You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by bh...@apache.org on 2019/09/02 13:54:19 UTC
[incubator-dlab] branch dlab_refactored updated: DLAB-000 added
support of group claim
This is an automated email from the ASF dual-hosted git repository.
bhliva pushed a commit to branch dlab_refactored
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
The following commit(s) were added to refs/heads/dlab_refactored by this push:
new 145ad57 DLAB-000 added support of group claim
145ad57 is described below
commit 145ad57480fc2b56e688cc39255a5bf2e4c19a42
Author: bhliva <bo...@epam.com>
AuthorDate: Mon Sep 2 16:52:25 2019 +0300
DLAB-000 added support of group claim
---
services/self-service/self-service.yml | 66 +++++++++++-----------
.../backendapi/auth/KeycloakAuthenticator.java | 9 ++-
2 files changed, 39 insertions(+), 36 deletions(-)
diff --git a/services/self-service/self-service.yml b/services/self-service/self-service.yml
index cff8f19..46b000b 100644
--- a/services/self-service/self-service.yml
+++ b/services/self-service/self-service.yml
@@ -71,34 +71,34 @@ server:
enabled: true
requestLog:
appenders:
- - type: file
- currentLogFilename: ${LOG_ROOT_DIR}/ssn/request-selfservice.log
- archive: true
- archivedLogFilenamePattern: ${LOG_ROOT_DIR}/ssn/request-selfservice-%d{yyyy-MM-dd}.log.gz
- archivedFileCount: 10
+ - type: file
+ currentLogFilename: ${LOG_ROOT_DIR}/ssn/request-selfservice.log
+ archive: true
+ archivedLogFilenamePattern: ${LOG_ROOT_DIR}/ssn/request-selfservice-%d{yyyy-MM-dd}.log.gz
+ archivedFileCount: 10
rootPath: "/api"
applicationConnectors:
-# - type: http
-# port: 8080
- - type: https
- port: 8443
- certAlias: dlab
- validateCerts: false
- keyStorePath: ${KEY_STORE_PATH}
- keyStorePassword: ${KEY_STORE_PASSWORD}
- trustStorePath: ${TRUST_STORE_PATH}
- trustStorePassword: ${TRUST_STORE_PASSWORD}
+ # - type: http
+ # port: 8080
+ - type: https
+ port: 8443
+ certAlias: dlab
+ validateCerts: false
+ keyStorePath: ${KEY_STORE_PATH}
+ keyStorePassword: ${KEY_STORE_PASSWORD}
+ trustStorePath: ${TRUST_STORE_PATH}
+ trustStorePassword: ${TRUST_STORE_PASSWORD}
adminConnectors:
-# - type: http
-# port: 8081
- - type: https
- port: 8444
- certAlias: dlab
- validateCerts: false
- keyStorePath: ${KEY_STORE_PATH}
- keyStorePassword: ${KEY_STORE_PASSWORD}
- trustStorePath: ${TRUST_STORE_PATH}
- trustStorePassword: ${TRUST_STORE_PASSWORD}
+ # - type: http
+ # port: 8081
+ - type: https
+ port: 8444
+ certAlias: dlab
+ validateCerts: false
+ keyStorePath: ${KEY_STORE_PATH}
+ keyStorePassword: ${KEY_STORE_PASSWORD}
+ trustStorePath: ${TRUST_STORE_PATH}
+ trustStorePassword: ${TRUST_STORE_PASSWORD}
mongoMigrationEnabled: false
@@ -110,14 +110,14 @@ logging:
com.novemberain: ERROR
io.swagger.v3: DEBUG
appenders:
-<#if DEV_MODE == "true">
- - type: console
-</#if>
- - type: file
- currentLogFilename: ${LOG_ROOT_DIR}/ssn/selfservice.log
- archive: true
- archivedLogFilenamePattern: ${LOG_ROOT_DIR}/ssn/selfservice-%d{yyyy-MM-dd}.log.gz
- archivedFileCount: 10
+ <#if DEV_MODE == "true">
+- type: console
+ </#if>
+- type: file
+ currentLogFilename: ${LOG_ROOT_DIR}/ssn/selfservice.log
+ archive: true
+ archivedLogFilenamePattern: ${LOG_ROOT_DIR}/ssn/selfservice-%d{yyyy-MM-dd}.log.gz
+ archivedFileCount: 10
swaggerConfiguration:
resourcePackage: com.epam.dlab.backendapi.resources
diff --git a/services/self-service/src/main/java/com/epam/dlab/backendapi/auth/KeycloakAuthenticator.java b/services/self-service/src/main/java/com/epam/dlab/backendapi/auth/KeycloakAuthenticator.java
index 8c42f22..9d30cca 100644
--- a/services/self-service/src/main/java/com/epam/dlab/backendapi/auth/KeycloakAuthenticator.java
+++ b/services/self-service/src/main/java/com/epam/dlab/backendapi/auth/KeycloakAuthenticator.java
@@ -12,11 +12,15 @@ import org.keycloak.representations.AccessToken;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.HttpHeaders;
+import java.util.List;
import java.util.Optional;
+import static java.util.Collections.emptyList;
+
public class KeycloakAuthenticator extends AbstractKeycloakAuthenticator<UserInfo> {
private static final String TOKEN_PREFIX = "Bearer ";
+ private static final String GROUPS_CLAIM = "groups";
public KeycloakAuthenticator(KeycloakConfiguration keycloakConfiguration) {
super(keycloakConfiguration);
@@ -35,15 +39,14 @@ public class KeycloakAuthenticator extends AbstractKeycloakAuthenticator<UserInf
}
@Override
+ @SuppressWarnings("unchecked")
protected UserInfo prepareAuthentication(KeycloakSecurityContext keycloakSecurityContext,
HttpServletRequest httpServletRequest,
KeycloakConfiguration keycloakConfiguration) {
final AccessToken token = keycloakSecurityContext.getToken();
final UserInfo userInfo = new UserInfo(token.getPreferredUsername(),
keycloakSecurityContext.getTokenString());
- final AccessToken.Access resourceAccess =
- token.getResourceAccess(keycloakConfiguration.getResource());
- Optional.ofNullable(resourceAccess).ifPresent(ra -> userInfo.addRoles(ra.getRoles()));
+ userInfo.addRoles((List<String>) token.getOtherClaims().getOrDefault(GROUPS_CLAIM, emptyList()));
return userInfo;
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org