Package org.appng.core.controller.filter
Class KeycloakLoginFilter
- java.lang.Object
-
- org.appng.core.controller.filter.KeycloakLoginFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
public class KeycloakLoginFilter extends Object implements javax.servlet.Filter
AFilter
that looks for aKeycloakPrincipal
(respectively anAccessToken
) in the currentHttpServletRequest
.Prerequisites
- The Keycloak Tomcat
Adapter must be installed and set up, defining the
KeycloakAuthenticatorValve
in the server'scontext.xml
- A Keycloak client must be set up, the corresponding
keycloak.json
must be present inWEB-INF
- Keycloak must be enabled in
WEB-INF/web.xml
by removing the comments from the Keycloak related elements. - For the Keycloak client, a role named 'appNG Keycloak User' must exist, since this role is used in the
<security-constraint>
. The name of that role can be configured usingPlatform.Property.KEYCLOAK_SECURITY_ROLE
.
KeycloakPrincipal
is found in the request (and there is no authenticated user), there are two possible scenarios:- The token contains no appNG group names
In that case, the filter tries to log-in the local user identified byIDToken.getPreferredUsername()
.
In other words, the Keycloak username must match the appNG username. - The token contains some appNG group names
In that case, the filter tries to log-in a user identified byIDToken.getPreferredUsername()
with the given groups.
To make this work,- create roles in the Keycloak client whose names match the names of appNG user groups
- create a mapper in the Keycloak client of type 'User Client Role'
- set the 'Client Role prefix' to 'appng_' (see
Platform.Property.KEYCLOAK_GROUP_PREFIX
) - set the 'Token Claim Name' to 'appNG Groups' (see
Platform.Property.KEYCLOAK_GROUP_CLAIM_NAME
)
- set the 'Client Role prefix' to 'appng_' (see
- Author:
- Matthias Müller
-
-
Constructor Summary
Constructors Constructor Description KeycloakLoginFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
destroy()
void
doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
void
init(javax.servlet.FilterConfig filterConfig)
-
-
-
Method Detail
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
- Specified by:
doFilter
in interfacejavax.servlet.Filter
- Throws:
IOException
javax.servlet.ServletException
-
init
public void init(javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException
- Specified by:
init
in interfacejavax.servlet.Filter
- Throws:
javax.servlet.ServletException
-
destroy
public void destroy()
- Specified by:
destroy
in interfacejavax.servlet.Filter
-
-