Hello,
in a multitenant app on Wildfly 14.0.1 with a bearer-only REST API to
protect I would like some URLs
to not be secured. So I would like my custom KeycloakConfigResolver
implementation
to not be called when those URLs are hit but it is. The reason I don't
want my KeycloakConfigResolver to be called is simply because
I have no clue as to what to return in that case: its a non-secured REST
endpoint so a Keycloak realm doesn't make sense in my understanding.
My setup follows the docs: I've installed the adapter for Wildfly and
the web.xml has the necessary setup for not securing some URLs (no
auth-constraint for those URLs)
Also in jboss-web.xml the security-domain element isn't defined,
although I don't know if that plays any role.
My final goal is to have some URLs secured by using the JBoss specific
@SecurityDomain and the standard @RolesAllowed etc annotations.
Can you please shed some light on this matter? I'd greatly appreciate
any detailed explanation of the mechanisms involved in this area.
Cheers,
Vagelis