Google Git
Sign in
eclipse/openk-usermodules/org.eclipse.openk-usermodules.gridFailureInformation.backend/0e2c8e160d807b35982c5fe9a48a4457d2ff556d^2..0e2c8e160d807b35982c5fe9a48a4457d2ff556d/.
commit
0e2c8e160d807b35982c5fe9a48a4457d2ff556d
[log]
author
Simon Reis <simon.reis@pta.de>
Mon Sep 07 18:37:02 2020 +0200
committer
Simon Reis <simon.reis@pta.de>
Mon Sep 07 18:37:02 2020 +0200
tree
f5dc2d1b987ef1e7c8ea461cf78203f8b06b9a55
parent
71820ea2959ba3db993e0d6eba346c9fdbdc17b2 [diff]
parent
0f240397ab35b148a14c1bbe4a27c18675e06192 [diff]
Merge branch 'DEVELOP' into SI-2183-Keycloak-Client-Rollen

diff --git a/gfsBackendService/src/main/java/org/eclipse/openk/gridfailureinformation/config/auth/JwtAuthenticationTokenFilter.java b/gfsBackendService/src/main/java/org/eclipse/openk/gridfailureinformation/config/auth/JwtAuthenticationTokenFilter.java
index 11db5b6..ff3cd1e 100644
--- a/gfsBackendService/src/main/java/org/eclipse/openk/gridfailureinformation/config/auth/JwtAuthenticationTokenFilter.java
+++ b/gfsBackendService/src/main/java/org/eclipse/openk/gridfailureinformation/config/auth/JwtAuthenticationTokenFilter.java

@@ -16,10 +16,12 @@
 package org.eclipse.openk.gridfailureinformation.config.auth;
 
 import org.eclipse.openk.gridfailureinformation.exceptions.UnauthorizedException;
+import org.keycloak.KeycloakPrincipal;
 import org.keycloak.RSATokenVerifier;
 import org.keycloak.representations.AccessToken;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
@@ -28,6 +30,7 @@
 import org.springframework.stereotype.Component;
 import org.springframework.web.filter.OncePerRequestFilter;
 
+import javax.security.auth.Subject;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -36,6 +39,7 @@
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Set;
 
 @Component
 public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
@@ -74,11 +78,17 @@
 
     private void createToken(SecurityContext context, String bearerTkn) throws ServletException {
         try {
+
+            List<String> allRoles = new ArrayList<>();
             AccessToken token = RSATokenVerifier.create(bearerTkn).getToken();
+            //Clientroles
+            token.getResourceAccess().forEach((client, access) -> allRoles.addAll(access.getRoles()));
+
+            //Realmroles
+            allRoles.addAll(token.getRealmAccess().getRoles());
 
             List<GrantedAuthority> authorities= new ArrayList<>();
-            token.getRealmAccess().getRoles().stream()
-                    .forEach( x -> authorities.add(new SimpleGrantedAuthority("ROLE_"+x.toUpperCase())));
+            allRoles.forEach( x -> authorities.add(new SimpleGrantedAuthority("ROLE_"+x.toUpperCase())));
 
             UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(token.getPreferredUsername(), null, authorities);
             auth.setDetails(bearerTkn);