12:38 p.m.
Hi Marc,
first of all: I've not used kc together with hystrix yet (but just
building a docker env with spring cloud, kc and ELK, may be part of
future blog entries) - so, just guessing here.
That said: it may do the trick to use the inheritablethreadlocal
strategy for your securityconfig (which also gives you the ability to
use @async) as stated here at line 35:
https://github.com/Pinguwien/guestbook-backend/blob/master/src/main/java/...
or in my blogentries (german, you know where)
Best regards,
Dominik
Am 04.04.18 um 17:24 schrieb Marc Logemann:
Hi,
cant provide that but after extensive debugging we know the problem.
Had nothing to do with Keycloak Spring Adapter but a Hystrix
Annotation on the Spring Controller. Hystrix dispatches to a whole new
thread and this breaks the SecurityContextHolder which is of course
ThreadLocal based.
We removed the hystrix stuff for now and will investigate that later on.
marc
2018-04-04 11:24 GMT+02:00 Sebastien Blanc <sblanc(a)redhat.com>:
> Do you have a sample project shared somewhere to reproduce this ?
>
> On Wed, Apr 4, 2018 at 11:14 AM, Marc Logemann <marc.logemann(a)gmail.com>
> wrote:
>>
>> Hi,
>>
>> i have a weird thing going on. My keycloak Spring Security adapter
>> works as expected. But i am unable to retrieve the principal. I am
>> requesting a REST service with a valid Bearer Token. In the REST
>> controller i want to see the principal via:
>>
>> Principal userPrincipal = request.getUserPrincipal();
>>
>> or
>>
>> Authentication authentication =
>> SecurityContextHolder.getContext().getAuthentication();
>> String currentPrincipalName = authentication.getName();
>>
>> But everything is null. Funny thing is, the Keycloak Filter set the
>> Authentication correctly but at the end, in my controller, its not
>> there anymore.
>>
>> here is my filter list:
>>
>> Security filter chain: [
>> WebAsyncManagerIntegrationFilter
>> SecurityContextPersistenceFilter
>> HeaderWriterFilter
>> KeycloakPreAuthActionsFilter
>> LogoutFilter
>> KeycloakAuthenticationProcessingFilter
>> RequestCacheAwareFilter
>> SecurityContextHolderAwareRequestFilter
>> AnonymousAuthenticationFilter
>> SessionManagementFilter
>> ExceptionTranslationFilter
>> FilterSecurityInterceptor
>> ]
>>
>> Has anyone experienced something like this or has an idea?
>>
>> Thanks
>> Marc
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user