KEYCLOAK-180 Renamed JWT prn to sub

This commit is contained in:
Stian Thorgersen 2014-01-10 10:22:58 +00:00
parent f14931d234
commit 0a57ba026b
11 changed files with 19 additions and 19 deletions

View file

@ -32,7 +32,7 @@ public class RSATokenVerifier {
if (!token.isActive()) { if (!token.isActive()) {
throw new VerificationException("Token is not active."); throw new VerificationException("Token is not active.");
} }
String user = token.getPrincipal(); String user = token.getSubject();
if (user == null) { if (user == null) {
throw new VerificationException("Token user was null"); throw new VerificationException("Token user was null");
} }

View file

@ -22,8 +22,8 @@ public class JsonWebToken implements Serializable {
protected String issuer; protected String issuer;
@JsonProperty("aud") @JsonProperty("aud")
protected String audience; protected String audience;
@JsonProperty("prn") @JsonProperty("sub")
protected String principal; protected String subject;
@JsonProperty("typ") @JsonProperty("typ")
protected String type; protected String type;
@ -116,12 +116,12 @@ public class JsonWebToken implements Serializable {
return this; return this;
} }
public String getPrincipal() { public String getSubject() {
return principal; return subject;
} }
public JsonWebToken principal(String principal) { public JsonWebToken principal(String principal) {
this.principal = principal; this.subject = principal;
return this; return this;
} }

View file

@ -97,7 +97,7 @@ public class RSAVerifierTest {
.rsa256(idpPair.getPrivate()); .rsa256(idpPair.getPrivate());
SkeletonKeyToken token = verifySkeletonKeyToken(encoded); SkeletonKeyToken token = verifySkeletonKeyToken(encoded);
Assert.assertTrue(token.getResourceAccess("service").getRoles().contains("admin")); Assert.assertTrue(token.getResourceAccess("service").getRoles().contains("admin"));
Assert.assertEquals("CN=Client", token.getPrincipal()); Assert.assertEquals("CN=Client", token.getSubject());
} }
private SkeletonKeyToken verifySkeletonKeyToken(String encoded) throws VerificationException { private SkeletonKeyToken verifySkeletonKeyToken(String encoded) throws VerificationException {

View file

@ -102,7 +102,7 @@ public class CatalinaBearerTokenAuthenticator {
} }
surrogate = chain[0].getSubjectX500Principal().getName(); surrogate = chain[0].getSubjectX500Principal().getName();
} }
SkeletonKeyPrincipal skeletonKeyPrincipal = new SkeletonKeyPrincipal(token.getPrincipal(), surrogate); SkeletonKeyPrincipal skeletonKeyPrincipal = new SkeletonKeyPrincipal(token.getSubject(), surrogate);
principal = new CatalinaSecurityContextHelper().createPrincipal(request.getContext().getRealm(), skeletonKeyPrincipal, roles); principal = new CatalinaSecurityContextHelper().createPrincipal(request.getContext().getRealm(), skeletonKeyPrincipal, roles);
request.setUserPrincipal(principal); request.setUserPrincipal(principal);
request.setAuthType("OAUTH_BEARER"); request.setAuthType("OAUTH_BEARER");

View file

@ -65,11 +65,11 @@ public class CatalinaSecurityContextHelper {
} }
/** /**
* Get the Principal given the authenticated Subject. Currently the first principal that is not of type {@code Group} is * Get the Principal given the authenticated Subject. Currently the first subject that is not of type {@code Group} is
* considered or the single principal inside the CallerPrincipal group. * considered or the single subject inside the CallerPrincipal group.
* *
* @param subject * @param subject
* @return the authenticated principal * @return the authenticated subject
*/ */
protected Principal getPrincipal(Subject subject) { protected Principal getPrincipal(Subject subject) {
Principal principal = null; Principal principal = null;

View file

@ -227,7 +227,7 @@ public class OAuthAuthenticatorValve extends FormAuthenticator implements Lifecy
SkeletonKeyToken.Access access = token.getRealmAccess(); SkeletonKeyToken.Access access = token.getRealmAccess();
if (access != null) roles.addAll(access.getRoles()); if (access != null) roles.addAll(access.getRoles());
} }
SkeletonKeyPrincipal skp = new SkeletonKeyPrincipal(token.getPrincipal(), null); SkeletonKeyPrincipal skp = new SkeletonKeyPrincipal(token.getSubject(), null);
GenericPrincipal principal = new CatalinaSecurityContextHelper().createPrincipal(context.getRealm(), skp, roles); GenericPrincipal principal = new CatalinaSecurityContextHelper().createPrincipal(context.getRealm(), skp, roles);
Session session = request.getSessionInternal(true); Session session = request.getSessionInternal(true);
session.setPrincipal(principal); session.setPrincipal(principal);
@ -235,7 +235,7 @@ public class OAuthAuthenticatorValve extends FormAuthenticator implements Lifecy
SkeletonKeySession skSession = new SkeletonKeySession(oauth.getTokenString(), token, realmConfiguration.getMetadata()); SkeletonKeySession skSession = new SkeletonKeySession(oauth.getTokenString(), token, realmConfiguration.getMetadata());
session.setNote(SkeletonKeySession.class.getName(), skSession); session.setNote(SkeletonKeySession.class.getName(), skSession);
String username = token.getPrincipal(); String username = token.getSubject();
log.debug("userSessionManage.login: " + username); log.debug("userSessionManage.login: " + username);
userSessionManagement.login(session, username); userSessionManagement.login(session, username);
} }

View file

@ -71,7 +71,7 @@ public class JaxrsBearerTokenFilter implements ContainerRequestFilter {
ResteasyProviderFactory.pushContext(SkeletonKeySession.class, skSession); ResteasyProviderFactory.pushContext(SkeletonKeySession.class, skSession);
String callerPrincipal = securityContext.getUserPrincipal() != null ? securityContext.getUserPrincipal().getName() : null; String callerPrincipal = securityContext.getUserPrincipal() != null ? securityContext.getUserPrincipal().getName() : null;
final SkeletonKeyPrincipal principal = new SkeletonKeyPrincipal(token.getPrincipal(), callerPrincipal); final SkeletonKeyPrincipal principal = new SkeletonKeyPrincipal(token.getSubject(), callerPrincipal);
final boolean isSecure = securityContext.isSecure(); final boolean isSecure = securityContext.isSecure();
final SkeletonKeyToken.Access access; final SkeletonKeyToken.Access access;
if (resourceMetadata.getResourceName() != null) { if (resourceMetadata.getResourceName() != null) {

View file

@ -98,7 +98,7 @@ public class KeycloakAuthenticationMechanism implements AuthenticationMechanism
} }
protected SkeletonKeyPrincipal completeAuthentication(SecurityContext securityContext, SkeletonKeyToken token, String surrogate) { protected SkeletonKeyPrincipal completeAuthentication(SecurityContext securityContext, SkeletonKeyToken token, String surrogate) {
final SkeletonKeyPrincipal skeletonKeyPrincipal = new SkeletonKeyPrincipal(token.getPrincipal(), surrogate); final SkeletonKeyPrincipal skeletonKeyPrincipal = new SkeletonKeyPrincipal(token.getSubject(), surrogate);
Set<String> roles = null; Set<String> roles = null;
if (adapterConfig.isUseResourceRoleMappings()) { if (adapterConfig.isUseResourceRoleMappings()) {
SkeletonKeyToken.Access access = token.getResourceAccess(resourceMetadata.getResourceName()); SkeletonKeyToken.Access access = token.getResourceAccess(resourceMetadata.getResourceName());

View file

@ -172,7 +172,7 @@ public class AuthenticationManager {
Auth auth = new Auth(token); Auth auth = new Auth(token);
UserModel user = realm.getUser(token.getPrincipal()); UserModel user = realm.getUser(token.getSubject());
if (user == null || !user.isEnabled()) { if (user == null || !user.isEnabled()) {
logger.debug("Unknown user in identity cookie"); logger.debug("Unknown user in identity cookie");
expireIdentityCookie(realm, uriInfo); expireIdentityCookie(realm, uriInfo);
@ -219,7 +219,7 @@ public class AuthenticationManager {
Auth auth = new Auth(token); Auth auth = new Auth(token);
UserModel user = realm.getUser(token.getPrincipal()); UserModel user = realm.getUser(token.getSubject());
if (user == null || !user.isEnabled()) { if (user == null || !user.isEnabled()) {
throw new NotAuthorizedException("invalid_user"); throw new NotAuthorizedException("invalid_user");
} }

View file

@ -69,7 +69,7 @@ public class AccessTokenTest {
SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken()); SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken());
Assert.assertEquals("test-user@localhost", token.getPrincipal()); Assert.assertEquals("test-user@localhost", token.getSubject());
Assert.assertEquals(1, token.getRealmAccess().getRoles().size()); Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
Assert.assertTrue(token.getRealmAccess().isUserInRole("user")); Assert.assertTrue(token.getRealmAccess().isUserInRole("user"));

View file

@ -102,7 +102,7 @@ public class SocialLoginTest {
SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken()); SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken());
Assert.assertEquals("dummy-user", token.getPrincipal()); Assert.assertEquals("dummy-user", token.getSubject());
} }
@Test @Test