[keycloak-dev] Access original session

Christian Beikov christian.beikov at gmail.com
Tue Dec 30 07:45:13 EST 2014 

Seems like my question wasn't clear enough.

I have the following config in my web.xml

     <security-constraint>
         <web-resource-collection>
<web-resource-name>Protected</web-resource-name>
             <url-pattern>/protected/*</url-pattern>
         </web-resource-collection>
         <auth-constraint>
             <role-name>user</role-name>
         </auth-constraint>
     </security-constraint>

     <login-config>
         <auth-method>KEYCLOAK</auth-method>
         <realm-name>portfolio-webapp</realm-name>
     </login-config>

     <security-role>
         <role-name>user</role-name>
     </security-role>

Now when I navigate to e.g. "/protected/index.xhtml" I get redirected to 
the Keycloak login. Unfortunately, the cookie which is set by the 
Keycloak adapters after a succesful login, has the path "/protected" 
set. When I navigate to "/whatever.xhtml" I obviously have no access to 
the cookie since the browser doesn't send it.

How am I supposed to access the logged in user outside of the protected 
area?

The session cookie (assuming you're talking about JSESSIONID) should be set to the context-path of your WAR not a specific protected resource.

Unfortunately I am experiencing that it is set to a different path.

Is your protected resources in the same WAR as the unprotected resources?

Yes, it's all in the same WAR.

Mit freundlichen Grüßen,
------------------------------------------------------------------------
*Christian Beikov*
Am 30.12.2014 um 13:38 schrieb Stian Thorgersen:
> The session cookie (assuming you're talking about JSESSIONID) should be set to the context-path of your WAR not a specific protected resource. Is your protected resources in the same WAR as the unprotected resources?
>
> ----- Original Message -----
>> From: "Christian Beikov" <christian.beikov at gmail.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Sunday, 28 December, 2014 11:01:54 AM
>> Subject: [keycloak-dev] Access original session
>>
>> Hello there!"
>>
>> I have an application that has protected resources on the pattern
>> "/protected/*" and I receive a session cookie for the path "/protected",
>> which makes sense. Now my problem is, that I want the path of the cookie to
>> be "/" so I can access the user information even outside of the protected
>> resources.
>> Since I think this might introduce some problems, the only other way to
>> realize that I could think of is, to get access to the underlying servlet
>> session. Not only would that session have to be created properly, which I am
>> not sure is happening when browsing in the protected resources, I would also
>> need to access it on the server, so that I can save the currently logged in
>> user into it.
>>
>> Is there a possibility to access the servlet session within the Keycloak
>> context? If so, could you please share some code or point me to an API?
>> --
>>
>> Mit freundlichen Grüßen,
>>
>> Christian Beikov
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20141230/3d438cf1/attachment.html

More information about the keycloak-dev mailing list