[keycloak-user] keycloak and spring security

Robert van Loenhout r.vanloenhout at greenvalley.nl
Tue Aug 2 03:37:30 EDT 2016 

Thanks for the links Scott. Although I am not actually using spring boot with wicket at the moment.
Still…. this might come in handy.


From: Scott Rossillo [mailto:srossillo at smartling.com]
Sent: 02 August 2016 00:07
To: Robert van Loenhout <r.vanloenhout at greenvalley.nl>
Cc: keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] keycloak and spring security

Seems the Spring Security filter chain isn’t being invoked on requests to the WicketServlet.

Spring Boot is very opinionated about how it does things so I’m not entirely sure what the best approach is.  However, I did find a boot starer for wicket[0] that provides some information on
using Spring Security + Wicket[1].

[0]: https://github.com/MarcGiffing/wicket-spring-boot
[1]: https://github.com/MarcGiffing/wicket-spring-boot#extension-spring-security


Scott Rossillo
Smartling | Senior Software Engineer
srossillo at smartling.com<mailto:srossillo at smartling.com>

On Aug 1, 2016, at 10:09 AM, Robert van Loenhout <r.vanloenhout at greenvalley.nl<mailto:r.vanloenhout at greenvalley.nl>> wrote:

I’m trying to create a test application using spring and wicket (without spring boot). I’m unable to trigger any authentication redirect.
I have added a SecurityConfig class as specified by the manual, and it’s been picked up by Spring.
For example my configure method is called

@Override
protected void configure(HttpSecurity http) throws Exception {
    super.configure(http);
   http.authorizeRequests().anyRequest().authenticated();
}

However whatever page I call it is returned without taking any security into account.

This is my web.xml

       <servlet>
             <servlet-name>wicket</servlet-name>
             <servlet-class>org.apache.wicket.protocol.http.WicketServlet</servlet-class>
             <init-param>
                    <param-name>applicationFactoryClassName</param-name>
                    <param-value>org.apache.wicket.spring.SpringWebApplicationFactory</param-value>
             </init-param>
             <init-param>
                    <param-name>applicationBean</param-name>
                    <param-value>wicketApplication</param-value>
             </init-param>
             <load-on-startup>1</load-on-startup>
       </servlet>

    <servlet-mapping>
        <servlet-name>wicket</servlet-name>
        <url-pattern>/*</url-pattern>
    </servlet-mapping>

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/applicationContext.xml</param-value>
    </context-param>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

The applicationContext does a component-scan.
Did I miss something that I need to add?


_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160802/ebae5fbb/attachment-0001.html

More information about the keycloak-user mailing list