;
|
Set<String> roles = null;
|
||||||
if (adapterConfig.isUseResourceRoleMappings()) {
|
if (adapterConfig.isUseResourceRoleMappings()) {
|
||||||
SkeletonKeyToken.Access access = token.getResourceAccess(resourceMetadata.getResourceName());
|
SkeletonKeyToken.Access access = token.getResourceAccess(resourceMetadata.getResourceName());
|
||||||
|
|
|
@ -172,7 +172,7 @@ public class AuthenticationManager {
|
||||||
|
|
||||||
Auth auth = new Auth(token);
|
Auth auth = new Auth(token);
|
||||||
|
|
||||||
UserModel user = realm.getUser(token.getPrincipal());
|
UserModel user = realm.getUser(token.getSubject());
|
||||||
if (user == null || !user.isEnabled()) {
|
if (user == null || !user.isEnabled()) {
|
||||||
logger.debug("Unknown user in identity cookie");
|
logger.debug("Unknown user in identity cookie");
|
||||||
expireIdentityCookie(realm, uriInfo);
|
expireIdentityCookie(realm, uriInfo);
|
||||||
|
@ -219,7 +219,7 @@ public class AuthenticationManager {
|
||||||
|
|
||||||
Auth auth = new Auth(token);
|
Auth auth = new Auth(token);
|
||||||
|
|
||||||
UserModel user = realm.getUser(token.getPrincipal());
|
UserModel user = realm.getUser(token.getSubject());
|
||||||
if (user == null || !user.isEnabled()) {
|
if (user == null || !user.isEnabled()) {
|
||||||
throw new NotAuthorizedException("invalid_user");
|
throw new NotAuthorizedException("invalid_user");
|
||||||
}
|
}
|
||||||
|
|
|
@ -69,7 +69,7 @@ public class AccessTokenTest {
|
||||||
|
|
||||||
SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken());
|
SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken());
|
||||||
|
|
||||||
Assert.assertEquals("test-user@localhost", token.getPrincipal());
|
Assert.assertEquals("test-user@localhost", token.getSubject());
|
||||||
|
|
||||||
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
|
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
|
||||||
Assert.assertTrue(token.getRealmAccess().isUserInRole("user"));
|
Assert.assertTrue(token.getRealmAccess().isUserInRole("user"));
|
||||||
|
|
|
@ -102,7 +102,7 @@ public class SocialLoginTest {
|
||||||
|
|
||||||
SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken());
|
SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken());
|
||||||
|
|
||||||
Assert.assertEquals("dummy-user", token.getPrincipal());
|
Assert.assertEquals("dummy-user", token.getSubject());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
Loading…
Reference in a new issue