Prosoft Git

KeycloakUndertowAccount.java

Home / integration / undertow / src / main / java / org / keycloak / adapters / undertow / KeycloakUndertowAccount.java

95 lines | 2.981 kB Blame History Raw Download 
package org.keycloak.adapters.undertow;

import io.undertow.security.idm.Account;
import org.jboss.logging.Logger;
import org.keycloak.KeycloakPrincipal;
import org.keycloak.adapters.KeycloakAccount;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
import org.keycloak.representations.AccessToken;

import java.io.Serializable;
import java.security.Principal;
import java.util.Collections;
import java.util.Set;

/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class KeycloakUndertowAccount implements Account, Serializable, KeycloakAccount {
    protected static Logger log = Logger.getLogger(KeycloakUndertowAccount.class);
    protected RefreshableKeycloakSecurityContext session;
    protected KeycloakPrincipal principal;
    protected Set<String> accountRoles;

    public KeycloakUndertowAccount(KeycloakPrincipal principal, RefreshableKeycloakSecurityContext session, KeycloakDeployment deployment) {
        this.principal = principal;
        this.session = session;
        setRoles(session.getToken());
    }

    protected void setRoles(AccessToken accessToken) {
        Set<String> roles = null;
        if (session.getDeployment().isUseResourceRoleMappings()) {
            log.info("useResourceRoleMappings");
            AccessToken.Access access = accessToken.getResourceAccess(session.getDeployment().getResourceName());
            if (access != null) roles = access.getRoles();
        } else {
            log.info("use realm role mappings");
            AccessToken.Access access = accessToken.getRealmAccess();
            if (access != null) roles = access.getRoles();
        }
        if (roles == null) roles = Collections.emptySet();
        /*
        log.info("Setting roles: ");
        for (String role : roles) {
            log.info("   role: " + role);
        }
        */
        this.accountRoles = roles;
    }

    @Override
    public Principal getPrincipal() {
        return principal;
    }

    @Override
    public Set<String> getRoles() {
        return accountRoles;
    }

    @Override
    public RefreshableKeycloakSecurityContext getKeycloakSecurityContext() {
        return session;
    }

    public void setDeployment(KeycloakDeployment deployment) {
        session.setDeployment(deployment);
    }

    public boolean isActive() {
        // this object may have been serialized, so we need to reset realm config/metadata
        if (session.isActive()) {
            log.info("session is active");
            return true;
        }

        log.info("session is not active try refresh");
        session.refreshExpiredToken();
        if (!session.isActive()) {
            log.info("session is not active return with failure");

            return false;
        }
        log.info("refresh succeeded");

        setRoles(session.getToken());
        return true;
    }



}

Bonobo Git Server (6.3.0.632) © 2015 Jakub Chodounský · Official Page · Github