[keycloak-user] Keycloak Spring Boot Adapter does not populate security context principal
Niels Bertram
nielsbne at gmail.com
Tue Oct 31 21:59:09 EDT 2017
Thanks Sebastien, I raised KEYCLOAK-5775
<https://issues.jboss.org/browse/KEYCLOAK-5775> with the example project
link. I recall when tracing the code that there is no provision for
wildcard checks BUT at the same token the Tomcat Valve does not seem to
have parsed the token either when the roles check executes. Niels
On Wed, Nov 1, 2017 at 3:03 AM, Sebastien Blanc <sblanc at redhat.com> wrote:
> It's probably not working because of the wildcard roles and you spotted a
> bug on our side. We have a shortcut in the Spring Boot config where we
> collect the auth-constraints roles for each security constraint to generate
> the <security-role/> "list". In auth-constraints wildcard is allowed but
> not in security-role.
>
> Could you open a ticket for this ?
>
> Sebi
>
>
> On Tue, Oct 31, 2017 at 3:27 PM, Niels Bertram <nielsbne at gmail.com> wrote:
>
>> Hi Meissa, in deed this one would probably work. It is not using bearer
>>
>> only mode (like a REST based micro service would) and it does only use
>> fixed role names. My example uses the wildcard role restriction which in
>> the olden days of JSPs meant any role as long as authenticated. Strange
>> that there are no examples out there. Thanks for taking notice. Kind
>> Regards, Niels
>>
>> On Wed, Nov 1, 2017 at 12:15 AM, Meissa M'baye Sakho <msakho at redhat.com>
>> wrote:
>>
>> > Niels,
>> > I've tried the example below and it works fine.
>> > http://blog.keycloak.org/2017/05/easily-secure-your-spring-boot.html
>> > Although it's not using CXF.
>> > Meissa
>> >
>> > On Tue, Oct 31, 2017 at 1:25 PM, Niels Bertram <nielsbne at gmail.com>
>> wrote:
>> >
>> >> Hi Keycloak Users,
>> >>
>> >> I tried to configure a dead simple Spring Boot CXF REST endpoint with
>> >> Keycloak Spring Boot Adapter in Bearer Only mode without any luck. It
>> >> appears the Keycloak Tomcat Valve fails authorization even before the
>> >> keycloak adapter ever gets a chance to parse the Bearer token and setup
>> >> the
>> >> session. I would have thought that with AutoConfig it would just be
>> that
>> >> ... auto config. I added the below keycloak adapter configuration to
>> the
>> >> application.yml file and made sure all required jars are on the
>> classpath.
>> >>
>> >> Does anyone have any suggestions or a link to a working example that
>> shows
>> >> how to use Spring Boot with Keycloak *AND* CXF ?
>> >>
>> >> Many thanks, Niels
>> >>
>> >> Example:
>> >>
>> >> https://github.com/bertramn/keycloak-secured-rest-endpoint
>> >>
>> >>
>> >> application.yml configuration:
>> >>
>> >>
>> >> keycloak:
>> >> realm: demo
>> >> authServerUrl: 'http://localhost:8080/auth'
>> >> realmKey: 'MIIBIjANBgDAQAB'
>> >> sslRequired: external
>> >> resource: test-client
>> >> bearerOnly: true
>> >> securityConstraints:
>> >> - authRoles: [ '*' ]
>> >> securityCollections:
>> >> - name: authed
>> >> patterns: [ '/v1/secured' ]
>> >> _______________________________________________
>> >> keycloak-user mailing list
>> >> keycloak-user at lists.jboss.org
>> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >>
>> >
>> >
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
More information about the keycloak-user
mailing list