[keycloak-user] Spring Boot/Keycloak IE11 compatibility
Sebastien Blanc
sblanc at redhat.com
Thu Oct 26 05:33:36 EDT 2017
Indeed, I think this should be a 2 args constructor, could you open a
separate ticket for this ?
On Thu, Oct 26, 2017 at 11:22 AM, Kuestermann, Thomas <
Thomas.Kuestermann at sabre.com> wrote:
> Sebastien,
>
>
>
> The pull requests looks good. In the meantime I thought of providing a
> custom request matcher via extending KeycloakWebSecurityConfigurerAdapter
> and overwriting authenticationEntryPoint() like this:
>
>
>
> @Override
>
> protected AuthenticationEntryPoint authenticationEntryPoint() throws
> Exception {
>
> return new KeycloakAuthenticationEntryPoint(new RequestMatcher() {
>
> @Override
>
> public boolean matches(HttpServletRequest request) {
>
> return false;
>
> }
>
> });
>
> }
>
>
>
> I think I found an issue as this one results in a NullPointerException.
>
>
>
> java.lang.NullPointerException: null
>
> at org.keycloak.adapters.springsecurity.authentication.
> KeycloakAuthenticationEntryPoint.commence(KeycloakAuthenticationEntryPoi
> nt.java:92)
>
> at org.springframework.security.web.access.
> ExceptionTranslationFilter.sendStartAuthentication(
> ExceptionTranslationFilter.java:203)
>
>
>
> Reason: adapterDeploymentContext in KeycloakAuthenticationEntryPoint is
> null when using the KeycloakAuthenticationEntryPoint(RequestMatcher)
> constructor. So either the constructor is not meant to be public or it
> requires a two-args constructor.
>
>
>
> What do you think?
>
>
>
> -- Thomas
>
>
>
> *From:* Sebastien Blanc [mailto:sblanc at redhat.com]
> *Sent:* Donnerstag, 26. Oktober 2017 10:36
> *To:* Kuestermann, Thomas <Thomas.Kuestermann at sabre.com>
> *Cc:* keycloak-user at lists.jboss.org
> *Subject:* Re: [keycloak-user] Spring Boot/Keycloak IE11 compatibility
>
>
>
> Hi,
>
>
>
> Looks like a ticket as been opened yesterday for the same problem with a
> Pull Request as well :)
> https://issues.jboss.org/browse/KEYCLOAK-5679
>
> and
> https://github.com/keycloak/keycloak/pull/4587
>
> Please, feel free to comment on the PR as well
>
> Seb
>
>
>
>
>
> On Thu, Oct 26, 2017 at 10:28 AM, Kuestermann, Thomas <
> Thomas.Kuestermann at sabre.com> wrote:
>
> Folks,
>
> We're currently developing a Spring Boot [1] application that uses
> Keycloak & Spring Security [2] for authentication and authorization.
> Everything fine so far, the Keycloak login page is displayed when the user
> accesses the application. I feel a bit ashamed, but it had to happen at
> some point: We need to support the beloved IE11, yay! What happens with IE
> is that the login page is not displayed as a HTTP 401 is returned to the
> browser instead of a HTTP 302. I tracked it down to "org.keycloak.adapters.
> springsecurity.authentication.HttpHeaderInspectingApiRequestMatcher"
> checking for the MIME type "text/html" in the HTTP Accept header.
> Unfortunately, my IE sends something like this in the request:
>
> Accept: application/x-ms-application, image/jpeg,
> application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap,*/*
>
> According to the Mozilla Docs [3], MIME type "*/*" matches everything
> including "text/html" required by the request matcher.
>
> My question is the following as it is easy to work around and fix: Is it
> worth filing an issue with Keycloak? I also feel confident enough to
> provide a pull request.
>
> Regards,
> -- Thomas
>
> [1] http://www.keycloak.org/docs/latest/securing_apps/topics/
> oidc/java/spring-boot-adapter.html
> [2] http://www.keycloak.org/docs/latest/securing_apps/topics/
> oidc/java/spring-security-adapter.html
> [3] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
More information about the keycloak-user
mailing list