Hi everybody,
this is the big picture:
a. frontend application with Undertow
b. backend application with Undertow and Resteasy for REST API

Both are using Keycloak as SSO.

I'm trying to configure a proxy from A to B in order to expose backend API without CORS problems to the frontend.

I asked support also to Undertow guys but the issue seems around the integration of Keycloack in Undertow. My proxy is implemented like:

                final ProxyClient proxyClient = new SimpleProxyClientProvider(new URI("http://localhost:8181"));
                final ProxyHandler proxyHandler = new ProxyHandler(proxyClient, servletHandler);
                proxyHandler.addRequestHeader(new HttpString("Authorization"), new ExchangeAttribute() {
                    @Override
                    public String readAttribute(HttpServerExchange exchange) {
                        exchange.
                        RefreshableKeycloakSecurityContext context = (RefreshableKeycloakSecurityContext) exchange.getSecurityContext();
                        return "Bearer " + context.getTokenString();
                    }

                    @Override
                    public void writeAttribute(HttpServerExchange exchange, String newValue) throws ReadOnlyAttributeException {
                        // TODO Auto-generated method stub
                    }
                });

The problem is that the exchange.getSecurityContext() is always null. Any ideas?

Thanks



--
Davide