KEYCLOAK-2297

adapters/oidc/servlet-filter/src/main/java/org/keycloak/adapters/servlet/FilterRequestAuthenticator.java

@@ -10,6 +10,7 @@ import org.keycloak.adapters.OIDCHttpFacade;
 import org.keycloak.adapters.OidcKeycloakAccount;
 import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
 import org.keycloak.adapters.RequestAuthenticator;
+import org.keycloak.adapters.spi.KeycloakAccount;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
@@ -68,13 +69,33 @@ public class FilterRequestAuthenticator extends RequestAuthenticator {
     }
 
     @Override
-    protected void completeBearerAuthentication(KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal, String method) {
-        RefreshableKeycloakSecurityContext securityContext = principal.getKeycloakSecurityContext();
-        Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext);
+    protected void completeBearerAuthentication(final KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal, String method) {
+        final RefreshableKeycloakSecurityContext securityContext = principal.getKeycloakSecurityContext();
+        final Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext);
         if (log.isLoggable(Level.FINE)) {
             log.fine("Completing bearer authentication. Bearer roles: " + roles);
         }
         request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext);
+        OidcKeycloakAccount account = new OidcKeycloakAccount() {
+
+            @Override
+            public Principal getPrincipal() {
+                return principal;
+            }
+
+            @Override
+            public Set<String> getRoles() {
+                return roles;
+            }
+
+            @Override
+            public KeycloakSecurityContext getKeycloakSecurityContext() {
+                return securityContext;
+            }
+
+        };
+        // need this here to obtain UserPrincipal
+        request.setAttribute(KeycloakAccount.class.getName(), account);
     }
 
     @Override

adapters/oidc/servlet-filter/src/main/java/org/keycloak/adapters/servlet/OIDCFilterSessionStore.java

@@ -35,7 +35,10 @@ public class OIDCFilterSessionStore extends FilterSessionStore implements Adapte
 
     public HttpServletRequestWrapper buildWrapper() {
         HttpSession session = request.getSession();
-        KeycloakAccount account = (KeycloakAccount)session.getAttribute((KeycloakAccount.class.getName()));
+        KeycloakAccount account = (KeycloakAccount)session.getAttribute(KeycloakAccount.class.getName());
+        if (account == null) {
+            account = (KeycloakAccount)request.getAttribute(KeycloakAccount.class.getName());
+        }
         return buildWrapper(session, account);
     }
 

testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CustomerDatabaseServlet.java

@@ -1,11 +1,14 @@
 package org.keycloak.testsuite.adapter;
 
+import org.junit.Assert;
+
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.io.PrintWriter;
+import java.security.Principal;
 
 /**
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@@ -18,6 +21,8 @@ public class CustomerDatabaseServlet extends HttpServlet {
     protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
         resp.setContentType("text/html");
         PrintWriter pw = resp.getWriter();
+        Principal principal = req.getUserPrincipal();
+        Assert.assertNotNull(principal);
         pw.printf("<html><head><title>%s</title></head><body>", "Customer Portal");
         pw.println("Stian Thorgersen");
         pw.println("Bill Burke");