[keycloak-user] How do I get KeycloakSecurityContext to be set in the httpServletRequest in Keycloak's account-linking doc?

Muehlburger, Herbert herbert.muehlburger at bearingpoint.com
Mon Oct 2 03:12:59 EDT 2017 

Hi,

Given that request is an instance of HttpServletRequest you can access the security context like that

KeycloakAuthenticationToken token = (KeycloakAuthenticationToken) request.getUserPrincipal();

If there is a refresh tokena and you need access to that:

RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) token.getAccount().getKeycloakSecurityContext();

If there is no refresh token and you only want to access the other token:

KeycloakSecurityContext context = token.getAccount().getKeycloakSecurityContext();

Here is an example on how to get the access and id token:

KeycloakAuthenticationToken token = (KeycloakAuthenticationToken) request.getUserPrincipal();
RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) token.getAccount().getKeycloakSecurityContext();

String accessTokenPretty = JsonSerialization.writeValueAsPrettyString(session.getToken());
String idTokenPretty = JsonSerialization.writeValueAsPrettyString(session.getIdToken());

In order to also get the refresh token you can try the following:

        RefreshToken refreshToken;
            try {
                refreshToken = new JWSInput(session.getRefreshToken()).readJsonContent(RefreshToken.class);
            } catch (JWSInputException e) {
                throw new IOException(e);
            }
        String refreshTokenPretty = JsonSerialization.writeValueAsPrettyString(refreshToken);

Hope this helps.

Kind regards,
Herbert


Herbert Mühlburger
Senior System Engineer



T  +43 316 8003
F  +43 316 8003 1080

BearingPoint Technology GmbH
Seering 6, Block B
8141 Premstätten
Austria

herbert.muehlburger at bearingpoint.com
www.bearingpoint.com

________________________________________
Von: keycloak-user-bounces at lists.jboss.org <keycloak-user-bounces at lists.jboss.org> im Auftrag von Alik Elzin <kilaka at gmail.com>
Gesendet: Montag, 02. Oktober 2017 07:06
An: keycloak-user at lists.jboss.org
Cc: Ben.david at hpe.com
Betreff: [keycloak-user] How do I get KeycloakSecurityContext to be set in the httpServletRequest in Keycloak's account-linking doc?

Hi.

In Keycloak's account-linking
<http://www.keycloak.org/docs/3.2/server_development/topics/identity-brokering/account-linking.html>
documentation,
there's a code snippet: KeycloakSecurityContext session =
(KeycloakSecurityContext)
httpServletRequest.getAttribute(KeycloakSecurityContext.class.getName()).

Why would the KeycloakSecurityContext be set in the httpServletRequest?
Where does this code should run? In what context?

Thanks.

* Also posted the question in SO:
https://stackoverflow.com/questions/46409356/how-do-i-get-keycloaksecuritycontext-to-be-set-in-the-httpservletrequest-in-keyc
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
________________________________
 BearingPoint Technology GmbH
Sitz: Premstätten bei Graz
Firmenbuchgericht: Landesgericht für ZRS Graz
Firmenbuchnummer: FN 44354b


The information in this email is confidential and may be legally privileged. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system.

More information about the keycloak-user mailing list