Merge pull request #1993 from carlesarnal/fix-quarkus-gh-integration

EricWittmann · web-flow · commit e3e30a599dc2 · 2022-08-24T11:19:10.000-04:00
Fix quarkus github integration
diff --git a/platforms/quarkus/api/src/main/java/io/apicurio/hub/api/security/QuarkusLinkedAccountsProvider.java b/platforms/quarkus/api/src/main/java/io/apicurio/hub/api/security/QuarkusLinkedAccountsProvider.java
@@ -14,7 +14,6 @@
 import javax.enterprise.inject.Alternative;
 import javax.inject.Inject;
 import javax.net.ssl.SSLContext;
-import javax.servlet.http.HttpServletRequest;
 
 import org.apache.commons.io.IOUtils;
 import org.apache.http.client.methods.CloseableHttpResponse;
@@ -25,6 +24,7 @@
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClients;
 import org.apache.http.ssl.SSLContexts;
+import org.eclipse.microprofile.jwt.JsonWebToken;
 import org.jboss.logmanager.Level;
 import org.keycloak.RSATokenVerifier;
 import org.keycloak.common.VerificationException;
@@ -51,7 +51,6 @@
 import io.apicurio.hub.api.beans.InitiatedLinkedAccount;
 import io.apicurio.hub.core.beans.LinkedAccountType;
 import io.apicurio.hub.core.config.HubConfiguration;
-import io.smallrye.jwt.auth.principal.JWTCallerPrincipal;
 
 /**
  * An implementation of {@link ILinkedAccountsProvider} that used Keycloak to manage
@@ -75,11 +74,12 @@ public class QuarkusLinkedAccountsProvider
     @Inject
     HubConfiguration config;
 
-    @Inject
-    HttpServletRequest request;
 
     private CloseableHttpClient httpClient;
 
+    @Inject
+    JsonWebToken accessToken;
+
     @PostConstruct
     protected void postConstruct() {
         try {
@@ -107,10 +107,8 @@ public InitiatedLinkedAccount initiateLinkedAccount(LinkedAccountType accountTyp
         String realm = config.getKeycloakRealm();
         String provider = accountType.alias();
 
-        JWTCallerPrincipal principal = (JWTCallerPrincipal) request.getUserPrincipal();
-
         try {
-            AccessToken token = RSATokenVerifier.create(principal.getRawToken()).getToken();
+            AccessToken token = RSATokenVerifier.create(accessToken.getRawToken()).getToken();
             String clientId = token.getIssuedFor();
             MessageDigest md = null;
             try {
@@ -145,12 +143,9 @@ public void deleteLinkedAccount(LinkedAccountType type) throws IOException {
         try {
             String authServerRootUrl = config.getKeycloakAuthUrl();
             String realm = config.getKeycloakRealm();
-
             String provider = type.alias();
 
-            JWTCallerPrincipal principal = (JWTCallerPrincipal) request.getUserPrincipal();
-
-            AccessToken token = RSATokenVerifier.create(principal.getRawToken()).getToken();
+            AccessToken token = RSATokenVerifier.create(accessToken.getRawToken()).getToken();
 
             String url = KeycloakUriBuilder.fromUri(authServerRootUrl)
                     .path("/realms/{realm}/account/federated-identity-update").queryParam("action", "REMOVE")
@@ -183,7 +178,7 @@ public String getLinkedAccountToken(LinkedAccountType type) throws IOException {
         try {
             String externalTokenUrl = KeycloakUriBuilder.fromUri(authServerRootUrl)
                     .path("/realms/{realm}/broker/{provider}/token").build(realm, provider).toString();
-            String token = this.security.getToken();
+            String token = accessToken.getRawToken();
 
             HttpGet get = new HttpGet(externalTokenUrl);
             get.addHeader("Accept", "application/json");
diff --git a/platforms/quarkus/ui/src/main/java/io/apicurio/ui/QuarkusAuthenticationFilter.java b/platforms/quarkus/ui/src/main/java/io/apicurio/ui/QuarkusAuthenticationFilter.java
@@ -14,15 +14,17 @@
  * limitations under the License.
  */
 
-package io.apicurio.studio.fe.servlet.filters;
+package io.apicurio.ui;
 
 import io.apicurio.studio.fe.servlet.config.RequestAttributeKeys;
 import io.apicurio.studio.shared.beans.StudioConfigAuth;
 import io.apicurio.studio.shared.beans.StudioConfigAuthType;
 import io.apicurio.studio.shared.beans.StudioRole;
 import io.apicurio.studio.shared.beans.User;
 import io.smallrye.jwt.auth.principal.JWTCallerPrincipal;
+import org.eclipse.microprofile.jwt.JsonWebToken;
 
+import javax.inject.Inject;
 import javax.json.JsonObject;
 import javax.json.JsonString;
 import javax.servlet.*;
@@ -41,6 +43,9 @@
  */
 public class QuarkusAuthenticationFilter implements Filter {
 
+    @Inject
+    JsonWebToken accessToken;
+
     /**
      * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
      */
@@ -64,21 +69,21 @@ public class QuarkusAuthenticationFilter implements Filter {
             StudioConfigAuth auth = new StudioConfigAuth();
             auth.setType(StudioConfigAuthType.token);
             auth.setLogoutUrl(((HttpServletRequest) request).getContextPath() + "/logout");
-            auth.setToken(principal.getRawToken());
+            auth.setToken(accessToken.getRawToken());
             //TODO carnalca unsafe cast from long to int
-            auth.setTokenRefreshPeriod((int) expirationToRefreshPeriod(principal.getExpirationTime()));
+            auth.setTokenRefreshPeriod((int) expirationToRefreshPeriod(accessToken.getExpirationTime()));
             httpSession.setAttribute(RequestAttributeKeys.AUTH_KEY, auth);
 
             // Fabricate a User object from information in the access token and store it in the request.
             User user = new User();
-            user.setEmail(principal.getClaim("email"));
-            user.setLogin(principal.getClaim("preferred_username"));
-            user.setName(principal.getClaim("name"));
-            if (!principal.containsClaim("realm_access") || principal.<JsonObject>getClaim("realm_access").isNull("roles")) {
+            user.setEmail(accessToken.getClaim("email"));
+            user.setLogin(accessToken.getClaim("preferred_username"));
+            user.setName(accessToken.getClaim("name"));
+            if (!accessToken.containsClaim("realm_access") || accessToken.<JsonObject>getClaim("realm_access").isNull("roles")) {
                 user.setRoles(Collections.emptyList());
             } else {
                 user.setRoles(
-                        principal.<JsonObject>getClaim("realm_access")
+                        accessToken.<JsonObject>getClaim("realm_access")
                                 .getJsonArray("roles").stream()
                                 .map(JsonString.class::cast)
                                 .map(JsonString::getString)
diff --git a/platforms/quarkus/ui/src/main/resources/META-INF/web.xml b/platforms/quarkus/ui/src/main/resources/META-INF/web.xml
@@ -14,7 +14,7 @@
 
   <filter>
     <filter-name>QuarkusAuthenticationFilter</filter-name>
-    <filter-class>io.apicurio.studio.fe.servlet.filters.QuarkusAuthenticationFilter</filter-class>
+    <filter-class>io.apicurio.ui.QuarkusAuthenticationFilter</filter-class>
   </filter>
   <filter-mapping>
     <filter-name>QuarkusAuthenticationFilter</filter-name>
