add bearer auth

This commit is contained in:
Hugo Renard 2022-02-16 14:00:24 +01:00
parent 7f127691b2
commit 5d1b780413
Signed by: hougo
GPG key ID: 3A285FD470209C59
4 changed files with 49 additions and 6 deletions

View file

@ -0,0 +1,20 @@
package sh.libre.scim.core;
import java.io.IOException;
import javax.ws.rs.client.ClientRequestContext;
import javax.ws.rs.client.ClientRequestFilter;
public class BearerAuthentication implements ClientRequestFilter {
private final String token;
BearerAuthentication(String token) {
this.token = token;
}
@Override
public void filter(ClientRequestContext requestContext) throws IOException {
requestContext.getHeaders().add("Authorization", "Bearer " + this.token);
}
}

View file

@ -19,6 +19,7 @@ import javax.ws.rs.client.Client;
import org.jboss.logging.Logger;
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
import org.keycloak.component.ComponentModel;
import org.keycloak.connections.jpa.JpaConnectionProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.UserModel;
@ -33,13 +34,21 @@ public class ScimClient {
final private String name;
final private KeycloakSession session;
final private String contentType;
final private String authMode;
final private String bearerToken;
public ScimClient(String name, String url, String contentType, KeycloakSession session) {
this.name = name;
this.contentType = contentType;
public ScimClient(ComponentModel model, KeycloakSession session) {
this.name = model.getName();
this.contentType = model.get("content-type");
this.authMode = model.get("auth-mode");
this.bearerToken = model.get("auth-bearer-token");
this.session = session;
var target = client.target(url);
var target = client.target(model.get("endpoint"));
if (this.authMode.equals("BEARER")) {
target = target.register(new BearerAuthentication(this.bearerToken));
}
scimService = new ScimService(target);
RetryConfig retryConfig = RetryConfig.custom()
@ -92,7 +101,7 @@ public class ScimClient {
}
});
} catch (NoResultException e) {
LOGGER.warnf("Failde to repalce user %s, scim mapping not found", kcUser.getId());
LOGGER.warnf("Failed to repalce user %s, scim mapping not found", kcUser.getId());
} catch (Exception e) {
LOGGER.error(e);
}

View file

@ -21,7 +21,7 @@ public class ScimDispatcher {
})
.forEach(m -> {
LOGGER.infof("%s %s %s %s", m.getId(), m.getName(), m.getProviderId(), m.getProviderType());
var client = new ScimClient(m.getName(), m.get("endpoint"), m.get("content-type"), session);
var client = new ScimClient(m, session);
try {
f.accept(client);
} finally {

View file

@ -32,6 +32,20 @@ public class ScimStorageProviderFactory implements UserStorageProviderFactory<Sc
.options(MediaType.APPLICATION_JSON.toString(), ScimService.MEDIA_TYPE_SCIM_TYPE.toString())
.defaultValue(ScimService.MEDIA_TYPE_SCIM_TYPE.toString())
.add()
.property()
.name("auth-mode")
.type(ProviderConfigProperty.LIST_TYPE)
.label("Auth mode")
.helpText("Select the authorization mode")
.options("NONE", "BEARER")
.defaultValue("NONE")
.add()
.property()
.name("auth-bearer-token")
.type(ProviderConfigProperty.PASSWORD)
.label("Bearer token")
.helpText("Add a bearer token in the authorization header")
.add()
.build();
}