[ https://issues.jboss.org/browse/TEIIDSB-81?page=com.atlassian.jira.plugin... ] Steven Hawkins commented on TEIIDSB-81: --------------------------------------- This could be done with Spring JAAS integration to use the DirectAccessGrantLoginModule. For now this will use the none-JAAS approach. The code in KeycloakDirectAccessGrantAuthenticationProvider is mostly from that login module - there's no explicit handling there or here for active refresh / invalidation, so for now we're just concerned with the initial authentication. It extends from the KeycloakAuthenticationProvider to create the same mapped token authentication result as the OData case. I had a hard time wiring the AuthenticationManager. There seem to be some existing spring issues about that (https://github.com/spring-projects/spring-security-oauth2-boot/issues/30). I ended up using the post processor. The db security can be used in conjunction with or apart from the odata security. When odata is also included, however I see that hibernate validator is part of spring-boot-starter-web and is trying to do something against the default teiid connection pool. With db security this now fails as there is no identity associated. -- This message was sent by Atlassian Jira (v7.12.1#712002)