Hi Meissa,
thanks for your answer I'm already using the keycloak wildfly adapter. WHat
I don't manage to do is to use it with a classic browser client. Is there
is a way to ask for a token stored in the client's browser cookie and to
the server application look for this token in a cookie instead of in the
authentication header ?
Jerome
Le mer. 15 avr. 2015 à 14:27, Meissa M'baye Sakho <msakho(a)redhat.com> a
écrit :
Hi Jerôme,
Since your application runs on Wildfy, you'll have to use the
Keycloak-wildfly adapter.
Meissa
------------------------------
*De: *"Jérôme Blanchard" <jayblanc(a)gmail.com>
*À: *keycloak-user(a)lists.jboss.org
*Envoyé: *Mercredi 15 Avril 2015 12:08:55
*Objet: *[keycloak-user] Which adapter must I use ?
Hi all,
I'm facing a problem regarding which adapter to use in my case :
I have an application which runs on wildfly.
It is packaged as an ear containing an EJB backend (jar) and a web
application (war) that expose a REST API and a simple content browsing
servlet.
Both of the rest api and the content servlet allows anonymous access and
authentified access. The EJB layer takes in charge the access control usign
internal rules system.
The authentication on the REST API using bearer token works fine as it is
a javascript client that use it and the javascript adapter works fine.
What I want to do is to allow authentication on the content servlet in the
following way :
1. A user ask some content using the content servlet /content/file.txt
2. Because anonymous and the file.txt is protect, EJB layer return an
AccessDeniedException which is handled by the servlet to redirect the user
browser to an specific jsp page saying that content is protected and giving
a link to the keycloak server for eventual authentication.
3. The user follow this link to perform authentication and is redirected
back to the content url /content/file1.txt
4. I don't know how but the browser should be able to include something (a
cookie) that would holds the authentication token and allow the content
servlet to act as authentified.
Because my current adapter just check a bearer token header I don't see
which adapter to add, or how to handle authentication in another way
allowing the client navigator to propagate authentication token ??
Thanks in advance for your support and congratulation for this very nice
product that is keycloak.
Best regards, Jérôme.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user