org.keycloak.KeycloakSecurityContext - java examples

Here are the examples of the java api org.keycloak.KeycloakSecurityContext taken from open source projects. By voting up you can indicate which examples are most useful and appropriate.

83 Examples 7

19 View Complete Implementation : Identity.java
Copyright Apache License 2.0
Author : keycloak
/**
 * <p>This is a simple facade to obtain information from authenticated users. You should see usages of instances of this clreplaced when
 * rendering the home page (@code home.ftl).
 *
 * <p>Instances of this clreplaced are are added to models as attributes in order to make them available to templates.
 *
 * @author <a href="mailto:[email protected]">Pedro Igor</a>
 * @see org.keycloak.quickstart.springboot.web.ApplicationController
 */
public clreplaced Idenreplacedy {

    private final KeycloakSecurityContext securityContext;

    public Idenreplacedy(KeycloakSecurityContext securityContext) {
        this.securityContext = securityContext;
    }

    /**
     * An example on how you can use the {@link org.keycloak.AuthorizationContext} to check for permissions granted by Keycloak for a particular user.
     *
     * @param name the name of the resource
     * @return true if user has was granted with a permission for the given resource. Otherwise, false.
     */
    public boolean hasResourcePermission(String name) {
        return getAuthorizationContext().hasResourcePermission(name);
    }

    /**
     * An example on how you can use {@link KeycloakSecurityContext} to obtain information about user's idenreplacedy.
     *
     * @return the user name
     */
    public String getName() {
        return securityContext.getIdToken().getPreferredUsername();
    }

    /**
     * An example on how you can use the {@link org.keycloak.AuthorizationContext} to obtain all permissions granted for a particular user.
     *
     * @return
     */
    public List<Permission> getPermissions() {
        return getAuthorizationContext().getPermissions();
    }

    /**
     * Returns a {@link AuthorizationContext} instance holding all permissions granted for an user. The instance is build based on
     * the permissions returned by Keycloak. For this particular application, we use the Enreplacedlement API to obtain permissions for every single
     * resource on the server.
     *
     * @return
     */
    private AuthorizationContext getAuthorizationContext() {
        return securityContext.getAuthorizationContext();
    }
}

19 View Complete Implementation : BearerHeaderAdder.java
Copyright Apache License 2.0
Author : thorntail
@Override
public void onExecutionSuccess(ExecutionContext<HttpClientRequest<ByteBuf>> context, HttpClientResponse<ByteBuf> response, ExecutionInfo info) {
    KeycloakSecurityContext securityContext = (KeycloakSecurityContext) context.get(KeycloakSecurityContextreplacedociation.clreplaced.getName());
    if (securityContext != null) {
        KeycloakSecurityContextreplacedociation.replacedociate(securityContext);
    } else {
        KeycloakSecurityContextreplacedociation.disreplacedociate();
    }
}

19 View Complete Implementation : KeycloakSecurityContextClientRequestInterceptorTest.java
Copyright Apache License 2.0
Author : keycloak
@Test
public void testGetKeycloakSecurityContext() throws Exception {
    KeycloakSecurityContext context = factory.getKeycloakSecurityContext();
    replacedertNotNull(context);
    replacedertEquals(keycloakSecurityContext, context);
}

19 View Complete Implementation : Identity.java
Copyright Apache License 2.0
Author : keycloak
/**
 * <p>This is a simple facade to obtain information from authenticated users. You should see usages of instances of this clreplaced when
 * rendering the home page (@code home.ftl).
 *
 * <p>Instances of this clreplaced are are added to models as attributes in order to make them available to templates.
 *
 * @author <a href="mailto:[email protected]">Pedro Igor</a>
 * @see org.keycloak.quickstart.springboot.web.ApplicationController
 */
public clreplaced Idenreplacedy {

    private final KeycloakSecurityContext securityContext;

    public Idenreplacedy(KeycloakSecurityContext securityContext) {
        this.securityContext = securityContext;
    }

    /**
     * An example on how you can use the {@link AuthorizationContext} to check for permissions granted by Keycloak for a particular user.
     *
     * @param name the name of the resource
     * @return true if user has was granted with a permission for the given resource. Otherwise, false.
     */
    public boolean hasResourcePermission(String name) {
        return getAuthorizationContext().hasResourcePermission(name);
    }

    /**
     * An example on how you can use {@link KeycloakSecurityContext} to obtain information about user's idenreplacedy.
     *
     * @return the user name
     */
    public String getName() {
        return securityContext.getIdToken().getPreferredUsername();
    }

    /**
     * An example on how you can use the {@link AuthorizationContext} to obtain all permissions granted for a particular user.
     *
     * @return
     */
    public List<Permission> getPermissions() {
        return getAuthorizationContext().getPermissions();
    }

    /**
     * Returns a {@link AuthorizationContext} instance holding all permissions granted for an user. The instance is build based on
     * the permissions returned by Keycloak. For this particular application, we use the Enreplacedlement API to obtain permissions for every single
     * resource on the server.
     *
     * @return
     */
    private AuthorizationContext getAuthorizationContext() {
        return securityContext.getAuthorizationContext();
    }
}

19 View Complete Implementation : BearerHeaderAdder.java
Copyright Apache License 2.0
Author : thorntail
@Override
public void onExecutionFailed(ExecutionContext<HttpClientRequest<ByteBuf>> context, Throwable finalException, ExecutionInfo info) {
    KeycloakSecurityContext securityContext = (KeycloakSecurityContext) context.get(KeycloakSecurityContextreplacedociation.clreplaced.getName());
    if (securityContext != null) {
        KeycloakSecurityContextreplacedociation.replacedociate(securityContext);
    } else {
        KeycloakSecurityContextreplacedociation.disreplacedociate();
    }
}

19 View Complete Implementation : KeycloakSecurityContextAssociation.java
Copyright Apache License 2.0
Author : thorntail
public static void replacedociate(KeycloakSecurityContext context) {
    SECURITY_CONTEXT.set(context);
}

19 View Complete Implementation : KCAdapterContextTokenManager.java
Copyright Apache License 2.0
Author : kiegroup
protected KeycloakSecurityContext getKCSessionContext() {
    KeycloakSecurityContext context = null;
    context = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.clreplaced.getName());
    if (context == null) {
        context = (KeycloakSecurityContext) request.getSession().getAttribute(KeycloakSecurityContext.clreplaced.getName());
    }
    return context;
}

19 View Complete Implementation : KeycloakSecurityContextClientRequestInterceptor.java
Copyright Apache License 2.0
Author : keycloak
@Override
public ClientHttpResponse intercept(HttpRequest httpRequest, byte[] bytes, ClientHttpRequestExecution clientHttpRequestExecution) throws IOException {
    KeycloakSecurityContext context = this.getKeycloakSecurityContext();
    httpRequest.getHeaders().set(AUTHORIZATION_HEADER, "Bearer " + context.getTokenString());
    return clientHttpRequestExecution.execute(httpRequest, bytes);
}

19 View Complete Implementation : BearerHeaderAdder.java
Copyright Apache License 2.0
Author : thorntail
@Override
public void onExceptionWithServer(ExecutionContext<HttpClientRequest<ByteBuf>> context, Throwable exception, ExecutionInfo info) {
    KeycloakSecurityContext securityContext = (KeycloakSecurityContext) context.get(KeycloakSecurityContextreplacedociation.clreplaced.getName());
    if (securityContext != null) {
        KeycloakSecurityContextreplacedociation.replacedociate(securityContext);
    } else {
        KeycloakSecurityContextreplacedociation.disreplacedociate();
    }
}

19 View Complete Implementation : JaxrsHttpFacade.java
Copyright Apache License 2.0
Author : hammock-project
void setSecurityContext(KeycloakSecurityContext securityContext) {
    this.keycloakSecurityContext = securityContext;
}

19 View Complete Implementation : JaxrsHttpFacade.java
Copyright Apache License 2.0
Author : hammock-project
/**
 * @author <a href="mailto:[email protected]">Marek Posolda</a>
 */
public clreplaced JaxrsHttpFacade implements OIDCHttpFacade {

    private final ContainerRequestContext requestContext;

    private final SecurityContext securityContext;

    private final RequestFacade requestFacade = new RequestFacade();

    private final ResponseFacade responseFacade = new ResponseFacade();

    private KeycloakSecurityContext keycloakSecurityContext;

    private boolean responseFinished;

    JaxrsHttpFacade(ContainerRequestContext containerRequestContext, SecurityContext securityContext) {
        this.requestContext = containerRequestContext;
        this.securityContext = securityContext;
    }

    protected clreplaced RequestFacade implements OIDCHttpFacade.Request {

        @Override
        public String getFirstParam(String param) {
            throw new RuntimeException("NOT IMPLEMENTED");
        }

        @Override
        public String getMethod() {
            return requestContext.getMethod();
        }

        @Override
        public String getURI() {
            return requestContext.getUriInfo().getRequestUri().toString();
        }

        @Override
        public String getRelativePath() {
            return requestContext.getUriInfo().getPath();
        }

        @Override
        public boolean isSecure() {
            return securityContext.isSecure();
        }

        @Override
        public String getQueryParamValue(String param) {
            MultivaluedMap<String, String> queryParams = requestContext.getUriInfo().getQueryParameters();
            if (queryParams == null)
                return null;
            return queryParams.getFirst(param);
        }

        @Override
        public HttpFacade.Cookie getCookie(String cookieName) {
            Map<String, javax.ws.rs.core.Cookie> cookies = requestContext.getCookies();
            if (cookies == null)
                return null;
            javax.ws.rs.core.Cookie cookie = cookies.get(cookieName);
            if (cookie == null)
                return null;
            return new HttpFacade.Cookie(cookie.getName(), cookie.getValue(), cookie.getVersion(), cookie.getDomain(), cookie.getPath());
        }

        @Override
        public String getHeader(String name) {
            return requestContext.getHeaderString(name);
        }

        @Override
        public List<String> getHeaders(String name) {
            MultivaluedMap<String, String> headers = requestContext.getHeaders();
            return (headers == null) ? null : headers.get(name);
        }

        @Override
        public InputStream getInputStream() {
            return requestContext.getEnreplacedyStream();
        }

        @Override
        public String getRemoteAddr() {
            // TODO: implement properly
            return HostUtils.getIpAddress();
        }

        @Override
        public void setError(AuthenticationError error) {
            requestContext.setProperty(AuthenticationError.clreplaced.getName(), error);
        }

        @Override
        public void setError(LogoutError error) {
            requestContext.setProperty(LogoutError.clreplaced.getName(), error);
        }
    }

    protected clreplaced ResponseFacade implements OIDCHttpFacade.Response {

        private javax.ws.rs.core.Response.ResponseBuilder responseBuilder = javax.ws.rs.core.Response.status(204);

        @Override
        public void setStatus(int status) {
            responseBuilder.status(status);
        }

        @Override
        public void addHeader(String name, String value) {
            responseBuilder.header(name, value);
        }

        @Override
        public void setHeader(String name, String value) {
            responseBuilder.header(name, value);
        }

        @Override
        public void resetCookie(String name, String path) {
            // For now doesn't need to be supported
            throw new IllegalStateException("Not supported yet");
        }

        @Override
        public void setCookie(String name, String value, String path, String domain, int maxAge, boolean secure, boolean httpOnly) {
            // For now doesn't need to be supported
            throw new IllegalStateException("Not supported yet");
        }

        @Override
        public OutputStream getOutputStream() {
            // For now doesn't need to be supported
            throw new IllegalStateException("Not supported yet");
        }

        @Override
        public void sendError(int code) {
            javax.ws.rs.core.Response response = responseBuilder.status(code).build();
            requestContext.abortWith(response);
            responseFinished = true;
        }

        @Override
        public void sendError(int code, String message) {
            javax.ws.rs.core.Response response = responseBuilder.status(code).enreplacedy(message).build();
            requestContext.abortWith(response);
            responseFinished = true;
        }

        @Override
        public void end() {
            javax.ws.rs.core.Response response = responseBuilder.build();
            requestContext.abortWith(response);
            responseFinished = true;
        }
    }

    @Override
    public KeycloakSecurityContext getSecurityContext() {
        return keycloakSecurityContext;
    }

    void setSecurityContext(KeycloakSecurityContext securityContext) {
        this.keycloakSecurityContext = securityContext;
    }

    @Override
    public HttpFacade.Request getRequest() {
        return requestFacade;
    }

    @Override
    public HttpFacade.Response getResponse() {
        return responseFacade;
    }

    @Override
    public X509Certificate[] getCertificateChain() {
        throw new IllegalStateException("Not supported yet");
    }

    boolean isResponseFinished() {
        return responseFinished;
    }
}

19 View Complete Implementation : BearerHeaderAdder.java
Copyright Apache License 2.0
Author : thorntail
@Override
public void onStartWithServer(ExecutionContext<HttpClientRequest<ByteBuf>> context, ExecutionInfo info) throws AbortExecutionException {
    KeycloakSecurityContext securityContext = KeycloakSecurityContextreplacedociation.get();
    if (securityContext != null) {
        HttpClientRequest<ByteBuf> request = context.getRequest();
        request.withHeader("Authorization", "Bearer " + securityContext.getTokenString());
        context.put(KeycloakSecurityContextreplacedociation.clreplaced.getName(), securityContext);
    } else {
        KeycloakSecurityContextreplacedociation.disreplacedociate();
    }
}

19 View Complete Implementation : KeycloakClientRequestFactory.java
Copyright Apache License 2.0
Author : keycloak
@Override
protected void postProcessHttpRequest(HttpUriRequest request) {
    KeycloakSecurityContext context = this.getKeycloakSecurityContext();
    request.setHeader(AUTHORIZATION_HEADER, "Bearer " + context.getTokenString());
}

19 View Complete Implementation : JaxrsHttpFacade.java
Copyright Apache License 2.0
Author : keycloak
public void setSecurityContext(KeycloakSecurityContext securityContext) {
    this.keycloakSecurityContext = securityContext;
}

19 View Complete Implementation : KeycloakSecurityContextAssociation.java
Copyright Apache License 2.0
Author : wildfly-swarm-archive
public static KeycloakSecurityContext get() {
    KeycloakSecurityContext context = SECURITY_CONTEXT.get();
    return context;
}

18 View Complete Implementation : AbstractKeycloakAuthenticator.java
Copyright Apache License 2.0
Author : ahus1
@Override
public Optional<P> authenticate(HttpServletRequest request) throws AuthenticationException {
    KeycloakSecurityContext securityContext = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.clreplaced.getName());
    if (securityContext != null) {
        return Optional.ofNullable(prepareAuthentication(securityContext, request, keycloakConfiguration));
    } else {
        return Optional.empty();
    }
}

18 View Complete Implementation : AbstractKeycloakAuthenticator.java
Copyright Apache License 2.0
Author : ahus1
protected abstract P prepareAuthentication(KeycloakSecurityContext securityContext, HttpServletRequest request, KeycloakConfiguration keycloakConfiguration);

18 View Complete Implementation : UserKeycloakImpl.java
Copyright Apache License 2.0
Author : canoo
@API(since = "0.19.0", status = INTERNAL)
public clreplaced UserKeycloakImpl implements User {

    private final KeycloakSecurityContext keycloakSecurityContext;

    public UserKeycloakImpl(KeycloakSecurityContext keycloakSecurityContext) {
        this.keycloakSecurityContext = replacedert.requireNonNull(keycloakSecurityContext, "keycloakSecurityContext");
    }

    @Override
    public Set<String> getRoles() {
        return Collections.unmodifiableSet(keycloakSecurityContext.getToken().getRealmAccess().getRoles());
    }

    @Override
    public String getEmail() {
        return keycloakSecurityContext.getToken().getEmail();
    }

    @Override
    public String getUserName() {
        return keycloakSecurityContext.getToken().getPreferredUsername();
    }

    @Override
    public String getFirstName() {
        return keycloakSecurityContext.getToken().getGivenName();
    }

    @Override
    public String getLastName() {
        return keycloakSecurityContext.getToken().getFamilyName();
    }

    @Override
    public String toString() {
        return "User " + getUserName() + " [first name:" + getFirstName() + ", last name:" + getLastName() + ", mail:" + getEmail() + "] Roles:" + getRoles().stream().reduce("", (a, b) -> a + ", " + b);
    }
}

18 View Complete Implementation : KeycloakRequestInterceptor.java
Copyright Apache License 2.0
Author : eacdy
@Override
public void apply(RequestTemplate template) {
    ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
    replacedert attributes != null;
    Principal principal = attributes.getRequest().getUserPrincipal();
    if (principal instanceof KeycloakPrincipal) {
        KeycloakSecurityContext keycloakSecurityContext = ((KeycloakPrincipal) principal).getKeycloakSecurityContext();
        if (keycloakSecurityContext instanceof RefreshableKeycloakSecurityContext) {
            ((RefreshableKeycloakSecurityContext) keycloakSecurityContext).refreshExpiredToken(true);
            template.header(AUTHORIZATION_HEADER, "Bearer " + keycloakSecurityContext.getTokenString());
        }
    }
// 否则啥都不干
}

18 View Complete Implementation : JaxrsHttpFacade.java
Copyright Apache License 2.0
Author : keycloak
/**
 * @author <a href="mailto:[email protected]">Marek Posolda</a>
 * @deprecated Clreplaced is deprecated and may be removed in the future. If you want to maintain this clreplaced for Keycloak community, please
 * contact Keycloak team on keycloak-dev mailing list. You can fork it into your github repository and
 * Keycloak team will reference it from "Keycloak Extensions" page.
 */
@Deprecated
public clreplaced JaxrsHttpFacade implements OIDCHttpFacade {

    protected final ContainerRequestContext requestContext;

    protected final SecurityContext securityContext;

    protected final RequestFacade requestFacade = new RequestFacade();

    protected final ResponseFacade responseFacade = new ResponseFacade();

    protected KeycloakSecurityContext keycloakSecurityContext;

    protected boolean responseFinished;

    public JaxrsHttpFacade(ContainerRequestContext containerRequestContext, SecurityContext securityContext) {
        this.requestContext = containerRequestContext;
        this.securityContext = securityContext;
    }

    protected clreplaced RequestFacade implements OIDCHttpFacade.Request {

        private InputStream inputStream;

        @Override
        public String getFirstParam(String param) {
            throw new RuntimeException("NOT IMPLEMENTED");
        }

        @Override
        public String getMethod() {
            return requestContext.getMethod();
        }

        @Override
        public String getURI() {
            return requestContext.getUriInfo().getRequestUri().toString();
        }

        @Override
        public String getRelativePath() {
            return requestContext.getUriInfo().getPath();
        }

        @Override
        public boolean isSecure() {
            return securityContext.isSecure();
        }

        @Override
        public String getQueryParamValue(String param) {
            MultivaluedMap<String, String> queryParams = requestContext.getUriInfo().getQueryParameters();
            if (queryParams == null)
                return null;
            return queryParams.getFirst(param);
        }

        @Override
        public Cookie getCookie(String cookieName) {
            Map<String, javax.ws.rs.core.Cookie> cookies = requestContext.getCookies();
            if (cookies == null)
                return null;
            javax.ws.rs.core.Cookie cookie = cookies.get(cookieName);
            if (cookie == null)
                return null;
            return new Cookie(cookie.getName(), cookie.getValue(), cookie.getVersion(), cookie.getDomain(), cookie.getPath());
        }

        @Override
        public String getHeader(String name) {
            return requestContext.getHeaderString(name);
        }

        @Override
        public List<String> getHeaders(String name) {
            MultivaluedMap<String, String> headers = requestContext.getHeaders();
            return (headers == null) ? null : headers.get(name);
        }

        @Override
        public InputStream getInputStream() {
            return getInputStream(false);
        }

        @Override
        public InputStream getInputStream(boolean buffered) {
            if (inputStream != null) {
                return inputStream;
            }
            if (buffered) {
                return inputStream = new BufferedInputStream(requestContext.getEnreplacedyStream());
            }
            return requestContext.getEnreplacedyStream();
        }

        @Override
        public String getRemoteAddr() {
            // TODO: implement properly
            return HostUtils.getIpAddress();
        }

        @Override
        public void setError(AuthenticationError error) {
            requestContext.setProperty(AuthenticationError.clreplaced.getName(), error);
        }

        @Override
        public void setError(LogoutError error) {
            requestContext.setProperty(LogoutError.clreplaced.getName(), error);
        }
    }

    protected clreplaced ResponseFacade implements OIDCHttpFacade.Response {

        private javax.ws.rs.core.Response.ResponseBuilder responseBuilder = javax.ws.rs.core.Response.status(204);

        @Override
        public void setStatus(int status) {
            responseBuilder.status(status);
        }

        @Override
        public void addHeader(String name, String value) {
            responseBuilder.header(name, value);
        }

        @Override
        public void setHeader(String name, String value) {
            responseBuilder.header(name, value);
        }

        @Override
        public void resetCookie(String name, String path) {
            // For now doesn't need to be supported
            throw new IllegalStateException("Not supported yet");
        }

        @Override
        public void setCookie(String name, String value, String path, String domain, int maxAge, boolean secure, boolean httpOnly) {
            // For now doesn't need to be supported
            throw new IllegalStateException("Not supported yet");
        }

        @Override
        public OutputStream getOutputStream() {
            // For now doesn't need to be supported
            throw new IllegalStateException("Not supported yet");
        }

        @Override
        public void sendError(int code) {
            javax.ws.rs.core.Response response = responseBuilder.status(code).build();
            requestContext.abortWith(response);
            responseFinished = true;
        }

        @Override
        public void sendError(int code, String message) {
            javax.ws.rs.core.Response response = responseBuilder.status(code).enreplacedy(message).build();
            requestContext.abortWith(response);
            responseFinished = true;
        }

        @Override
        public void end() {
            javax.ws.rs.core.Response response = responseBuilder.build();
            requestContext.abortWith(response);
            responseFinished = true;
        }
    }

    @Override
    public KeycloakSecurityContext getSecurityContext() {
        return keycloakSecurityContext;
    }

    public void setSecurityContext(KeycloakSecurityContext securityContext) {
        this.keycloakSecurityContext = securityContext;
    }

    @Override
    public Request getRequest() {
        return requestFacade;
    }

    @Override
    public Response getResponse() {
        return responseFacade;
    }

    @Override
    public X509Certificate[] getCertificateChain() {
        throw new IllegalStateException("Not supported yet");
    }

    public boolean isResponseFinished() {
        return responseFinished;
    }
}

18 View Complete Implementation : KeycloakAuthenticator.java
Copyright Apache License 2.0
Author : ahus1
@Override
protected User prepareAuthentication(KeycloakSecurityContext securityContext, HttpServletRequest request, KeycloakConfiguration configuration) {
    return new User(securityContext, request, configuration);
}

18 View Complete Implementation : KeycloakClientRequestFactory.java
Copyright Apache License 2.0
Author : keycloak
/**
 * Returns the {@link KeycloakSecurityContext} from the Spring {@link SecurityContextHolder}'s {@link Authentication}.
 *
 * @return the current <code>KeycloakSecurityContext</code>
 */
protected KeycloakSecurityContext getKeycloakSecurityContext() {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    KeycloakAuthenticationToken token;
    KeycloakSecurityContext context;
    if (authentication == null) {
        throw new IllegalStateException("Cannot set authorization header because there is no authenticated principal");
    }
    if (!KeycloakAuthenticationToken.clreplaced.isreplacedignableFrom(authentication.getClreplaced())) {
        throw new IllegalStateException(String.format("Cannot set authorization header because Authentication is of type %s but %s is required", authentication.getClreplaced(), KeycloakAuthenticationToken.clreplaced));
    }
    token = (KeycloakAuthenticationToken) authentication;
    context = token.getAccount().getKeycloakSecurityContext();
    return context;
}

18 View Complete Implementation : AbstractKeycloakAuthenticatorValve.java
Copyright Apache License 2.0
Author : keycloak
protected void logoutInternal(Request request) {
    KeycloakSecurityContext ksc = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.clreplaced.getName());
    if (ksc != null) {
        CatalinaHttpFacade facade = new OIDCCatalinaHttpFacade(request, null);
        KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
        if (ksc instanceof RefreshableKeycloakSecurityContext) {
            ((RefreshableKeycloakSecurityContext) ksc).logout(deployment);
        }
        AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment);
        tokenStore.logout();
        request.removeAttribute(KeycloakSecurityContext.clreplaced.getName());
    }
    request.setUserPrincipal(null);
}

18 View Complete Implementation : Controller.java
Copyright Apache License 2.0
Author : keycloak
public String getAccountUri(HttpServletRequest req) {
    KeycloakSecurityContext session = getSession(req);
    String baseUrl = getAuthServerBaseUrl(req);
    String realm = session.getRealm();
    return KeycloakUriBuilder.fromUri(baseUrl).path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH).queryParam("referrer", "app-profile-jee").build(realm).toString();
}

18 View Complete Implementation : UserUtilities.java
Copyright Apache License 2.0
Author : labsai
private static String getUserName(Principal principal) {
    String username = null;
    if (principal instanceof KeycloakPrincipal) {
        KeycloakSecurityContext securityContext = ((KeycloakPrincipal) principal).getKeycloakSecurityContext();
        username = securityContext.getToken().getPreferredUsername();
    }
    return username;
}

18 View Complete Implementation : KeycloakThreadSetupHandler.java
Copyright Apache License 2.0
Author : thorntail
@Override
public <T, C> Action<T, C> create(final Action<T, C> action) {
    return (exchange, context) -> {
        if (exchange == null) {
            return action.call(exchange, context);
        }
        KeycloakSecurityContext c = exchange.getAttachment(OIDCUndertowHttpFacade.KEYCLOAK_SECURITY_CONTEXT_KEY);
        KeycloakSecurityContextreplacedociation.replacedociate(c);
        try {
            return action.call(exchange, context);
        } finally {
            KeycloakSecurityContextreplacedociation.disreplacedociate();
        }
    };
}

17 View Complete Implementation : KeyCloakSecurityExtractor.java
Copyright Apache License 2.0
Author : canoo
public KeycloakSecurityContext extractContext(final ServletRequest request) {
    replacedert.requireNonNull(request, "request");
    final KeycloakSecurityContext context = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.clreplaced.getName());
    return context;
}

17 View Complete Implementation : KeycloakSecurityContextPlaceHolderResolver.java
Copyright Apache License 2.0
Author : keycloak
@Override
public List<String> resolve(String placeHolder, HttpFacade httpFacade) {
    String source = placeHolder.substring(placeHolder.indexOf('.') + 1);
    OIDCHttpFacade oidcHttpFacade = OIDCHttpFacade.clreplaced.cast(httpFacade);
    KeycloakSecurityContext securityContext = oidcHttpFacade.getSecurityContext();
    if (securityContext == null) {
        return null;
    }
    if (source.endsWith("access_token")) {
        return Arrays.asList(securityContext.getTokenString());
    }
    if (source.endsWith("id_token")) {
        return Arrays.asList(securityContext.getIdTokenString());
    }
    JsonNode jsonNode;
    if (source.startsWith("access_token[")) {
        jsonNode = JsonSerialization.mapper.valueToTree(securityContext.getToken());
    } else if (source.startsWith("id_token[")) {
        jsonNode = JsonSerialization.mapper.valueToTree(securityContext.getIdToken());
    } else {
        throw new RuntimeException("Invalid placeholder [" + placeHolder + "]");
    }
    return JsonUtils.getValues(jsonNode, getParameter(source, "Invalid placeholder [" + placeHolder + "]"));
}

17 View Complete Implementation : ElytronSessionTokenStore.java
Copyright Apache License 2.0
Author : keycloak
@Override
public void logout(boolean glo) {
    HttpScope session = this.httpFacade.getScope(Scope.SESSION);
    if (!session.exists()) {
        return;
    }
    KeycloakSecurityContext ksc = (KeycloakSecurityContext) session.getAttachment(KeycloakSecurityContext.clreplaced.getName());
    try {
        if (glo && ksc != null) {
            KeycloakDeployment deployment = httpFacade.getDeployment();
            session.invalidate();
            if (!deployment.isBearerOnly() && ksc != null && ksc instanceof RefreshableKeycloakSecurityContext) {
                ((RefreshableKeycloakSecurityContext) ksc).logout(deployment);
            }
        } else {
            session.setAttachment(ElytronAccount.clreplaced.getName(), null);
            session.setAttachment(KeycloakSecurityContext.clreplaced.getName(), null);
        }
    } catch (IllegalStateException ise) {
        // Session may be already logged-out in case that app has adminUrl
        log.debugf("Session %s logged-out already", session.getID());
    }
}

17 View Complete Implementation : CustomerDatabaseClient.java
Copyright Apache License 2.0
Author : keycloak
public static IDToken getIDToken(HttpServletRequest req) {
    KeycloakSecurityContext session = (KeycloakSecurityContext) req.getAttribute(KeycloakSecurityContext.clreplaced.getName());
    return session.getIdToken();
}

17 View Complete Implementation : CustomerService.java
Copyright Apache License 2.0
Author : keycloak
@GET
@Produces("application/json")
@NoCache
public List<String> getCustomers() {
    // Just to show how to user info from access token in REST endpoint
    KeycloakSecurityContext securityContext = (KeycloakSecurityContext) httpRequest.getAttribute(KeycloakSecurityContext.clreplaced.getName());
    AccessToken accessToken = securityContext.getToken();
    System.out.println(String.format("User '%s' with email '%s' made request to CustomerService REST endpoint", accessToken.getPreferredUsername(), accessToken.getEmail()));
    ArrayList<String> rtn = new ArrayList<String>();
    rtn.add("Bill Burke");
    rtn.add("Stian Thorgersen");
    rtn.add("Stan Silvert");
    rtn.add("Gabriel Cardoso");
    rtn.add("Viliam Rockai");
    rtn.add("Marek Posolda");
    rtn.add("Boleslaw Dawidowicz");
    return rtn;
}

17 View Complete Implementation : Controller.java
Copyright Apache License 2.0
Author : keycloak
public String getAccountUri(HttpServletRequest req) {
    KeycloakSecurityContext session = getSession(req);
    String baseUrl = getAuthServerBaseUrl(req);
    String realm = session.getRealm();
    return KeycloakUriBuilder.fromUri(baseUrl).path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH).queryParam("referrer", "authz-servlet").queryParam("referrer_uri", getReferrerUri(req)).build(realm).toString();
}

17 View Complete Implementation : Controller.java
Copyright Apache License 2.0
Author : keycloak
public String getAccountUri(HttpServletRequest req) {
    KeycloakSecurityContext session = getSession(req);
    String baseUrl = getAuthServerBaseUrl(req);
    String realm = session.getRealm();
    return KeycloakUriBuilder.fromUri(baseUrl).path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH).queryParam("referrer", "app-jsp").queryParam("referrer_uri", getReferrerUri(req)).build(realm).toString();
}

17 View Complete Implementation : Controller.java
Copyright Apache License 2.0
Author : keycloak
public String getAccountUri(HttpServletRequest req) {
    KeycloakSecurityContext session = getSession(req);
    String baseUrl = getAuthServerBaseUrl(req);
    String realm = session.getRealm();
    return KeycloakUriBuilder.fromUri(baseUrl).path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH).queryParam("referrer", "app-profile-jsp").queryParam("referrer_uri", getReferrerUri(req)).build(realm).toString();
}

17 View Complete Implementation : Controller.java
Copyright Apache License 2.0
Author : keycloak
public String getAccountUri(HttpServletRequest req) {
    KeycloakSecurityContext session = getSession(req);
    String baseUrl = getAuthServerBaseUrl(req);
    String realm = session.getRealm();
    return KeycloakUriBuilder.fromUri(baseUrl).path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH).queryParam("referrer", "fuse-app-jsp").queryParam("referrer_uri", getReferrerUri(req)).build(realm).toString();
}

17 View Complete Implementation : CamelHelloProcessor.java
Copyright Apache License 2.0
Author : keycloak
private boolean checkAccess(KeycloakPrincipal keycloakPrincipal, String id) {
    // TODO: update after fixing https://issues.jboss.org/browse/KEYCLOAK-8045
    String expectedRole = ID_TO_ROLE.get(id);
    if (expectedRole == null) {
        return true;
    }
    KeycloakSecurityContext ksc = keycloakPrincipal.getKeycloakSecurityContext();
    if (ksc instanceof RefreshableKeycloakSecurityContext) {
        Set<String> roles = AdapterUtils.getRolesFromSecurityContext((RefreshableKeycloakSecurityContext) ksc);
        return roles.contains(expectedRole);
    }
    return false;
}

17 View Complete Implementation : Resource.java
Copyright Apache License 2.0
Author : keycloak
// This is necessary for standalone Undertow engine managed by CXF.
// For CXF endpoints managed by Pax Web, use Dynamic context manipulation
// (see https://ops4j1.jira.com/browse/PAXWEB-1167)
private void checkAccess(KeycloakPrincipal keycloakPrincipal, String expectedRole) {
    KeycloakSecurityContext ksc = keycloakPrincipal.getKeycloakSecurityContext();
    if (ksc instanceof RefreshableKeycloakSecurityContext) {
        Set<String> roles = AdapterUtils.getRolesFromSecurityContext((RefreshableKeycloakSecurityContext) ksc);
        if (!roles.contains(expectedRole)) {
            throw new javax.ws.rs.ForbiddenException();
        }
    } else {
        throw new javax.ws.rs.ForbiddenException();
    }
}

17 View Complete Implementation : AbstractUser.java
Copyright Apache License 2.0
Author : ahus1
/**
 * This is a base clreplaced you can use for your own applications authentication. Feel free to
 * roll your own, as I don't want to impose any clreplaced dependencies on your (domain) model.
 */
public abstract clreplaced AbstractUser implements Principal {

    // TODO: change visibility to hidden and add (protected) getters
    @SuppressWarnings("checkstyle:visibilitymodifier")
    protected HttpServletRequest request;

    @SuppressWarnings("checkstyle:visibilitymodifier")
    protected KeycloakSecurityContext securityContext;

    private final Set<String> roles;

    public AbstractUser(HttpServletRequest request, KeycloakSecurityContext securityContext, KeycloakConfiguration keycloakConfiguration) {
        this.request = request;
        this.securityContext = securityContext;
        this.roles = selectRolesToApply(keycloakConfiguration);
    }

    /**
     * The configuration parameter use-resource-role-mappings define if the module should use Realm roles OR
     * Resources roles.
     * Resources roles correspond to the role given by the client in Keycloak
     *
     * @param keycloakConfiguration Keycloak configuration
     * @return list of user's roles.
     */
    private Set<String> selectRolesToApply(KeycloakConfiguration keycloakConfiguration) {
        if (keycloakConfiguration.isUseResourceRoleMappings()) {
            return this.selectResourceRoles(new KeycloakResource(keycloakConfiguration.getResource()));
        }
        return this.selectRealmRoles();
    }

    private Set<String> selectResourceRoles(KeycloakResource keycloakResource) {
        Set<String> roles = new HashSet<>();
        AccessToken.Access resourceAccess = securityContext.getToken().getResourceAccess(keycloakResource.getResource());
        if (resourceAccess != null && resourceAccess.getRoles() != null) {
            roles.addAll(resourceAccess.getRoles());
        }
        return Collections.unmodifiableSet(roles);
    }

    private Set<String> selectRealmRoles() {
        Set<String> roles = new HashSet<>();
        AccessToken.Access realmAccess = securityContext.getToken().getRealmAccess();
        if (realmAccess != null && realmAccess.getRoles() != null) {
            roles.addAll(realmAccess.getRoles());
        }
        return Collections.unmodifiableSet(roles);
    }

    public Set<String> getRoles() {
        return roles;
    }

    public void logout() throws ServletException {
        if (request.getUserPrincipal() != null) {
            request.logout();
        }
    }
}

17 View Complete Implementation : DrawRessource.java
Copyright Apache License 2.0
Author : ahus1
@GET
public // @RolesAllowed("user")
DrawView show() {
    KeycloakSecurityContext session = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.clreplaced.getName());
    DrawBean bean = new DrawBean();
    DrawView view = new DrawView(bean);
    bean.setIdToken(session.getIdToken());
    return view;
}

17 View Complete Implementation : DrawRessource.java
Copyright Apache License 2.0
Author : ahus1
@POST
@Path("/draw")
@RolesAllowed("user")
public DrawView draw(@FormParam("date") String datereplacedtring) {
    KeycloakSecurityContext session = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.clreplaced.getName());
    DrawBean bean = new DrawBean();
    LocalDate date = LocalDate.parse(datereplacedtring);
    bean.setDraw(DrawingService.drawNumbers(date));
    DrawView view = new DrawView(bean);
    bean.setIdToken(session.getIdToken());
    return view;
}

17 View Complete Implementation : KeycloakAuthenticator.java
Copyright Apache License 2.0
Author : apache
@Override
@SuppressWarnings("unchecked")
protected UserInfo prepareAuthentication(KeycloakSecurityContext keycloakSecurityContext, HttpServletRequest httpServletRequest, KeycloakConfiguration keycloakConfiguration) {
    final AccessToken token = keycloakSecurityContext.getToken();
    final UserInfo userInfo = new UserInfo(token.getPreferredUsername(), keycloakSecurityContext.getTokenString());
    userInfo.addRoles((List<String>) token.getOtherClaims().getOrDefault(GROUPS_CLAIM, emptyList()));
    return userInfo;
}

17 View Complete Implementation : KeycloakLinkedAccountsProvider.java
Copyright Apache License 2.0
Author : Apicurio
/**
 * @see io.apicurio.hub.api.security.ILinkedAccountsProvider#deleteLinkedAccount(io.apicurio.hub.core.beans.LinkedAccountType)
 */
@Override
public void deleteLinkedAccount(LinkedAccountType type) throws IOException {
    try {
        KeycloakSecurityContext session = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.clreplaced.getName());
        String authServerRootUrl = config.getKeycloakAuthUrl();
        String realm = config.getKeycloakRealm();
        String provider = type.alias();
        session.getToken().getSessionState();
        String url = KeycloakUriBuilder.fromUri(authServerRootUrl).path("/realms/{realm}/account/federated-idenreplacedy-update").queryParam("action", "REMOVE").queryParam("provider_id", provider).build(realm).toString();
        logger.debug("Deleting idenreplacedy provider using URL: {}", url);
        HttpGet get = new HttpGet(url);
        get.addHeader("Accept", "application/json");
        get.addHeader("Authorization", "Bearer " + session.getTokenString());
        try (CloseableHttpResponse response = httpClient.execute(get)) {
            if (response.getStatusLine().getStatusCode() != 200) {
                logger.debug("HTTP Response Status Code when deleting idenreplacedy provider: {}", response.getStatusLine().getStatusCode());
            }
        }
    } catch (Exception e) {
        throw new IOException("Error deleting linked account.", e);
    }
}

16 View Complete Implementation : AbstractBaseServiceTest.java
Copyright Apache License 2.0
Author : aerogear
public abstract clreplaced AbstractBaseServiceTest {

    @Mock
    protected HttpServletRequest httpServletRequest;

    @Mock
    protected KeycloakSecurityContext context;

    @Mock
    protected KeycloakPrincipal keycloakPrincipal;

    @Inject
    protected SearchManager searchManager;

    @Inject
    protected PushApplicationService pushApplicationService;

    @Inject
    protected PushSearchByDeveloperServiceImpl searchApplicationService;

    // ===================== JUnit hooks =====================
    /**
     * Basic setup stuff, needed for all the UPS related service clreplacedes
     */
    @Before
    public void setUp() throws SystemException, NotSupportedException {
        // Keycloak test environment
        AccessToken token = new AccessToken();
        MockitoAnnotations.initMocks(this);
        // The current developer will always be the admin in this testing scenario
        token.setPreferredUsername("admin");
        when(context.getToken()).thenReturn(token);
        when(keycloakPrincipal.getKeycloakSecurityContext()).thenReturn(context);
        when(httpServletRequest.getUserPrincipal()).thenReturn(keycloakPrincipal);
        // glue it to serach mgr
        searchManager.setHttpServletRequest(httpServletRequest);
        // more to setup ?
        specificSetup();
    }

    /**
     * Enforced to override to make sure test-case specific
     * setup is done inside here!
     */
    protected abstract void specificSetup();
}

16 View Complete Implementation : SearchManager.java
Copyright Apache License 2.0
Author : aerogear
/**
 * Extract the username to be used in multiple queries
 *
 * @return current logged in user
 */
@Produces
@LoggedIn
public String extractUsername() {
    final KeycloakPrincipal principal = (KeycloakPrincipal) httpServletRequest.getUserPrincipal();
    if (principal != null) {
        logger.debug("Running with Keycloak context");
        KeycloakSecurityContext kcSecurityContext = principal.getKeycloakSecurityContext();
        return kcSecurityContext.getToken().getPreferredUsername();
    }
    logger.debug("Running outside of Keycloak context");
    final String basicUsername = HttpBasicHelper.extractUsernameAndPreplacedwordFromBasicHeader(httpServletRequest)[0];
    if (!basicUsername.isEmpty()) {
        logger.debug("running HttpBasic auth");
        return basicUsername;
    }
    logger.debug("Running without any Auth context");
    // by default, we are admin!
    return "admin";
}

16 View Complete Implementation : KeyCloakBearerTokenGenerator.java
Copyright Apache License 2.0
Author : apiman
/**
 * @see io.apiman.manager.ui.server.auth.ITokenGenerator#generateToken(javax.servlet.http.HttpServletRequest)
 */
@Override
public BearerTokenCredentialsBean generateToken(HttpServletRequest request) {
    BearerTokenCredentialsBean bean = new BearerTokenCredentialsBean();
    KeycloakSecurityContext session = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.clreplaced.getName());
    if (session != null) {
        bean.setToken(session.getTokenString());
        int nowInSeconds = getCurrentTime();
        int expiresInSeconds = session.getToken().getExpiration();
        if (expiresInSeconds <= nowInSeconds) {
            bean.setRefreshPeriod(1);
        } else {
            bean.setRefreshPeriod(expiresInSeconds - nowInSeconds);
        }
    } else {
        // $NON-NLS-1$
        bean.setToken("LOGGED_OUT");
        bean.setRefreshPeriod(30);
    }
    return bean;
}

16 View Complete Implementation : KeycloakAuth.java
Copyright GNU General Public License v2.0
Author : candlepin
@Override
public Principal getPrincipal(HttpRequest httpRequest) {
    try {
        String auth = AuthUtil.getHeader(httpRequest, "Authorization");
        if (!auth.isEmpty()) {
            String[] authArray = auth.split(" ");
            if (authArray[0].equalsIgnoreCase("basic")) {
                return null;
            } else {
                String tokenType = TokenVerifier.create(authArray[1], JsonWebToken.clreplaced).getToken().getType();
                switch(tokenType) {
                    case TokenUtil.TOKEN_TYPE_BEARER:
                        handleBearerToken(httpRequest);
                        break;
                    case TokenUtil.TOKEN_TYPE_REFRESH:
                        handleRefreshToken(httpRequest, authArray[1]);
                        break;
                    default:
                        log.warn("Not authenticating as token type is unsupported: {}", tokenType);
                        break;
                }
            }
            KeycloakSecurityContext keycloakSecurityContext = (KeycloakSecurityContext) httpRequest.getAttribute(KeycloakSecurityContext.clreplaced.getName());
            if (keycloakSecurityContext != null && keycloakSecurityContext.getToken() != null) {
                String userName = keycloakSecurityContext.getToken().getPreferredUsername();
                return createPrincipal(userName);
            }
        } else {
            // if auth header is empty
            return null;
        }
    } catch (CandlepinException e) {
        throw e;
    } catch (Exception e) {
        throw new ServiceUnavailableException(i18nProvider.get().tr("Keycloak Authentication failed"));
    }
    return null;
}

16 View Complete Implementation : KeycloakRouteZuulFilter.java
Copyright Apache License 2.0
Author : eacdy
private void addKeycloakTokenToHeader(RequestContext ctx) {
    Principal principal = ctx.getRequest().getUserPrincipal();
    // 这里之所以可以直接强制转换,是因为shouldFilter中已经做了类型判断。
    KeycloakSecurityContext keycloakSecurityContext = ((KeycloakPrincipal) principal).getKeycloakSecurityContext();
    if (keycloakSecurityContext instanceof RefreshableKeycloakSecurityContext) {
        ctx.addZuulRequestHeader(AUTHORIZATION_HEADER, this.buildBearerToken((RefreshableKeycloakSecurityContext) keycloakSecurityContext));
    }
// 用户没有登录,啥都不干
}

16 View Complete Implementation : KeycloakSecurityContextClientRequestInterceptorTest.java
Copyright Apache License 2.0
Author : keycloak
/**
 * Keycloak spring boot client request factory tests.
 */
public clreplaced KeycloakSecurityContextClientRequestInterceptorTest {

    @Spy
    private KeycloakSecurityContextClientRequestInterceptor factory;

    private MockHttpServletRequest servletRequest;

    @Mock
    private KeycloakSecurityContext keycloakSecurityContext;

    @Mock
    private KeycloakPrincipal keycloakPrincipal;

    @Before
    public void setUp() {
        MockitoAnnotations.initMocks(this);
        servletRequest = new MockHttpServletRequest();
        RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(servletRequest));
        servletRequest.setUserPrincipal(keycloakPrincipal);
        when(keycloakPrincipal.getKeycloakSecurityContext()).thenReturn(keycloakSecurityContext);
    }

    @Test
    public void testGetKeycloakSecurityContext() throws Exception {
        KeycloakSecurityContext context = factory.getKeycloakSecurityContext();
        replacedertNotNull(context);
        replacedertEquals(keycloakSecurityContext, context);
    }

    @Test(expected = IllegalStateException.clreplaced)
    public void testGetKeycloakSecurityContextInvalidPrincipal() throws Exception {
        servletRequest.setUserPrincipal(new MarkerPrincipal());
        factory.getKeycloakSecurityContext();
    }

    @Test(expected = IllegalStateException.clreplaced)
    public void testGetKeycloakSecurityContextNullAuthentication() throws Exception {
        servletRequest.setUserPrincipal(null);
        factory.getKeycloakSecurityContext();
    }

    private static clreplaced MarkerPrincipal implements Principal {

        @Override
        public String getName() {
            return null;
        }
    }
}

16 View Complete Implementation : CallAuthenticatedServlet.java
Copyright Apache License 2.0
Author : keycloak
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    if (!req.authenticate(resp)) {
        return;
    }
    KeycloakSecurityContext sc = (KeycloakSecurityContext) req.getAttribute(KeycloakSecurityContext.clreplaced.getName());
    if (sc == null) {
        // replacedert sc not null
        throw new replacedertionError("Keycloak security context is null.");
    }
    resp.setContentType("text/html");
    PrintWriter pw = resp.getWriter();
    pw.printf("<html><head><replacedle>%s</replacedle></head><body>", "Customer Portal");
    pw.println("Stian Thorgersen");
    pw.println("Bill Burke");
    pw.print("</body></html>");
    pw.flush();
}

16 View Complete Implementation : SecurityContextServletExtension.java
Copyright Apache License 2.0
Author : thorntail
@Override
public void handleDeployment(DeploymentInfo info, ServletContext context) {
    info.addThreadSetupAction(new KeycloakThreadSetupHandler());
    info.addInnerHandlerChainWrapper(next -> exchange -> {
        KeycloakSecurityContext c = exchange.getAttachment(OIDCUndertowHttpFacade.KEYCLOAK_SECURITY_CONTEXT_KEY);
        if (c != null) {
            KeycloakSecurityContextreplacedociation.replacedociate(c);
        }
        try {
            next.handleRequest(exchange);
        } finally {
            KeycloakSecurityContextreplacedociation.disreplacedociate();
        }
    });
}