<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">I created a small demo app to show you what I meant:</div><div class=""><a href="https://github.com/gerbermichi/keycloak/tree/master/examples/demo-template/rest-resources" class="">https://github.com/gerbermichi/keycloak/tree/master/examples/demo-template/rest-resources</a></div><div class=""><br class=""></div><div class="">As you can see, keycloak consumes the post data during the authentication step, which is wrong, because the resource should be public (without any authentication)</div><div class=""><br class=""></div><div class=""><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class=""><span class="Apple-tab-span" style="white-space:pre"> </span>curl -X POST -H „Content-Type: text/plain" <a href="http://localhost:8080/rest-resources/public" class="">http://localhost:8080/rest-resources/public</a> -d 'hello world'</div></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class=""><span class="Apple-tab-span" style="white-space:pre"> </span>You said:</div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class=""><br class=""></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class=""><div style="font-family: Helvetica; font-size: 12px;" class="">My previous bug fix for this problem was wrong, but I think my latests changes in the RequestAuthenticator class would solve this problem.</div><div style="font-family: Helvetica; font-size: 12px;" class="">You can find all my changes here: <a href="https://github.com/gerbermichi/keycloak/commit/512a68c5fa405567fe56968b5fdd9bb51eeb3316" class="">https://github.com/gerbermichi/keycloak/commit/512a68c5fa405567fe56968b5fdd9bb51eeb3316</a></div><div style="font-family: Helvetica; font-size: 12px;" class=""><br class=""></div><div class=""><div style="font-family: Helvetica; font-size: 12px;" class=""><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class=""><span class="Apple-tab-span" style="white-space:pre"> </span>curl -X POST -H „Content-Type: text/plain" <a href="http://localhost:8080/rest-resources/public" class="">http://localhost:8080/rest-resources/public</a> -d 'hello world'</div></div><div style="margin: 0px;" class=""><span class="Apple-tab-span" style="white-space:pre"> </span>You said: hello world</div></div></div><div class=""><br class=""></div><div class="">The only question is, how to implement the </div><div class=""><font face="Menlo" style="font-size: 11px;" class="">protected abstract boolean isAuthenticationRequired();</font></div><div class="">method correctly in the JettyRequestAuthenticator and CatalinaRequestAuthenticator class.</div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div><blockquote type="cite" class=""><div class="">Am 19.12.2014 um 17:03 schrieb Michael Gerber <<a href="mailto:gerbermichi@me.com" class="">gerbermichi@me.com</a>>:</div><br class="Apple-interchange-newline"><div class=""><div class=""><div class="">Hi all,</div><div class=""><br class=""></div><div class="">I created today a build from the latest master branch and struggled with the following problem.</div><div class="">I've got some REST services which are excluded from keycloak, so I can access them without a logged in user. (see detail from web.xml)</div><div class=""><span style="line-height: 1.5;" class="">The request body in these post rest services were always empty. I found out that my wildfly tried to authenticate all requests.</span></div><div class=""><span style="line-height: 1.5;" class="">The </span>tokenStore.saveRequest() method in the OAuthRequestAuthenticator class read the inputStream and so it was empty later on.</div><div class=""><br class=""></div><div class="">I dont understand why all my requests are authenticated, even when they are excluded through the web.xml file.</div><div class="">So, I added the following lines in the ServletKeycloakAuthMech class in the authenticate method: (see <a href="https://github.com/gerbermichi/keycloak/commit/1eaafcd3d9ad4082429ab500a4512c87d47ed75c" class="">https://github.com/gerbermichi/keycloak/commit/1eaafcd3d9ad4082429ab500a4512c87d47ed75c</a>)</div><div class=""><div class="">if (!deployment.isConfigured() || !securityContext.isAuthenticationRequired()) {</div><div class=""> return AuthenticationMechanismOutcome.NOT_ATTEMPTED;</div><div class="">}</div></div><div class=""><br class=""></div><div class="">This hack solved all my problems. Is this a bug and should i create a pull request? Or are there some problems in my project configuration?</div><div class=""><br class=""></div><div class="">Detail from my web.xml file:</div><div class=""><div class=""> <security-constraint></div><div class=""> <web-resource-collection></div><div class=""> <web-resource-name>Client WS</web-resource-name></div><div class=""> <url-pattern>/clientws/*</url-pattern></div><div class=""> </web-resource-collection></div><div class=""> <web-resource-collection></div><div class=""> <web-resource-name>Client Exchange WS</web-resource-name></div><div class=""> <url-pattern>/services/exchange/*</url-pattern></div><div class=""> </web-resource-collection></div><div class=""> <user-data-constraint></div><div class=""> <transport-guarantee>CONFIDENTIAL</transport-guarantee></div><div class=""> </user-data-constraint></div><div class=""> </security-constraint></div><div class=""><br class=""></div><div class=""> <security-constraint></div><div class=""> <web-resource-collection></div><div class=""> <web-resource-name>All</web-resource-name></div><div class=""> <url-pattern>/*</url-pattern></div><div class=""> </web-resource-collection></div><div class=""> <auth-constraint></div><div class=""> <role-name>myRole</role-name></div><div class=""> </auth-constraint></div><div class=""> <user-data-constraint></div><div class=""> <transport-guarantee>CONFIDENTIAL</transport-guarantee></div><div class=""> </user-data-constraint></div><div class=""> </security-constraint></div><div class=""><br class=""></div><div class=""> <login-config></div><div class=""> <auth-method>KEYCLOAK</auth-method></div><div class=""> <realm-name>myRealm</realm-name></div><div class=""> </login-config></div><div class=""><br class=""></div><div class=""> <security-role></div><div class=""> <role-name>myRole</role-name></div><div class=""> </security-role></div></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div></div>_______________________________________________<br class="">keycloak-dev mailing list<br class=""><a href="mailto:keycloak-dev@lists.jboss.org" class="">keycloak-dev@lists.jboss.org</a><br class="">https://lists.jboss.org/mailman/listinfo/keycloak-dev</div></blockquote></div><br class=""></body></html>