Fixes to login module
This commit is contained in:
mposolda
parent
4ebca3ca43
commit
b08930961f
1 changed files with 16 additions and 17 deletions
|
|
@ -25,6 +25,7 @@ import org.keycloak.RSATokenVerifier;
|
||||||
import org.keycloak.VerificationException;
|
import org.keycloak.VerificationException;
|
||||||
import org.keycloak.constants.GenericConstants;
|
import org.keycloak.constants.GenericConstants;
|
||||||
import org.keycloak.representations.AccessToken;
|
import org.keycloak.representations.AccessToken;
|
||||||
|
import org.keycloak.representations.adapters.config.AdapterConfig;
|
||||||
import org.keycloak.util.PemUtils;
|
import org.keycloak.util.PemUtils;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -83,19 +84,15 @@ public class BearerTokenLoginModule implements LoginModule {
|
||||||
}
|
}
|
||||||
String principalAttribute = (String) options.get(PRINCIPAL_ATTRIBUTE_OPTION);
|
String principalAttribute = (String) options.get(PRINCIPAL_ATTRIBUTE_OPTION);
|
||||||
|
|
||||||
kd = new KeycloakDeployment();
|
AdapterConfig cfg = new AdapterConfig();
|
||||||
kd.setRealm(realm);
|
cfg.setRealm(realm);
|
||||||
kd.setResourceName(resource);
|
cfg.setResource(resource);
|
||||||
kd.setUseResourceRoleMappings(useResourceRoleMappings);
|
cfg.setUseResourceRoleMappings(useResourceRoleMappings);
|
||||||
kd.setPrincipalAttribute(principalAttribute);
|
cfg.setAuthServerUrl(authServerUrl);
|
||||||
if (publicKey != null) {
|
cfg.setBearerOnly(true);
|
||||||
try {
|
cfg.setPrincipalAttribute(principalAttribute);
|
||||||
PublicKey pk = PemUtils.decodePublicKey(publicKey);
|
cfg.setRealmKey(publicKey);
|
||||||
kd.setRealmKey(pk);
|
kd = KeycloakDeploymentBuilder.build(cfg);
|
||||||
} catch (Exception e) {
|
|
||||||
throw new RuntimeException(e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (kd.getRealmKey() == null) {
|
if (kd.getRealmKey() == null) {
|
||||||
|
|
@ -166,7 +163,7 @@ public class BearerTokenLoginModule implements LoginModule {
|
||||||
}
|
}
|
||||||
|
|
||||||
protected Auth bearerAuth(String username, String tokenString) throws VerificationException {
|
protected Auth bearerAuth(String username, String tokenString) throws VerificationException {
|
||||||
if ("Bearer".equalsIgnoreCase(username)) {
|
if (!"Bearer".equalsIgnoreCase(username)) {
|
||||||
log.fine("Username is expected to be bearer but is " + username + ". Ignoring login module");
|
log.fine("Username is expected to be bearer but is " + username + ". Ignoring login module");
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
@ -198,10 +195,12 @@ public class BearerTokenLoginModule implements LoginModule {
|
||||||
|
|
||||||
this.subject.getPrincipals().add(auth.getPrincipal());
|
this.subject.getPrincipals().add(auth.getPrincipal());
|
||||||
this.subject.getPrivateCredentials().add(auth.getTokenString());
|
this.subject.getPrivateCredentials().add(auth.getTokenString());
|
||||||
|
if (auth.getRoles() != null) {
|
||||||
for (String roleName : auth.getRoles()) {
|
for (String roleName : auth.getRoles()) {
|
||||||
RolePrincipal rolePrinc = new RolePrincipal(roleName);
|
RolePrincipal rolePrinc = new RolePrincipal(roleName);
|
||||||
this.subject.getPrincipals().add(rolePrinc);
|
this.subject.getPrincipals().add(rolePrinc);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue