/**
* Returns the username from the given {@link KeycloakAuthenticationToken}. By default, this
* method resolves the username from the token's {@link KeycloakPrincipal}'s name. This value can
* be controlled via <code>keycloak.json</code>'s <a
* href="http://docs.jboss.org/keycloak/docs/1.2.0.CR1/userguide/html/ch08.html#adapter-config">
* <code>principal-attribute</code></a>. For more fine-grained username resolution, override this
* method.
*
* @param token the {@link KeycloakAuthenticationToken} from which to extract the username
* @return the username to use when loading a user from the this provider's {@link
* UserDetailsService}.
* @see UserDetailsService#loadUserByUsername
* @see KeycloakAccount#getPrincipal
*/
protected String resolveUsername(KeycloakAuthenticationToken token) {
Assert.notNull(token, "KeycloakAuthenticationToken required");
Assert.notNull(
token.getAccount(), "KeycloakAuthenticationToken.getAccount() cannot be return null");
KeycloakAccount account = token.getAccount();
Principal principal = account.getPrincipal();
return principal.getName();
}
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
KeycloakAuthenticationToken token =
(KeycloakAuthenticationToken) super.authenticate(authentication);
String username;
UserDetails userDetails;
if (token == null) {
return null;
}
username = this.resolveUsername(token);
userDetails = userDetailsService.loadUserByUsername(username);
return new KeycloakUserDetailsAuthenticationToken(
userDetails, token.getAccount(), token.getAuthorities());
}
