5:33 p.m.
Hi everybody,
this is the big picture:
a. frontend application with Undertow
b. backend application with Undertow and Resteasy for REST API
Both are using Keycloak as SSO.
I'm trying to configure a proxy from A to B in order to expose backend API
without CORS problems to the frontend.
I asked support also to Undertow guys but the issue seems around the
integration of Keycloack in Undertow. My proxy is implemented like:
final ProxyClient proxyClient = new
SimpleProxyClientProvider(new URI("http://localhost:8181"));
final ProxyHandler proxyHandler = new
ProxyHandler(proxyClient, servletHandler);
proxyHandler.addRequestHeader(new
HttpString("Authorization"), new ExchangeAttribute() {
@Override
public String readAttribute(HttpServerExchange
exchange) {
exchange.
RefreshableKeycloakSecurityContext context =
(RefreshableKeycloakSecurityContext) exchange.getSecurityContext();
return "Bearer " + context.getTokenString();
}
@Override
public void writeAttribute(HttpServerExchange exchange,
String newValue) throws ReadOnlyAttributeException {
// TODO Auto-generated method stub
}
});
The problem is that the exchange.getSecurityContext() is always null. Any
ideas?
Thanks
--
Davide
6:02 p.m.
Weird... I'm actually screwing around with writing a security proxy
right now. I just started like an hour or so ago so I'm not exactly
sure...but I don't think you can implement this with the current
codebase. You need a Undertow only (no servlet) authentication
mechanism and to set up the security handler chain correctly. (See the
BasicAuthServer example in Undertow).
I should have something working in master by the end of the week.
On 11/19/2014 6:33 PM, Davide Ungari wrote:
Hi everybody,
this is the big picture:
a. frontend application with Undertow
b. backend application with Undertow and Resteasy for REST API
Both are using Keycloak as SSO.
I'm trying to configure a proxy from A to B in order to expose backend
API without CORS problems to the frontend.
I asked support also to Undertow guys but the issue seems around the
integration of Keycloack in Undertow. My proxy is implemented like:
final ProxyClient proxyClient = new
SimpleProxyClientProvider(new URI("http://localhost:8181
<http://localhost:8181/>"));
final ProxyHandler proxyHandler = new
ProxyHandler(proxyClient, servletHandler);
proxyHandler.addRequestHeader(new
HttpString("Authorization"), new ExchangeAttribute() {
@Override
public String readAttribute(HttpServerExchange
exchange) {
exchange.
RefreshableKeycloakSecurityContext context =
(RefreshableKeycloakSecurityContext) exchange.getSecurityContext();
return "Bearer " + context.getTokenString();
}
@Override
public void writeAttribute(HttpServerExchange
exchange, String newValue) throws ReadOnlyAttributeException {
// TODO Auto-generated method stub
}
});
The problem is that the exchange.getSecurityContext() is always null.
Any ideas?
Thanks
--
Davide
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
3690
days inactive
3691
days old
1 comments
2 participants
participants (2)
-
Bill Burke -
Davide Ungari