[keycloak-user] cxf filter

[Nhut Thai Le]

Hello,

I have a web app and a REST API running inside an OSGI environment.

The web app has some servlets registered with the web container (jetty) as
OSGI whiteboard services. All of these servlets are configured to be
protected (authentication required) by keycloak servlet filter.

Dictionary<String, String> props;
props = new Hashtable<>();
props.put("alias", "/whiteboard");
servletReg = context.registerService(Servlet.class, new
WhiteboardServlet("/test"), props);

Dictionary<String, Object> filterProps = new Hashtable<String, Object>();
String[] urls = { "/*" }; //$NON-NLS-1$
filterProps.put(HttpWhiteboardConstants.HTTP_WHITEBOARD_FILTER_NAME,
"keycloakFilter");
filterProps.put(HttpWhiteboardConstants.HTTP_WHITEBOARD_FILTER_PATTERN,
urls);
keycloakFilter = context.registerService(Filter.class, new
KeycloakOIDCFilter(), filterProps);

The REST api is hosted by aries-jax-rs-whiteboard.
@Component(
immediate = true,
    property = JAX_RS_APPLICATION_BASE + "=/rest",
    service = Application.class
)
@Path("/common")
public final class RestAPI extends Application {
public static final Response EMPTY_RESPONSE =
Response.noContent().type(MediaType.TEXT_HTML_TYPE).build();
@Override
public Set<Object> getSingletons() {
  return Collections.singleton(this);
}

@GET
@Path("/getObject")
@Produces(MediaType.APPLICATION_JSON)
public String getObject() {
return "Rest call"; //$NON-NLS-1$
}
}

The web app has some JS code executed on user browser that make an ajax
call to the REST service above. Since this call happen after user has been
auithenticated with keycloak and originate from the same browser session, I
assume the ajax request also contains KeycloakSecurityContext. Thus this
call should be allowed to reach the REST service. What I want is to
register a filter (ContainerRequestFilter) to deny access to the REST
service if user has not been authenticated.
Is there an existing implementation of ContainerRequestFilter by keycloak
that can do this?


Thai