samiraghayarov · November 19, 2021 18:56
diff --git a/UsersController.java b/UsersController.java
 package org.keycloak.quickstart.springboot.web;

 import org.keycloak.AuthorizationContext;
 import org.keycloak.KeycloakPrincipal;
 import org.keycloak.KeycloakSecurityContext;
 import org.keycloak.representations.IDToken;
 import org.keycloak.representations.idm.authorization.Permission;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;

 import java.util.List;
 import java.util.Map;

 import static java.util.Objects.nonNull;

 @RestController
 public class UsersController {

    @GetMapping("/user/fetch")
    public String fetch(KeycloakPrincipal<KeycloakSecurityContext> principal, String customerId) {
        checkPermissionScopes(principal, customerId+".viewUser");

        return "Hello user. Any user can view this";
    }

    @GetMapping("/admin/fetch")
    public String adminStatus(KeycloakPrincipal<KeycloakSecurityContext> principal) {
        checkPermissionScopes(principal, "viewAdmin");
        return "Hello Admin. Only admin can view this";
    }

    private void checkPermissionScopes(KeycloakPrincipal<KeycloakSecurityContext> principal, String scopeName) {
        KeycloakSecurityContext keycloakSecurityContext = principal.getKeycloakSecurityContext();
        AuthorizationContext authorizationContext = keycloakSecurityContext.getAuthorizationContext();

        //To check if user has certain permissions
        boolean viewUser = authorizationContext.hasScopePermission(scopeName); // ideally to be fetched from config

        // To get permission list
        List<Permission> permissions = authorizationContext.getPermissions();

        //To get customer user attributes
        IDToken idToken = keycloakSecurityContext.getIdToken();
        if (nonNull(idToken)) {
            Map<String, Object> attributes = idToken.getOtherClaims();
        }
    }
 }
	package org.keycloak.quickstart.springboot.web;

	import org.keycloak.AuthorizationContext;
	import org.keycloak.KeycloakPrincipal;
	import org.keycloak.KeycloakSecurityContext;
	import org.keycloak.representations.IDToken;
	import org.keycloak.representations.idm.authorization.Permission;
	import org.springframework.web.bind.annotation.GetMapping;
	import org.springframework.web.bind.annotation.RestController;

	import java.util.List;
	import java.util.Map;

	import static java.util.Objects.nonNull;

	@RestController
	public class UsersController {

	@GetMapping("/user/fetch")
	public String fetch(KeycloakPrincipal<KeycloakSecurityContext> principal, String customerId) {
	checkPermissionScopes(principal, customerId+".viewUser");

	return "Hello user. Any user can view this";
	}

	@GetMapping("/admin/fetch")
	public String adminStatus(KeycloakPrincipal<KeycloakSecurityContext> principal) {
	checkPermissionScopes(principal, "viewAdmin");
	return "Hello Admin. Only admin can view this";
	}

	private void checkPermissionScopes(KeycloakPrincipal<KeycloakSecurityContext> principal, String scopeName) {
	KeycloakSecurityContext keycloakSecurityContext = principal.getKeycloakSecurityContext();
	AuthorizationContext authorizationContext = keycloakSecurityContext.getAuthorizationContext();

	//To check if user has certain permissions
	boolean viewUser = authorizationContext.hasScopePermission(scopeName); // ideally to be fetched from config

	// To get permission list
	List<Permission> permissions = authorizationContext.getPermissions();

	//To get customer user attributes
	IDToken idToken = keycloakSecurityContext.getIdToken();
	if (nonNull(idToken)) {
	Map<String, Object> attributes = idToken.getOtherClaims();
	}
	}
	}