<div dir="ltr"><div><div><div><div>Scott, thanks for your replay!<br></div>Finally, I came about your examples <a href="https://github.com/Smartling/spring-security-keycloak" target="_blank">https://github.com/Smartling/spring-security-keycloak</a> and tried to run it on latest keycloak versions (1.7.0.Final) and it worked like a charm on Tomcat embed server.<br></div>But when I tried to deploy it on my WildFly 9.0.2 server I encountered few problems (now I'm forcing to resovle them).<br></div>The main question I have is this: I'm wondering how did you manage your login-config auth metod to be Keycloak without even having web.xml. Nevertheless, your app is working correct. Is it "magic" of Spring Boot config? Or there is no mandatory auth method you have to specify now? <br>Though docs say that you have to have this section in web.xml:<br><pre style="background-color:rgb(255,255,255);color:rgb(0,0,0);font-family:"Courier New""><span style="background-color:rgb(239,239,239)"><</span><span style="color:rgb(0,0,128);background-color:rgb(239,239,239);font-weight:bold">login-config</span><span style="background-color:rgb(239,239,239)">></span><br> <span style="background-color:rgb(239,239,239)"><</span><span style="color:rgb(0,0,128);background-color:rgb(239,239,239);font-weight:bold">auth-method</span><span style="background-color:rgb(239,239,239)">></span>KEYCLOAK<span style="background-color:rgb(239,239,239)"></</span><span style="color:rgb(0,0,128);background-color:rgb(239,239,239);font-weight:bold">auth-method</span><span style="background-color:rgb(239,239,239)">></span><br> <span style="background-color:rgb(239,239,239)"><</span><span style="color:rgb(0,0,128);background-color:rgb(239,239,239);font-weight:bold">realm-name</span><span style="background-color:rgb(239,239,239)">></span>tms<span style="background-color:rgb(239,239,239)"></</span><span style="color:rgb(0,0,128);background-color:rgb(239,239,239);font-weight:bold">realm-name</span><span style="background-color:rgb(239,239,239)">></span><br><span style="background-color:rgb(239,239,239)"></</span><span style="color:rgb(0,0,128);background-color:rgb(239,239,239);font-weight:bold">login-config</span><span style="background-color:rgb(239,239,239)">></span></pre><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-01-02 18:32 GMT+03:00 Scott Rossillo <span dir="ltr"><<a href="mailto:srossillo@smartling.com" target="_blank">srossillo@smartling.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">You still have to configure Spring Security using Keycloak. See the documentation for an annotation based configuration. Once that's set up your another annotations will work. <br><br>PS - make sure to follow Spring Security naming conventions for roles. For the example above that would be ROLE_ADMIN<br><div class="gmail_quote"><div><div class="h5"><div dir="ltr">On Fri, Jan 1, 2016 at 4:44 AM Andrey Saroul <<a href="mailto:andrey.saroul@gmail.com" target="_blank">andrey.saroul@gmail.com</a>> wrote:<br></div></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr">Hello! I'm just a begginer in Spring Security, but I would like to know is it possible to configure keycloak in a way that I can use @PreAuthorize, @PostAuthorize, @Secured and other annotations.<div>For example, I've configured the keycloak-spring-security-adapter and Spring Security in my simple Spring Rest webapp so that I have access to Principal object in my controller, like this:</div><div><div><br></div><div>@RestController</div><div>public class TMSRestController {</div><div><br></div><div> @RequestMapping("/greeting")<br></div><div> public Greeting greeting(Principal principal, @RequestParam(value="name") String name) {</div><div> return new Greeting(String.format(template, name));</div><div> }</div></div><div>...</div><div>}</div><div><br></div><div>But when I try this (just an example, actually I want to execute custom EL expression before authorization):</div><div><br></div><div><div><div>@RestController</div><div>public class TMSRestController {</div><div><br></div><div> @RequestMapping("/greeting")<br></div><div> @PreAuthorize("hasRole('ADMIN')")</div><div> public Greeting greeting(Principal principal, @RequestParam(value="name") String name) {</div><div> return new Greeting(String.format(template, name));</div><div> }</div></div><div>...</div><div>}</div></div><div><br></div><div>... I get exception: org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext</div><div><br></div><div>What do I need to make this spring security annotations work?</div></div></div></div>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></blockquote></div>
</blockquote></div><br></div>