@ -33,6 +33,17 @@ public class DefaultKeycloakClient implements KeycloakClient {
@Override
public URL findTokenEndpointURL ( ) throws KeycloakClientException {
logger . debug ( "Checking ScopeProvider's scope presence and format" ) ;
String originalScope = ScopeProvider . instance . get ( ) ;
if ( originalScope = = null | | ! originalScope . startsWith ( "/" ) | | originalScope . length ( ) < 2 ) {
throw new KeycloakClientException ( originalScope = = null ? "Scope not found in ScopeProvider"
: "Bad scope name found: " + originalScope ) ;
}
logger . debug ( "Assuring use the rootVO to query the endpoint simple query. Actual scope is: {}" , originalScope ) ;
String rootVOScope = "/" + originalScope . split ( "/" ) [ 1 ] ;
logger . debug ( "Setting rootVO scope into provider as: {}" , rootVOScope ) ;
ScopeProvider . instance . set ( rootVOScope ) ;
logger . debug ( "Creating simple query" ) ;
SimpleQuery query = queryFor ( ServiceEndpoint . class ) ;
query . addCondition (
@ -46,6 +57,9 @@ public class DefaultKeycloakClient implements KeycloakClient {
logger . trace ( "Submitting query: {}" , query ) ;
List < AccessPoint > accessPoints = client . submit ( query ) ;
logger . debug ( "Restting scope into provider to the original value: {}" , originalScope ) ;
ScopeProvider . instance . set ( originalScope ) ;
if ( accessPoints . size ( ) = = 0 ) {
throw new KeycloakClientException ( "Service endpoint not found" ) ;
} else if ( accessPoints . size ( ) > 1 ) {
@ -66,6 +80,7 @@ public class DefaultKeycloakClient implements KeycloakClient {
return queryUMAToken ( clientId , clientSecret , ScopeProvider . instance . get ( ) , permissions ) ;
}
@Override
public TokenResponse queryUMAToken ( String clientId , String clientSecret , String audience ,
List < String > permissions ) throws KeycloakClientException {
@ -86,6 +101,18 @@ public class DefaultKeycloakClient implements KeycloakClient {
public TokenResponse queryUMAToken ( URL tokenURL , String authorization , String audience ,
List < String > permissions ) throws KeycloakClientException {
if ( tokenURL = = null ) {
throw new KeycloakClientException ( "'tokenURL' parameter must be not null" ) ;
}
if ( authorization = = null | | "" . equals ( authorization ) ) {
throw new KeycloakClientException ( "'authorization' parameter must be not null nor empty" ) ;
}
if ( audience = = null | | "" . equals ( audience ) ) {
throw new KeycloakClientException ( "'audience' parameter must be not null nor empty" ) ;
}
logger . debug ( "Querying token from Keycloak server with URL: {}" , tokenURL ) ;
Map < String , List < String > > params = new HashMap < > ( ) ;