I am writing an application that uses Errai and Keycloak.

 

I am able to login successfully and get all my user details and roles.

When I logout, I call the authenticationService to logout and then redirect to login url.

 

The issue with this is then the login page is not shown, the filters somehow pick up that the user is cached and re-authenticates with the same user and comes straight back into the app.

 

When I logout the following is called:-

  public void logout() {

      securityContext.invalidateCache();

      authService.call( new RemoteCallback<Void>() {

          @Override

          public void callback( Void response ) {

              redirect( GWT.getHostPageBaseURL() + "app-login" );

          }

      }, new BusErrorCallback() {

          @Override

          public boolean error( Message message, Throwable throwable ) {

              Window.alert( "Logout failed: " + throwable );

              return true;

          }

      } ).logout();

  }

 

Under the covers the logout calls the KeycloakAthenticationService.logout(). Following through in debug all this does is set the securityContext to null.

 

I added the invalidateCache as an attempt to clear the cache but that did not work. I think I’m just not understanding the flow.

 

I have a GWT module page(/provider-ui.html) which is the only page of the app.

I have a /app-login URL which is used by the filters to redirect to Keycloak and redirect back to the GWT page after authentication.

 

My web.xml looks like this:-

  <filter>

    <filter-name>ErraiLoginRedirectFilter</filter-name>

    <init-param>

      <param-name>redirectLocation</param-name>

      <param-value>/provider-ui.html</param-value>

    </init-param>

  </filter>

  <filter-mapping>

    <filter-name>ErraiLoginRedirectFilter</filter-name>

    <url-pattern>/app-login</url-pattern>

  </filter-mapping>

  <filter-mapping>

    <filter-name>ErraiUserCookieFilter</filter-name>

    <url-pattern>/provider-ui.html</url-pattern>

  </filter-mapping>

 

  <security-constraint>

    <web-resource-collection>

      <web-resource-name>Login</web-resource-name>

      <url-pattern>/app-login</url-pattern>

    </web-resource-collection>

    <auth-constraint>

      <role-name>*</role-name>

    </auth-constraint>

  </security-constraint>

   <login-config>

     <auth-method>KEYCLOAK</auth-method>

     <realm-name>demo</realm-name>

   </login-config>

  <security-role>

    <role-name>user</role-name>

  </security-role>

  <security-role>

    <role-name>admin</role-name>

  </security-role>

 

Any pointers of the direction I should take to solve this?

 

Thanks, Graeme