[keycloak-dev] Custom KeycloakPrincipal in adapter

Marek Posolda mposolda at redhat.com
Sat Jul 11 04:59:55 EDT 2015


Not sure why you need this. But maybe easiest is to create just Http 
Servlet filter (this can be configured in web.xml and doesn't use any 
tomcat/jboss-web specific stuff) . In this filter, you will create 
HttpServletRequestWrapper wrapping the original HttpServletRequest, but 
you will override just the method "getUserPrincipal" in your wrapper 
class. Here you can do any hacking you want and return any principal 
instance you want. All the data from Keycloak (KeycloakSecurityContext, 
AccessToken, IDToken, original KeycloakPrincipal...) are already 
available in the filter, so you can use them for create your own principal.

Marek

On 10.7.2015 21:02, Marcelo Arthur Sampaio wrote:
> Hi,
>
> I need to implement my custom security Principal.
> What is the best way to do it in adapter for jboss eap.
>
> Create new adapter for my business extends 
> RefreshableKeycloakSecurityContext, KeycloakAuthenticatorValve and set 
> the new valve class in KeycloakAdapterConfigDeploymentProcessor?
>
> I need to set new attributes in principal and get principal in the 
> SecurityContext.
>
> There is an other way?
>
> Thanks.
> -
>
>
> "Esta mensagem do SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO), 
> empresa pública federal regida pelo disposto na Lei Federal nº 5.615, 
> é enviada exclusivamente a seu destinatário e pode conter informações 
> confidenciais, protegidas por sigilo profissional. Sua utilização 
> desautorizada é ilegal e sujeita o infrator às penas da lei. Se você a 
> recebeu indevidamente, queira, por gentileza, reenviá-la ao emitente, 
> esclarecendo o equívoco."
>
> "This message from SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO) 
> -- a government company established under Brazilian law (5.615/70) -- 
> is directed exclusively to its addressee and may contain confidential 
> data, protected under professional secrecy rules. Its unauthorized use 
> is illegal and may subject the transgressor to the law's penalties. If 
> you're not the addressee, please send it back, elucidating the failure."
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20150711/7eddb2f3/attachment.html 


More information about the keycloak-dev mailing list