[keycloak-dev] Access original session

Christian Beikov christian.beikov at gmail.com
Tue Dec 30 09:47:00 EST 2014


I am using the following versions:

  * Keycloak 1.0.4.Final
  * Wildfly 8.1.0.Final

Also it doesn't respect the cookie settings of the web.xml. I tried to 
configure a different name for the cookie just to test it, but it didn't 
change. When navigating to "/whatever.xhtml" I suddenly get the 
configured cookie set.
It seems as if the Keycloak adapters wrap the HttpServletRequest to 
expose a different session map when working with secured resources. 
Which demo are you talking about? I would love to try it out so that I 
can confirm if it has something to do with my setup or Keycloak.

Mit freundlichen Grüßen,
------------------------------------------------------------------------
*Christian Beikov*
Am 30.12.2014 um 13:59 schrieb Stian Thorgersen:
>
> ----- Original Message -----
>> From: "Christian Beikov" <christian.beikov at gmail.com>
>> To: "Stian Thorgersen" <stian at redhat.com>
>> Cc: keycloak-dev at lists.jboss.org
>> Sent: Tuesday, 30 December, 2014 1:45:13 PM
>> Subject: Re: [keycloak-dev] Access original session
>>
>> Seems like my question wasn't clear enough.
>>
>> I have the following config in my web.xml
>>
>>       <security-constraint>
>>           <web-resource-collection>
>> <web-resource-name>Protected</web-resource-name>
>>               <url-pattern>/protected/*</url-pattern>
>>           </web-resource-collection>
>>           <auth-constraint>
>>               <role-name>user</role-name>
>>           </auth-constraint>
>>       </security-constraint>
>>
>>       <login-config>
>>           <auth-method>KEYCLOAK</auth-method>
>>           <realm-name>portfolio-webapp</realm-name>
>>       </login-config>
>>
>>       <security-role>
>>           <role-name>user</role-name>
>>       </security-role>
>>
>> Now when I navigate to e.g. "/protected/index.xhtml" I get redirected to
>> the Keycloak login. Unfortunately, the cookie which is set by the
>> Keycloak adapters after a succesful login, has the path "/protected"
>> set. When I navigate to "/whatever.xhtml" I obviously have no access to
>> the cookie since the browser doesn't send it.
>>
>> How am I supposed to access the logged in user outside of the protected
>> area?
>>
>> The session cookie (assuming you're talking about JSESSIONID) should be set
>> to the context-path of your WAR not a specific protected resource.
>>
>> Unfortunately I am experiencing that it is set to a different path.
> Strange. I've just tried with our demo, which has a similar security-constraint to yours, and it sets it to the context-path of the WAR as expected.
>
> Keycloak doesn't set this cookie itself, that's sorted by the JEE container. Which Keycloak version and JEE server are you using?
>
>> Is your protected resources in the same WAR as the unprotected resources?
>>
>> Yes, it's all in the same WAR.
>>
>> Mit freundlichen Grüßen,
>> ------------------------------------------------------------------------
>> *Christian Beikov*
>> Am 30.12.2014 um 13:38 schrieb Stian Thorgersen:
>>> The session cookie (assuming you're talking about JSESSIONID) should be set
>>> to the context-path of your WAR not a specific protected resource. Is your
>>> protected resources in the same WAR as the unprotected resources?
>>>
>>> ----- Original Message -----
>>>> From: "Christian Beikov" <christian.beikov at gmail.com>
>>>> To: keycloak-dev at lists.jboss.org
>>>> Sent: Sunday, 28 December, 2014 11:01:54 AM
>>>> Subject: [keycloak-dev] Access original session
>>>>
>>>> Hello there!"
>>>>
>>>> I have an application that has protected resources on the pattern
>>>> "/protected/*" and I receive a session cookie for the path "/protected",
>>>> which makes sense. Now my problem is, that I want the path of the cookie
>>>> to
>>>> be "/" so I can access the user information even outside of the protected
>>>> resources.
>>>> Since I think this might introduce some problems, the only other way to
>>>> realize that I could think of is, to get access to the underlying servlet
>>>> session. Not only would that session have to be created properly, which I
>>>> am
>>>> not sure is happening when browsing in the protected resources, I would
>>>> also
>>>> need to access it on the server, so that I can save the currently logged
>>>> in
>>>> user into it.
>>>>
>>>> Is there a possibility to access the servlet session within the Keycloak
>>>> context? If so, could you please share some code or point me to an API?
>>>> --
>>>>
>>>> Mit freundlichen Grüßen,
>>>>
>>>> Christian Beikov
>>>>
>>>> _______________________________________________
>>>> keycloak-dev mailing list
>>>> keycloak-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20141230/02d97f81/attachment.html 


More information about the keycloak-dev mailing list