<div dir="ltr">Hi everybody,<div><div style="font-family:arial,sans-serif;font-size:13px">this is the big picture:</div><div style="font-family:arial,sans-serif;font-size:13px">a. frontend application with Undertow</div><div style="font-family:arial,sans-serif;font-size:13px">b. backend application with Undertow and Resteasy for REST API</div><div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">Both are using Keycloak as SSO.</div><div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">I'm trying to configure a proxy from A to B in order to expose backend API without CORS problems to the frontend.</div><div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">I asked support also to Undertow guys but the issue seems around the integration of Keycloack in Undertow. My proxy is implemented like:</div><div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px"><span class="im"><div> final ProxyClient proxyClient = new SimpleProxyClientProvider(new URI("<a href="http://localhost:8181/" target="_blank">http://localhost:8181</a>"));</div><div> final ProxyHandler proxyHandler = new ProxyHandler(proxyClient, servletHandler);</div></span><div> proxyHandler.addRequestHeader(new HttpString("Authorization"), new ExchangeAttribute() {</div><div> @Override</div><div> public String readAttribute(HttpServerExchange exchange) {</div><div> exchange.</div><div> RefreshableKeycloakSecurityContext context = (RefreshableKeycloakSecurityContext) exchange.getSecurityContext();</div><div> return "Bearer " + context.getTokenString();</div><div> }</div><div><br></div><div> @Override</div><div> public void writeAttribute(HttpServerExchange exchange, String newValue) throws ReadOnlyAttributeException {</div><div> // TODO Auto-generated method stub</div><div> }</div><div> });</div><div><br></div><div>The problem is that the exchange.getSecurityContext() is always null. Any ideas?</div><div><br></div><div>Thanks</div></div><div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px"><br></div><div><br clear="all"><div><div class="gmail_signature"><div>--</div>Davide</div></div>
</div></div></div>