On Keycloak Secure Application Service Guide is described like an obligation the
definition of security-constration in web.xml.
I am programming an application that follows concepts of "WYSIWYG". My app need
have the feature of anonymous browsing and identified browsing on same app URIs. The
definition of url-paths protected by security-constration are breaking the concepts of
"WYSIWYG".
Is there a way to get access to keycloak SecurityDomain without restrict paths by
security-constration?
Regards,
Mauricio.
________________________________
De: Maurício Giacomini Penteado <mauriciogiacomini(a)hotmail.com>
Enviado: terça-feira, 11 de outubro de 2016 21:50
Para: keycloak-dev(a)lists.jboss.org
Assunto: KeycloakSecurityContext is always null
Hello everyone,
I do not understanding how can I correctly use KeycloakSecurityContext on a Rest service
to obtain access to keycloak tokens.
I tryed via httpServletRequest:
KeycloakSecurityContext session = (KeycloakSecurityContext)
httpServletRequest.getAttribute(KeycloakSecurityContext.class.getName());
But, my KeycloakSecurityContext is always null.
I put the anotation @SecurityDomain("keycloak") on my class without success.
The authentication works perfectly but, the authorization is a problem. I am trying access
to KeycloakSecurityContext to work with authorization.
If someone has a tip that can help me, please let me know.
Regards,
Mauricio.