April 2014 - keycloak-user - Jboss List Archives

How to secure JAX-RS service based on reasteasy running on undertow

by Davide Ungari

Hi everybody, I configured keycloak with mongodb, then I secured frontend on Tomcat making an adapter. I need to secure backend, it is an JAX-RS service based on resteasy and running on undertow. I do not use EJB so I need some help to figure out the best way to implement security with keycloak in my scenario. Suggestions? -- Davide

12 years, 1 month

3
6
0 / 0

REST API security

by Nils Preusker

Hi all, I'm trying to figure out how I could use keycloak to secure a REST API that is used bu a pure backend REST client. Do you have any recommendations for that (i.e. API keys)? Cheers, Nils

12 years, 1 month

3
8
0 / 0

CORS only for OPTIONS?

by Juraci Paixão Kröhling

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello, I've noticed that KC sets the CORS headers only during pre-flight request, not on the regular requests. While this is in accordance with the documentation, I'm wondering if there's a reason for not sending the CORS headers for non-OPTIONS headers as well. As it currently is, I'd have to implement the CORS response filter in my application anyway, so, I'm wondering in which scenarios I'd delegate this to KC. By the way, it seems that setting "enable-cors" to false has no effect, as the headers are still being added by KC. Juca. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCgAGBQJTPFlTAAoJEDnJtskdmzLMWsMIAJ8vUxOUz+XKJQqQD5TceG40 d0A0TZC4zuypgezorGASvL7mSb7NbElytI07zXfH1fD/kNwCZn3wO1oyXNjGA+BY TzVB+jfViDpEYNYqtlL93WlkcqS+uaAmrBL0ag1N6L1OHWlN7QnYhxIZckSgTW99 t0P3U02Qr0dnmKuS8JzeKemKKC8rF3uR0cIBRi7+s3gsBUXDWmL9fYAvzcSLcX5h mA4Qn7eGCW6T5bSE6HzTzCtSxFbpkuSRQwXb77+n4HnZ2RHMGdeDLcMcObEIr2RF 63w2XafaJ2/p9yVRL55gwuyQH198p8dzpvBfvxO5sGMreTCeWt2nDfnBrjBNxek= =DfVk -----END PGP SIGNATURE-----

12 years, 1 month

3
10
0 / 0

Tomcat / Jetty adapter

by Davide Ungari

I will take a look at the as7-eap adapter this weekend. As I will star development I will inform you on the developers list. -- -- Davide

12 years, 1 month

1
1
0 / 0

@RolesAllowed leads to HTTP 500 when user doesn't have the required role

by Nils Preusker

Hi, I'm currently testing the @SecurityDomain("keycloak") and @RolesAllowed annotations on my JAX-RS services and was surprised to see that I get a HTTP 500 (internal server error) when a requesting user doesn't have the role that is required by @RolesAllowed. Is this intentional or a known issue or am I doing something wrong in the config? I'm using Wildfly 8.0.0.Final with the default RestEasy module. Would upgrading RestEasy do the trick? Cheers, Nils

12 years, 1 month

2
4
0 / 0

MongoDB and removing datasource KeycloakDS

by Davide Ungari

Hi everybody, I'm tryng to use keycloak withh mongo. I followed the documantation: http://docs.jboss.org/keycloak/docs/1.0-alpha-3/userguide/html/server-ins... But removing datasource KeycloakDS from standalone/configuration/standalone.xml causes an error message: 13:10:56,838 INFO [org.jboss.as.jpa] (MSC service thread 1-1) JBAS011401: Read persistence.xml for jpa-keycloak-identity-store 13:10:57,321 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) JBAS014613: Operation ("deploy") failed - address: ([("deployment" => "auth-server.war")]) - failure description: {"JBAS014771: Services with missing/unavailable dependencies" => ["jboss.persistenceunit.\"auth-server.war#jpa-keycloak-identity-store\".__FIRST_PHASE__ is missing [jboss.naming.context.java.jboss.datasources.KeycloakDS]"]} Suggestions? Thanks -- Davide

12 years, 1 month

2
5
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user April 2014