I’m integration keycloak with a Spring project and using your provided spring adaptor with a bearer only rest api.
The documentation is enough to get things working with bearer token validation.
But it is lacking documentation on a few things, may be others have experience with it.
1. When the bearer token is invalid, the logs are spammed with stack traces (as posted below). How do you manage log levels?
2. Can I insert custom code on bad tokens in order to integrate with monitoring? How do others deal with this situation?
[ERROR] org.keycloak.adapters.BearerTokenRequestAuthenticator - Failed to verify token
org.keycloak.VerificationException: Token is not active.
at org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:46) ~[keycloak-core-1.4.0.Final.jar:1.4.0.Final]
at org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:16) ~[keycloak-core-1.4.0.Final.jar:1.4.0.Final]
at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:67) ~[keycloak-adapter-core-1.4.0.Final.jar:1.4.0.Final]
at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:62) ~[keycloak-adapter-core-1.4.0.Final.jar:1.4.0.Final]
at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:45) ~[keycloak-adapter-core-1.4.0.Final.jar:1.4.0.Final]
at org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter.attemptAuthentication(KeycloakAuthenticationProcessingFilter.java:116) ~[keycloak-spring-security-adapter-1.4.0.Final.jar:1.4.0.Final]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:211) ~[spring-security-web-3.2.7.RELEASE.jar:3.2.7.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.7.RELEASE.jar:3.2.7.RELEASE]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) [spring-security-web-3.2.7.RELEASE.jar:3.2.7.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.7.RELEASE.jar:3.2.7.RELEASE]
at org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter.doFilter(KeycloakPreAuthActionsFilter.java:75) [keycloak-spring-security-adapter-1.4.0.Final.jar:1.4.0.Final]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.7.RELEASE.jar:3.2.7.RELEASE]
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:85) [spring-security-web-3.2.7.RELEASE.jar:3.2.7.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.1.7.RELEASE.jar:4.1.7.RELEASE]