来自vertx RoutingContext的KeycloakSecurityContext

Question

Actually I'm using Vertx Routher, and I have a request with Authorization in headers and want to find more information about token, so I've tried to create KeycloakSecurityContext form Vert.x RoutingContext by using code like these:

KeycloakSecurityContext securityContext = (KeycloakSecurityContext) routingContext.session().get(KeycloakSecurityContext.class.getName());

But it failed. (NPE, empty seesion.data)

Can anyone prompt me, how can I create that Keycloak Context from Vertx route? In future I want to terminate that token, so extra tips are welcome.

Thanks,

Answer 1

There is no Keycloak security context in Vert.x Web. All interactions between Vert.x and Keycloak are done over the OAuth2 protocol which is independent of the vendor you're using eg: Keycloak, Facebook, Google, Twitter, Linkedin, etc...

As of version 3.3.0 you will be able to use keycloak grants as encoded in the OAuth2 token as Vert.x auth authorities so you can do not just authentication but also authorization.

Here an example:

// Initialize the OAuth2 Library
    OAuth2Auth oauth2 = OAuth2Auth.createKeycloak(vertx, OAuth2FlowType.PASSWORD, keycloakJson);

    // first get a token (authenticate)
    oauth2.getToken(new JsonObject().put("username", "user").put("password", "secret"), res -> {
      if (res.failed()) {
        // error handling...
      } else {
        AccessToken token = res.result();

        // now check for permissions
        token.isAuthorised("account:manage-account", r -> {
          if (r.result()) {
            // this user is authorized to manage its account
          }
        });
      }
});