Re: [keycloak-dev] Access original session

----- Original Message ----- > From: "Christian Beikov" <christian.beikov(a)gmail.com&gt; > To: "Stian Thorgersen" <stian(a)redhat.com&gt; > Cc: keycloak-dev(a)lists.jboss.org > Sent: Tuesday, 30 December, 2014 1:45:13 PM > Subject: Re: [keycloak-dev] Access original session > > Seems like my question wasn't clear enough. > > I have the following config in my web.xml > > <security-constraint> > <web-resource-collection> > <web-resource-name>Protected</web-resource-name> > <url-pattern>/protected/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>user</role-name> > </auth-constraint> > </security-constraint> > > <login-config> > <auth-method>KEYCLOAK</auth-method> > <realm-name>portfolio-webapp</realm-name> > </login-config> > > <security-role> > <role-name>user</role-name> > </security-role> > > Now when I navigate to e.g. "/protected/index.xhtml" I get redirected to > the Keycloak login. Unfortunately, the cookie which is set by the > Keycloak adapters after a succesful login, has the path "/protected" > set. When I navigate to "/whatever.xhtml" I obviously have no access to > the cookie since the browser doesn't send it. > > How am I supposed to access the logged in user outside of the protected > area? > > The session cookie (assuming you're talking about JSESSIONID) should be set > to the context-path of your WAR not a specific protected resource. > > Unfortunately I am experiencing that it is set to a different path. Strange. I've just tried with our demo, which has a similar security-constraint to yours, and it sets it to the context-path of the WAR as expected. Keycloak doesn't set this cookie itself, that's sorted by the JEE container. Which Keycloak version and JEE server are you using? > Is your protected resources in the same WAR as the unprotected resources? > > Yes, it's all in the same WAR. > > Mit freundlichen Grüßen, > ------------------------------------------------------------------------ > *Christian Beikov* > Am 30.12.2014 um 13:38 schrieb Stian Thorgersen: >> The session cookie (assuming you're talking about JSESSIONID) should be set >> to the context-path of your WAR not a specific protected resource. Is your >> protected resources in the same WAR as the unprotected resources? >> >> ----- Original Message ----- >>> From: "Christian Beikov" <christian.beikov(a)gmail.com&gt; >>> To: keycloak-dev(a)lists.jboss.org >>> Sent: Sunday, 28 December, 2014 11:01:54 AM >>> Subject: [keycloak-dev] Access original session >>> >>> Hello there!" >>> >>> I have an application that has protected resources on the pattern >>> "/protected/*" and I receive a session cookie for the path "/protected", >>> which makes sense. Now my problem is, that I want the path of the cookie >>> to >>> be "/" so I can access the user information even outside of the protected >>> resources. >>> Since I think this might introduce some problems, the only other way to >>> realize that I could think of is, to get access to the underlying servlet >>> session. Not only would that session have to be created properly, which I >>> am >>> not sure is happening when browsing in the protected resources, I would >>> also >>> need to access it on the server, so that I can save the currently logged >>> in >>> user into it. >>> >>> Is there a possibility to access the servlet session within the Keycloak >>> context? If so, could you please share some code or point me to an API? >>> -- >>> >>> Mit freundlichen Grüßen, >>> >>> Christian Beikov >>> >>> _______________________________________________ >>> keycloak-dev mailing list >>> keycloak-dev(a)lists.jboss.org >>> https://lists.jboss.org/mailman/listinfo/keycloak-dev >