public static List<RoleRepresentation> getRealmRoles(HttpServletRequest req) throws Failure {
KeycloakSecurityContext session =
(KeycloakSecurityContext) req.getAttribute(KeycloakSecurityContext.class.getName());
HttpClient client = new HttpClientBuilder().disableTrustManager().build();
try {
HttpGet get =
new HttpGet(
AdapterUtils.getOriginForRestCalls(req.getRequestURL().toString(), session)
+ "/auth/admin/realms/demo/roles");
get.addHeader("Authorization", "Bearer " + session.getTokenString());
try {
HttpResponse response = client.execute(get);
if (response.getStatusLine().getStatusCode() != 200) {
throw new Failure(response.getStatusLine().getStatusCode());
}
HttpEntity entity = response.getEntity();
InputStream is = entity.getContent();
try {
return JsonSerialization.readValue(is, TypedList.class);
} finally {
is.close();
}
} catch (IOException e) {
throw new RuntimeException(e);
}
} finally {
client.getConnectionManager().shutdown();
}
}
protected boolean corsRequest() {
if (!deployment.isCors()) return false;
KeycloakSecurityContext securityContext = facade.getSecurityContext();
String origin = facade.getRequest().getHeader(CorsHeaders.ORIGIN);
String requestOrigin = UriUtils.getOrigin(facade.getRequest().getURI());
log.debugv("Origin: {0} uri: {1}", origin, facade.getRequest().getURI());
if (securityContext != null && origin != null && !origin.equals(requestOrigin)) {
AccessToken token = securityContext.getToken();
Set<String> allowedOrigins = token.getAllowedOrigins();
if (log.isDebugEnabled()) {
for (String a : allowedOrigins) log.debug(" " + a);
}
if (allowedOrigins == null
|| (!allowedOrigins.contains("*") && !allowedOrigins.contains(origin))) {
if (allowedOrigins == null) {
log.debugv("allowedOrigins was null in token");
} else {
log.debugv("allowedOrigins did not contain origin");
}
facade.getResponse().setStatus(403);
facade.getResponse().end();
return true;
}
log.debugv("returning origin: {0}", origin);
facade.getResponse().setStatus(200);
facade.getResponse().setHeader(CorsHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, origin);
facade.getResponse().setHeader(CorsHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
} else {
log.debugv(
"cors validation not needed as we're not a secure session or origin header was null: {0}",
facade.getRequest().getURI());
}
return false;
}
public static String sendRequest(HttpServletRequest req) throws CxfRsClient.Failure {
KeycloakSecurityContext session =
(KeycloakSecurityContext) req.getAttribute(KeycloakSecurityContext.class.getName());
HttpClient client = new HttpClientBuilder().disableTrustManager().build();
try {
HttpGet get = new HttpGet("http://localhost:8383/admin-camel-endpoint");
get.addHeader("Authorization", "Bearer " + session.getTokenString());
try {
HttpResponse response = client.execute(get);
if (response.getStatusLine().getStatusCode() != 200) {
return "There was a failure processing request. You either didn't configure Keycloak properly or you don't have enought permission? Status code is "
+ response.getStatusLine().getStatusCode();
}
HttpEntity entity = response.getEntity();
InputStream is = entity.getContent();
try {
return getStringFromInputStream(is);
} finally {
is.close();
}
} catch (IOException e) {
throw new RuntimeException(e);
}
} finally {
client.getConnectionManager().shutdown();
}
}
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
Client client = ClientBuilder.newBuilder().build();
WebTarget target = client.target("http://localhost:8080/video-rest/list");
GenericType<List<VideoImpl>> listGenericType = new GenericType<List<VideoImpl>>() {};
KeycloakSecurityContext ksc =
(KeycloakSecurityContext) req.getAttribute(KeycloakSecurityContext.class.getName());
List<VideoImpl> list =
target
.request()
.header("Authorization", "Bearer " + ksc.getTokenString())
.get(listGenericType);
// merge lists
List<Video> mergeList = new ArrayList<>();
mergeList.addAll(list);
mergeList.addAll(videoService.list());
req.setAttribute("list", mergeList);
req.setAttribute("ksc", ksc);
getServletContext().getRequestDispatcher("/WEB-INF/jsp/list.jsp").forward(req, resp);
}
public static IDToken getIDToken(HttpServletRequest req) {
KeycloakSecurityContext session =
(KeycloakSecurityContext) req.getAttribute(KeycloakSecurityContext.class.getName());
return session.getIdToken();
}
