how do I get realm information from Authentication object ? #218

kommradHomer · 2024-06-28T11:02:49Z

kommradHomer
Jun 28, 2024

how can I get realm information from the Authentication object? I cannot see it in any field or the jwt claims

Before switching to springboot3 , we were working with keycloak-starter and the authentication was casted to KeycloakAuthenticationToken where there was a keycloakDeployment object, which was holding realm information

Answered by ch4mpy

Jun 28, 2024

You can infer it from the issuer claim with a regex like ^.*/realms/([^/]+).*$.

If you want to add some helper methods to the Authentication instance in the security context (like KeycloakAuthenticationToken was doing):

create an Authentication implementation (you might use AbstractAuthenticationToken, JwtAuthenticationToken, or this lib's OAuthentication as base class)
declare a JwtAbstractAuthenticationTokenConverter bean in your conf (something that can turn a Jwt into something extending AbstractAuthenticationToken)

@Configuration
@EnableMethodSecurity()
public class SecurityConfig {

  @Data
  @EqualsAndHashCode(callSuper = true)
  public static class KommradAuthentication extends O…

View full answer

ch4mpy · 2024-06-28T11:46:10Z

ch4mpy
Jun 28, 2024
Maintainer

You can infer it from the issuer claim with a regex like ^.*/realms/([^/]+).*$.

If you want to add some helper methods to the Authentication instance in the security context (like KeycloakAuthenticationToken was doing):

create an Authentication implementation (you might use AbstractAuthenticationToken, JwtAuthenticationToken, or this lib's OAuthentication as base class)
declare a JwtAbstractAuthenticationTokenConverter bean in your conf (something that can turn a Jwt into something extending AbstractAuthenticationToken)

@Configuration
@EnableMethodSecurity()
public class SecurityConfig {

  @Data
  @EqualsAndHashCode(callSuper = true)
  public static class KommradAuthentication extends OAuthentication<OpenidClaimSet> {
    private static final Pattern REALM_PATTERN = Pattern.compile("^.*/realms/([^/]+).*$");

    private final String tenant;

    public KommradAuthentication(OpenidClaimSet claims,
        Collection<? extends GrantedAuthority> authorities, String tokenString) {
      super(claims, authorities, tokenString);
      this.tenant = REALM_PATTERN.matcher(claims.getIssuer().toString()).group(1);
    }
  }

  @Bean
  JwtAbstractAuthenticationTokenConverter authenticationFactory(
      Converter<Map<String, Object>, Collection<? extends GrantedAuthority>> authoritiesConverter,
      OpenidProviderPropertiesResolver addonsPropertiesResolver) {
    return jwt -> {
      final var opProperties = addonsPropertiesResolver.resolve(jwt.getClaims())
          .orElseThrow(() -> new NotAConfiguredOpenidProviderException(jwt.getClaims()));
      final var claims = new OpenidClaimSet(jwt.getClaims(), opProperties.getUsernameClaim());
      return new KommradAuthentication(claims, authoritiesConverter.convert(claims),
          jwt.getTokenValue());
    };
  }
}

Default authoritiesConverter and addonsPropertiesResolver beans are already provided by spring-addons, you don't have to write it yourself

1 reply

ch4mpy Jul 29, 2024
Maintainer

After a month without any comment, I'll consider this question answered.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

how do I get realm information from Authentication object ? #218

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 1 comment 1 reply

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

Select a reply

how do I get realm information from Authentication object ? #218

kommradHomer Jun 28, 2024

Replies: 1 comment · 1 reply

ch4mpy Jun 28, 2024 Maintainer

ch4mpy Jul 29, 2024 Maintainer

kommradHomer
Jun 28, 2024

Replies: 1 comment 1 reply

ch4mpy
Jun 28, 2024
Maintainer

ch4mpy Jul 29, 2024
Maintainer