[keycloak-user] About using Spring Boot adapter
Sebastien Blanc
sblanc at redhat.com
Mon Oct 17 09:34:31 EDT 2016
To recap :
You have built a WAR with Spring-boot, that uses Spring-security and
deployed on EAP 7 , correct ?
I don't think we have tried this scenario indeed ;)
Could you open a jira adding some more details and log files ?
Thx,
On Sun, Oct 16, 2016 at 12:47 PM, java_os <java at neposoft.com> wrote:
> if i switch to spring boot adapter, it works localhost embedded tomcat,
> but deployed under jboss/undertow it does not even protect the endpoint.
> In spring sec setup at least i can see it protects it but i suspect is
> undertow that is the isshe with the too many redirects. The only way i
> canget it working is standard jee protecting ir by web.xml, but it's not
> what i want to do.
> The gus at jboss wondering if they even tried this scenario that Im facing.
> thanks
>
> >I call the rest from a spa front(angular) sending in bearer token
> >- Authorization in the http header. I see Keycloak filter configured
> through
> > spring sec does work , but right after spring sec redirects badly to the
> > root context back and forth and getting too many redirects back to the
> > front.
> > This git ( https://github.com/cternes/slackspace-angular-spring-keycloak
> )
> > works ok on mvn spring:boot run on localhost and embedded tomcat. I do
> the
> > same but deployed in jboss eap 7 with keycloack as separate instance for
> > auth.
> >
> > Anymore ideas? thx
> >
> >>
> > So are you trying to access the rest endpoint using a browser? Try to
> >> access it using a dedicated tool like postman.
> >>
> >> Just grab an access token from the authentication endpoint and use it in
> >> the authorization header to access it.
> >>
> >> I originally had some problems with the browser similar to yours because
> >> of my reverse proxy filtering the cookie headers (which I think isn't
> >> your case).
> >>
> >>
> >> Nire Sony Xperiaâ„¢ telefonotik bidalita
> >>
> >> ---- java_os igorleak idatzi du ----
> >>
> >>>Around same context, here in the pain i go through
> >>>My rest war is spring boot which i want to protect it through keycloak
> >>>spring security adapter with no luck. I can see that keycloak filter
> >>> gets
> >>>in first, authenticates fine bearer, but then spring sec gets in, it
> >>>redirects internally to the root context of my rest end point and starts
> >>>the dance getting into too many redirects. This is deployed on jboss eap
> >>>7, goa all the adapters installed.
> >>>Anyone here got a scenario like mine working, or are we saying spring
> >>> sec
> >>>not working under jboss eap/ undertow?
> >>>thx
> >>>
> >>>> Hello there, I am using AngularJS client (fronted) and Spring Boot
> >>>> with
> >>>> Keycloak adapter (backend). In the backend, I am trying to expose a
> >>>> unprotected (naked) API for the client to use, so I would like to make
> >>>> sure
> >>>> that keycloak doesn't try to protect it. So I have the following
> >>>> questions
> >>>> related to using Keycloak with Spring Boot:
> >>>>
> >>>> 1) How the Keycloak intercepts incoming HTTP requests: do incoming
> >>>> requests
> >>>> come the Spring Boot and at what point the Keycloak comes into the
> >>>> play?
> >>>> Also, how can I make sure that certain Rest applications are left
> >>>> unprotected? From the documentation I can see a simple way of
> >>>> protecting
> >>>> certain URLs, but this brings me to my second question...
> >>>>
> >>>> 2) Where can I find full documentation about all the configuration
> >>>> possibilities for the Spring Boot Adapter? If I'll have to dive into
> >>>> the
> >>>> code, could some one kindly point a correct starting point and give
> >>>> instructions how to learn to extract all of the configuration
> >>>> properties
> >>>> like "security collections" etc. (see below). The traditional
> >>>> "web.xml"
> >>>> is
> >>>> quite easy the read and understand, but it isn't one-to-one mapping
> >>>> with
> >>>> "application.properties" file content. With further info it might be
> >>>> possible to use Spring Boot's code based configuration methods too.
> >>>>
> >>>> Thanks in advance, best regards, Jari
> >>>>
> >>>> --- The current documentation ---
> >>>>
> >>>> You also need to specify the J2EE security config that would normally
> >>>> go
> >>>> in
> >>>> the web.xml. Here’s an example configuration:
> >>>>
> >>>> keycloak.securityConstraints[0].securityCollections[0].name =
> insecure
> >>>> stuff
> >>>> keycloak.securityConstraints[0].securityCollections[0].authRoles[0] =
> >>>> admin
> >>>> keycloak.securityConstraints[0].securityCollections[0].authRoles[0] =
> >>>> user
> >>>> keycloak.securityConstraints[0].securityCollections[0].patterns[0] =
> >>>> /insecure
> >>>>
> >>>> keycloak.securityConstraints[0].securityCollections[1].name = admin
> >>>> stuff
> >>>> keycloak.securityConstraints[0].securityCollections[1].authRoles[0] =
> >>>> admin
> >>>> keycloak.securityConstraints[0].securityCollections[1].patterns[0] =
> >>>> /admin
> >>>> _______________________________________________
> >>>> keycloak-user mailing list
> >>>> keycloak-user at lists.jboss.org
> >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>
> >>>
> >>>_______________________________________________
> >>>keycloak-user mailing list
> >>>keycloak-user at lists.jboss.org
> >>>https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>
> >
> >
> >
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list