add bearer auth
This commit is contained in:
parent
7f127691b2
commit
5d1b780413
4 changed files with 49 additions and 6 deletions
20
src/main/java/sh/libre/scim/core/BearerAuthentication.java
Normal file
20
src/main/java/sh/libre/scim/core/BearerAuthentication.java
Normal file
|
@ -0,0 +1,20 @@
|
|||
package sh.libre.scim.core;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.ws.rs.client.ClientRequestContext;
|
||||
import javax.ws.rs.client.ClientRequestFilter;
|
||||
|
||||
public class BearerAuthentication implements ClientRequestFilter {
|
||||
private final String token;
|
||||
|
||||
BearerAuthentication(String token) {
|
||||
this.token = token;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void filter(ClientRequestContext requestContext) throws IOException {
|
||||
requestContext.getHeaders().add("Authorization", "Bearer " + this.token);
|
||||
|
||||
}
|
||||
}
|
|
@ -19,6 +19,7 @@ import javax.ws.rs.client.Client;
|
|||
|
||||
import org.jboss.logging.Logger;
|
||||
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
|
||||
import org.keycloak.component.ComponentModel;
|
||||
import org.keycloak.connections.jpa.JpaConnectionProvider;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.UserModel;
|
||||
|
@ -33,13 +34,21 @@ public class ScimClient {
|
|||
final private String name;
|
||||
final private KeycloakSession session;
|
||||
final private String contentType;
|
||||
final private String authMode;
|
||||
final private String bearerToken;
|
||||
|
||||
public ScimClient(String name, String url, String contentType, KeycloakSession session) {
|
||||
this.name = name;
|
||||
this.contentType = contentType;
|
||||
public ScimClient(ComponentModel model, KeycloakSession session) {
|
||||
this.name = model.getName();
|
||||
this.contentType = model.get("content-type");
|
||||
this.authMode = model.get("auth-mode");
|
||||
this.bearerToken = model.get("auth-bearer-token");
|
||||
|
||||
this.session = session;
|
||||
var target = client.target(url);
|
||||
var target = client.target(model.get("endpoint"));
|
||||
if (this.authMode.equals("BEARER")) {
|
||||
target = target.register(new BearerAuthentication(this.bearerToken));
|
||||
}
|
||||
|
||||
scimService = new ScimService(target);
|
||||
|
||||
RetryConfig retryConfig = RetryConfig.custom()
|
||||
|
@ -92,7 +101,7 @@ public class ScimClient {
|
|||
}
|
||||
});
|
||||
} catch (NoResultException e) {
|
||||
LOGGER.warnf("Failde to repalce user %s, scim mapping not found", kcUser.getId());
|
||||
LOGGER.warnf("Failed to repalce user %s, scim mapping not found", kcUser.getId());
|
||||
} catch (Exception e) {
|
||||
LOGGER.error(e);
|
||||
}
|
||||
|
|
|
@ -21,7 +21,7 @@ public class ScimDispatcher {
|
|||
})
|
||||
.forEach(m -> {
|
||||
LOGGER.infof("%s %s %s %s", m.getId(), m.getName(), m.getProviderId(), m.getProviderType());
|
||||
var client = new ScimClient(m.getName(), m.get("endpoint"), m.get("content-type"), session);
|
||||
var client = new ScimClient(m, session);
|
||||
try {
|
||||
f.accept(client);
|
||||
} finally {
|
||||
|
|
|
@ -32,6 +32,20 @@ public class ScimStorageProviderFactory implements UserStorageProviderFactory<Sc
|
|||
.options(MediaType.APPLICATION_JSON.toString(), ScimService.MEDIA_TYPE_SCIM_TYPE.toString())
|
||||
.defaultValue(ScimService.MEDIA_TYPE_SCIM_TYPE.toString())
|
||||
.add()
|
||||
.property()
|
||||
.name("auth-mode")
|
||||
.type(ProviderConfigProperty.LIST_TYPE)
|
||||
.label("Auth mode")
|
||||
.helpText("Select the authorization mode")
|
||||
.options("NONE", "BEARER")
|
||||
.defaultValue("NONE")
|
||||
.add()
|
||||
.property()
|
||||
.name("auth-bearer-token")
|
||||
.type(ProviderConfigProperty.PASSWORD)
|
||||
.label("Bearer token")
|
||||
.helpText("Add a bearer token in the authorization header")
|
||||
.add()
|
||||
.build();
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue