Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  package org.keycloak.jaxrs;
  
 

Author(s):
Bill Burke
Version:
$Revision: 1 $
 
 public class JaxrsBearerTokenFilter implements ContainerRequestFilter {
     private static Logger log = Logger.getLogger(JaxrsBearerTokenFilter.class);
     protected String realm;
     protected PublicKey realmPublicKey;
     protected String resourceName;
 
     public JaxrsBearerTokenFilter(String realmPublicKey realmPublicKeyString resourceName) {
         this. = realm;
         this. = realmPublicKey;
         this. = resourceName;
     }
 
     protected void challengeResponse(ContainerRequestContext requestString errorString description) {
         StringBuilder header = new StringBuilder("Bearer realm=\"");
         header.append().append("\"");
         if (error != null) {
             header.append(", error=\"").append(error).append("\"");
         }
         if (description != null) {
             header.append(", error_description=\"").append(description).append("\"");
         }
         request.abortWith(Response.status(..).header(.header.toString()).build());
         return;
     }
 
     @Context
     protected SecurityContext securityContext;
 
     @Override
     public void filter(ContainerRequestContext requestthrows IOException {
         String authHeader = request.getHeaderString(.);
         if (authHeader == null) {
             challengeResponse(requestnullnull);
             return;
         }
 
         String[] split = authHeader.trim().split("\\s+");
         if (split == null || split.length != 2) challengeResponse(requestnullnull);
         if (!split[0].equalsIgnoreCase("Bearer")) challengeResponse(requestnullnull);
 
 
         String tokenString = split[1];
 
 
         try {
             AccessToken token = RSATokenVerifier.verifyToken(tokenString);
             KeycloakSecurityContext skSession = new KeycloakSecurityContext(tokenStringtokennullnull);
             ResteasyProviderFactory.pushContext(KeycloakSecurityContext.classskSession);
 
             final KeycloakPrincipal principal = new KeycloakPrincipal(token.getSubject(), skSession);
             final boolean isSecure = .isSecure();
             final AccessToken.Access access;
             if ( != null) {
                 access = token.getResourceAccess();
             } else {
                 access = token.getRealmAccess();
             }
             SecurityContext ctx = new SecurityContext() {
                 @Override
                 public Principal getUserPrincipal() {
                     return principal;
                 }
 
                 @Override
                 public boolean isUserInRole(String role) {
                     if (access.getRoles() == nullreturn false;
                     return access.getRoles().contains(role);
                 }
 
                 @Override
                 public boolean isSecure() {
                     return isSecure;
                }
                @Override
                public String getAuthenticationScheme() {
                    return "OAUTH_BEARER";
                }
            };
            request.setSecurityContext(ctx);
        } catch (VerificationException e) {
            .error("Failed to verify token"e);
            challengeResponse(request"invalid_token"e.getMessage());
        }
    }
New to GrepCode? Check out our FAQ X