add KeycloakSecurityContext to principal

core/src/main/java/org/keycloak/KeycloakPrincipal.java

@@ -9,11 +9,15 @@ import java.security.Principal;
  */
 public class KeycloakPrincipal implements Principal, Serializable {
     protected final String name;
-    protected final String surrogate;
+    protected final KeycloakSecurityContext context;
 
-    public KeycloakPrincipal(String name, String surrogate) {
+    public KeycloakPrincipal(String name, KeycloakSecurityContext context) {
         this.name = name;
-        this.surrogate = surrogate;
+        this.context = context;
+    }
+
+    public KeycloakSecurityContext getKeycloakSecurityContext() {
+        return context;
     }
 
     @Override
@@ -21,10 +25,6 @@ public class KeycloakPrincipal implements Principal, Serializable {
         return name;
     }
 
-    public String getSurrogate() {
-        return surrogate;
-    }
-
     @Override
     public boolean equals(Object o) {
         if (this == o) return true;
@@ -33,16 +33,13 @@ public class KeycloakPrincipal implements Principal, Serializable {
         KeycloakPrincipal that = (KeycloakPrincipal) o;
 
         if (!name.equals(that.name)) return false;
-        if (surrogate != null ? !surrogate.equals(that.surrogate) : that.surrogate != null) return false;
 
         return true;
     }
 
     @Override
     public int hashCode() {
-        int result = name.hashCode();
-        result = 31 * result + (surrogate != null ? surrogate.hashCode() : 0);
-        return result;
+        return name.hashCode();
     }
 
     @Override

examples/cors/angular-product-app/src/main/webapp/js/app.js

@@ -10,10 +10,12 @@ var logout = function(){
 
 
 angular.element(document).ready(function ($http) {
+    console.log("*** here");
     var keycloakAuth = new Keycloak('keycloak.json');
     auth.loggedIn = false;
 
-    keycloakAuth.init('login-required').success(function () {
+    keycloakAuth.init({ onLoad: 'login-required' }).success(function () {
+        console.log('here login');
         auth.loggedIn = true;
         auth.authz = keycloakAuth;
         auth.logoutUrl = keycloakAuth.authServerUrl + "/realms/" + keycloakAuth.realm + "/tokens/logout?redirect_uri=http://localhost:8080/angular-product/index.html";
@@ -38,20 +40,20 @@ module.controller('GlobalCtrl', function($scope, $http) {
 
     };
     $scope.loadRoles = function() {
-        $http.query("http://localhost-auth:8080/auth/admin/realms/" + keycloakAuth.realm + "/roles").success(function(data) {
+        $http.get("http://localhost-auth:8080/auth/admin/realms/" + auth.authz.realm + "/roles").success(function(data) {
             $scope.roles = angular.fromJson(data);
 
         });
 
     };
     $scope.addRole = function() {
-        $http.post("http://localhost-auth:8080/auth/admin/realms/" + keycloakAuth.realm + "/roles", {name: 'stuff'}).success(function() {
+        $http.post("http://localhost-auth:8080/auth/admin/realms/" + auth.authz.realm + "/roles", {name: 'stuff'}).success(function() {
             $scope.loadRoles();
         });
 
     };
     $scope.deleteRole = function() {
-        $http.delete("http://localhost-auth:8080/auth/admin/realms/" + keycloakAuth.realm + "/roles/stuff").success(function() {
+        $http.delete("http://localhost-auth:8080/auth/admin/realms/" + auth.authz.realm + "/roles/stuff").success(function() {
             $scope.loadRoles();
         });
 

integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java

@@ -88,8 +88,8 @@ public abstract class RequestAuthenticator {
     }
 
     protected void completeAuthentication(OAuthRequestAuthenticator oauth) {
-        final KeycloakPrincipal principal = new KeycloakPrincipal(oauth.getToken().getSubject(), null);
         RefreshableKeycloakSecurityContext session = new RefreshableKeycloakSecurityContext(deployment, oauth.getTokenString(), oauth.getToken(), oauth.getIdTokenString(), oauth.getIdToken(), oauth.getRefreshToken());
+        final KeycloakPrincipal principal = new KeycloakPrincipal(oauth.getToken().getSubject(), session);
         completeOAuthAuthentication(principal, session);
     }
 
@@ -98,8 +98,8 @@ public abstract class RequestAuthenticator {
     protected abstract boolean isCached();
 
     protected void completeAuthentication(BearerTokenRequestAuthenticator bearer) {
-        final KeycloakPrincipal principal = new KeycloakPrincipal(bearer.getToken().getSubject(), bearer.getSurrogate());
         RefreshableKeycloakSecurityContext session = new RefreshableKeycloakSecurityContext(deployment, bearer.getTokenString(), bearer.getToken(), null, null, null);
+        final KeycloakPrincipal principal = new KeycloakPrincipal(bearer.getToken().getSubject(), session);
         completeBearerAuthentication(principal, session);
     }
 

integration/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsBearerTokenFilter.java

@@ -73,9 +73,8 @@ public class JaxrsBearerTokenFilter implements ContainerRequestFilter {
             AccessToken token = RSATokenVerifier.verifyToken(tokenString, realmPublicKey, realm);
             KeycloakSecurityContext skSession = new KeycloakSecurityContext(tokenString, token, null, null);
             ResteasyProviderFactory.pushContext(KeycloakSecurityContext.class, skSession);
-            String callerPrincipal = securityContext.getUserPrincipal() != null ? securityContext.getUserPrincipal().getName() : null;
 
-            final KeycloakPrincipal principal = new KeycloakPrincipal(token.getSubject(), callerPrincipal);
+            final KeycloakPrincipal principal = new KeycloakPrincipal(token.getSubject(), skSession);
             final boolean isSecure = securityContext.isSecure();
             final AccessToken.Access access;
             if (resourceName != null) {