[keycloak-user] [ Keycloak - user ] Spring boot application configuration - How can I inject ROLE got from OtherClaims to configuration class?
Eddy Rowking
eddy.rowking at gmail.com
Sun Mar 3 17:06:35 EST 2019
Hello everyone,
I am trying to configure a spring boot application.
How can I inject ROLE got from OtherClaims to configuration class?
I get Roles from other claims the user endpoit url as you can see below:
public class GetRolesFromOtherClaims
{
private final String keycloakServerUrl =
"https://my-authentication-server.fr";
private final String keycloakRealm = "MY-REALM";
public RolesDto[] getRoles() throws IOException
{
URI userInfoUri =
KeycloakUriBuilder.fromUri(this.keycloakServerUrl).path("/auth/realms/MY-REALM/protocol/openid-connect/userinfo").build(this.keycloakRealm);
KeycloakClientRequestFactory factory = new
KeycloakClientRequestFactory();
KeycloakRestTemplate template = new KeycloakRestTemplate(factory);
ResponseEntity<UserInfo> response =
template.getForEntity(userInfoUri, UserInfo.class);
UserInfo infos = response.getBody();
String autorisations =
infos.getOtherClaims().get("autorisations").toString();
ObjectMapper mapper = new ObjectMapper();
RolesDto[] rolesDtos = mapper.readValue(autorisations,
RolesDto[].class);
return rolesDtos;
}
}
You can see below my configuration classes:
@Configuration
@EnableWebSecurity
@ConditionalOnProperty(name = "keycloak.enabled", havingValue =
"true", matchIfMissing = true)
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
public class KeycloakConfigurationAdapter extends
KeycloakWebSecurityConfigurerAdapter
{
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy()
{
return new NullAuthenticatedSessionStrategy();
}
@Bean
public KeycloakConfigResolver KeycloakConfigResolver()
{
return new KeycloakSpringBootConfigResolver();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
{
KeycloakAuthenticationProvider keycloakAuthenticationProvider
= keycloakAuthenticationProvider();
SimpleAuthorityMapper simpleAuthorityMapper = new
SimpleAuthorityMapper();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(simpleAuthorityMapper);
auth.authenticationProvider(keycloakAuthenticationProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception
{
http
.sessionManagement()
.sessionAuthenticationStrategy(sessionAuthenticationStrategy())
.and()
.addFilterBefore(keycloakPreAuthActionsFilter(),
LogoutFilter.class)
.addFilterBefore(keycloakAuthenticationProcessingFilter(),
X509AuthenticationFilter.class)
.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint())
.and()
.logout()
.addLogoutHandler(keycloakLogoutHandler())
.logoutUrl("/logout").logoutSuccessHandler(
(HttpServletRequest request, HttpServletResponse
response, Authentication authentication) ->
response.setStatus(HttpServletResponse.SC_OK))
.and().apply(new CommonSpringKeycloakSecuritAdapter());
}
}
public class CommonSpringKeycloakSecuritAdapter extends
AbstractHttpConfigurer<CommonSpringKeycloakSecuritAdapter,
HttpSecurity>
{
@Bean
CorsFilter corsFilter()
{
return new CorsFilter();
}
@Override
public void init(HttpSecurity http) throws Exception
{
http
.csrf().disable()
.addFilterBefore(this.corsFilter(),
SessionManagementFilter.class)
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests().antMatchers(HttpMethod.OPTIONS).permitAll()
.anyRequest().authenticated();
}
}
Thanks for you help!
Eddy,
More information about the keycloak-user
mailing list