Hi all,
Maybe someone can help me out with the following;
I'm trying to secure my Jax-RS services with Keycloak
1.7.0.Final. I configured for this a client in Keycloak with
access type 'bearer-only'.
Since I am using GlassFish 3.1 (no adapter available), I use the
'keycloak-servlet-filter-adapter'.
When accessing one of the Jax-RS services with a valid token,
GlassFish will throw an exception (with no relevant info in it).
I debugged it, and found out that the HttpServletRequestWrapper,
which is returned by the servlet filter, has no account
property in it (see also FilterSessionStore.buildWrapper(HttpSession,
KeycloakAccount)). And when GlassFish will try to
access, for example the wrapper's principal, this will cause a
NPE.
It seems that FilterRequestAuthenticator.completeBearerAuthentication(KeycloakPrincipal<RefreshableKeycloakSecurityContext>,
String) does not store the account in the
tokenStore.
Should I use this feature differently? Or is access type
'bearer-only' simply not supported by the servlet filter?
Thanks!
Ramon Rockx
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user