Thanks. By implementing the Spring Security adapter, I’m able to get around this by
extending RequestAuthenticator.
On Apr 23, 2015, at 1:55 AM, Stian Thorgersen
<stian(a)redhat.com> wrote:
Currently Keycloak adapters are only a way of integrating existing frameworks with
Keycloak so adding a event handler etc wouldn't make much sense.
We have plans on the road-map for a CDI based adapter that gives more capabilities like
what you're asking for, but in the mean time you'd need to look at PicketLink,
DeltaSpike, or a way to do it with standard JEE security.
----- Original Message -----
> From: "Scott Rossillo" <srossillo(a)smartling.com>
> To: "Bill Burke" <bburke(a)redhat.com>
> Cc: keycloak-user(a)lists.jboss.org
> Sent: Monday, 20 April, 2015 2:50:26 AM
> Subject: Re: [keycloak-user] Keycloak Adapter without web.xml security-constraint
>
> Could we have a hook into application code to determine if a resource should
> be protected by Keycloak? Maybe an event handler?
>
> b oolean shouldProtectResourse(HttpServletRequest)
>
> On Friday, April 17, 2015, Scott Rossillo < srossillo(a)smartling.com > wrote:
>
>
>
> I could work around that for interactive logins, but it wouldn’t work for
> application to application requests. Do you have any pointers on where I
> could start to manually trigger the adapter?
>
> Do you think it’s a reasonable requirement to have the application determine
> if the adapter should be triggered? I feel it’s necessary for integration
> with applications that have to support more than one authentication
> mechanism.
>
> Let me know.
>
> Thanks in advance,
> Scott
>
>
> On Fri, Apr 17, 2015 at 4:46 PM, Bill Burke < bburke(a)redhat.com > wrote:
>
>
> Our adapters need a security constraint or they won't be triggered.
>
> On 4/17/2015 4:34 PM, Scott Rossillo wrote:
>> When using a security mechanism, such as Spring Security, it’s possible
>> that multiple security mechanisms are in place or that only parts of an
>> application are secured via Keycloak, not a blanket path (e.g. /api/*).
>>
>> What I’m trying to do is use the Spring’s authentication entrypoint to
>> direct to Keycloak (this part work somewhat) and have the Keycloak
>> adapter pick up from there (not working).
>>
>> What’s the best way to handle this?
>>
>> Thanks,
>> Scott
>>
>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
>
http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user