[keycloak-user] Error controller is not invoked if authentication failed
Aliaksei Lahachou
aliaksei.lahachou at gmail.com
Tue Jan 22 10:50:05 EST 2019
As a proof of concept, I wrapped KeycloakAuthenticationProcessingFilter
with a OncePerRequestFilter implementation and error controller is invoked
as expected.
On Tue, Jan 22, 2019 at 4:36 PM Aliaksei Lahachou <
aliaksei.lahachou at gmail.com> wrote:
> Hello,
>
> I'm migrating our application from Spring Boot 1.5.19 / Keycloak 3.4.3 to
> Spring Boot 2.1.2 / Keycloak 4.8.3.
>
> I'm currently facing the problem that if authentication fails (invalid
> token), the error controller is not invoked (BasicErrorController by
> default).
>
> The reason is that when authentication fails, the request is redirected to
> error controller, and the security filters are invoked again. Because the
> authorization header is still there, KeycloakAuthenticationProcessingFilter
> fails again.
>
> In older versions of Spring Boot / Keycloak security filters are not
> invoked after request is redirected to error controller. Basic
> authentication works as expected in both old and new versions, seemingly
> because BasicAuthenticationFilter extends OncePerRequestFilter, which skips
> filter for error URI (skipDispatch method).
>
> I created example applications with tests that reproduce the problem, see
> [1] and [2]. Am I missing some configuration? Or is this a bug?
>
> [1] https://github.com/htfv/examples/tree/master/spring-boot-1-keycloak
> [2] https://github.com/htfv/examples/tree/master/spring-boot-2-keycloak
>
> Regards,
> Aliaksei
>
More information about the keycloak-user
mailing list