in library/src/main/java/org/apache/fineract/cn/anubis/security/FinKeycloakTenantAuthenticator.java [74:115]
AnubisAuthentication authenticate(
final @Nonnull String user,
final @Nonnull String token,
final @Nonnull String keyTimestamp) {
try {
final JwtParser parser = Jwts.parser()
.setSigningKey(keycloakRsaKeyProvider.getPublicKey());
@SuppressWarnings("unchecked") Jwt<Header, Claims> jwt = parser.parse(token);
final String serializedTokenContent = jwt.getBody().get("tokenPermissions", String.class);
final String sourceApplication = "Keycloak";
final TokenContent tokenContent = gson.fromJson(serializedTokenContent, TokenContent.class);
if (tokenContent == null)
throw AmitAuthenticationException.missingTokenContent();
final Set<ApplicationPermission> permissions = translatePermissions(tokenContent.getTokenPermissions());
permissions.addAll(guestPermissions);
if(jwt.getBody().get("fin") != null){
Map map= jwt.getBody().get("fin", Map.class);
final String serializedAccountAccess = gson.toJson(map);
final AccountAccessTokenContent accountAccess = gson.fromJson(serializedAccountAccess, AccountAccessTokenContent.class);
final Set<ApplicationPermission> acctPermissions = translateAccountPermissions(accountAccess.getAccounts());
permissions.addAll(acctPermissions);
}
logger.info("Tenant token for user {}, with key timestamp {} authenticated successfully.", user, keyTimestamp);
return new AnubisAuthentication(TokenConstants.PREFIX + token,
jwt.getBody().get("preferred_username", String.class), applicationNameWithVersion, sourceApplication, permissions
);
}
catch (final JwtException | InvalidKeySpecException | NoSuchAlgorithmException e) {
logger.info("Tenant token for user {}, with key timestamp {} failed to authenticate. Exception was {}", user, keyTimestamp, e);
throw AmitAuthenticationException.invalidToken();
}
}