[keycloak-user] How do I get KeycloakSecurityContext to be set in the httpServletRequest in Keycloak's account-linking doc?

Muehlburger, Herbert herbert.muehlburger at bearingpoint.com
Mon Oct 2 07:08:20 EDT 2017 

Hi,​


The context is an example implementation of a Spring Boot App Controller method like the following:


@GetMapping("/products")
    public String getProducts(HttpServletRequest request, Model model) throws IOException {

        KeycloakAuthenticationToken token = (KeycloakAuthenticationToken) request.getUserPrincipal();
        RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) token.getAccount().getKeycloakSecurityContext();
        KeycloakSecurityContext context = token.getAccount().getKeycloakSecurityContext();


        String accessTokenPretty = JsonSerialization.writeValueAsPrettyString(session.getToken());
        String idTokenPretty = JsonSerialization.writeValueAsPrettyString(session.getIdToken());

        RefreshToken refreshToken;
            try {
                refreshToken = new JWSInput(session.getRefreshToken()).readJsonContent(RefreshToken.class);
            } catch (JWSInputException e) {
                throw new IOException(e);
            }
        String refreshTokenPretty = JsonSerialization.writeValueAsPrettyString(refreshToken);

        model.addAttribute("idToken", idTokenPretty);
        model.addAttribute("accessToken", accessTokenPretty);
        model.addAttribute("refreshToken", refreshTokenPretty);

        model.addAttribute("products", productService.getProducts());
        return "products";
    }


​Kind regards,

Herbert​


________________________________

Von: Alik Elzin <kilaka at gmail.com>
Gesendet: Montag, 02. Oktober 2017 12:35
An: Muehlburger, Herbert
Cc: keycloak-user at lists.jboss.org
Betreff: Re: [keycloak-user] How do I get KeycloakSecurityContext to be set in the httpServletRequest in Keycloak's account-linking doc?

I'm missing the whole context here.
Where does this code should run? In what context?

On Mon, Oct 2, 2017 at 10:12 AM, Muehlburger, Herbert <herbert.muehlburger at bearingpoint.com<mailto:herbert.muehlburger at bearingpoint.com>> wrote:
Hi,

Given that request is an instance of HttpServletRequest you can access the security context like that

KeycloakAuthenticationToken token = (KeycloakAuthenticationToken) request.getUserPrincipal();

If there is a refresh tokena and you need access to that:

RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) token.getAccount().getKeycloakSecurityContext();

If there is no refresh token and you only want to access the other token:

KeycloakSecurityContext context = token.getAccount().getKeycloakSecurityContext();

Here is an example on how to get the access and id token:

KeycloakAuthenticationToken token = (KeycloakAuthenticationToken) request.getUserPrincipal();
RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) token.getAccount().getKeycloakSecurityContext();

String accessTokenPretty = JsonSerialization.writeValueAsPrettyString(session.getToken());
String idTokenPretty = JsonSerialization.writeValueAsPrettyString(session.getIdToken());

In order to also get the refresh token you can try the following:

        RefreshToken refreshToken;
            try {
                refreshToken = new JWSInput(session.getRefreshToken()).readJsonContent(RefreshToken.class);
            } catch (JWSInputException e) {
                throw new IOException(e);
            }
        String refreshTokenPretty = JsonSerialization.writeValueAsPrettyString(refreshToken);

Hope this helps.

Kind regards,
Herbert


Herbert Mühlburger
Senior System Engineer



T  +43 316 8003<tel:%2B43%20316%208003>
F  +43 316 8003 1080<tel:%2B43%20316%208003%201080>

BearingPoint Technology GmbH
Seering 6, Block B
8141 Premstätten
Austria

herbert.muehlburger at bearingpoint.com<mailto:herbert.muehlburger at bearingpoint.com>
www.bearingpoint.com<http://www.bearingpoint.com>

________________________________________
Von: keycloak-user-bounces at lists.jboss.org<mailto:keycloak-user-bounces at lists.jboss.org> <keycloak-user-bounces at lists.jboss.org<mailto:keycloak-user-bounces at lists.jboss.org>> im Auftrag von Alik Elzin <kilaka at gmail.com<mailto:kilaka at gmail.com>>
Gesendet: Montag, 02. Oktober 2017 07:06
An: keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
Cc: Ben.david at hpe.com<mailto:Ben.david at hpe.com>
Betreff: [keycloak-user] How do I get KeycloakSecurityContext to be set in the httpServletRequest in Keycloak's account-linking doc?

Hi.

In Keycloak's account-linking
<http://www.keycloak.org/docs/3.2/server_development/topics/identity-brokering/account-linking.html>
documentation,
there's a code snippet: KeycloakSecurityContext session =
(KeycloakSecurityContext)
httpServletRequest.getAttribute(KeycloakSecurityContext.class.getName()).

Why would the KeycloakSecurityContext be set in the httpServletRequest?
Where does this code should run? In what context?

Thanks.

* Also posted the question in SO:
https://stackoverflow.com/questions/46409356/how-do-i-get-keycloaksecuritycontext-to-be-set-in-the-httpservletrequest-in-keyc
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
________________________________
 BearingPoint Technology GmbH
Sitz: Premstätten bei Graz
Firmenbuchgericht: Landesgericht für ZRS Graz
Firmenbuchnummer: FN 44354b


The information in this email is confidential and may be legally privileged. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system.

_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user

________________________________
BearingPoint Technology GmbH
Sitz: Premstätten bei Graz
Firmenbuchgericht: Landesgericht für ZRS Graz
Firmenbuchnummer: FN 44354b

The information in this email is confidential and may be legally privileged. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system.

More information about the keycloak-user mailing list