Re: [keycloak-user] Java Adapter - Claim body removes content

Wednesday, 21 August 2019

Hi,

It could be an issue. For other adapters, I'm pretty sure we are not
messing with the body given that we cache the the bytes from the
inputstream so the application can obtain it later, if necessary.

I appreciate if you could open a JIRA and provide more details (maybe a
reproducer or steps) about how to reproduce the problem when using the
Spring Adapter.

Regards.
Pedro Igor

On Wed, Aug 21, 2019 at 5:13 AM Felipe Roca <felipe(a)hopu.eu&gt; wrote:

...
 Hi Guys,

 I was creating a small PEP for a third party service API using the
 keycloak authorization service.

 My idea was to check whether an user is allowed to perform certain
 operation based on some body parameters, but it turns out that the body
 claim left the body content unsusable for the proxy application.

 What do you think? Is this a bug or an expected behavior?

 For a better understanding, here you can find my configuration file and
 controller class. I am using keycloak-spring-boot-starter and
 keycloak-authz-client version 6.0.0 maven modules but I tried also with
 6.0.1 and same results.

 keycloak.realm=spring-boot-quickstart keycloak.auth-server-url=
 http://example.local/keycloak/auth keycloak.ssl-required=external
 keycloak.resource=app keycloak.bearer-only=true
 keycloak.credentials.secret=c23a55c0-0c96-4e28-8922-c47f918c2102
 keycloak.securityConstraints[0].authRoles[0]=user
 keycloak.securityConstraints[0].securityCollections[0].name=protected
 keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/version
 keycloak.securityConstraints[0].securityCollections[0].patterns[1]=/admin/*
 keycloak.securityConstraints[0].securityCollections[0].patterns[2]=/v1/*
 keycloak.securityConstraints[0].securityCollections[0].patterns[3]=/v2/*
 keycloak.policy-enforcer-config.enforcement-mode=ENFORCING

keycloak.policy-enforcer-config.claimInformationPointConfig.claims[http.uri]={request.relativePath}

keycloak.policy-enforcer-config.claimInformationPointConfig.claims[http.fiware-service]={request.header['service']}

keycloak.policy-enforcer-config.claimInformationPointConfig.claims[http.fiware-servicepath]={request.header['servicepath']}

 keycloak.policy-enforcer-config.claimInformationPointConfig.claims[http.id
 ]={request.body['/id']}

 @RestController public class ProxyController {

      @Value("${proxy.schema}")
      private Stringschema;

      @Value("${proxy.host}")
      private Stringhost;

      @Value("${proxy.port}")
      private int port;

      private RestTemplaterestTemplate;

      @Autowired public ProxyController() {
          restTemplate =new RestTemplate();
          restTemplate.setRequestFactory(new
 HttpComponentsClientHttpRequestFactory());
          restTemplate.setErrorHandler(new BlankResponseErrorHandler());
      }

      @RequestMapping(value ="/login", produces ="application/json",
method
 =POST)
      public ResponseEntity<Login> login(@RequestBody Login login) {
          return ResponseEntity.ok().body(login);
      }

      @RequestMapping(value ="/**", produces ="application/json",
method =
 {GET,DELETE,HEAD,OPTIONS})
      public ResponseEntity<String> proxyRequestWithoutBody(HttpMethod
 method, HttpServletRequest request)throws URISyntaxException {
          return restTemplate.exchange(buildUri(request), method,new
 HttpEntity<String>(copyHeaders(request)), String.class);
      }

      @RequestMapping(value ="/**", produces ="application/json",
method =
 {POST,PUT,PATCH})
      public ResponseEntity<String> proxyRequest(@RequestBody String body,
 HttpMethod method, HttpServletRequest request)throws URISyntaxException {
          return restTemplate.exchange(buildUri(request), method,new
 HttpEntity<>(body, copyHeaders(request)), String.class);
      }

      private URI buildUri(HttpServletRequest request)throws
 URISyntaxException {
          return new URI(schema,null,host,port, request.getRequestURI(),
 request.getQueryString(),null);
      }

      private HttpHeaders copyHeaders(HttpServletRequest request) {
          HttpHeaders httpHeaders =new HttpHeaders();
          for (String headerName :
 Collections.list(request.getHeaderNames())) {
              if (!headerName.equals("host"))
                  httpHeaders.add(headerName,
 request.getHeader(headerName));
          }
          return httpHeaders;
      }

 }

 Thank you in advance,
 Best regards,
 Felipe

 --
 Felipe Roca Blaya
 Software Engineer
 -
 HOP Ubiquitous S.L.
 www.hopu.eu <http://www.hopu.eu>
 C/Luis Buñuel 6
 30562, Ceutí, Murcia.
 Spain
 -
 logo_hop <http://www.hopu.eu/>
 -
 face <https://www.facebook.com/hopubiquitous/> Twitter
 <https://twitter.com/HOPUbiquitous> google
 <https://plus.google.com/+HOPUbiquitousCeut%C3%AD?hl=es> vimeo
 <https://vimeo.com/hopu> linkedin
 <https://www.linkedin.com/company-beta/3810080/>
 _______________________________________________
 keycloak-user mailing list
 keycloak-user(a)lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/keycloak-user 

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Re: [keycloak-user] Java Adapter - Claim body removes content