[keycloak-user] Problem with Spring WEB application using Keycloak + Spring Security Adapter in Multi Tenancy mode
Tony Harris
Tony.Harris at oneadvanced.com
Thu Sep 27 08:33:06 EDT 2018
I asked just this question last night. I solved my issue by creating a customer KeycloakAuthenticationEntryPoint to redirect to /RootContext/{realmName}/sso/login and then overrode the keycloakAuthenticationProcessingFilter method in the KeycloakWebSecurityConfigurerAdapter implementation to change the AntPathRequestMatcher to match.
@Override
protected KeycloakAuthenticationProcessingFilter keycloakAuthenticationProcessingFilter() throws Exception {
return new KeycloakAuthenticationProcessingFilter(authenticationManager(),new AntPathRequestMatcher("/**/sso/login"));
}
-----Original Message-----
From: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces at lists.jboss.org] On Behalf Of Mattia Bello
Sent: 27 September 2018 13:21
To: keycloak-user at lists.jboss.org
Cc: Luca Buraggi <Luca.Buraggi at horsa.it>; Marco Pancotti <Marco.Pancotti at horsa.it>
Subject: [keycloak-user] Problem with Spring WEB application using Keycloak + Spring Security Adapter in Multi Tenancy mode
Hello,
I am trying to configure a Spring WEB application using Keycloak + Spring Security Adapter in Multi Tenancy mode but i encountered some problems.
I followed the instuctions of the Keycloak documentation (https://www.keycloak.org/docs/latest/securing_apps/index.html#_spring_security_adapter and https://www.keycloak.org/docs/latest/securing_apps/index.html#_multi_tenancy)
I created a simple web application (SpringSecurity_HelloWorld) with two pages, one public page (hello.jsp) and a protected one (admin.jsp).
To implementy the Multi tenancy, I created the PathBasedKeycloakConfigResolver java class and I changed the spring-security.xml file as requested to link this class to the Spring context.
The .zip from follow Google Drive Link contains a copy of the test project:
https://drive.google.com/file/d/1YH2phrXlx9yc1vexXkNCMKoOnDBEmBI2/view?usp=sharing
This is what happens when the app is running:
Accessing url localhost:8080/SpringSecurity_HelloWorld/{realm}/admin, (i.e. the protected page) the following steps are executed:
1 As expected, the method resolve(..) of my PathBasedKeycloakConfigResolver class is called, and my code correctly extracts the {realm} from the url, creates the corresponding KeycloakDeployment object, returning it to the caller
2 The browser receives a redirect (HTTP 302) to the location localhost:8080/SpringSecurity_HelloWorld/sso/login and executes the redirect
3 The method resolve(..) of PathBasedKeycloakConfigResolve is called again with the url localhost:8080/SpringSecurity_HelloWorld/sso/login as argument. This is very surprising to me because this url doesn't contains the {realm} part and I am wondering how the method resolve() could cope with this. It is supposed to return the KeycloakDeployment object corresponding to the requast realm but this is not possible now.
For what I understand from documentation the second call to the resolve() method is just wrong .... why the the {realm} is missing ?
I suspect there is some configuratione error in my project but I can't find anything wrong.
Thanks to all
Mattia Bello
Developer
[Descrizione: cid:image001.jpg at 01CEB308.188717E0]
Horsa S.p.A.
Via Cadorna, 67
Vimodrone (MI)
Mobile (+39) 347 37 64 875
www.horsa.it<http://www.horsa.it/>
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
________________________________
Please consider the environment: Think before you print!
This message has been scanned for malware by Websense. www.websense.com
More information about the keycloak-user
mailing list