2:35 a.m.
Scott, thanks for your replay!
Finally, I came about your examples
https://github.com/Smartling/spring-security-keycloak and tried to run it
on latest keycloak versions (1.7.0.Final) and it worked like a charm on
Tomcat embed server.
But when I tried to deploy it on my WildFly 9.0.2 server I encountered few
problems (now I'm forcing to resovle them).
The main question I have is this: I'm wondering how did you manage your
login-config auth metod to be Keycloak without even having web.xml.
Nevertheless, your app is working correct. Is it "magic" of Spring Boot
config? Or there is no mandatory auth method you have to specify now?
Though docs say that you have to have this section in web.xml:
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>tms</realm-name>
</login-config>
2016-01-02 18:32 GMT+03:00 Scott Rossillo <srossillo(a)smartling.com>:
You still have to configure Spring Security using Keycloak. See the
documentation for an annotation based configuration. Once that's set up
your another annotations will work.
PS - make sure to follow Spring Security naming conventions for roles. For
the example above that would be ROLE_ADMIN
On Fri, Jan 1, 2016 at 4:44 AM Andrey Saroul <andrey.saroul(a)gmail.com>
wrote:
> Hello! I'm just a begginer in Spring Security, but I would like to know
> is it possible to configure keycloak in a way that I can use @PreAuthorize,
> @PostAuthorize, @Secured and other annotations.
> For example, I've configured the keycloak-spring-security-adapter and
> Spring Security in my simple Spring Rest webapp so that I have access to
> Principal object in my controller, like this:
>
> @RestController
> public class TMSRestController {
>
> @RequestMapping("/greeting")
> public Greeting greeting(Principal principal,
> @RequestParam(value="name") String name) {
> return new Greeting(String.format(template, name));
> }
> ...
> }
>
> But when I try this (just an example, actually I want to execute custom
> EL expression before authorization):
>
> @RestController
> public class TMSRestController {
>
> @RequestMapping("/greeting")
> @PreAuthorize("hasRole('ADMIN')")
> public Greeting greeting(Principal principal,
> @RequestParam(value="name") String name) {
> return new Greeting(String.format(template, name));
> }
> ...
> }
>
> ... I get
> exception:
org.springframework.security.authentication.AuthenticationCredentialsNotFoundException:
> An Authentication object was not found in the SecurityContext
>
> What do I need to make this spring security annotations work?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user