From 29070cec77878b775ad396e027d2534e81c161eb Mon Sep 17 00:00:00 2001 From: Bill Burke Date: Fri, 23 May 2014 16:26:44 -0400 Subject: [PATCH] add KeycloakSecurityContext to principal --- .../java/org/keycloak/KeycloakPrincipal.java | 19 ++++++++----------- .../src/main/webapp/js/app.js | 10 ++++++---- .../adapters/RequestAuthenticator.java | 4 ++-- .../jaxrs/JaxrsBearerTokenFilter.java | 3 +-- 4 files changed, 17 insertions(+), 19 deletions(-) diff --git a/core/src/main/java/org/keycloak/KeycloakPrincipal.java b/core/src/main/java/org/keycloak/KeycloakPrincipal.java index 00848a2bc2..ca05f791fb 100755 --- a/core/src/main/java/org/keycloak/KeycloakPrincipal.java +++ b/core/src/main/java/org/keycloak/KeycloakPrincipal.java @@ -9,11 +9,15 @@ import java.security.Principal; */ public class KeycloakPrincipal implements Principal, Serializable { protected final String name; - protected final String surrogate; + protected final KeycloakSecurityContext context; - public KeycloakPrincipal(String name, String surrogate) { + public KeycloakPrincipal(String name, KeycloakSecurityContext context) { this.name = name; - this.surrogate = surrogate; + this.context = context; + } + + public KeycloakSecurityContext getKeycloakSecurityContext() { + return context; } @Override @@ -21,10 +25,6 @@ public class KeycloakPrincipal implements Principal, Serializable { return name; } - public String getSurrogate() { - return surrogate; - } - @Override public boolean equals(Object o) { if (this == o) return true; @@ -33,16 +33,13 @@ public class KeycloakPrincipal implements Principal, Serializable { KeycloakPrincipal that = (KeycloakPrincipal) o; if (!name.equals(that.name)) return false; - if (surrogate != null ? !surrogate.equals(that.surrogate) : that.surrogate != null) return false; return true; } @Override public int hashCode() { - int result = name.hashCode(); - result = 31 * result + (surrogate != null ? surrogate.hashCode() : 0); - return result; + return name.hashCode(); } @Override diff --git a/examples/cors/angular-product-app/src/main/webapp/js/app.js b/examples/cors/angular-product-app/src/main/webapp/js/app.js index 50b68bc3e4..3e562055db 100755 --- a/examples/cors/angular-product-app/src/main/webapp/js/app.js +++ b/examples/cors/angular-product-app/src/main/webapp/js/app.js @@ -10,10 +10,12 @@ var logout = function(){ angular.element(document).ready(function ($http) { + console.log("*** here"); var keycloakAuth = new Keycloak('keycloak.json'); auth.loggedIn = false; - keycloakAuth.init('login-required').success(function () { + keycloakAuth.init({ onLoad: 'login-required' }).success(function () { + console.log('here login'); auth.loggedIn = true; auth.authz = keycloakAuth; auth.logoutUrl = keycloakAuth.authServerUrl + "/realms/" + keycloakAuth.realm + "/tokens/logout?redirect_uri=http://localhost:8080/angular-product/index.html"; @@ -38,20 +40,20 @@ module.controller('GlobalCtrl', function($scope, $http) { }; $scope.loadRoles = function() { - $http.query("http://localhost-auth:8080/auth/admin/realms/" + keycloakAuth.realm + "/roles").success(function(data) { + $http.get("http://localhost-auth:8080/auth/admin/realms/" + auth.authz.realm + "/roles").success(function(data) { $scope.roles = angular.fromJson(data); }); }; $scope.addRole = function() { - $http.post("http://localhost-auth:8080/auth/admin/realms/" + keycloakAuth.realm + "/roles", {name: 'stuff'}).success(function() { + $http.post("http://localhost-auth:8080/auth/admin/realms/" + auth.authz.realm + "/roles", {name: 'stuff'}).success(function() { $scope.loadRoles(); }); }; $scope.deleteRole = function() { - $http.delete("http://localhost-auth:8080/auth/admin/realms/" + keycloakAuth.realm + "/roles/stuff").success(function() { + $http.delete("http://localhost-auth:8080/auth/admin/realms/" + auth.authz.realm + "/roles/stuff").success(function() { $scope.loadRoles(); }); diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java index 4eb5f88b8a..72a04934c0 100755 --- a/integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java +++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java @@ -88,8 +88,8 @@ public abstract class RequestAuthenticator { } protected void completeAuthentication(OAuthRequestAuthenticator oauth) { - final KeycloakPrincipal principal = new KeycloakPrincipal(oauth.getToken().getSubject(), null); RefreshableKeycloakSecurityContext session = new RefreshableKeycloakSecurityContext(deployment, oauth.getTokenString(), oauth.getToken(), oauth.getIdTokenString(), oauth.getIdToken(), oauth.getRefreshToken()); + final KeycloakPrincipal principal = new KeycloakPrincipal(oauth.getToken().getSubject(), session); completeOAuthAuthentication(principal, session); } @@ -98,8 +98,8 @@ public abstract class RequestAuthenticator { protected abstract boolean isCached(); protected void completeAuthentication(BearerTokenRequestAuthenticator bearer) { - final KeycloakPrincipal principal = new KeycloakPrincipal(bearer.getToken().getSubject(), bearer.getSurrogate()); RefreshableKeycloakSecurityContext session = new RefreshableKeycloakSecurityContext(deployment, bearer.getTokenString(), bearer.getToken(), null, null, null); + final KeycloakPrincipal principal = new KeycloakPrincipal(bearer.getToken().getSubject(), session); completeBearerAuthentication(principal, session); } diff --git a/integration/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsBearerTokenFilter.java b/integration/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsBearerTokenFilter.java index 90af01253d..6b1d2d6787 100755 --- a/integration/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsBearerTokenFilter.java +++ b/integration/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsBearerTokenFilter.java @@ -73,9 +73,8 @@ public class JaxrsBearerTokenFilter implements ContainerRequestFilter { AccessToken token = RSATokenVerifier.verifyToken(tokenString, realmPublicKey, realm); KeycloakSecurityContext skSession = new KeycloakSecurityContext(tokenString, token, null, null); ResteasyProviderFactory.pushContext(KeycloakSecurityContext.class, skSession); - String callerPrincipal = securityContext.getUserPrincipal() != null ? securityContext.getUserPrincipal().getName() : null; - final KeycloakPrincipal principal = new KeycloakPrincipal(token.getSubject(), callerPrincipal); + final KeycloakPrincipal principal = new KeycloakPrincipal(token.getSubject(), skSession); final boolean isSecure = securityContext.isSecure(); final AccessToken.Access access; if (resourceName != null) {