
<html>

  <head>

    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    <div class="moz-cite-prefix">You're not wrong. With

      ServletOAuthClient you have control when you redirect user to the

      KC login screen. But you're completely independent on Wildfly

      container security layers, hence no propagation to EJB layer.<br>

      <br>

      If ServletOAuthClient is good for you, depends on the usecase you

      want to achieve. Maybe it is better for you to add some

      security-constraints URL to your web.xml  (for example

      "/my-protected-url") and you will redirect your application to

      /my-protected-url (with httpResponse.sendRedirect) whenever you

      want your application to be logged with keycloak. Then once KC

      authentication is finished and your application will visit

      "/my-protected-url" as authenticated user, you will redirect back

      to the original URL before authentication. <br>

      <br>

      Not sure if EJB propagation will happen once you're authenticated,

      but visit unprotected URL though... But at least you can give it a

      shot.<br>

      <br>

      Marek<br>

      <br>

      On 23.4.2015 15:35, Jérôme Blanchard wrote:<br>

    </div>

    <blockquote

cite="mid:CAPNq5vYTB2YnNXcPQb+CDSyT9s2oopZvX99NbhS2DrYY62t2qQ@mail.gmail.com"

      type="cite">

      <div dir="ltr">

        <div>

          <div>Hi, <br>

          </div>

          I wonder that the Servlet OAuth Client won't propagate

          authentication to wildfy EJB layer... Am I wrong ?<br>

        </div>

        Jérôme.<br>

      </div>

      <br>

      <div class="gmail_quote">Le mar. 21 avr. 2015 à 18:13, Marek

        Posolda &lt;<a moz-do-not-send="true"

          href="mailto:mposolda@redhat.com">mposolda@redhat.com</a>&gt;

        a écrit :<br>

        <blockquote class="gmail_quote" style="margin:0 0 0

          .8ex;border-left:1px #ccc solid;padding-left:1ex">

          <div bgcolor="#FFFFFF" text="#000000">

            <div>You can take a look at our examples for how to use

              ServletOAuthClient. Hopefully it could help with your

              usecase:<br>

              <a moz-do-not-send="true"

href="https://github.com/keycloak/keycloak/tree/master/examples/demo-template/third-party"

                target="_blank">https://github.com/keycloak/keycloak/tree/master/examples/demo-template/third-party</a><br>

              <a moz-do-not-send="true"

href="https://github.com/keycloak/keycloak/tree/master/examples/demo-template/third-party-cdi"

                target="_blank">https://github.com/keycloak/keycloak/tree/master/examples/demo-template/third-party-cdi</a><br>

              <br>

              Marek</div>

          </div>

          <div bgcolor="#FFFFFF" text="#000000">

            <div><br>

              <br>

              On 21.4.2015 12:14, Jérôme Blanchard wrote:<br>

            </div>

          </div>

          <div bgcolor="#FFFFFF" text="#000000">

            <blockquote type="cite">

              <div dir="ltr">

                <div>

                  <div>

                    <div>

                      <div>

                        <div>Hi all, <br>

                          <br>

                        </div>

                        I'm trying to protect a servlet application

                        which can be accessed either as anonymous user

                        and as authenticated user. Some resources are

                        protected and my application takes in charge the

                        access control (not role based) so I can't use

                        the war protection using role user constraint.<br>

                      </div>

                      In this case I've removed the role constraint in

                      the web.xml and the keycloak wildfly (undertow)

                      adapter let me access the application as

                      unauthentified user (anonymous) which is perfect.<br>

                    </div>

                    What I want to handle on some AccessDeniedException

                    is to redirect the user to the authentication server

                    manually. In this case, user authentified an come

                    back to the protected URL but is no more anonymous

                    but a authentified user. <br>

                  </div>

                  Is ther is a way to handle this redirection to the

                  authentication server manually (I don't know where to

                  store the state variable allowing keycloak wildfly

                  adapter to handle properly the auth redirect that

                  include the code).<br>

                  <br>

                </div>

                Best regards, Jérôme.<br>

              </div>

              <br>

              <fieldset></fieldset>

              <br>

            </blockquote>

          </div>

          <div bgcolor="#FFFFFF" text="#000000">

            <blockquote type="cite">

              <pre>_______________________________________________

keycloak-user mailing list

<a moz-do-not-send="true" href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>

<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>

            </blockquote>

            <br>

          </div>

        </blockquote>

      </div>

    </blockquote>

    <br>

  </body>

</html>