[keycloak-user] How do I get KeycloakSecurityContext to be set in the httpServletRequest in Keycloak's account-linking doc?

Alik Elzin kilaka at gmail.com
Mon Oct 2 06:35:13 EDT 2017 

I'm missing the whole context here.
Where does this code should run? In what context?

On Mon, Oct 2, 2017 at 10:12 AM, Muehlburger, Herbert <
herbert.muehlburger at bearingpoint.com> wrote:

> Hi,
>
> Given that request is an instance of HttpServletRequest you can access the
> security context like that
>
> KeycloakAuthenticationToken token = (KeycloakAuthenticationToken)
> request.getUserPrincipal();
>
> If there is a refresh tokena and you need access to that:
>
> RefreshableKeycloakSecurityContext session = (
> RefreshableKeycloakSecurityContext) token.getAccount().
> getKeycloakSecurityContext();
>
> If there is no refresh token and you only want to access the other token:
>
> KeycloakSecurityContext context = token.getAccount().
> getKeycloakSecurityContext();
>
> Here is an example on how to get the access and id token:
>
> KeycloakAuthenticationToken token = (KeycloakAuthenticationToken)
> request.getUserPrincipal();
> RefreshableKeycloakSecurityContext session = (
> RefreshableKeycloakSecurityContext) token.getAccount().
> getKeycloakSecurityContext();
>
> String accessTokenPretty = JsonSerialization.writeValueAsPrettyString(
> session.getToken());
> String idTokenPretty = JsonSerialization.writeValueAsPrettyString(
> session.getIdToken());
>
> In order to also get the refresh token you can try the following:
>
>         RefreshToken refreshToken;
>             try {
>                 refreshToken = new JWSInput(session.getRefreshToken()).
> readJsonContent(RefreshToken.class);
>             } catch (JWSInputException e) {
>                 throw new IOException(e);
>             }
>         String refreshTokenPretty = JsonSerialization.
> writeValueAsPrettyString(refreshToken);
>
> Hope this helps.
>
> Kind regards,
> Herbert
>
>
> Herbert Mühlburger
> Senior System Engineer
>
>
>
> T  +43 316 8003
> F  +43 316 8003 1080
>
> BearingPoint Technology GmbH
> Seering 6, Block B
> 8141 Premstätten
> Austria
>
> herbert.muehlburger at bearingpoint.com
> www.bearingpoint.com
>
> ________________________________________
> Von: keycloak-user-bounces at lists.jboss.org <keycloak-user-bounces at lists.
> jboss.org> im Auftrag von Alik Elzin <kilaka at gmail.com>
> Gesendet: Montag, 02. Oktober 2017 07:06
> An: keycloak-user at lists.jboss.org
> Cc: Ben.david at hpe.com
> Betreff: [keycloak-user] How do I get KeycloakSecurityContext to be set in
> the httpServletRequest in Keycloak's account-linking doc?
>
> Hi.
>
> In Keycloak's account-linking
> <http://www.keycloak.org/docs/3.2/server_development/topics/
> identity-brokering/account-linking.html>
> documentation,
> there's a code snippet: KeycloakSecurityContext session =
> (KeycloakSecurityContext)
> httpServletRequest.getAttribute(KeycloakSecurityContext.class.getName()).
>
> Why would the KeycloakSecurityContext be set in the httpServletRequest?
> Where does this code should run? In what context?
>
> Thanks.
>
> * Also posted the question in SO:
> https://stackoverflow.com/questions/46409356/how-do-i-
> get-keycloaksecuritycontext-to-be-set-in-the-httpservletrequest-in-keyc
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> ________________________________
>  BearingPoint Technology GmbH
> Sitz: Premstätten bei Graz
> Firmenbuchgericht: Landesgericht für ZRS Graz
> Firmenbuchnummer: FN 44354b
>
>
> The information in this email is confidential and may be legally
> privileged. If you are not the intended recipient of this message, any
> review, disclosure, copying, distribution, retention, or any action taken
> or omitted to be taken in reliance on it is prohibited and may be unlawful.
> If you are not the intended recipient, please reply to or forward a copy of
> this message to the sender and delete the message, any attachments, and any
> copies thereof from your system.
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list