[keycloak-user] Java Adapter - Claim body removes content

Pedro Igor Silva psilva at redhat.com
Wed Aug 21 14:55:01 EDT 2019 

Hi,

It could be an issue. For other adapters, I'm pretty sure we are not
messing with the body given that we cache the the bytes from the
inputstream so the application can obtain it later, if necessary.

I appreciate if you could open a JIRA and provide more details (maybe a
reproducer or steps) about how to reproduce the problem when using the
Spring Adapter.

Regards.
Pedro Igor

On Wed, Aug 21, 2019 at 5:13 AM Felipe Roca <felipe at hopu.eu> wrote:

> Hi Guys,
>
> I was creating a small PEP for a third party service API using the
> keycloak authorization service.
>
> My idea was to check whether an user is allowed to perform certain
> operation based on some body parameters, but it turns out that the body
> claim left the body content unsusable for the proxy application.
>
> What do you think? Is this a bug or an expected behavior?
>
> For a better understanding, here you can find my configuration file and
> controller class. I am using keycloak-spring-boot-starter and
> keycloak-authz-client version 6.0.0 maven modules but I tried also with
> 6.0.1 and same results.
>
> keycloak.realm=spring-boot-quickstart keycloak.auth-server-url=
> http://example.local/keycloak/auth keycloak.ssl-required=external
> keycloak.resource=app keycloak.bearer-only=true
> keycloak.credentials.secret=c23a55c0-0c96-4e28-8922-c47f918c2102
> keycloak.securityConstraints[0].authRoles[0]=user
> keycloak.securityConstraints[0].securityCollections[0].name=protected
> keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/version
> keycloak.securityConstraints[0].securityCollections[0].patterns[1]=/admin/*
> keycloak.securityConstraints[0].securityCollections[0].patterns[2]=/v1/*
> keycloak.securityConstraints[0].securityCollections[0].patterns[3]=/v2/*
> keycloak.policy-enforcer-config.enforcement-mode=ENFORCING
> keycloak.policy-enforcer-config.claimInformationPointConfig.claims[http.uri]={request.relativePath}
>
> keycloak.policy-enforcer-config.claimInformationPointConfig.claims[http.fiware-service]={request.header['service']}
>
> keycloak.policy-enforcer-config.claimInformationPointConfig.claims[http.fiware-servicepath]={request.header['servicepath']}
>
> keycloak.policy-enforcer-config.claimInformationPointConfig.claims[http.id
> ]={request.body['/id']}
>
>
> @RestController public class ProxyController {
>
>      @Value("${proxy.schema}")
>      private Stringschema;
>
>      @Value("${proxy.host}")
>      private Stringhost;
>
>      @Value("${proxy.port}")
>      private int port;
>
>      private RestTemplaterestTemplate;
>
>      @Autowired public ProxyController() {
>          restTemplate =new RestTemplate();
>          restTemplate.setRequestFactory(new
> HttpComponentsClientHttpRequestFactory());
>          restTemplate.setErrorHandler(new BlankResponseErrorHandler());
>      }
>
>      @RequestMapping(value ="/login", produces ="application/json", method
> =POST)
>      public ResponseEntity<Login> login(@RequestBody Login login) {
>          return ResponseEntity.ok().body(login);
>      }
>
>      @RequestMapping(value ="/**", produces ="application/json", method =
> {GET,DELETE,HEAD,OPTIONS})
>      public ResponseEntity<String> proxyRequestWithoutBody(HttpMethod
> method, HttpServletRequest request)throws URISyntaxException {
>          return restTemplate.exchange(buildUri(request), method,new
> HttpEntity<String>(copyHeaders(request)), String.class);
>      }
>
>      @RequestMapping(value ="/**", produces ="application/json", method =
> {POST,PUT,PATCH})
>      public ResponseEntity<String> proxyRequest(@RequestBody String body,
> HttpMethod method, HttpServletRequest request)throws URISyntaxException {
>          return restTemplate.exchange(buildUri(request), method,new
> HttpEntity<>(body, copyHeaders(request)), String.class);
>      }
>
>      private URI buildUri(HttpServletRequest request)throws
> URISyntaxException {
>          return new URI(schema,null,host,port, request.getRequestURI(),
> request.getQueryString(),null);
>      }
>
>      private HttpHeaders copyHeaders(HttpServletRequest request) {
>          HttpHeaders httpHeaders =new HttpHeaders();
>          for (String headerName :
> Collections.list(request.getHeaderNames())) {
>              if (!headerName.equals("host"))
>                  httpHeaders.add(headerName,
> request.getHeader(headerName));
>          }
>          return httpHeaders;
>      }
>
> }
>
>
>
> Thank you in advance,
> Best regards,
> Felipe
>
>
> --
> Felipe Roca Blaya
> Software Engineer
> -
> HOP Ubiquitous S.L.
> www.hopu.eu <http://www.hopu.eu>
> C/Luis Buñuel 6
> 30562, Ceutí, Murcia.
> Spain
> -
> logo_hop <http://www.hopu.eu/>
> -
> face <https://www.facebook.com/hopubiquitous/> Twitter
> <https://twitter.com/HOPUbiquitous> google
> <https://plus.google.com/+HOPUbiquitousCeut%C3%AD?hl=es> vimeo
> <https://vimeo.com/hopu> linkedin
> <https://www.linkedin.com/company-beta/3810080/>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list