Merge branch 'DEVELOP' into SI-2183-Keycloak-Client-Rollen
diff --git a/gfsBackendService/src/main/java/org/eclipse/openk/gridfailureinformation/config/auth/JwtAuthenticationTokenFilter.java b/gfsBackendService/src/main/java/org/eclipse/openk/gridfailureinformation/config/auth/JwtAuthenticationTokenFilter.java
index 11db5b6..ff3cd1e 100644
--- a/gfsBackendService/src/main/java/org/eclipse/openk/gridfailureinformation/config/auth/JwtAuthenticationTokenFilter.java
+++ b/gfsBackendService/src/main/java/org/eclipse/openk/gridfailureinformation/config/auth/JwtAuthenticationTokenFilter.java
@@ -16,10 +16,12 @@
package org.eclipse.openk.gridfailureinformation.config.auth;
import org.eclipse.openk.gridfailureinformation.exceptions.UnauthorizedException;
+import org.keycloak.KeycloakPrincipal;
import org.keycloak.RSATokenVerifier;
import org.keycloak.representations.AccessToken;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
@@ -28,6 +30,7 @@
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
+import javax.security.auth.Subject;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
@@ -36,6 +39,7 @@
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
+import java.util.Set;
@Component
public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
@@ -74,11 +78,17 @@
private void createToken(SecurityContext context, String bearerTkn) throws ServletException {
try {
+
+ List<String> allRoles = new ArrayList<>();
AccessToken token = RSATokenVerifier.create(bearerTkn).getToken();
+ //Clientroles
+ token.getResourceAccess().forEach((client, access) -> allRoles.addAll(access.getRoles()));
+
+ //Realmroles
+ allRoles.addAll(token.getRealmAccess().getRoles());
List<GrantedAuthority> authorities= new ArrayList<>();
- token.getRealmAccess().getRoles().stream()
- .forEach( x -> authorities.add(new SimpleGrantedAuthority("ROLE_"+x.toUpperCase())));
+ allRoles.forEach( x -> authorities.add(new SimpleGrantedAuthority("ROLE_"+x.toUpperCase())));
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(token.getPreferredUsername(), null, authorities);
auth.setDetails(bearerTkn);