Adding a instance of HttpComponentsClientHttpRequestFactory that supports the embedded servlet container auth pattern

2017-07-07 23:31:52 -05:00 · 2017-07-07 23:31:52 -05:00 · e99b08c6da
commit e99b08c6da
parent cff8a1ecc6
3 changed files with 149 additions and 1 deletions
--- a/adapters/oidc/spring-boot/pom.xml
+++ b/adapters/oidc/spring-boot/pom.xml
@ -32,6 +32,8 @@

  <properties>
    <spring-boot.version>1.3.0.RELEASE</spring-boot.version>
+    <spring.version>4.1.6.RELEASE</spring.version>
+    <mockito.version>1.9.5</mockito.version>
  </properties>

  <dependencies>
@ -98,7 +100,19 @@
      <artifactId>junit</artifactId>
      <scope>test</scope>
    </dependency>
-     <dependency>
+    <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-test</artifactId>
+      <version>${spring.version}</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.mockito</groupId>
+      <artifactId>mockito-all</artifactId>
+      <version>${mockito.version}</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-configuration-processor</artifactId>
        <optional>true</optional>
--- a/adapters/oidc/spring-boot/src/main/java/org/keycloak/adapters/springboot/client/EmbeddedServletClientRequestFactory.java
+++ b/adapters/oidc/spring-boot/src/main/java/org/keycloak/adapters/springboot/client/EmbeddedServletClientRequestFactory.java
@ -0,0 +1,47 @@
+package org.keycloak.adapters.springboot.client;
+
+import org.keycloak.KeycloakPrincipal;
+import org.keycloak.KeycloakSecurityContext;
+import org.keycloak.adapters.springsecurity.client.KeycloakClientRequestFactory;
+import org.springframework.http.client.ClientHttpRequest;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import java.security.Principal;
+
+/**
+ * Factory for {@link ClientHttpRequest} objects created for server to server secured
+ * communication using OAuth2 bearer tokens issued by Keycloak.
+ *
+ * @author <a href="mailto:jmcshan1@gmail.com">James McShane</a>
+ * @version $Revision: 1 $
+ */
+public class EmbeddedServletClientRequestFactory extends KeycloakClientRequestFactory {
+
+    public EmbeddedServletClientRequestFactory() {
+        super();
+    }
+
+    /**
+     * Returns the {@link KeycloakSecurityContext} from the Spring {@link ServletRequestAttributes}'s {@link Principal}.
+     *
+     * The principal must support retrieval of the KeycloakSecurityContext, so at this point, only {@link KeycloakPrincipal}
+     * values are supported
+     *
+     * @return the current <code>KeycloakSecurityContext</code>
+     */
+    protected KeycloakSecurityContext getKeycloakSecurityContext() {
+        ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
+        Principal principal = attributes.getRequest().getUserPrincipal();
+        if (principal == null) {
+            throw new IllegalStateException("Cannot set authorization header because there is no authenticated principal");
+        }
+        if (!(principal instanceof KeycloakPrincipal)) {
+            throw new IllegalStateException(
+                    String.format(
+                            "Cannot set authorization header because the principal type %s does not provide the KeycloakSecurityContext",
+                            principal.getClass()));
+        }
+        return ((KeycloakPrincipal) principal).getKeycloakSecurityContext();
+    }
+}
--- a/adapters/oidc/spring-boot/src/test/java/org/keycloak/adapters/springboot/client/EmbeddedServletClientRequestFactoryTest.java
+++ b/adapters/oidc/spring-boot/src/test/java/org/keycloak/adapters/springboot/client/EmbeddedServletClientRequestFactoryTest.java
@ -0,0 +1,87 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.adapters.springboot.client;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.keycloak.KeycloakPrincipal;
+import org.keycloak.KeycloakSecurityContext;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+import org.mockito.Spy;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import java.security.Principal;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.mockito.Mockito.when;
+
+/**
+ * Keycloak spring boot client request factory tests.
+ */
+public class EmbeddedServletClientRequestFactoryTest {
+
+    @Spy
+    private EmbeddedServletClientRequestFactory factory;
+
+    private MockHttpServletRequest servletRequest;
+
+    @Mock
+    private KeycloakSecurityContext keycloakSecurityContext;
+
+    @Mock
+    private KeycloakPrincipal keycloakPrincipal;
+
+    @Before
+    public void setUp() {
+        MockitoAnnotations.initMocks(this);
+        servletRequest = new MockHttpServletRequest();
+        RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(servletRequest));
+        servletRequest.setUserPrincipal(keycloakPrincipal);
+        when(keycloakPrincipal.getKeycloakSecurityContext()).thenReturn(keycloakSecurityContext);
+    }
+
+    @Test
+    public void testGetKeycloakSecurityContext() throws Exception {
+        KeycloakSecurityContext context = factory.getKeycloakSecurityContext();
+        assertNotNull(context);
+        assertEquals(keycloakSecurityContext, context);
+    }
+
+    @Test(expected = IllegalStateException.class)
+    public void testGetKeycloakSecurityContextInvalidPrincipal() throws Exception {
+        servletRequest.setUserPrincipal(new MarkerPrincipal());
+        factory.getKeycloakSecurityContext();
+    }
+
+    @Test(expected = IllegalStateException.class)
+    public void testGetKeycloakSecurityContextNullAuthentication() throws Exception {
+        servletRequest.setUserPrincipal(null);
+        factory.getKeycloakSecurityContext();
+    }
+
+    private static class MarkerPrincipal implements Principal {
+        @Override
+        public String getName() {
+            return null;
+        }
+    }
+}