• Home
• org.keycloak
• keycloak-spring-boot-2-adapter
• 8.0.0
• source code
• KeycloakSecurityContextClientRequestInterceptor.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.keycloak.adapters.springboot.client.KeycloakSecurityContextClientRequestInterceptor Maven / Gradle / Ivy

package org.keycloak.adapters.springboot.client;

import org.keycloak.KeycloakPrincipal;
import org.keycloak.KeycloakSecurityContext;
import org.springframework.http.HttpRequest;
import org.springframework.http.client.ClientHttpRequestExecution;
import org.springframework.http.client.ClientHttpRequestInterceptor;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import java.io.IOException;
import java.security.Principal;

/**
 * Interceptor for {@link ClientHttpRequestExecution} objects created for server to server secured
 * communication using OAuth2 bearer tokens issued by Keycloak.
 *
 * @author James McShane
 * @version $Revision: 1 $
 */
public class KeycloakSecurityContextClientRequestInterceptor implements ClientHttpRequestInterceptor {

    private static final String AUTHORIZATION_HEADER = "Authorization";

    /**
     * Returns the {@link KeycloakSecurityContext} from the Spring {@link ServletRequestAttributes}'s {@link Principal}.
     *
     * The principal must support retrieval of the KeycloakSecurityContext, so at this point, only {@link KeycloakPrincipal}
     * values are supported
     *
     * @return the current KeycloakSecurityContext
     */
    protected KeycloakSecurityContext getKeycloakSecurityContext() {
        ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
        Principal principal = attributes.getRequest().getUserPrincipal();
        if (principal == null) {
            throw new IllegalStateException("Cannot set authorization header because there is no authenticated principal");
        }
        if (!(principal instanceof KeycloakPrincipal)) {
            throw new IllegalStateException(
                    String.format(
                            "Cannot set authorization header because the principal type %s does not provide the KeycloakSecurityContext",
                            principal.getClass()));
        }
        return ((KeycloakPrincipal) principal).getKeycloakSecurityContext();
    }

    @Override
    public ClientHttpResponse intercept(HttpRequest httpRequest, byte[] bytes, ClientHttpRequestExecution clientHttpRequestExecution) throws IOException {
        KeycloakSecurityContext context = this.getKeycloakSecurityContext();
        httpRequest.getHeaders().set(AUTHORIZATION_HEADER, "Bearer " + context.getTokenString());
        return clientHttpRequestExecution.execute(httpRequest, bytes);
    }
}