Update Keycloak Authorization docs and UserInfo

quarkusio · Dec 3, 2020 · 249b22e · 249b22e
1 parent 9256986
commit 249b22e
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 17 deletions.
diff --git a/docs/src/main/asciidoc/security-keycloak-authorization.adoc b/docs/src/main/asciidoc/security-keycloak-authorization.adoc
@@ -318,7 +318,7 @@ public class ProtectedResource {
     @GET
     public CompletionStage<List<Permission>> get() {
         return identity.checkPermission(new AuthPermission("{resource_name}"))
-                .thenCompose(granted -> {
+                .transform(granted -> {
                     if (granted) {
                         return CompletableFuture.completedFuture(doGetState());
                     }

diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/UserInfo.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/UserInfo.java
@@ -1,11 +1,15 @@
 package io.quarkus.oidc;
 
 import java.io.StringReader;
+import java.util.Collections;
+import java.util.Map;
+import java.util.Set;
 
 import javax.json.Json;
 import javax.json.JsonArray;
 import javax.json.JsonObject;
 import javax.json.JsonReader;
+import javax.json.JsonValue;
 
 public class UserInfo {
 
@@ -34,6 +38,18 @@ public Object get(String name) {
         return json.get(name);
     }
 
+    public boolean contains(String propertyName) {
+        return json.containsKey(propertyName);
+    }
+
+    public Set<String> getPropertyNames() {
+        return Collections.unmodifiableSet(json.keySet());
+    }
+
+    public Set<Map.Entry<String, JsonValue>> getAllProperties() {
+        return Collections.unmodifiableSet(json.entrySet());
+    }
+
     private static JsonObject toJsonObject(String userInfoJson) {
         try (JsonReader jsonReader = Json.createReader(new StringReader(userInfoJson))) {
             return jsonReader.readObject();

diff --git a/...-tests/keycloak-authorization/src/main/java/io/quarkus/it/keycloak/ProtectedResource.java b/...-tests/keycloak-authorization/src/main/java/io/quarkus/it/keycloak/ProtectedResource.java
@@ -4,7 +4,6 @@
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
-import java.util.function.Function;
 
 import javax.inject.Inject;
 import javax.security.auth.AuthPermission;
@@ -30,14 +29,11 @@ public class ProtectedResource {
     @GET
     public Uni<List<Permission>> permissions() {
         return identity.checkPermission(new AuthPermission("Permission Resource")).onItem()
-                .apply(new Function<Boolean, List<Permission>>() {
-                    @Override
-                    public List<Permission> apply(Boolean granted) {
-                        if (granted) {
-                            return identity.getAttribute("permissions");
-                        }
-                        throw new ForbiddenException();
+                .transform(granted -> {
+                    if (granted) {
+                        return identity.getAttribute("permissions");
                     }
+                    throw new ForbiddenException();
                 });
     }
 
@@ -50,14 +46,11 @@ public String getActions() {
                 return scope;
             }
         }).onItem()
-                .apply(new Function<Boolean, List<Permission>>() {
-                    @Override
-                    public List<Permission> apply(Boolean granted) {
-                        if (granted) {
-                            return identity.getAttribute("permissions");
-                        }
-                        throw new ForbiddenException();
+                .transform(granted -> {
+                    if (granted) {
+                        return identity.getAttribute("permissions");
                     }
+                    throw new ForbiddenException();
                 });
     }
 

diff --git a/integration-tests/oidc-tenancy/src/main/java/io/quarkus/it/keycloak/TenantResource.java b/integration-tests/oidc-tenancy/src/main/java/io/quarkus/it/keycloak/TenantResource.java
@@ -6,6 +6,7 @@
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 
+import org.eclipse.microprofile.jwt.Claims;
 import org.eclipse.microprofile.jwt.JsonWebToken;
 
 import io.quarkus.arc.Arc;
@@ -40,7 +41,12 @@ public String userNameService(@PathParam("tenant") String tenant) {
         String name = getNameServiceType();
         if ("tenant-d".equals(tenant) || "tenant-b-no-discovery".equals(tenant)) {
             UserInfo userInfo = getUserInfo();
-            name = name + "." + userInfo.getString("preferred_username");
+            if (!userInfo.contains(Claims.sub.name())) {
+                throw new OIDCException("UserInfo returned from Keycloak must contain 'sub'");
+            }
+            if (userInfo.getPropertyNames().contains(Claims.preferred_username.name())) {
+                name = name + "." + userInfo.getString(Claims.preferred_username.name());
+            }
         }
         return tenant + ":" + name;
     }