[keycloak-user] Migration to Keycloak

[Jérôme Blanchard]

Hi all,
I have a question about migrating my application to keycloak.
My application is based on :
- some EJB components
- a main REST interface driving the EJB components,
- a HTML5/Angular GUI client
- some remote REST api acting as clients of the main REST api.
According to the documentation, I plane to use the adapters according to my
components but I'm facing a problame for the main REST interface.

By default, the main REST interface handles requests using a dedicated
GUEST account. It's a kind of default account that is propagated to the EJB
container using a classic login mechanism. This is handle in a
ServletFilter that looks for HTTP Authentication headers. If headers are
not found, authentication on the container is done using the default login
'guest'.
For this special account, a dedicated login-module is used in the wildfly
security domain (<login-module code="Identity" flag="required">)

I'm trying to migrate to keycloak using the undertow adapter but I'm not
able to handle a default login propagated to the EJB layer.

The use case is that a simpe call to the REST api without authentication
token header should result as a container authenticated user guest whereas
requests with token included should try to perform the token base
authentication. In that way, unauthenticated usage of HTML5/JS interface
should result as guest requests and login process only required when main
REST api throws AccessDeniedException.

Is there is any way to perform this using the KEYCLOAK auth-method or do I
have to write a specific Filter handling a kind of dual auth mechanism
(guest and keycloak) ?

Best regards, Jérôme.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20141208/e415bbef/attachment.html