Greetings,
We were wondering what is the best practice for the use of spring security adapter:
I notice that the security context is an instance of RefreshableKeycloakSecurityContext,
which means (correct me if I'm wrong) that whenever a token is about to revoke, a
refresh is issued.
I used all xml beans that's in the
documentation<https://keycloak.gitbooks.io/securing-client-applications-guide/content/v/2.4/topics/oidc/java/spring-security-adapter.html>,
but still, when I put a breakpoint on RefreshableKeycloakSecurityContext ->
refreshExpiredToken, it stops only once - on logout (which is another mystery to me). I
also noticed that this method is public yet no other class uses it.
Do I need to invoke it explicitly? Where?
Thanks,
Dekel.
The information contained in this message is proprietary to the sender, protected from
disclosure, and may be privileged. The information is intended to be conveyed only to the
designated recipient(s) of the message. If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, use, distribution or copying of
this communication is strictly prohibited and may be unlawful. If you have received this
communication in error, please notify us immediately by replying to the message and
deleting it from your computer. Thank you.
Show replies by date