SI-2473-Acknowledge-Client-Roles
diff --git a/src/main/java/org/eclipse/openk/contactbasedata/config/auth/JwtAuthenticationTokenFilter.java b/src/main/java/org/eclipse/openk/contactbasedata/config/auth/JwtAuthenticationTokenFilter.java
index 23b1a26..88ecc25 100644
--- a/src/main/java/org/eclipse/openk/contactbasedata/config/auth/JwtAuthenticationTokenFilter.java
+++ b/src/main/java/org/eclipse/openk/contactbasedata/config/auth/JwtAuthenticationTokenFilter.java
@@ -70,13 +70,20 @@
private void createToken(SecurityContext context, String bearerTkn) throws ServletException {
try {
+ List<String> allRoles = new ArrayList<>();
AccessToken token = RSATokenVerifier.create(bearerTkn).getToken();
+ //Clientroles
+ token.getResourceAccess().forEach((client, access) -> allRoles.addAll(access.getRoles()));
+
+ //Realmroles
+ if (token.getRealmAccess() != null) {
+ allRoles.addAll(token.getRealmAccess().getRoles());
+ }
List<GrantedAuthority> authorities= new ArrayList<>();
- token.getRealmAccess().getRoles().stream()
- .forEach( x -> authorities.add(new SimpleGrantedAuthority("ROLE_"+x.toUpperCase())));
+ allRoles.forEach( x -> authorities.add(new SimpleGrantedAuthority("ROLE_"+x.toUpperCase())));
- UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(token.getName(), null, authorities);
+ UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(token.getPreferredUsername(), null, authorities);
auth.setDetails(bearerTkn);
context.setAuthentication(auth);
diff --git a/src/main/resources/application_localdev.yml b/src/main/resources/application_localdev.yml
index 9f105ab..8e6775a 100644
--- a/src/main/resources/application_localdev.yml
+++ b/src/main/resources/application_localdev.yml
@@ -60,7 +60,7 @@
jwt:
tokenHeader: Authorization
- useStaticJwt: true
+ useStaticJwt: false
staticJwt: eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJIYlI3Z2pobmE2eXJRZnZJTWhUSV9tY2g3ZmtTQWVFX3hLTjBhZVl0bjdjIn0.eyJqdGkiOiI5MGI0NGFkOC1iYjlmLTQ1MzktYTQwYy0yYjQyZTNkNjNiOGEiLCJleHAiOjE1Nzg2NTU3OTUsIm5iZiI6MCwiaWF0IjoxNTc4NjU1NDk1LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvRWxvZ2Jvb2siLCJhdWQiOiJlbG9nYm9vay1iYWNrZW5kIiwic3ViIjoiODYyNjY5NmYtZjFhMi00ZGI1LTkyZWYtZTlhMjQ2Njg1YTU0IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiZWxvZ2Jvb2stYmFja2VuZCIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6IjJmMWIzODE5LWZjNjQtNDEzNC1iNWQxLWY3ZWY4NzU5NDBkNCIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiKiJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsia29uLWFkbWluIiwia29uLXdyaXRlciIsImtvbi1hY2Nlc3MiLCJrb24tcmVhZGVyIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnt9LCJuYW1lIjoiVGVzdGVyRmlyc3RuYW1lX3J3YSBUZXN0ZXJMYXN0bmFtZV9yd2EiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJ0ZXN0dXNlcl9yd2EiLCJnaXZlbl9uYW1lIjoiVGVzdGVyRmlyc3RuYW1lX3J3YSIsImZhbWlseV9uYW1lIjoiVGVzdGVyTGFzdG5hbWVfcndhIn0.DAYXuv4tKn8RXqO1jyttnD-tF4nShUBQyfe4bKbAiPAyY2x5YbAf3M4eXnLrGqo8-loGKldICC28bL0LaMA3KKkQEOfW5sfpGqoN6212vs89mOklt0TJYc5PMXwFgJ5WC_TKjdwq7-aaDafOEWehV0U1ut3s-94ovNYIEn29nzXm2W1ldoXJEq03F880jlysQ5zlRvGF7eXEEpFfI2URyyNQ2UWh0Ssfq-gOAt2pbF1u6prA5RfvUmZ3v1eu21YLGZtgqPqxb1l6odyH3ip15j_HdgnTeo52ymxuRUj65Mskme3V5ev2DitHI9vZgnpV8Idhb4TTWliBeGCOMfDFCg
services:
@@ -69,7 +69,8 @@
authNAuthService:
ribbon:
- listOfServers: http://entopkon:8880
+ #listOfServers: http://entopkon:8880
+ listOfServers: http://localhost:4201
cors:
corsEnabled: false
