From 75292b3b5450b79665b0cdbd4d13b488a319890b Mon Sep 17 00:00:00 2001 From: Carles Arnal Date: Wed, 24 Aug 2022 16:29:54 +0200 Subject: [PATCH] Fix quarkus github integration --- .../QuarkusLinkedAccountsProvider.java | 19 +++++++---------- .../ui}/QuarkusAuthenticationFilter.java | 21 ++++++++++++------- .../ui/src/main/resources/META-INF/web.xml | 2 +- 3 files changed, 21 insertions(+), 21 deletions(-) rename {front-end/servlet/src/main/java/io/apicurio/studio/fe/servlet/filters => platforms/quarkus/ui/src/main/java/io/apicurio/ui}/QuarkusAuthenticationFilter.java (84%) diff --git a/platforms/quarkus/api/src/main/java/io/apicurio/hub/api/security/QuarkusLinkedAccountsProvider.java b/platforms/quarkus/api/src/main/java/io/apicurio/hub/api/security/QuarkusLinkedAccountsProvider.java index 3b22445bf..2a734df26 100644 --- a/platforms/quarkus/api/src/main/java/io/apicurio/hub/api/security/QuarkusLinkedAccountsProvider.java +++ b/platforms/quarkus/api/src/main/java/io/apicurio/hub/api/security/QuarkusLinkedAccountsProvider.java @@ -14,7 +14,6 @@ import javax.enterprise.inject.Alternative; import javax.inject.Inject; import javax.net.ssl.SSLContext; -import javax.servlet.http.HttpServletRequest; import org.apache.commons.io.IOUtils; import org.apache.http.client.methods.CloseableHttpResponse; @@ -25,6 +24,7 @@ import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; import org.apache.http.ssl.SSLContexts; +import org.eclipse.microprofile.jwt.JsonWebToken; import org.jboss.logmanager.Level; import org.keycloak.RSATokenVerifier; import org.keycloak.common.VerificationException; @@ -51,7 +51,6 @@ import io.apicurio.hub.api.beans.InitiatedLinkedAccount; import io.apicurio.hub.core.beans.LinkedAccountType; import io.apicurio.hub.core.config.HubConfiguration; -import io.smallrye.jwt.auth.principal.JWTCallerPrincipal; /** * An implementation of {@link ILinkedAccountsProvider} that used Keycloak to manage @@ -75,11 +74,12 @@ public class QuarkusLinkedAccountsProvider @Inject HubConfiguration config; - @Inject - HttpServletRequest request; private CloseableHttpClient httpClient; + @Inject + JsonWebToken accessToken; + @PostConstruct protected void postConstruct() { try { @@ -107,10 +107,8 @@ public InitiatedLinkedAccount initiateLinkedAccount(LinkedAccountType accountTyp String realm = config.getKeycloakRealm(); String provider = accountType.alias(); - JWTCallerPrincipal principal = (JWTCallerPrincipal) request.getUserPrincipal(); - try { - AccessToken token = RSATokenVerifier.create(principal.getRawToken()).getToken(); + AccessToken token = RSATokenVerifier.create(accessToken.getRawToken()).getToken(); String clientId = token.getIssuedFor(); MessageDigest md = null; try { @@ -145,12 +143,9 @@ public void deleteLinkedAccount(LinkedAccountType type) throws IOException { try { String authServerRootUrl = config.getKeycloakAuthUrl(); String realm = config.getKeycloakRealm(); - String provider = type.alias(); - JWTCallerPrincipal principal = (JWTCallerPrincipal) request.getUserPrincipal(); - - AccessToken token = RSATokenVerifier.create(principal.getRawToken()).getToken(); + AccessToken token = RSATokenVerifier.create(accessToken.getRawToken()).getToken(); String url = KeycloakUriBuilder.fromUri(authServerRootUrl) .path("/realms/{realm}/account/federated-identity-update").queryParam("action", "REMOVE") @@ -183,7 +178,7 @@ public String getLinkedAccountToken(LinkedAccountType type) throws IOException { try { String externalTokenUrl = KeycloakUriBuilder.fromUri(authServerRootUrl) .path("/realms/{realm}/broker/{provider}/token").build(realm, provider).toString(); - String token = this.security.getToken(); + String token = accessToken.getRawToken(); HttpGet get = new HttpGet(externalTokenUrl); get.addHeader("Accept", "application/json"); diff --git a/front-end/servlet/src/main/java/io/apicurio/studio/fe/servlet/filters/QuarkusAuthenticationFilter.java b/platforms/quarkus/ui/src/main/java/io/apicurio/ui/QuarkusAuthenticationFilter.java similarity index 84% rename from front-end/servlet/src/main/java/io/apicurio/studio/fe/servlet/filters/QuarkusAuthenticationFilter.java rename to platforms/quarkus/ui/src/main/java/io/apicurio/ui/QuarkusAuthenticationFilter.java index 258f88ac2..240173bc5 100644 --- a/front-end/servlet/src/main/java/io/apicurio/studio/fe/servlet/filters/QuarkusAuthenticationFilter.java +++ b/platforms/quarkus/ui/src/main/java/io/apicurio/ui/QuarkusAuthenticationFilter.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package io.apicurio.studio.fe.servlet.filters; +package io.apicurio.ui; import io.apicurio.studio.fe.servlet.config.RequestAttributeKeys; import io.apicurio.studio.shared.beans.StudioConfigAuth; @@ -22,7 +22,9 @@ import io.apicurio.studio.shared.beans.StudioRole; import io.apicurio.studio.shared.beans.User; import io.smallrye.jwt.auth.principal.JWTCallerPrincipal; +import org.eclipse.microprofile.jwt.JsonWebToken; +import javax.inject.Inject; import javax.json.JsonObject; import javax.json.JsonString; import javax.servlet.*; @@ -41,6 +43,9 @@ */ public class QuarkusAuthenticationFilter implements Filter { + @Inject + JsonWebToken accessToken; + /** * @see javax.servlet.Filter#init(javax.servlet.FilterConfig) */ @@ -64,21 +69,21 @@ public class QuarkusAuthenticationFilter implements Filter { StudioConfigAuth auth = new StudioConfigAuth(); auth.setType(StudioConfigAuthType.token); auth.setLogoutUrl(((HttpServletRequest) request).getContextPath() + "/logout"); - auth.setToken(principal.getRawToken()); + auth.setToken(accessToken.getRawToken()); //TODO carnalca unsafe cast from long to int - auth.setTokenRefreshPeriod((int) expirationToRefreshPeriod(principal.getExpirationTime())); + auth.setTokenRefreshPeriod((int) expirationToRefreshPeriod(accessToken.getExpirationTime())); httpSession.setAttribute(RequestAttributeKeys.AUTH_KEY, auth); // Fabricate a User object from information in the access token and store it in the request. User user = new User(); - user.setEmail(principal.getClaim("email")); - user.setLogin(principal.getClaim("preferred_username")); - user.setName(principal.getClaim("name")); - if (!principal.containsClaim("realm_access") || principal.getClaim("realm_access").isNull("roles")) { + user.setEmail(accessToken.getClaim("email")); + user.setLogin(accessToken.getClaim("preferred_username")); + user.setName(accessToken.getClaim("name")); + if (!accessToken.containsClaim("realm_access") || accessToken.getClaim("realm_access").isNull("roles")) { user.setRoles(Collections.emptyList()); } else { user.setRoles( - principal.getClaim("realm_access") + accessToken.getClaim("realm_access") .getJsonArray("roles").stream() .map(JsonString.class::cast) .map(JsonString::getString) diff --git a/platforms/quarkus/ui/src/main/resources/META-INF/web.xml b/platforms/quarkus/ui/src/main/resources/META-INF/web.xml index c60885013..d153ebd9b 100644 --- a/platforms/quarkus/ui/src/main/resources/META-INF/web.xml +++ b/platforms/quarkus/ui/src/main/resources/META-INF/web.xml @@ -14,7 +14,7 @@ QuarkusAuthenticationFilter - io.apicurio.studio.fe.servlet.filters.QuarkusAuthenticationFilter + io.apicurio.ui.QuarkusAuthenticationFilter QuarkusAuthenticationFilter