我有一個angular2客戶端連接到由Play Framework實現的web api。客戶端被重定向到keycloak服務器以獲取令牌。我在他們的github項目中跟蹤了Keycloak樣本,客戶端正在工作並獲得令牌。不幸的是,我找不到適用於Play Framework的適配器。到目前爲止,我有以下代碼來檢查用戶是否有權訪問請求的資源。Keycloak資源沒有適配器的授權
val authzClient = AuthzClient.create()
val request = new EntitlementRequest
val permissions = new PermissionRequest
permissions.setResourceSetName(resourceName)
request.addPermission(permissions)
val entitlementResponse = authzClient.entitlement(token)
.get(resourceServer, request)
我假設服務器是否返回禁止的代碼,令牌用戶無權訪問資源。我在正確的軌道上嗎?謝謝。
更新:
我開發了一個自定義操作,檢查頭和驗證授權托克:
import pdi.jwt.{JwtAlgorithm, JwtJson}
import play.api.libs.json.{JsValue, Json}
import play.api.mvc.{ActionRefiner, Request, Result, Results}
import scala.concurrent.Future
import scala.concurrent.ExecutionContext.Implicits.global
import scala.util.{Failure, Success}
case class UserRequest[A](user: User, request: Request[A])
object UserAction extends ActionRefiner[Request, UserRequest] {
private val secret = "xxxxxx"
private val algorithm = JwtAlgorithm.RS256
override protected def refine[A](request: Request[A]): Future[Either[Result, UserRequest[A]]] = Future {
request.headers.get("Authorization") match {
case Some(headerToken) => {
val token = headerToken.substring(7)
JwtJson.decode(token, secret, Seq(algorithm)) match {
case Success(validToken) => {
val tokenJson = Json.parse(validToken.content)
val user = extractUser(tokenJson)
Right(UserRequest(user, request))
}
case Failure(ex) =>
Left(Results.Unauthorized)
}
}
case None => Left(Results.Unauthorized)
}
}
private def extractUser(token: JsValue): User = {
val username = (token \ "preferred_username").as[String]
val firstName = (token \ "given_name").asOpt[String]
val familyName = (token \ "family_name").asOpt[String]
val name = (token \ "name").asOpt[String]
User(username, firstName, familyName, name)
}
}
您是否找到了缺少Play Framework適配器的解決方案? – Atropo
我最終使用jwt-play來驗證播放服務器端的令牌。如果有幫助,我可以發佈代碼。 –
是的,這將是有益的,謝謝! – Atropo