[keycloak-dev] Authorization with Springboot adapter

Thu May 18 21:19:23 EDT 2017

Hi Pedro:

This is a huge help, thanks!

A few questions though...is this is the only way to implement Authz with keyclaok and springboot? Is it possible to use the keycloak-spring-boot-adapter along with keycloak.json configured as a policy enforcer? I found it to be a very nice way of separating the security concern from the code itself.

Cheers,

Crafton

From: Pedro Igor Silva<mailto:psilva at redhat.com>
Sent: Friday, 19 May 2017 9:33 AM
To: Crafton Williams<mailto:crafton.williams at qut.edu.au>
Cc: keycloak-dev at lists.jboss.org<mailto:keycloak-dev at lists.jboss.org>
Subject: Re: [keycloak-dev] Authorization with Springboot adapter

I've sent a PR [1] with a quickstart for Spring Boot. Will work with some more examples covering specific features of Keycloak Authorization Services.

Please let me know what you think about it. It is basically a Spring Boot Web application protected with simple fine-grained permissions.

[1] https://github.com/keycloak/keycloak-quickstarts/pull/26

Regards.
Pedro Igor

On Thu, May 18, 2017 at 9:35 AM, Pedro Igor Silva <psilva at redhat.com<mailto:psilva at redhat.com>> wrote:
Btw, you are not the first one asking for more details about Spring boot integration. That is why I want to review this ....

On Thu, May 18, 2017 at 9:34 AM, Pedro Igor Silva <psilva at redhat.com<mailto:psilva at redhat.com>> wrote:
We are really missing examples and documentation to Spring Boot Adapter. Will write an example/template and review docs.

Can give you an answer right now because I've tested authz with spring boot only a very few times. But you should not get this error at all.

Will have something today.

On Thu, May 18, 2017 at 3:17 AM, Crafton Williams <crafton.williams at qut.edu.au<mailto:crafton.williams at qut.edu.au>> wrote:
Hi All:

I’m trying to configure a basic springboot app using the springboot keycloak adapter. Authentication works as expected but I’m a bit confused as to how to configure the policy enforcer in yaml. The documentation shows configuring the policy-enforcer as a json document however the springboot config implies a only policy-enforcer-config. In any case, I did try the json doc but it wasn’t picked up by the adapter.

I’m using 3.0.0.Final and tried the following in my yaml file(omitted the rest of the path info for brevity):

Policy-enforcer-config:
  Enforcement-mode: ENFORCING
  paths:

  *   name: blah

The exception I got was:

org.springframework.context.ApplicationContextException: Unable to start embedded container; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'tomcatEmbeddedServletContainerFactory' defined in class path resource [org/springframework/boot/autoconfigure/web/EmbeddedServletContainerAutoConfiguration$EmbeddedTomcat.class]: Initialization of bean failed; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.keycloak.adapters.springboot.KeycloakSpringBootConfiguration': Unsatisfied dependency expressed through method 'setKeycloakSpringBootProperties' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'keycloak-org.keycloak.adapters.springboot.KeycloakSpringBootProperties': Could not bind properties to KeycloakSpringBootProperties (prefix=keycloak, ignoreInvalidFields=false, ignoreUnknownFields=false, ignoreNestedProperties=false); nested exception is org.springframework.beans.InvalidPropertyException: Invalid property 'policyEnforcerConfig.paths[0]' of bean class [org.keycloak.adapters.springboot.KeycloakSpringBootProperties]: Illegal attempt to get property 'paths' threw exception; nested exception is java.lang.UnsupportedOperationException

Is there an example project somewhere that can guide me in configuring the policy enforcer for the springboot adapter?

Cheers,

Crafton

_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org<mailto:keycloak-dev at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-dev