[keycloak-user] Keycloak Spring Boot Adapter does not populate security context principal
Sebastien Blanc
sblanc at redhat.com
Tue Oct 31 13:03:22 EDT 2017
It's probably not working because of the wildcard roles and you spotted a
bug on our side. We have a shortcut in the Spring Boot config where we
collect the auth-constraints roles for each security constraint to generate
the <security-role/> "list". In auth-constraints wildcard is allowed but
not in security-role.
Could you open a ticket for this ?
Sebi
On Tue, Oct 31, 2017 at 3:27 PM, Niels Bertram <nielsbne at gmail.com> wrote:
> Hi Meissa, in deed this one would probably work. It is not using bearer
> only mode (like a REST based micro service would) and it does only use
> fixed role names. My example uses the wildcard role restriction which in
> the olden days of JSPs meant any role as long as authenticated. Strange
> that there are no examples out there. Thanks for taking notice. Kind
> Regards, Niels
>
> On Wed, Nov 1, 2017 at 12:15 AM, Meissa M'baye Sakho <msakho at redhat.com>
> wrote:
>
> > Niels,
> > I've tried the example below and it works fine.
> > http://blog.keycloak.org/2017/05/easily-secure-your-spring-boot.html
> > Although it's not using CXF.
> > Meissa
> >
> > On Tue, Oct 31, 2017 at 1:25 PM, Niels Bertram <nielsbne at gmail.com>
> wrote:
> >
> >> Hi Keycloak Users,
> >>
> >> I tried to configure a dead simple Spring Boot CXF REST endpoint with
> >> Keycloak Spring Boot Adapter in Bearer Only mode without any luck. It
> >> appears the Keycloak Tomcat Valve fails authorization even before the
> >> keycloak adapter ever gets a chance to parse the Bearer token and setup
> >> the
> >> session. I would have thought that with AutoConfig it would just be that
> >> ... auto config. I added the below keycloak adapter configuration to the
> >> application.yml file and made sure all required jars are on the
> classpath.
> >>
> >> Does anyone have any suggestions or a link to a working example that
> shows
> >> how to use Spring Boot with Keycloak *AND* CXF ?
> >>
> >> Many thanks, Niels
> >>
> >> Example:
> >>
> >> https://github.com/bertramn/keycloak-secured-rest-endpoint
> >>
> >>
> >> application.yml configuration:
> >>
> >>
> >> keycloak:
> >> realm: demo
> >> authServerUrl: 'http://localhost:8080/auth'
> >> realmKey: 'MIIBIjANBgDAQAB'
> >> sslRequired: external
> >> resource: test-client
> >> bearerOnly: true
> >> securityConstraints:
> >> - authRoles: [ '*' ]
> >> securityCollections:
> >> - name: authed
> >> patterns: [ '/v1/secured' ]
> >> _______________________________________________
> >> keycloak-user mailing list
> >> keycloak-user at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>
> >
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list