[keycloak-user] Java Adapter - Claim body removes content

Felipe Roca felipe at hopu.eu
Wed Aug 21 04:11:35 EDT 2019


Hi Guys,

I was creating a small PEP for a third party service API using the 
keycloak authorization service.

My idea was to check whether an user is allowed to perform certain 
operation based on some body parameters, but it turns out that the body 
claim left the body content unsusable for the proxy application.

What do you think? Is this a bug or an expected behavior?

For a better understanding, here you can find my configuration file and 
controller class. I am using keycloak-spring-boot-starter and 
keycloak-authz-client version 6.0.0 maven modules but I tried also with 
6.0.1 and same results.

keycloak.realm=spring-boot-quickstart keycloak.auth-server-url=http://example.local/keycloak/auth keycloak.ssl-required=external keycloak.resource=app keycloak.bearer-only=true keycloak.credentials.secret=c23a55c0-0c96-4e28-8922-c47f918c2102 
keycloak.securityConstraints[0].authRoles[0]=user keycloak.securityConstraints[0].securityCollections[0].name=protected keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/version keycloak.securityConstraints[0].securityCollections[0].patterns[1]=/admin/* keycloak.securityConstraints[0].securityCollections[0].patterns[2]=/v1/* keycloak.securityConstraints[0].securityCollections[0].patterns[3]=/v2/* keycloak.policy-enforcer-config.enforcement-mode=ENFORCING 
keycloak.policy-enforcer-config.claimInformationPointConfig.claims[http.uri]={request.relativePath} 
keycloak.policy-enforcer-config.claimInformationPointConfig.claims[http.fiware-service]={request.header['service']} 
keycloak.policy-enforcer-config.claimInformationPointConfig.claims[http.fiware-servicepath]={request.header['servicepath']} 
keycloak.policy-enforcer-config.claimInformationPointConfig.claims[http.id]={request.body['/id']}


@RestController public class ProxyController {

     @Value("${proxy.schema}")
     private Stringschema;

     @Value("${proxy.host}")
     private Stringhost;

     @Value("${proxy.port}")
     private int port;

     private RestTemplaterestTemplate;

     @Autowired public ProxyController() {
         restTemplate =new RestTemplate();
         restTemplate.setRequestFactory(new HttpComponentsClientHttpRequestFactory());
         restTemplate.setErrorHandler(new BlankResponseErrorHandler());
     }

     @RequestMapping(value ="/login", produces ="application/json", method =POST)
     public ResponseEntity<Login> login(@RequestBody Login login) {
         return ResponseEntity.ok().body(login);
     }

     @RequestMapping(value ="/**", produces ="application/json", method = {GET,DELETE,HEAD,OPTIONS})
     public ResponseEntity<String> proxyRequestWithoutBody(HttpMethod method, HttpServletRequest request)throws URISyntaxException {
         return restTemplate.exchange(buildUri(request), method,new HttpEntity<String>(copyHeaders(request)), String.class);
     }

     @RequestMapping(value ="/**", produces ="application/json", method = {POST,PUT,PATCH})
     public ResponseEntity<String> proxyRequest(@RequestBody String body, HttpMethod method, HttpServletRequest request)throws URISyntaxException {
         return restTemplate.exchange(buildUri(request), method,new HttpEntity<>(body, copyHeaders(request)), String.class);
     }

     private URI buildUri(HttpServletRequest request)throws URISyntaxException {
         return new URI(schema,null,host,port, request.getRequestURI(), request.getQueryString(),null);
     }

     private HttpHeaders copyHeaders(HttpServletRequest request) {
         HttpHeaders httpHeaders =new HttpHeaders();
         for (String headerName : Collections.list(request.getHeaderNames())) {
             if (!headerName.equals("host"))
                 httpHeaders.add(headerName, request.getHeader(headerName));
         }
         return httpHeaders;
     }

}



Thank you in advance,
Best regards,
Felipe


-- 
Felipe Roca Blaya
Software Engineer
-
HOP Ubiquitous S.L.
www.hopu.eu <http://www.hopu.eu>
C/Luis Buñuel 6
30562, Ceutí, Murcia.
Spain
-
logo_hop <http://www.hopu.eu/>
-
face <https://www.facebook.com/hopubiquitous/> Twitter 
<https://twitter.com/HOPUbiquitous> google 
<https://plus.google.com/+HOPUbiquitousCeut%C3%AD?hl=es> vimeo 
<https://vimeo.com/hopu> linkedin 
<https://www.linkedin.com/company-beta/3810080/>


More information about the keycloak-user mailing list