add reading logic for tenant-id

Gerald Unterrainer · Gerald Unterrainer · commit bf354e3f87be · 2021-05-05T13:40:16.000+02:00
diff --git a/pom.xml b/pom.xml
@@ -17,7 +17,7 @@
 
 	<modelVersion>4.0.0</modelVersion>
 	<artifactId>http-server</artifactId>
-	<version>0.2.6</version>
+	<version>0.2.7</version>
 	<name>HttpServer</name>
 	<packaging>jar</packaging>
 
diff --git a/src/main/java/info/unterrainer/commons/httpserver/accessmanager/HttpAccessManager.java b/src/main/java/info/unterrainer/commons/httpserver/accessmanager/HttpAccessManager.java
@@ -168,6 +168,9 @@ private TokenVerifier<AccessToken> persistUserInfoInContext(final Context ctx) {
 			ctx.attribute(Attribute.USER_EMAIL_VERIFIED, token.getEmailVerified());
 			ctx.attribute(Attribute.USER_REALM_ROLES, token.getRealmAccess().getRoles());
 
+			String tenant = (String) token.getOtherClaims().get("tenant");
+			ctx.attribute(Attribute.USER_CLIENT_ATTRIBUTE_TENANT, tenant);
+
 			Set<String> clientRoles = Set.of();
 			String key = token.getIssuedFor();
 			if (token.getResourceAccess().containsKey(key))
@@ -185,6 +188,7 @@ private TokenVerifier<AccessToken> persistUserInfoInContext(final Context ctx) {
 						.email(token.getEmail())
 						.emailVerified(token.getEmailVerified())
 						.realmRoles(token.getRealmAccess().getRoles())
+						.tenant(tenant)
 						.clientRoles(clientRoles)
 						.isActive(token.isActive())
 						.isBearer(token.getType().equalsIgnoreCase("bearer"))
diff --git a/src/main/java/info/unterrainer/commons/httpserver/enums/Attribute.java b/src/main/java/info/unterrainer/commons/httpserver/enums/Attribute.java
@@ -15,6 +15,7 @@ public class Attribute {
 	public static final String USER_CLIENT = "user_client";
 	public static final String USER_CLIENT_ROLES = "user_client_roles";
 	public static final String USER_REALM_ROLES = "user_realm_roles";
+	public static final String USER_CLIENT_ATTRIBUTE_TENANT = "user_client_attribute_tenant";
 
 	public static final String KEYCLOAK_TOKEN_REJECTION_REASON = "kc_token_rejection_reason";
 }
diff --git a/src/main/java/info/unterrainer/commons/httpserver/jsons/UserDataJson.java b/src/main/java/info/unterrainer/commons/httpserver/jsons/UserDataJson.java
@@ -22,6 +22,12 @@ public class UserDataJson {
 
 	private Set<String> realmRoles;
 	private Set<String> clientRoles;
+	/**
+	 * Is the custom Keycloak-attribute 'tenant' that has to be set under
+	 * user/attributes within Keycloak and then mapped using an AttributeMapper
+	 * within Keycloak as well. Is a comma-separated list of tenant-IDs.
+	 */
+	private String tenant;
 
 	private boolean isActive;
 	private boolean isBearer;

Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,7 @@ public class Attribute {`
`15`	`15`	`public static final String USER_CLIENT = "user_client";`
`16`	`16`	`public static final String USER_CLIENT_ROLES = "user_client_roles";`
`17`	`17`	`public static final String USER_REALM_ROLES = "user_realm_roles";`
	`18`	`+ public static final String USER_CLIENT_ATTRIBUTE_TENANT = "user_client_attribute_tenant";`
`18`	`19`
`19`	`20`	`public static final String KEYCLOAK_TOKEN_REJECTION_REASON = "kc_token_rejection_reason";`
`20`	`21`	`}`