<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;">
<div>Hi,</div>
<div>I’m integration keycloak with a Spring project and using your provided spring adaptor with a bearer only rest api.</div>
<div>The documentation is enough to get things working with bearer token validation.</div>
<div>But it is lacking documentation on a few things, may be others have experience with it. </div>
<div><br>
</div>
<div>1. When the bearer token is invalid, the logs are spammed with stack traces (as posted below). How do you manage log levels?</div>
<div>2. Can I insert custom code on bad tokens in order to integrate with monitoring? How do others deal with this situation?</div>
<div><br>
</div>
<div>Thanks,</div>
<div>—Doug</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div>[ERROR] org.keycloak.adapters.BearerTokenRequestAuthenticator - Failed to verify token</div>
<div>org.keycloak.VerificationException: Token is not active.</div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>at org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:46) ~[keycloak-core-1.4.0.Final.jar:1.4.0.Final]</div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>at org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:16) ~[keycloak-core-1.4.0.Final.jar:1.4.0.Final]</div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:67) ~[keycloak-adapter-core-1.4.0.Final.jar:1.4.0.Final]</div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:62) ~[keycloak-adapter-core-1.4.0.Final.jar:1.4.0.Final]</div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:45) ~[keycloak-adapter-core-1.4.0.Final.jar:1.4.0.Final]</div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>at org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter.attemptAuthentication(KeycloakAuthenticationProcessingFilter.java:116) ~[keycloak-spring-security-adapter-1.4.0.Final.jar:1.4.0.Final]</div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:211) ~[spring-security-web-3.2.7.RELEASE.jar:3.2.7.RELEASE]</div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.7.RELEASE.jar:3.2.7.RELEASE]</div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) [spring-security-web-3.2.7.RELEASE.jar:3.2.7.RELEASE]</div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.7.RELEASE.jar:3.2.7.RELEASE]</div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>at org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter.doFilter(KeycloakPreAuthActionsFilter.java:75) [keycloak-spring-security-adapter-1.4.0.Final.jar:1.4.0.Final]</div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.7.RELEASE.jar:3.2.7.RELEASE]</div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:85) [spring-security-web-3.2.7.RELEASE.jar:3.2.7.RELEASE]</div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.1.7.RELEASE.jar:4.1.7.RELEASE]</div>
</div>
<div>…</div>
</body>
</html>