8:15 a.m.
We are using Apache TOMCAT v. 8.0.18. We have a Javascript application that
we would like to configure web.xml using KEYCLOAK to protect all root URI's
'/' except '/tracking'. Is there a way to exclude '/tracking' from
being
protected either in the KEYCLOAK admin console or in the WEB.XML itself.
Some additional information is for the tracking URL we will use both HTTP
and WEBSOCKETS protocols. Our current approach was to specifically protect
all URI except for '/tracking' but that doesn't seem to be working as a
solution.
We have attached our example WEB.XML attempting to specifically protect
URLs:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>ROOT</module-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>APP</web-resource-name>
<url-pattern>/app/*</url-pattern>
</web-resource-collection>
<!--API-->
<web-resource-collection>
<web-resource-name>API</web-resource-name>
<url-pattern>/api/*</url-pattern>
</web-resource-collection>
<!--HTML-->
<web-resource-collection>
<web-resource-name>HTML</web-resource-name>
<url-pattern>*.html</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>worktrac</realm-name>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>
We appreciate your feedback and thoughts on a solution.
- Chris
10:08 a.m.
Keycloak authentication is only triggered if there is a security
constraint for that particular URL. We completely rely on web.xml/the
server container for this and there is currently no additional metadata.
Keycloak 1.6 has a filter implementation. You could possible override
that to bypass authentication depending on the URL if standard web.xml
security constraints are working as expected.
On 12/4/2015 9:15 AM, Christopher Wallace wrote:
We are using Apache TOMCAT v. 8.0.18. We have a Javascript
application
that we would like to configure web.xml using KEYCLOAK to protect all
root URI's '/' except '/tracking'. Is there a way to exclude
'/tracking'
from being protected either in the KEYCLOAK admin console or in the
WEB.XML itself. Some additional information is for the tracking URL we
will use both HTTP and WEBSOCKETS protocols. Our current approach was to
specifically protect all URI except for '/tracking' but that doesn't
seem to be working as a solution.
We have attached our example WEB.XML attempting to specifically protect
URLs:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>ROOT</module-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>APP</web-resource-name>
<url-pattern>/app/*</url-pattern>
</web-resource-collection>
<!--API-->
<web-resource-collection>
<web-resource-name>API</web-resource-name>
<url-pattern>/api/*</url-pattern>
</web-resource-collection>
<!--HTML-->
<web-resource-collection>
<web-resource-name>HTML</web-resource-name>
<url-pattern>*.html</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>worktrac</realm-name>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>
We appreciate your feedback and thoughts on a solution.
- Chris
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
1:46 a.m.
If you have a javascript applicaiton why are you not using the javascript
adapter?
On 4 December 2015 at 15:15, Christopher Wallace <cjwallac(a)gmail.com> wrote:
We are using Apache TOMCAT v. 8.0.18. We have a Javascript
application
that we would like to configure web.xml using KEYCLOAK to protect all root
URI's '/' except '/tracking'. Is there a way to exclude
'/tracking' from
being protected either in the KEYCLOAK admin console or in the WEB.XML
itself. Some additional information is for the tracking URL we will use
both HTTP and WEBSOCKETS protocols. Our current approach was to
specifically protect all URI except for '/tracking' but that doesn't seem
to be working as a solution.
We have attached our example WEB.XML attempting to specifically protect
URLs:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>ROOT</module-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>APP</web-resource-name>
<url-pattern>/app/*</url-pattern>
</web-resource-collection>
<!--API-->
<web-resource-collection>
<web-resource-name>API</web-resource-name>
<url-pattern>/api/*</url-pattern>
</web-resource-collection>
<!--HTML-->
<web-resource-collection>
<web-resource-name>HTML</web-resource-name>
<url-pattern>*.html</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>worktrac</realm-name>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>
We appreciate your feedback and thoughts on a solution.
- Chris
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3307
days inactive
3310
days old
2 comments
3 participants
participants (3)
-
Bill Burke -
Christopher Wallace -
Stian Thorgersen