• Home
• org.infinispan
• infinispan-server-runtime
• 15.1.0.Dev03
• source code
• KeycloakRoleDecoder.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.infinispan.server.security.KeycloakRoleDecoder Maven / Gradle / Ivy

package org.infinispan.server.security;

import java.util.HashSet;
import java.util.Map;
import java.util.Set;

import org.infinispan.commons.dataconversion.internal.Json;
import org.wildfly.security.authz.Attributes;
import org.wildfly.security.authz.Attributes.Entry;
import org.wildfly.security.authz.AuthorizationIdentity;
import org.wildfly.security.authz.RoleDecoder;
import org.wildfly.security.authz.Roles;

public class KeycloakRoleDecoder implements RoleDecoder {

   private static final String CLAIM_REALM_ACCESS = "realm_access";
   private static final String CLAIM_RESOURCE_ACCESS = "resource_access";
   private static final String CLAIM_ROLES = "roles";

   @Override
   public Roles decodeRoles(AuthorizationIdentity identity) {
      Attributes attributes = identity.getAttributes();
      Entry realmAccess = attributes.get(CLAIM_REALM_ACCESS);
      Set roleSet = new HashSet<>();

      if (realmAccess != null && !realmAccess.isEmpty()) {
         String realmAccessValue = realmAccess.get(0);
         Json json = Json.read(realmAccessValue);
         Json rolesValue = json.at(CLAIM_ROLES);
         if (rolesValue != null) {
            for (Object role : rolesValue.asList()) {
               roleSet.add(role.toString());
            }
         }
      }

      Entry resourceAccess = attributes.get(CLAIM_RESOURCE_ACCESS);

      if (resourceAccess != null) {
         for (String resource : resourceAccess) {
            Map resources = Json.read(resource).asJsonMap();

            for (String resourceKey : resources.keySet()) {
               Json roles = resources.get(resourceKey).at("roles");

               if (roles != null) {
                  for (Object role : roles.asList()) {
                     roleSet.add(role.toString());
                  }
               }
            }
         }
      }
      return Roles.fromSet(roleSet);
   }
}