libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

add KeycloakSecurityContext to principal

Browse source
This commit is contained in:
Bill Burke 2014-05-23 16:26:44 -04:00
parent fbef9f7691
commit 29070cec77
4 changed files with 17 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
core/src/main/java/org/keycloak/KeycloakPrincipal.java
View file

@ -9,11 +9,15 @@ import java.security.Principal;
*/ */
public class KeycloakPrincipal implements Principal, Serializable { public class KeycloakPrincipal implements Principal, Serializable {
protected final String name; protected final String name;
protected final String surrogate; protected final KeycloakSecurityContext context;
public KeycloakPrincipal(String name, String surrogate) { public KeycloakPrincipal(String name, KeycloakSecurityContext context) {
this.name = name; this.name = name;
this.surrogate = surrogate; this.context = context;
}
public KeycloakSecurityContext getKeycloakSecurityContext() {
return context;
} }
@Override @Override
@ -21,10 +25,6 @@ public class KeycloakPrincipal implements Principal, Serializable {
return name; return name;
} }
public String getSurrogate() {
return surrogate;
}
@Override @Override
public boolean equals(Object o) { public boolean equals(Object o) {
if (this == o) return true; if (this == o) return true;
@ -33,16 +33,13 @@ public class KeycloakPrincipal implements Principal, Serializable {
KeycloakPrincipal that = (KeycloakPrincipal) o; KeycloakPrincipal that = (KeycloakPrincipal) o;
if (!name.equals(that.name)) return false; if (!name.equals(that.name)) return false;
if (surrogate != null ? !surrogate.equals(that.surrogate) : that.surrogate != null) return false;
return true; return true;
} }
@Override @Override
public int hashCode() { public int hashCode() {
int result = name.hashCode(); return name.hashCode();
result = 31 * result + (surrogate != null ? surrogate.hashCode() : 0);
return result;
} }
@Override @Override

10
examples/cors/angular-product-app/src/main/webapp/js/app.js vendored
View file

@ -10,10 +10,12 @@ var logout = function(){
angular.element(document).ready(function ($http) { angular.element(document).ready(function ($http) {
console.log("*** here");
var keycloakAuth = new Keycloak('keycloak.json'); var keycloakAuth = new Keycloak('keycloak.json');
auth.loggedIn = false; auth.loggedIn = false;
keycloakAuth.init('login-required').success(function () { keycloakAuth.init({ onLoad: 'login-required' }).success(function () {
console.log('here login');
auth.loggedIn = true; auth.loggedIn = true;
auth.authz = keycloakAuth; auth.authz = keycloakAuth;
auth.logoutUrl = keycloakAuth.authServerUrl + "/realms/" + keycloakAuth.realm + "/tokens/logout?redirect_uri=http://localhost:8080/angular-product/index.html"; auth.logoutUrl = keycloakAuth.authServerUrl + "/realms/" + keycloakAuth.realm + "/tokens/logout?redirect_uri=http://localhost:8080/angular-product/index.html";
@ -38,20 +40,20 @@ module.controller('GlobalCtrl', function($scope, $http) {
}; };
$scope.loadRoles = function() { $scope.loadRoles = function() {
$http.query("http://localhost-auth:8080/auth/admin/realms/" + keycloakAuth.realm + "/roles").success(function(data) { $http.get("http://localhost-auth:8080/auth/admin/realms/" + auth.authz.realm + "/roles").success(function(data) {
$scope.roles = angular.fromJson(data); $scope.roles = angular.fromJson(data);
}); });
}; };
$scope.addRole = function() { $scope.addRole = function() {
$http.post("http://localhost-auth:8080/auth/admin/realms/" + keycloakAuth.realm + "/roles", {name: 'stuff'}).success(function() { $http.post("http://localhost-auth:8080/auth/admin/realms/" + auth.authz.realm + "/roles", {name: 'stuff'}).success(function() {
$scope.loadRoles(); $scope.loadRoles();
}); });
}; };
$scope.deleteRole = function() { $scope.deleteRole = function() {
$http.delete("http://localhost-auth:8080/auth/admin/realms/" + keycloakAuth.realm + "/roles/stuff").success(function() { $http.delete("http://localhost-auth:8080/auth/admin/realms/" + auth.authz.realm + "/roles/stuff").success(function() {
$scope.loadRoles(); $scope.loadRoles();
}); });

4
integration/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java
View file

@ -88,8 +88,8 @@ public abstract class RequestAuthenticator {
} }
protected void completeAuthentication(OAuthRequestAuthenticator oauth) { protected void completeAuthentication(OAuthRequestAuthenticator oauth) {
final KeycloakPrincipal principal = new KeycloakPrincipal(oauth.getToken().getSubject(), null);
RefreshableKeycloakSecurityContext session = new RefreshableKeycloakSecurityContext(deployment, oauth.getTokenString(), oauth.getToken(), oauth.getIdTokenString(), oauth.getIdToken(), oauth.getRefreshToken()); RefreshableKeycloakSecurityContext session = new RefreshableKeycloakSecurityContext(deployment, oauth.getTokenString(), oauth.getToken(), oauth.getIdTokenString(), oauth.getIdToken(), oauth.getRefreshToken());
final KeycloakPrincipal principal = new KeycloakPrincipal(oauth.getToken().getSubject(), session);
completeOAuthAuthentication(principal, session); completeOAuthAuthentication(principal, session);
} }
@ -98,8 +98,8 @@ public abstract class RequestAuthenticator {
protected abstract boolean isCached(); protected abstract boolean isCached();
protected void completeAuthentication(BearerTokenRequestAuthenticator bearer) { protected void completeAuthentication(BearerTokenRequestAuthenticator bearer) {
final KeycloakPrincipal principal = new KeycloakPrincipal(bearer.getToken().getSubject(), bearer.getSurrogate());
RefreshableKeycloakSecurityContext session = new RefreshableKeycloakSecurityContext(deployment, bearer.getTokenString(), bearer.getToken(), null, null, null); RefreshableKeycloakSecurityContext session = new RefreshableKeycloakSecurityContext(deployment, bearer.getTokenString(), bearer.getToken(), null, null, null);
final KeycloakPrincipal principal = new KeycloakPrincipal(bearer.getToken().getSubject(), session);
completeBearerAuthentication(principal, session); completeBearerAuthentication(principal, session);
} }

3
integration/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsBearerTokenFilter.java
View file

@ -73,9 +73,8 @@ public class JaxrsBearerTokenFilter implements ContainerRequestFilter {
AccessToken token = RSATokenVerifier.verifyToken(tokenString, realmPublicKey, realm); AccessToken token = RSATokenVerifier.verifyToken(tokenString, realmPublicKey, realm);
KeycloakSecurityContext skSession = new KeycloakSecurityContext(tokenString, token, null, null); KeycloakSecurityContext skSession = new KeycloakSecurityContext(tokenString, token, null, null);
ResteasyProviderFactory.pushContext(KeycloakSecurityContext.class, skSession); ResteasyProviderFactory.pushContext(KeycloakSecurityContext.class, skSession);
String callerPrincipal = securityContext.getUserPrincipal() != null ? securityContext.getUserPrincipal().getName() : null;
final KeycloakPrincipal principal = new KeycloakPrincipal(token.getSubject(), callerPrincipal); final KeycloakPrincipal principal = new KeycloakPrincipal(token.getSubject(), skSession);
final boolean isSecure = securityContext.isSecure(); final boolean isSecure = securityContext.isSecure();
final AccessToken.Access access; final AccessToken.Access access;
if (resourceName != null) { if (resourceName != null) {