[keycloak-user] keycloak-servlet-filter-adapter and bearer-only
Bill Burke
bburke at redhat.com
Tue Jan 12 10:41:53 EST 2016
Probably a bug in our impl.
On 1/12/2016 3:45 AM, Ramon Rockx wrote:
> Hi all,
>
> Maybe someone can help me out with the following;
> I'm trying to secure my Jax-RS services with Keycloak 1.7.0.Final. I
> configured for this a client in Keycloak with access type 'bearer-only'.
> Since I am using GlassFish 3.1 (no adapter available), I use the
> 'keycloak-servlet-filter-adapter'.
> When accessing one of the Jax-RS services with a valid token,
> GlassFish will throw an exception (with no relevant info in it). I
> debugged it, and found out that the HttpServletRequestWrapper, which
> is returned by the servlet filter, has no account property in it (see
> also FilterSessionStore.buildWrapper(HttpSession, KeycloakAccount)).
> And when GlassFish will try to access, for example the wrapper's
> principal, this will cause a NPE.
> It seems that
> FilterRequestAuthenticator.completeBearerAuthentication(KeycloakPrincipal<RefreshableKeycloakSecurityContext>,
> String) does not store the account in the tokenStore.
> Should I use this feature differently? Or is access type 'bearer-only'
> simply not supported by the servlet filter?
>
> Thanks!
>
> Ramon Rockx
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160112/b9a41968/attachment-0001.html
More information about the keycloak-user
mailing list