Re: [keycloak-user] Spring Security annotation problem
You still have to configure Spring Security using Keycloak. See the
documentation for an annotation based configuration. Once that's set up
your another annotations will work.
PS - make sure to follow Spring Security naming conventions for roles. For
the example above that would be ROLE_ADMIN
On Fri, Jan 1, 2016 at 4:44 AM Andrey Saroul <andrey.saroul(a)gmail.com>
wrote:
Hello! I'm just a begginer in Spring Security, but I would like
to know is
it possible to configure keycloak in a way that I can use @PreAuthorize,
@PostAuthorize, @Secured and other annotations.
For example, I've configured the keycloak-spring-security-adapter and
Spring Security in my simple Spring Rest webapp so that I have access to
Principal object in my controller, like this:
@RestController
public class TMSRestController {
@RequestMapping("/greeting")
public Greeting greeting(Principal principal,
@RequestParam(value="name") String name) {
return new Greeting(String.format(template, name));
}
...
}
But when I try this (just an example, actually I want to execute custom EL
expression before authorization):
@RestController
public class TMSRestController {
@RequestMapping("/greeting")
@PreAuthorize("hasRole('ADMIN')")
public Greeting greeting(Principal principal,
@RequestParam(value="name") String name) {
return new Greeting(String.format(template, name));
}
...
}
... I get
exception:
org.springframework.security.authentication.AuthenticationCredentialsNotFoundException:
An Authentication object was not found in the SecurityContext
What do I need to make this spring security annotations work?
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
Attachments:
- attachment.html (text/html — 2.6 KB)