[keycloak-dev] Access original session

Stian Thorgersen stian at redhat.com
Tue Dec 30 07:59:44 EST 2014



----- Original Message -----
> From: "Christian Beikov" <christian.beikov at gmail.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Tuesday, 30 December, 2014 1:45:13 PM
> Subject: Re: [keycloak-dev] Access original session
> 
> Seems like my question wasn't clear enough.
> 
> I have the following config in my web.xml
> 
>      <security-constraint>
>          <web-resource-collection>
> <web-resource-name>Protected</web-resource-name>
>              <url-pattern>/protected/*</url-pattern>
>          </web-resource-collection>
>          <auth-constraint>
>              <role-name>user</role-name>
>          </auth-constraint>
>      </security-constraint>
> 
>      <login-config>
>          <auth-method>KEYCLOAK</auth-method>
>          <realm-name>portfolio-webapp</realm-name>
>      </login-config>
> 
>      <security-role>
>          <role-name>user</role-name>
>      </security-role>
> 
> Now when I navigate to e.g. "/protected/index.xhtml" I get redirected to
> the Keycloak login. Unfortunately, the cookie which is set by the
> Keycloak adapters after a succesful login, has the path "/protected"
> set. When I navigate to "/whatever.xhtml" I obviously have no access to
> the cookie since the browser doesn't send it.
> 
> How am I supposed to access the logged in user outside of the protected
> area?
> 
> The session cookie (assuming you're talking about JSESSIONID) should be set
> to the context-path of your WAR not a specific protected resource.
> 
> Unfortunately I am experiencing that it is set to a different path.

Strange. I've just tried with our demo, which has a similar security-constraint to yours, and it sets it to the context-path of the WAR as expected.

Keycloak doesn't set this cookie itself, that's sorted by the JEE container. Which Keycloak version and JEE server are you using?

> 
> Is your protected resources in the same WAR as the unprotected resources?
> 
> Yes, it's all in the same WAR.
> 
> Mit freundlichen Grüßen,
> ------------------------------------------------------------------------
> *Christian Beikov*
> Am 30.12.2014 um 13:38 schrieb Stian Thorgersen:
> > The session cookie (assuming you're talking about JSESSIONID) should be set
> > to the context-path of your WAR not a specific protected resource. Is your
> > protected resources in the same WAR as the unprotected resources?
> >
> > ----- Original Message -----
> >> From: "Christian Beikov" <christian.beikov at gmail.com>
> >> To: keycloak-dev at lists.jboss.org
> >> Sent: Sunday, 28 December, 2014 11:01:54 AM
> >> Subject: [keycloak-dev] Access original session
> >>
> >> Hello there!"
> >>
> >> I have an application that has protected resources on the pattern
> >> "/protected/*" and I receive a session cookie for the path "/protected",
> >> which makes sense. Now my problem is, that I want the path of the cookie
> >> to
> >> be "/" so I can access the user information even outside of the protected
> >> resources.
> >> Since I think this might introduce some problems, the only other way to
> >> realize that I could think of is, to get access to the underlying servlet
> >> session. Not only would that session have to be created properly, which I
> >> am
> >> not sure is happening when browsing in the protected resources, I would
> >> also
> >> need to access it on the server, so that I can save the currently logged
> >> in
> >> user into it.
> >>
> >> Is there a possibility to access the servlet session within the Keycloak
> >> context? If so, could you please share some code or point me to an API?
> >> --
> >>
> >> Mit freundlichen Grüßen,
> >>
> >> Christian Beikov
> >>
> >> _______________________________________________
> >> keycloak-dev mailing list
> >> keycloak-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> 
> 



More information about the keycloak-dev mailing list