[keycloak-user] Naive Question
Christopher Davies
christopher.james.davies at gmail.com
Wed Aug 3 06:16:20 EDT 2016
Thanks everyone for all your help: I now have a lash up with my app talking
via spring security to Keycloak.
OK one last question - more of a redirect to the correct part of the
documentation.
However I do need a copy of the JWT to pass on to a native application.
Can anyone point me at the api I would need to use to get the signed JWT
from SpingSecurity
Thanks in advance
Chris
On Wed, Aug 3, 2016 at 10:54 AM Christopher Davies <
christopher.james.davies at gmail.com> wrote:
> Thanks for all your help; I have managed to get the adapter to load and
> read the keycloak file. I used the following in my security.xml file:
>
> > <bean id="adapterDeploymentContext"
> class="org.keycloak.adapters.springsecurity.AdapterDeploymentContextFactoryBean">
> > <constructor-arg value="file:config/keycloak.json" />
> > </bean>
>
> Now I can see my app connecting to keycloak. Next issue is that despite
> keycloak passing pack the principal with the correct Roles, Spring security
> is rejecting the user in the RoleVoter.
> Will try to solve this myself before I trouble you.
>
> Chris
>
>
> On Tue, Aug 2, 2016 at 8:09 PM Scott Rossillo <srossillo at smartling.com>
> wrote:
>
>> Well, the adapter does support loading the keycloak.json file from
>> anywhere on the class path. Jetty AFAIK does include jetty/resources on the
>> class path. So, you could put keycloak.json there and if you start the
>> server with the option below it should work:
>>
>> -Dkeycloak.configurationFile:”classpath:keycloak.json"
>>
>>
>> Scott Rossillo
>> Smartling | Senior Software Engineer
>> srossillo at smartling.com
>>
>> On Aug 2, 2016, at 8:56 AM, Christopher Davies <
>> christopher.james.davies at gmail.com> wrote:
>>
>> I do not want to have to open the war file just to update / change to
>> keycloak credentials.
>> I am right that the WEB-INF sits inside the war file ?
>> I would like a single security instance for the entire Jetty server
>>
>> Chris
>>
>>
>> On Tue, Aug 2, 2016 at 12:55 PM Sebastien Blanc <sblanc at redhat.com>
>> wrote:
>>
>>> Hi,
>>>
>>> Any reasons you don't want to put the keycloak.json in /WEB-INF ?
>>>
>>> <bean id="adapterDeploymentContext" class="org.keycloak.adapters.springsecurity.AdapterDeploymentContextFactoryBean">
>>> <constructor-arg value="/WEB-INF/keycloak.json" />
>>> </bean>
>>>
>>> Sebi
>>>
>>> On Tue, Aug 2, 2016 at 1:33 PM, Christopher Davies <
>>> christopher.james.davies at gmail.com> wrote:
>>>
>>>> I am looking at linking our legacy app to Keycloak.
>>>>
>>>> Currently it is a bespoke jetty server, that only serves our war files.
>>>> The security.xml is set in config of the server directory.
>>>> I have taken the example setting file from
>>>> https://keycloak.gitbooks.io/securing-client-applications-guide/content/topics/oidc/java/spring-security-adapter.html
>>>>
>>>> I can see this loading keycloak's spring adapter.
>>>> It fails when searching for Keycloak.json.
>>>>
>>>> I was hoping to be able to drop the Keycloak.json file in the config
>>>> directory.
>>>>
>>>> Hope you can be of assistance. Please feel free to ask if I have missed
>>>> any key information.
>>>> I am trying to get up to speed on both KeyCloak and SpringSecurity as I
>>>> am a C++ programmer at heart.
>>>>
>>>> Chris
>>>>
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160803/9e3742e8/attachment-0001.html
More information about the keycloak-user
mailing list