Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Protect custom resource with custom filter #58

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Protect custom resource with custom filter #58

wants to merge 1 commit into from

Conversation

sonOfRa
Copy link
Contributor

@sonOfRa sonOfRa commented Jul 25, 2023

Example for using a ContainerRequestFilter to protect a custom resource

@sonOfRa sonOfRa marked this pull request as draft July 25, 2023 14:01
@sonOfRa sonOfRa force-pushed the filtered-resource branch from 239cf39 to 41943db Compare July 25, 2023 14:15
thomasdarimont
thomasdarimont requested changes Jul 25, 2023
View reviewed changes
...ons/src/main/java/com/github/thomasdarimont/keycloak/custom/endpoints/filter/AuthFilter.java Outdated Show resolved Hide resolved
...ons/src/main/java/com/github/thomasdarimont/keycloak/custom/endpoints/filter/AuthFilter.java Outdated
throw new NotAuthorizedException("Invalid or missing token");
}

if (!clientPattern.matcher(accessToken.getIssuedFor()).matches()) {
Copy link
Owner

@thomasdarimont thomasdarimont Jul 25, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could have an String[] audience() attribute on the @AuthFilterBinding to control the allowed client patterns.
This would allow us to optionally specify allowed audiences on class / method level on the target resource method.

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To access the "target" method of a filtered request you could inject the ResourceInfo into the filter.

@Context
private ResourceInfo resourceInfo;

https://stackoverflow.com/questions/24145659/how-to-get-target-method-of-a-given-jax-rs-request

.../main/java/com/github/thomasdarimont/keycloak/custom/endpoints/filter/ProtectedResource.java Outdated Show resolved Hide resolved
...github/thomasdarimont/keycloak/custom/endpoints/filter/ProtectedResourceProviderFactory.java Outdated Show resolved Hide resolved
@sonOfRa sonOfRa force-pushed the filtered-resource branch from 41943db to 854222e Compare July 25, 2023 17:47
@sonOfRa sonOfRa force-pushed the filtered-resource branch from 854222e to 9d57de8 Compare July 25, 2023 17:57
@thomasdarimont thomasdarimont force-pushed the main branch 6 times, most recently from b261678 to cbc4cee Compare November 4, 2023 13:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thomasdarimont thomasdarimont thomasdarimont requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sonOfRa @thomasdarimont