[keycloak-user] Spring Security Adapter working but no Principal
Marc Logemann
marc.logemann at gmail.com
Wed Apr 4 11:24:51 EDT 2018
Hi,
cant provide that but after extensive debugging we know the problem.
Had nothing to do with Keycloak Spring Adapter but a Hystrix
Annotation on the Spring Controller. Hystrix dispatches to a whole new
thread and this breaks the SecurityContextHolder which is of course
ThreadLocal based.
We removed the hystrix stuff for now and will investigate that later on.
marc
2018-04-04 11:24 GMT+02:00 Sebastien Blanc <sblanc at redhat.com>:
> Do you have a sample project shared somewhere to reproduce this ?
>
> On Wed, Apr 4, 2018 at 11:14 AM, Marc Logemann <marc.logemann at gmail.com>
> wrote:
>>
>> Hi,
>>
>> i have a weird thing going on. My keycloak Spring Security adapter
>> works as expected. But i am unable to retrieve the principal. I am
>> requesting a REST service with a valid Bearer Token. In the REST
>> controller i want to see the principal via:
>>
>> Principal userPrincipal = request.getUserPrincipal();
>>
>> or
>>
>> Authentication authentication =
>> SecurityContextHolder.getContext().getAuthentication();
>> String currentPrincipalName = authentication.getName();
>>
>> But everything is null. Funny thing is, the Keycloak Filter set the
>> Authentication correctly but at the end, in my controller, its not
>> there anymore.
>>
>> here is my filter list:
>>
>> Security filter chain: [
>> WebAsyncManagerIntegrationFilter
>> SecurityContextPersistenceFilter
>> HeaderWriterFilter
>> KeycloakPreAuthActionsFilter
>> LogoutFilter
>> KeycloakAuthenticationProcessingFilter
>> RequestCacheAwareFilter
>> SecurityContextHolderAwareRequestFilter
>> AnonymousAuthenticationFilter
>> SessionManagementFilter
>> ExceptionTranslationFilter
>> FilterSecurityInterceptor
>> ]
>>
>> Has anyone experienced something like this or has an idea?
>>
>> Thanks
>> Marc
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
More information about the keycloak-user
mailing list