java.lang.Object
- org.appng.core.controller.filter.KeycloakLoginFilter

All Implemented Interfaces:

javax.servlet.Filter
```
public class KeycloakLoginFilter
extends Object
implements javax.servlet.Filter
```
A Filter that looks for a KeycloakPrincipal (respectively an AccessToken) in the current HttpServletRequest.
Prerequisites
- The Keycloak Tomcat Adapter must be installed and set up, defining the KeycloakAuthenticatorValve in the server's context.xml
- A Keycloak client must be set up, the corresponding keycloak.json must be present in WEB-INF
- Keycloak must be enabled in WEB-INF/web.xml by removing the comments from the Keycloak related elements.
- For the Keycloak client, a role named 'appNG Keycloak User' must exist, since this role is used in the <security-constraint>. The name of that role can be configured using Platform.Property.KEYCLOAK_SECURITY_ROLE.
If a KeycloakPrincipal is found in the request (and there is no authenticated user), there are two possible scenarios:
1. The token contains no appNG group names
  In that case, the filter tries to log-in the local user identified by IDToken.getPreferredUsername().
  In other words, the Keycloak username must match the appNG username.
2. The token contains some appNG group names
  In that case, the filter tries to log-in a user identified by IDToken.getPreferredUsername() with the given groups.
  To make this work,
  - create roles in the Keycloak client whose names match the names of appNG user groups
  - create a mapper in the Keycloak client of type 'User Client Role'
    - set the 'Client Role prefix' to 'appng_' (see Platform.Property.KEYCLOAK_GROUP_PREFIX)
    - set the 'Token Claim Name' to 'appNG Groups' (see Platform.Property.KEYCLOAK_GROUP_CLAIM_NAME)
Author:

Matthias Müller

Constructor Summary

Constructors
Constructor Description

KeycloakLoginFilter()

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`void`	`destroy()`
`void`	`doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)`
`void`	`init(javax.servlet.FilterConfig filterConfig)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail
- KeycloakLoginFilter
```
public KeycloakLoginFilter()
```

Method Detail

doFilter

public void doFilter(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException

Specified by:: doFilter in interface javax.servlet.Filter
Throws:: IOException; javax.servlet.ServletException

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException

Specified by:: init in interface javax.servlet.Filter
Throws:: javax.servlet.ServletException

destroy
```
public void destroy()
```
Specified by:

destroy in interface javax.servlet.Filter

Class KeycloakLoginFilter

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

KeycloakLoginFilter

Method Detail

doFilter

init

destroy