diff --git a/adapters/oidc/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/wildfly/WildflyRequestAuthenticator.java b/adapters/oidc/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/wildfly/WildflyRequestAuthenticator.java
index fea697e..3f87bb5 100644
--- a/adapters/oidc/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/wildfly/WildflyRequestAuthenticator.java
+++ b/adapters/oidc/wildfly/wildfly-adapter/src/main/java/org/keycloak/adapters/wildfly/WildflyRequestAuthenticator.java
@@ -17,8 +17,15 @@
package org.keycloak.adapters.wildfly;
-import io.undertow.security.api.SecurityContext;
-import io.undertow.server.HttpServerExchange;
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Collection;
+import java.util.Enumeration;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+
import org.jboss.logging.Logger;
import org.jboss.security.NestableGroup;
import org.jboss.security.SecurityConstants;
@@ -35,19 +42,15 @@ import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.adapters.undertow.KeycloakUndertowAccount;
import org.keycloak.adapters.undertow.ServletRequestAuthenticator;
-import javax.security.auth.Subject;
-import java.security.Principal;
-import java.security.acl.Group;
-import java.util.Collection;
-import java.util.Enumeration;
-import java.util.Iterator;
-import java.util.Set;
+import io.undertow.security.api.SecurityContext;
+import io.undertow.server.HttpServerExchange;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
-public class WildflyRequestAuthenticator extends ServletRequestAuthenticator {
+public class WildflyRequestAuthenticator extends ServletRequestAuthenticator
+{
protected static Logger log = Logger.getLogger(WildflyRequestAuthenticator.class);
public WildflyRequestAuthenticator(HttpFacade facade, KeycloakDeployment deployment, int sslRedirectPort,
@@ -97,7 +100,7 @@ public class WildflyRequestAuthenticator extends ServletRequestAuthenticator {
// .createIdentity(Principal [=userPrincipal], Object [=account], Role [=null]).
// Therefore the roles are only contained in the authenticatedSubject (member of subjectInfo)
// and subsequent logics do only access subjectInfo#roles instead of authenticatedSubject#roles.
- mapGroupMembersOfAuthenticatedSubjectIntoSubjectInfo(sc.getSubjectInfo());
+ mapGroupMembersOfAuthenticatedSubjectIntoSecurityContext(sc);
}
/**
@@ -161,7 +164,8 @@ public class WildflyRequestAuthenticator extends ServletRequestAuthenticator {
return roleSets;
}
- private static void mapGroupMembersOfAuthenticatedSubjectIntoSubjectInfo(SubjectInfo subjectInfo) {
+ private static void mapGroupMembersOfAuthenticatedSubjectIntoSecurityContext(org.jboss.security.SecurityContext sc) {
+ SubjectInfo subjectInfo = sc.getSubjectInfo();
if (subjectInfo == null) {
return;
}
@@ -171,14 +175,14 @@ public class WildflyRequestAuthenticator extends ServletRequestAuthenticator {
return;
}
- // Get role group of subjectInfo in order to add roles of authenticatedSubject.
- RoleGroup scRoles = subjectInfo.getRoles();
+ // Get role group of security context in order to add roles of authenticatedSubject.
+ RoleGroup scRoles = sc.getUtil().getRoles();
if (scRoles == null) {
scRoles = new SimpleRoleGroup("Roles");
- subjectInfo.setRoles(scRoles);
+ sc.getUtil().setRoles(scRoles);
}
- // Get group roles of authenticatedSubject and add them into subjectInfo
+ // Get group roles of authenticatedSubject and add each role of the group into security context
Iterator<Principal> principalItr = authenticatedSubject.getPrincipals().iterator();
while (principalItr.hasNext()) {
Principal principal = principalItr.next();
