[keycloak-user] Support for CORS Access-Control-Expose-Headers in 2.0.0.Final

Stian Thorgersen sthorger at redhat.com
Tue Sep 20 03:50:04 EDT 2016 

Only if we get a contribution and it includes tests and documentation. We
don't have the time to do it ourselves at the moment.

On 15 September 2016 at 07:18, Hubert Przybysz <h.p.przybysz at gmail.com>
wrote:

> Hi Stian,
>
> Any chance to have this included in the next release?
>
> This problem is really bugging me.
>
> BR / Hubert.
>
> On Tue, Jul 12, 2016 at 8:32 AM, Hubert Przybysz <h.p.przybysz at gmail.com>
> wrote:
>
>> Ok, thanks. It was a bit unclear to me if it should have been supported.
>>
>> On Tue, Jul 12, 2016 at 7:17 AM, Stian Thorgersen <sthorger at redhat.com>
>> wrote:
>>
>>> I changed that issue to a feature request, since we've never supported
>>> it it's not a bug.
>>>
>>> On 11 July 2016 at 20:25, Hubert Przybysz <h.p.przybysz at gmail.com>
>>> wrote:
>>>
>>>> I have created KEYCLOAK-3297
>>>> <https://issues.jboss.org/browse/KEYCLOAK-3297> .
>>>>
>>>> On Mon, Jul 11, 2016 at 7:29 PM, Bruno Oliveira <bruno at abstractj.org>
>>>> wrote:
>>>>
>>>>> Please, go ahead and create one. I couldn't find any Jira related to
>>>>> this.
>>>>>
>>>>> On Mon, Jul 11, 2016 at 1:36 PM Hubert Przybysz <
>>>>> h.p.przybysz at gmail.com> wrote:
>>>>>
>>>>>> Does anyone know when it will be possible to configure the adapters
>>>>>> with CORS expose headers?
>>>>>>
>>>>>> I don't find any jira for it.
>>>>>>
>>>>>> Br / Hubert.
>>>>>>
>>>>>> On Mon, Jul 11, 2016 at 6:13 PM, Bruno Oliveira <bruno at abstractj.org>
>>>>>> wrote:
>>>>>>
>>>>>>> You are right Hubert it's not supported at keycloak.json file, I
>>>>>>> just overlooked the code.
>>>>>>> Sorry about that.
>>>>>>>
>>>>>>> On 2016-07-11, Hubert Przybysz wrote:
>>>>>>> > Thanks for the info.
>>>>>>> >
>>>>>>> > I've tried configuring cors-exposed-headers in a JBOSS EAP 6
>>>>>>> adapter like
>>>>>>> > this:
>>>>>>> >
>>>>>>> > keycloak.json:
>>>>>>> > {
>>>>>>> > ...
>>>>>>> >
>>>>>>> >   "enable-cors" : true,
>>>>>>> >
>>>>>>> >   "cors-allowed-methods" : "POST,PUT,DELETE,GET",
>>>>>>> >
>>>>>>> >   "cors-allowed-headers" :
>>>>>>> > "Accept,Content-Type,If-Match,If-None-Match,Origin",
>>>>>>> >
>>>>>>> >   "cors-exposed-headers" : "ETag,Location",
>>>>>>> >
>>>>>>> > ...
>>>>>>> >
>>>>>>> > }
>>>>>>> >
>>>>>>> >
>>>>>>> > But the adapter does not recognise this config and fails to start:
>>>>>>> >
>>>>>>> > 10:57:15,923 ERROR [org.apache.catalina.core] (ServerService
>>>>>>> Thread Pool --
>>>>>>> > 69) JBWEB001097: Error starting context /data:
>>>>>>> java.lang.RuntimeException:
>>>>>>> > com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException:
>>>>>>> > Unrecognized field "cors-exposed-headers" (class
>>>>>>> > org.keycloak.representations.adapters.config.AdapterConfig), not
>>>>>>> marked as
>>>>>>> > ignorable (32 known properties: "ssl-required",
>>>>>>> "cors-allowed-headers",
>>>>>>> > "register-node-period", "turn-off-change-session-id-on-login",
>>>>>>> > "truststore", "always-refresh-token", "client-key-password",
>>>>>>> > "policy-enforcer", "token-store", "resource", "realm", "proxy-url",
>>>>>>> > "disable-trust-manager", "bearer-only", "truststore-password",
>>>>>>> > "use-resource-role-mappings", "connection-pool-size",
>>>>>>> "client-keystore",
>>>>>>> > "register-node-at-startup", "client-keystore-password",
>>>>>>> "auth-server-url",
>>>>>>> > "cors-allowed-methods", "public-client", "expose-token",
>>>>>>> > "token-minimum-time-to-live", "enable-basic-auth", "cors-max-age",
>>>>>>> > "enable-cors", "allow-any-hostname", "realm-public-key",
>>>>>>> "credentials",
>>>>>>> > "principal-attribute"])
>>>>>>> >
>>>>>>> >  at [Source: java.io.ByteArrayInputStream at 67593e31; line: 14,
>>>>>>> column: 29]
>>>>>>> > (through reference chain:
>>>>>>> > org.keycloak.representations.adapters.config.AdapterConfig["
>>>>>>> cors-exposed-headers"])
>>>>>>> >
>>>>>>> > at
>>>>>>> > org.keycloak.adapters.KeycloakDeploymentBuilder.loadAdapterC
>>>>>>> onfig(KeycloakDeploymentBuilder.java:137)
>>>>>>> > [keycloak-adapter-core-2.0.0.Final.jar:2.0.0.Final]
>>>>>>> >
>>>>>>> > at
>>>>>>> > org.keycloak.adapters.KeycloakDeploymentBuilder.build(Keyclo
>>>>>>> akDeploymentBuilder.java:126)
>>>>>>> > [keycloak-adapter-core-2.0.0.Final.jar:2.0.0.Final]
>>>>>>> >
>>>>>>> > at
>>>>>>> > org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorVa
>>>>>>> lve.keycloakInit(AbstractKeycloakAuthenticatorValve.java:133)
>>>>>>> > [keycloak-tomcat-core-adapter-2.0.0.Final.jar:2.0.0.Final]
>>>>>>> >
>>>>>>> > at
>>>>>>> > org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorVa
>>>>>>> lve.lifecycleEvent(AbstractKeycloakAuthenticatorValve.java:75)
>>>>>>> > [keycloak-tomcat-core-adapter-2.0.0.Final.jar:2.0.0.Final]
>>>>>>> >
>>>>>>> > at
>>>>>>> > org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent
>>>>>>> (LifecycleSupport.java:115)
>>>>>>> > [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]
>>>>>>> >
>>>>>>> > at
>>>>>>> > org.apache.catalina.core.StandardContext.start(StandardConte
>>>>>>> xt.java:3775)
>>>>>>> > [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]
>>>>>>> >
>>>>>>> > at
>>>>>>> > org.jboss.as.web.deployment.WebDeploymentService.doStart(Web
>>>>>>> DeploymentService.java:163)
>>>>>>> > [jboss-as-web-7.5.0.Final-redhat-21.jar:7.5.0.Final-redhat-21]
>>>>>>> >
>>>>>>> > at
>>>>>>> > org.jboss.as.web.deployment.WebDeploymentService.access$000(
>>>>>>> WebDeploymentService.java:61)
>>>>>>> > [jboss-as-web-7.5.0.Final-redhat-21.jar:7.5.0.Final-redhat-21]
>>>>>>> >
>>>>>>> > at
>>>>>>> > org.jboss.as.web.deployment.WebDeploymentService$1.run(WebDe
>>>>>>> ploymentService.java:96)
>>>>>>> > [jboss-as-web-7.5.0.Final-redhat-21.jar:7.5.0.Final-redhat-21]
>>>>>>> >
>>>>>>> > at java.util.concurrent.Executors$RunnableAdapter.call(
>>>>>>> Executors.java:471)
>>>>>>> > [rt.jar:1.7.0_80]
>>>>>>> >
>>>>>>> > at java.util.concurrent.FutureTask.run(FutureTask.java:262)
>>>>>>> > [rt.jar:1.7.0_80]
>>>>>>> >
>>>>>>> > at
>>>>>>> > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
>>>>>>> Executor.java:1145)
>>>>>>> > [rt.jar:1.7.0_80]
>>>>>>> >
>>>>>>> > at
>>>>>>> > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
>>>>>>> lExecutor.java:615)
>>>>>>> > [rt.jar:1.7.0_80]
>>>>>>> >
>>>>>>> > at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_80]
>>>>>>> >
>>>>>>> > at org.jboss.threads.JBossThread.run(JBossThread.java:122)
>>>>>>> >
>>>>>>> > Caused by:
>>>>>>> > com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException:
>>>>>>> > Unrecognized field "cors-exposed-headers" (class
>>>>>>> > org.keycloak.representations.adapters.config.AdapterConfig), not
>>>>>>> marked as
>>>>>>> > ignorable (32 known properties: "ssl-required",
>>>>>>> "cors-allowed-headers",
>>>>>>> > "register-node-period", "turn-off-change-session-id-on-login",
>>>>>>> > "truststore", "always-refresh-token", "client-key-password",
>>>>>>> > "policy-enforcer", "token-store", "resource", "realm", "proxy-url",
>>>>>>> > "disable-trust-manager", "bearer-only", "truststore-password",
>>>>>>> > "use-resource-role-mappings", "connection-pool-size",
>>>>>>> "client-keystore",
>>>>>>> > "register-node-at-startup", "client-keystore-password",
>>>>>>> "auth-server-url",
>>>>>>> > "cors-allowed-methods", "public-client", "expose-token",
>>>>>>> > "token-minimum-time-to-live", "enable-basic-auth", "cors-max-age",
>>>>>>> > "enable-cors", "allow-any-hostname", "realm-public-key",
>>>>>>> "credentials",
>>>>>>> > "principal-attribute"])
>>>>>>> >
>>>>>>> >  at [Source: java.io.ByteArrayInputStream at 67593e31; line: 14,
>>>>>>> column: 29]
>>>>>>> > (through reference chain:
>>>>>>> > org.keycloak.representations.adapters.config.AdapterConfig["
>>>>>>> cors-exposed-headers"])
>>>>>>> >
>>>>>>> > at
>>>>>>> > com.fasterxml.jackson.databind.exc.UnrecognizedPropertyExcep
>>>>>>> tion.from(UnrecognizedPropertyException.java:51)
>>>>>>> >
>>>>>>> > at
>>>>>>> > com.fasterxml.jackson.databind.DeserializationContext.report
>>>>>>> UnknownProperty(DeserializationContext.java:817)
>>>>>>> >
>>>>>>> > at
>>>>>>> > com.fasterxml.jackson.databind.deser.std.StdDeserializer.han
>>>>>>> dleUnknownProperty(StdDeserializer.java:958)
>>>>>>> >
>>>>>>> > at
>>>>>>> > com.fasterxml.jackson.databind.deser.BeanDeserializerBase.ha
>>>>>>> ndleUnknownProperty(BeanDeserializerBase.java:1324)
>>>>>>> >
>>>>>>> > at
>>>>>>> > com.fasterxml.jackson.databind.deser.BeanDeserializerBase.ha
>>>>>>> ndleUnknownVanilla(BeanDeserializerBase.java:1302)
>>>>>>> >
>>>>>>> > at
>>>>>>> > com.fasterxml.jackson.databind.deser.BeanDeserializer.vanill
>>>>>>> aDeserialize(BeanDeserializer.java:249)
>>>>>>> >
>>>>>>> > at
>>>>>>> > com.fasterxml.jackson.databind.deser.BeanDeserializer.
>>>>>>> deserialize(BeanDeserializer.java:136)
>>>>>>> >
>>>>>>> > at
>>>>>>> > com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose
>>>>>>> (ObjectMapper.java:3564)
>>>>>>> >
>>>>>>> > at
>>>>>>> > com.fasterxml.jackson.databind.ObjectMapper.readValue(
>>>>>>> ObjectMapper.java:2650)
>>>>>>> >
>>>>>>> > at
>>>>>>> > org.keycloak.adapters.KeycloakDeploymentBuilder.loadAdapterC
>>>>>>> onfig(KeycloakDeploymentBuilder.java:135)
>>>>>>> > [keycloak-adapter-core-2.0.0.Final.jar:2.0.0.Final]
>>>>>>> >
>>>>>>> > ... 14 more
>>>>>>> >
>>>>>>> >
>>>>>>> > 10:57:15,973 ERROR [org.apache.catalina.core] (ServerService
>>>>>>> Thread Pool --
>>>>>>> > 69) JBWEB001103: Error detected during context /data start, will
>>>>>>> stop it
>>>>>>> >
>>>>>>> > 10:57:15,985 ERROR [org.jboss.msc.service.fail] (ServerService
>>>>>>> Thread Pool
>>>>>>> > -- 69) MSC000001: Failed to start service
>>>>>>> > jboss.web.deployment.default-host./data:
>>>>>>> > org.jboss.msc.service.StartException in service
>>>>>>> > jboss.web.deployment.default-host./data:
>>>>>>> > org.jboss.msc.service.StartException in anonymous service:
>>>>>>> JBAS018040:
>>>>>>> > Failed to start context
>>>>>>> >
>>>>>>> > at
>>>>>>> > org.jboss.as.web.deployment.WebDeploymentService$1.run(WebDe
>>>>>>> ploymentService.java:99)
>>>>>>> >
>>>>>>> > at java.util.concurrent.Executors$RunnableAdapter.call(
>>>>>>> Executors.java:471)
>>>>>>> > [rt.jar:1.7.0_80]
>>>>>>> >
>>>>>>> > at java.util.concurrent.FutureTask.run(FutureTask.java:262)
>>>>>>> > [rt.jar:1.7.0_80]
>>>>>>> >
>>>>>>> > at
>>>>>>> > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
>>>>>>> Executor.java:1145)
>>>>>>> > [rt.jar:1.7.0_80]
>>>>>>> >
>>>>>>> > at
>>>>>>> > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
>>>>>>> lExecutor.java:615)
>>>>>>> > [rt.jar:1.7.0_80]
>>>>>>> >
>>>>>>> > at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_80]
>>>>>>> >
>>>>>>> > at org.jboss.threads.JBossThread.run(JBossThread.java:122)
>>>>>>> >
>>>>>>> > Caused by: org.jboss.msc.service.StartException in anonymous
>>>>>>> service:
>>>>>>> > JBAS018040: Failed to start context
>>>>>>> >
>>>>>>> > at
>>>>>>> > org.jboss.as.web.deployment.WebDeploymentService.doStart(Web
>>>>>>> DeploymentService.java:168)
>>>>>>> >
>>>>>>> > at
>>>>>>> > org.jboss.as.web.deployment.WebDeploymentService.access$000(
>>>>>>> WebDeploymentService.java:61)
>>>>>>> >
>>>>>>> > at
>>>>>>> > org.jboss.as.web.deployment.WebDeploymentService$1.run(WebDe
>>>>>>> ploymentService.java:96)
>>>>>>> >
>>>>>>> > ... 6 more
>>>>>>> >
>>>>>>> >
>>>>>>> > 10:57:16,019 ERROR [org.jboss.as.controller.management-operation]
>>>>>>> > (Controller Boot Thread) JBAS014612: Operation ("deploy") failed -
>>>>>>> address:
>>>>>>> > ([("deployment" => "webims-jcom-data-1.3.1-SNAPSH
>>>>>>> OT-secure-keycloak.war")])
>>>>>>> > - failure description: {"JBAS014671: Failed services" =>
>>>>>>> > {"jboss.web.deployment.default-host./data" =>
>>>>>>> > "org.jboss.msc.service.StartException in service
>>>>>>> > jboss.web.deployment.default-host./data:
>>>>>>> > org.jboss.msc.service.StartException in anonymous service:
>>>>>>> JBAS018040:
>>>>>>> > Failed to start context
>>>>>>> >
>>>>>>> >     Caused by: org.jboss.msc.service.StartException in anonymous
>>>>>>> service:
>>>>>>> > JBAS018040: Failed to start context"}}
>>>>>>> >
>>>>>>> >
>>>>>>> >
>>>>>>> >
>>>>>>> >
>>>>>>> >
>>>>>>> > On Sat, Jul 9, 2016 at 7:38 AM, Bruno Oliveira <
>>>>>>> bruno at abstractj.org> wrote:
>>>>>>> >
>>>>>>> > > As far as I can tell, yes.
>>>>>>> > >
>>>>>>> > > See:
>>>>>>> > >
>>>>>>> > > https://keycloak.gitbooks.io/server-adminstration-guide/cont
>>>>>>> ent/topics/clients/client-oidc.html
>>>>>>> > >
>>>>>>> > > https://github.com/keycloak/keycloak/blob/5c98b8c6ae7052b2d9
>>>>>>> 06156d8fc212ccd9dfd57d/services/src/main/java/org/
>>>>>>> keycloak/services/resources/Cors.java#L143
>>>>>>> > >
>>>>>>> > > On 2016-07-08, Hubert Przybysz wrote:
>>>>>>> > > > Hi,
>>>>>>> > > >
>>>>>>> > > > Is configuration of CORS Access-Control-Expose-Headers
>>>>>>> supported in
>>>>>>> > > > 2.0.0.Final adapters?
>>>>>>> > > >
>>>>>>> > > > Best regards / Hubert.
>>>>>>> > >
>>>>>>> > > > _______________________________________________
>>>>>>> > > > keycloak-user mailing list
>>>>>>> > > > keycloak-user at lists.jboss.org
>>>>>>> > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>> > >
>>>>>>> > >
>>>>>>> > > --
>>>>>>> > >
>>>>>>> > > abstractj
>>>>>>> > > PGP: 0x84DC9914
>>>>>>> > >
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> abstractj
>>>>>>> PGP: 0x84DC9914
>>>>>>>
>>>>>>
>>>>>>
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160920/d9efc02b/attachment-0001.html

More information about the keycloak-user mailing list