I asked just this question last night. I solved my issue by creating a customer
KeycloakAuthenticationEntryPoint to redirect to /RootContext/{realmName}/sso/login and
then overrode the keycloakAuthenticationProcessingFilter method in the
KeycloakWebSecurityConfigurerAdapter implementation to change the AntPathRequestMatcher to
match.
@Override
protected KeycloakAuthenticationProcessingFilter keycloakAuthenticationProcessingFilter()
throws Exception {
return new KeycloakAuthenticationProcessingFilter(authenticationManager(),new
AntPathRequestMatcher("/**/sso/login"));
}
-----Original Message-----
From: keycloak-user-bounces(a)lists.jboss.org [mailto:keycloak-user-bounces@lists.jboss.org]
On Behalf Of Mattia Bello
Sent: 27 September 2018 13:21
To: keycloak-user(a)lists.jboss.org
Cc: Luca Buraggi <Luca.Buraggi(a)horsa.it>; Marco Pancotti
<Marco.Pancotti(a)horsa.it>
Subject: [keycloak-user] Problem with Spring WEB application using Keycloak + Spring
Security Adapter in Multi Tenancy mode
Hello,
I am trying to configure a Spring WEB application using Keycloak + Spring Security Adapter
in Multi Tenancy mode but i encountered some problems.
I followed the instuctions of the Keycloak documentation
(
https://www.keycloak.org/docs/latest/securing_apps/index.html#_spring_sec...
and
https://www.keycloak.org/docs/latest/securing_apps/index.html#_multi_tenancy)
I created a simple web application (SpringSecurity_HelloWorld) with two pages, one public
page (hello.jsp) and a protected one (admin.jsp).
To implementy the Multi tenancy, I created the PathBasedKeycloakConfigResolver java class
and I changed the spring-security.xml file as requested to link this class to the Spring
context.
The .zip from follow Google Drive Link contains a copy of the test project:
https://drive.google.com/file/d/1YH2phrXlx9yc1vexXkNCMKoOnDBEmBI2/view?us...
This is what happens when the app is running:
Accessing url localhost:8080/SpringSecurity_HelloWorld/{realm}/admin, (i.e. the protected
page) the following steps are executed:
1 As expected, the method resolve(..) of my PathBasedKeycloakConfigResolver class is
called, and my code correctly extracts the {realm} from the url, creates the corresponding
KeycloakDeployment object, returning it to the caller
2 The browser receives a redirect (HTTP 302) to the location
localhost:8080/SpringSecurity_HelloWorld/sso/login and executes the redirect
3 The method resolve(..) of PathBasedKeycloakConfigResolve is called again with the url
localhost:8080/SpringSecurity_HelloWorld/sso/login as argument. This is very surprising to
me because this url doesn't contains the {realm} part and I am wondering how the
method resolve() could cope with this. It is supposed to return the KeycloakDeployment
object corresponding to the requast realm but this is not possible now.
For what I understand from documentation the second call to the resolve() method is just
wrong .... why the the {realm} is missing ?
I suspect there is some configuratione error in my project but I can't find anything
wrong.
Thanks to all
Mattia Bello
Developer
[Descrizione: cid:image001.jpg@01CEB308.188717E0]
Horsa S.p.A.
Via Cadorna, 67
Vimodrone (MI)
Mobile (+39) 347 37 64 875
www.horsa.it<http://www.horsa.it/>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
________________________________
Please consider the environment: Think before you print!
This message has been scanned for malware by Websense.
www.websense.com