Make it possible to set the role "claim" for the OidcRpAuthenticationFilter as well
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java
index 9a6823b..4ef706f 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java
@@ -53,6 +53,7 @@
private MessageContext mc;
private ClientTokenContextManager stateManager;
private String redirectUri;
+ private String roleClaim;
public void filter(ContainerRequestContext rc) {
if (checkSecurityContext(rc)) {
@@ -95,7 +96,10 @@
newTokenContext.setUserInfo(tokenContext.getUserInfo());
newTokenContext.setState(toRequestState(rc));
JAXRSUtils.getCurrentMessage().setContent(ClientTokenContext.class, newTokenContext);
- rc.setSecurityContext(new OidcSecurityContext(newTokenContext));
+
+ OidcSecurityContext oidcSecCtx = new OidcSecurityContext(newTokenContext);
+ oidcSecCtx.setRoleClaim(roleClaim);
+ rc.setSecurityContext(oidcSecCtx);
return true;
}
private MultivaluedMap<String, String> toRequestState(ContainerRequestContext rc) {
@@ -116,4 +120,8 @@
public void setClientTokenContextManager(ClientTokenContextManager manager) {
this.stateManager = manager;
}
+
+ public void setRoleClaim(String roleClaim) {
+ this.roleClaim = roleClaim;
+ }
}
