[keycloak-user] Naive Question

Marek Posolda mposolda at redhat.com
Thu Aug 4 06:56:05 EDT 2016 

On 03/08/16 12:16, Christopher Davies wrote:
> Thanks everyone for all your help: I now have a lash up with my app 
> talking via spring security to Keycloak.
>
> OK one last question - more of a redirect to the correct part of the 
> documentation.
>
> However I do need a copy of the JWT to pass on to a native application.
> Can anyone point me at the api I would need to use to get the signed 
> JWT from SpingSecurity
If you have access to HttpServletRequest from Spring, then something 
like this ( 
https://github.com/mposolda/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L65-L70 
)

Marek
>
>
> Thanks in advance
>
> Chris
>
> On Wed, Aug 3, 2016 at 10:54 AM Christopher Davies 
> <christopher.james.davies at gmail.com 
> <mailto:christopher.james.davies at gmail.com>> wrote:
>
>     Thanks for all your help; I have managed to get the adapter to
>     load and read the keycloak file. I used the following in my
>     security.xml file:
>
>     >   <bean id="adapterDeploymentContext"
>     class="org.keycloak.adapters.springsecurity.AdapterDeploymentContextFactoryBean">
>     >      <constructor-arg value="file:config/keycloak.json" />
>     >   </bean>
>
>     Now I can see my app connecting to keycloak. Next issue is that
>     despite keycloak passing pack the principal with the correct
>     Roles, Spring security is rejecting the user in the RoleVoter.
>     Will try to solve this myself before I trouble you.
>
>     Chris
>
>     On Tue, Aug 2, 2016 at 8:09 PM Scott Rossillo
>     <srossillo at smartling.com <mailto:srossillo at smartling.com>> wrote:
>
>         Well, the adapter does support loading the keycloak.json file
>         from anywhere on the class path. Jetty AFAIK does
>         include jetty/resources on the class path. So, you could put
>         keycloak.json there and if you start the server with the
>         option below it should work:
>
>         -Dkeycloak.configurationFile:”classpath:keycloak.json"
>
>
>         Scott Rossillo
>         Smartling | Senior Software Engineer
>         srossillo at smartling.com <mailto:srossillo at smartling.com>
>
>>         On Aug 2, 2016, at 8:56 AM, Christopher Davies
>>         <christopher.james.davies at gmail.com
>>         <mailto:christopher.james.davies at gmail.com>> wrote:
>>
>>         I do not want to have to open the war file just to update /
>>         change to keycloak credentials.
>>         I am right that the WEB-INF sits inside the war file ?
>>         I would like a single security instance for the entire Jetty
>>         server
>>
>>         Chris
>>
>>
>>         On Tue, Aug 2, 2016 at 12:55 PM Sebastien Blanc
>>         <sblanc at redhat.com <mailto:sblanc at redhat.com>> wrote:
>>
>>             Hi,
>>
>>             Any reasons you don't want to put the keycloak.json in
>>             /WEB-INF ?
>>
>>             |<bean id="adapterDeploymentContext"
>>             class="org.keycloak.adapters.springsecurity.AdapterDeploymentContextFactoryBean">
>>             <constructor-arg value="/WEB-INF/keycloak.json" /> </bean>|
>>
>>             Sebi
>>
>>             On Tue, Aug 2, 2016 at 1:33 PM, Christopher Davies
>>             <christopher.james.davies at gmail.com
>>             <mailto:christopher.james.davies at gmail.com>> wrote:
>>
>>                 I am looking at linking our legacy app to Keycloak.
>>
>>                 Currently it is a bespoke jetty server, that only
>>                 serves our war files.
>>                 The security.xml is set in config of the server
>>                 directory.
>>                 I have taken the example setting file from
>>                 https://keycloak.gitbooks.io/securing-client-applications-guide/content/topics/oidc/java/spring-security-adapter.html
>>
>>                 I can see this loading keycloak's spring adapter.
>>                 It fails when searching for Keycloak.json.
>>
>>                 I was hoping to be able to drop the Keycloak.json
>>                 file in the config directory.
>>
>>                 Hope you can be of assistance. Please feel free to
>>                 ask if I have missed any key information.
>>                 I am trying to get up to speed on both KeyCloak and
>>                 SpringSecurity as I am a C++ programmer at heart.
>>
>>                 Chris
>>
>>
>>                 _______________________________________________
>>                 keycloak-user mailing list
>>                 keycloak-user at lists.jboss.org
>>                 <mailto:keycloak-user at lists.jboss.org>
>>                 https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>         _______________________________________________
>>         keycloak-user mailing list
>>         keycloak-user at lists.jboss.org
>>         <mailto:keycloak-user at lists.jboss.org>
>>         https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160804/e64e34ab/attachment-0001.html

More information about the keycloak-user mailing list