[keycloak-user] [1.5.0] KC Issue with filters
Bill Burke
bburke at redhat.com
Mon Oct 12 09:08:22 EDT 2015
Servlet Filters will *NEVER* execute until authentication and
authorization is complete. Keycloak adapter acts as a built in servlet
security mechanism and built-in servlet security mechanisms (BASIC,
FORM, etc.) need to pass authz before any Filters are executed.
On 10/11/2015 4:11 AM, Hristo Stoyanov wrote:
> Hi all,
> has anyone seen a situation where this KC declaration in a WEB.XML:
>
> <security-constraint>
>
> <web-resource-collection>
>
> <web-resource-name>Login</web-resource-name>
>
> <url-pattern>/app-login</url-pattern>
>
> </web-resource-collection>
>
> <auth-constraint>
>
> <role-name>*</role-name>
>
> </auth-constraint>
>
> </security-constraint>
>
>
> will suppress any filters with the same usrl-pattern and under what
> circumstances could this happen:
>
>
> <filter-mapping>
>
> <filter-name>ErraiLoginRedirectFilter</filter-name>
>
> <url-pattern>/app-login</url-pattern>
>
> </filter-mapping>
>
>
>
> You can see the full details of my issue in this thread:
>
> https://developer.jboss.org/message/941862#941862
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list