From 390ca566a3a955bad1acddda0f39b1e98057e1f8 Mon Sep 17 00:00:00 2001 From: AFaust Date: Sun, 10 May 2020 15:04:57 +0200 Subject: [PATCH] Translate input to preferred user name --- .../authentication/KeycloakAuthenticationComponent.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/repository/src/main/java/de/acosix/alfresco/keycloak/repo/authentication/KeycloakAuthenticationComponent.java b/repository/src/main/java/de/acosix/alfresco/keycloak/repo/authentication/KeycloakAuthenticationComponent.java index 02205d1..74e133a 100644 --- a/repository/src/main/java/de/acosix/alfresco/keycloak/repo/authentication/KeycloakAuthenticationComponent.java +++ b/repository/src/main/java/de/acosix/alfresco/keycloak/repo/authentication/KeycloakAuthenticationComponent.java @@ -313,11 +313,14 @@ public class KeycloakAuthenticationComponent extends AbstractAuthenticationCompo final AccessTokenResponse response; final VerifiedTokens tokens; + String realUserName = userName; try { response = this.getAccessTokenImpl(userName, new String(password)); tokens = AdapterTokenVerifier.verifyTokens(response.getToken(), response.getIdToken(), this.deployment); + realUserName = tokens.getAccessToken().getPreferredUsername(); + // for potential one-off authentication, we do not care particularly about the token TTL - so no validation here if (Boolean.TRUE.equals(this.lastTokenResponseStoreEnabled.get())) @@ -336,7 +339,9 @@ public class KeycloakAuthenticationComponent extends AbstractAuthenticationCompo throw new AuthenticationException("Failed to authenticate against Keycloak", ioex); } - this.setCurrentUser(userName); + // TODO Override setCurrentUser to perform user existence validation and role retrieval for non-Keycloak logins (e.g. via public API + // setCurrentUser) + this.setCurrentUser(realUserName); this.handleUserTokens(tokens.getAccessToken(), tokens.getIdToken(), true); }