[keycloak-dev] KeycloakSecurityContext serialization issue
Leonardo Loch Zanivan
leonardo.zanivan at gmail.com
Tue Apr 21 11:55:37 EDT 2015
I provided a fix with a small modification in
Please fix for 1.2 Final.
On Tue, Apr 21, 2015 at 12:46 PM Leonardo Loch Zanivan <
leonardo.zanivan at gmail.com> wrote:
> Serialization works fine with BearerRequestAuthentication or
> Bearer/DirectLoginModule. The only problem is
> In RequestAuthentication.java, RefreshableKeycloakSecurityContext is
> created with Bearer.getTokenString(), but token string has Basic Auth
> credentials instead of access token.
> I'll create a JIRA for this.
> On Tue, Apr 21, 2015 at 4:17 AM Marek Posolda <mposolda at redhat.com> wrote:
>> That's strange, serialization and deserialization of
>> KeycloakSecurityContext should work fine. KeycloakSecurityContext actually
>> uses java custom serialization (it implements writeObject and readObject
>> methods). So during deserialization it calls readObject and creates
>> AccessToken and IDToken from the base64 encoded token. This works fine in
>> cluster and we also have the test for it:
>> If you still seeing issues and you think that it's bug, feel free to
>> create JIRA. But please add the exact steps to reproduce to the JIRA.
>> On 21.4.2015 00:50, Leonardo Loch Zanivan wrote:
>> I'm facing a problem while deserializing KeycloakSecurityContext of a
>> Basic Auth KeycloakAccount.
>> KeycloakSecurityContext stores Basic Auth base64 token instead of Access
>> Token, so deserialization code fail!
>> *String parts = encoded.split("\\."); if (parts.length < 2 ||
>> parts.length > 3) throw new IllegalArgumentException("Parsing error");*
>> keycloak-dev mailing listkeycloak-dev at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-dev
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the keycloak-dev