Merge branch 'DEVELOP' into SI-2183-Keycloak-Client-Rollen

commit: 0e2c8e160d807b35982c5fe9a48a4457d2ff556d [log] [tgz]
author: Simon Reis <simon.reis@pta.de> Mon Sep 07 18:37:02 2020 +0200
committer: Simon Reis <simon.reis@pta.de> Mon Sep 07 18:37:02 2020 +0200
tree: f5dc2d1b987ef1e7c8ea461cf78203f8b06b9a55
parent: 71820ea2959ba3db993e0d6eba346c9fdbdc17b2 [diff]
parent: 0f240397ab35b148a14c1bbe4a27c18675e06192 [diff]
diff --git a/gfsBackendService/src/main/java/org/eclipse/openk/gridfailureinformation/config/auth/JwtAuthenticationTokenFilter.java b/gfsBackendService/src/main/java/org/eclipse/openk/gridfailureinformation/config/auth/JwtAuthenticationTokenFilter.java
index 11db5b6..ff3cd1e 100644
--- a/gfsBackendService/src/main/java/org/eclipse/openk/gridfailureinformation/config/auth/JwtAuthenticationTokenFilter.java
+++ b/gfsBackendService/src/main/java/org/eclipse/openk/gridfailureinformation/config/auth/JwtAuthenticationTokenFilter.java

@@ -16,10 +16,12 @@
 package org.eclipse.openk.gridfailureinformation.config.auth;
 
 import org.eclipse.openk.gridfailureinformation.exceptions.UnauthorizedException;
+import org.keycloak.KeycloakPrincipal;
 import org.keycloak.RSATokenVerifier;
 import org.keycloak.representations.AccessToken;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
@@ -28,6 +30,7 @@
 import org.springframework.stereotype.Component;
 import org.springframework.web.filter.OncePerRequestFilter;
 
+import javax.security.auth.Subject;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -36,6 +39,7 @@
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Set;
 
 @Component
 public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
@@ -74,11 +78,17 @@
 
     private void createToken(SecurityContext context, String bearerTkn) throws ServletException {
         try {
+
+            List<String> allRoles = new ArrayList<>();
             AccessToken token = RSATokenVerifier.create(bearerTkn).getToken();
+            //Clientroles
+            token.getResourceAccess().forEach((client, access) -> allRoles.addAll(access.getRoles()));
+
+            //Realmroles
+            allRoles.addAll(token.getRealmAccess().getRoles());
 
             List<GrantedAuthority> authorities= new ArrayList<>();
-            token.getRealmAccess().getRoles().stream()
-                    .forEach( x -> authorities.add(new SimpleGrantedAuthority("ROLE_"+x.toUpperCase())));
+            allRoles.forEach( x -> authorities.add(new SimpleGrantedAuthority("ROLE_"+x.toUpperCase())));
 
             UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(token.getPreferredUsername(), null, authorities);
             auth.setDetails(bearerTkn);
commit	0e2c8e160d807b35982c5fe9a48a4457d2ff556d	[log] [tgz]
author	Simon Reis <simon.reis@pta.de>	Mon Sep 07 18:37:02 2020 +0200
committer	Simon Reis <simon.reis@pta.de>	Mon Sep 07 18:37:02 2020 +0200
tree	f5dc2d1b987ef1e7c8ea461cf78203f8b06b9a55
parent	71820ea2959ba3db993e0d6eba346c9fdbdc17b2 [diff]
parent	0f240397ab35b148a14c1bbe4a27c18675e06192 [diff]