Hi Bill,
I see you have pushed some changes.
Tell me as soon as you need me to test it.
Thank you,
Davide.
Weird... I'm actually screwing around with writing a security
proxy
right now. I just started like an hour or so ago so I'm not exactly
sure...but I don't think you can implement this with the current
codebase. You need a Undertow only (no servlet) authentication
mechanism and to set up the security handler chain correctly. (See the
BasicAuthServer example in Undertow).
I should have something working in master by the end of the week.
On 11/19/2014 6:33 PM, Davide Ungari wrote:
>* Hi everybody,
*>* this is the big picture:
*>* a. frontend application with Undertow
*>* b. backend application with Undertow and Resteasy for REST API
*>
>* Both are using Keycloak as SSO.
*>
>* I'm trying to configure a proxy from A to B in order to expose backend
*>* API without CORS problems to the frontend.
*>
>* I asked support also to Undertow guys but the issue seems around the
*>* integration of Keycloack in Undertow. My proxy is implemented like:
*>
>* final ProxyClient proxyClient = new
*>* SimpleProxyClientProvider(new URI("http://localhost:8181
<
http://localhost:8181/>
*>* <
http://localhost:8181/ <
http://localhost:8181/>>"));
*>* final ProxyHandler proxyHandler = new
*>* ProxyHandler(proxyClient, servletHandler);
*>* proxyHandler.addRequestHeader(new
*>* HttpString("Authorization"), new ExchangeAttribute() {
*>* @Override
*>* public String readAttribute(HttpServerExchange
*>* exchange) {
*>* exchange.
*>* RefreshableKeycloakSecurityContext context =
*>* (RefreshableKeycloakSecurityContext) exchange.getSecurityContext();
*>* return "Bearer " + context.getTokenString();
*>* }
*>
>* @Override
*>* public void writeAttribute(HttpServerExchange
*>* exchange, String newValue) throws ReadOnlyAttributeException {
*>* // TODO Auto-generated method stub
*>* }
*>* });
*>
>* The problem is that the exchange.getSecurityContext() is always null.
*>* Any ideas?
*>
>* Thanks
*>
>
>
>* --
*>* Davide
*>
>
>* _______________________________________________
*>* keycloak-user mailing list
*>* keycloak-user at
lists.jboss.org
<
https://lists.jboss.org/mailman/listinfo/keycloak-user>
*>*
https://lists.jboss.org/mailman/listinfo/keycloak-user
<
https://lists.jboss.org/mailman/listinfo/keycloak-user>
*>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com