KEYCLOAK-2297

This commit is contained in:
Bill Burke 2016-02-02 12:28:50 -05:00
parent e2287188a8
commit d0b17a0aea
3 changed files with 33 additions and 4 deletions

View file

@ -10,6 +10,7 @@ import org.keycloak.adapters.OIDCHttpFacade;
import org.keycloak.adapters.OidcKeycloakAccount;
import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
import org.keycloak.adapters.RequestAuthenticator;
import org.keycloak.adapters.spi.KeycloakAccount;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
@ -68,13 +69,33 @@ public class FilterRequestAuthenticator extends RequestAuthenticator {
}
@Override
protected void completeBearerAuthentication(KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal, String method) {
RefreshableKeycloakSecurityContext securityContext = principal.getKeycloakSecurityContext();
Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext);
protected void completeBearerAuthentication(final KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal, String method) {
final RefreshableKeycloakSecurityContext securityContext = principal.getKeycloakSecurityContext();
final Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext);
if (log.isLoggable(Level.FINE)) {
log.fine("Completing bearer authentication. Bearer roles: " + roles);
}
request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext);
OidcKeycloakAccount account = new OidcKeycloakAccount() {
@Override
public Principal getPrincipal() {
return principal;
}
@Override
public Set<String> getRoles() {
return roles;
}
@Override
public KeycloakSecurityContext getKeycloakSecurityContext() {
return securityContext;
}
};
// need this here to obtain UserPrincipal
request.setAttribute(KeycloakAccount.class.getName(), account);
}
@Override

View file

@ -35,7 +35,10 @@ public class OIDCFilterSessionStore extends FilterSessionStore implements Adapte
public HttpServletRequestWrapper buildWrapper() {
HttpSession session = request.getSession();
KeycloakAccount account = (KeycloakAccount)session.getAttribute((KeycloakAccount.class.getName()));
KeycloakAccount account = (KeycloakAccount)session.getAttribute(KeycloakAccount.class.getName());
if (account == null) {
account = (KeycloakAccount)request.getAttribute(KeycloakAccount.class.getName());
}
return buildWrapper(session, account);
}

View file

@ -1,11 +1,14 @@
package org.keycloak.testsuite.adapter;
import org.junit.Assert;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.security.Principal;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@ -18,6 +21,8 @@ public class CustomerDatabaseServlet extends HttpServlet {
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
resp.setContentType("text/html");
PrintWriter pw = resp.getWriter();
Principal principal = req.getUserPrincipal();
Assert.assertNotNull(principal);
pw.printf("<html><head><title>%s</title></head><body>", "Customer Portal");
pw.println("Stian Thorgersen");
pw.println("Bill Burke");