Hi,

I created my custom valve to set my user principal in the security context.
It would be
possible to change the org.keycloak.subsystem.as7.KeycloakAdapterConfigDeploymentProcessor class so that the custom valve?

I would like to be able to set my custom valve and extends the keycloakValve.

Line 93: valve.setValveClass (KeycloakAuthenticatorValve.class.getName ());
maybe change to config the valve in module.xml or other config file.

Thanks.


Em 11/07/2015 05:59:55, Marek Posolda escreveu:
Not sure why you need this. But maybe easiest is to create just Http Servlet filter (this can be configured in web.xml and doesn't use any tomcat/jboss-web specific stuff) . In this filter, you will create HttpServletRequestWrapper wrapping the original HttpServletRequest, but you will override just the method "getUserPrincipal" in your wrapper class. Here you can do any hacking you want and return any principal instance you want. All the data from Keycloak (KeycloakSecurityContext, AccessToken, IDToken, original KeycloakPrincipal...) are already available in the filter, so you can use them for create your own principal.

Marek

On 10.7.2015 21:02, Marcelo Arthur Sampaio wrote:
Hi,

I need to implement my custom security Principal.
What is the best way to do it in adapter for jboss eap.

Create new adapter for my business extends RefreshableKeycloakSecurityContext, KeycloakAuthenticatorValve and set the new valve class in KeycloakAdapterConfigDeploymentProcessor?

I need to set new attributes in principal and get principal in the SecurityContext.

There is an other way?

Thanks.
-


"Esta mensagem do SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO), empresa pública federal regida pelo disposto na Lei Federal nº 5.615, é enviada exclusivamente a seu destinatário e pode conter informações confidenciais, protegidas por sigilo profissional. Sua utilização desautorizada é ilegal e sujeita o infrator às penas da lei. Se você a recebeu indevidamente, queira, por gentileza, reenviá-la ao emitente, esclarecendo o equívoco."

"This message from SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO) -- a government company established under Brazilian law (5.615/70) -- is directed exclusively to its addressee and may contain confidential data, protected under professional secrecy rules. Its unauthorized use is illegal and may subject the transgressor to the law's penalties. If you're not the addressee, please send it back, elucidating the failure."


_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev


-


"Esta mensagem do SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO), empresa pública federal regida pelo disposto na Lei Federal nº 5.615, é enviada exclusivamente a seu destinatário e pode conter informações confidenciais, protegidas por sigilo profissional. Sua utilização desautorizada é ilegal e sujeita o infrator às penas da lei. Se você a recebeu indevidamente, queira, por gentileza, reenviá-la ao emitente, esclarecendo o equívoco."

"This message from SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO) -- a government company established under Brazilian law (5.615/70) -- is directed exclusively to its addressee and may contain confidential data, protected under professional secrecy rules. Its unauthorized use is illegal and may subject the transgressor to the law's penalties. If you're not the addressee, please send it back, elucidating the failure."