[keycloak-dev] Spring Security for Keycloak Contribution

Scott Rossillo srossillo at smartling.com
Tue Apr 21 10:54:08 EDT 2015

Yes, the pure Spring Security adapter will heavily use adapter-core and be configurable with keycloak.json by default.

Hope to have a PR at end of week for discussion.


> On Apr 21, 2015, at 2:47 AM, Stian Thorgersen <stian at redhat.com> wrote:
> It's been years since I last looked at Spring, so I'm not the person to ask ;)
> It sounds like the pure Spring Security Adapter is the better option. You should at try to use code from integration/adapter-core module as that's used as the core for all our current Java based adapters. Also, it should be configurable by supplying a keycloak.json file.
> ----- Original Message -----
>> From: "Scott Rossillo" <srossillo at smartling.com>
>> To: "Stian Thorgersen" <stian at redhat.com>
>> Cc: "keycloak-dev" <keycloak-dev at lists.jboss.org>
>> Sent: Tuesday, 21 April, 2015 1:02:28 AM
>> Subject: Re: [keycloak-dev] Spring Security for Keycloak Contribution
>> Hi,
>> There are two different approaches here. The project I mentioned still relies
>> on a Keycloak adapter being present in the servlet container. It’s not quite
>> the final product I need but it would be useful to people who can declare
>> their protected resources in web.xml.
>> What I’m working on now is a Keycloak adapter-less Spring Security
>> integration. Basically, it’s a Keycloak Spring Security Adapter that can
>> stand on it’s own and protect resources based on the Spring Security
>> configuration. It’s this latter implementation that I believe has the most
>> value.
>> Question for you: Do you want to see both approaches covered or is one
>> approach more in line with the Keycloak project’s goals?
>> In my option, the latter, Keycloak Spring Security Adapter, is of more value,
>> but please let me know your thoughts.
>> Thanks in advance,
>> Scott
>>> On Apr 16, 2015, at 9:24 AM, Stian Thorgersen <stian at redhat.com> wrote:
>>> If you can prepare a PR for it that'd be great. Please add a
>>> 'spring-security' module within the integration module where all the other
>>> adapters live. Also, to create a distribution archive for the adapter
>>> please add a module inside distribution that packages it up (look at
>>> existing modules there for a reference).
>>> ----- Original Message -----
>>>> From: "Scott Rossillo" <srossillo at smartling.com>
>>>> To: "keycloak-dev" <keycloak-dev at lists.jboss.org>
>>>> Sent: Thursday, April 16, 2015 3:08:13 PM
>>>> Subject: [keycloak-dev] Spring Security for Keycloak Contribution
>>>> Good morning,
>>>> As I mentioned a few days ago on the users mailing list, we developed an
>>>> integration between the Keycloak Adapter and Spring Security. The
>>>> announcement can be found here:
>>>> http://lists.jboss.org/pipermail/keycloak-user/2015-April/001992.html
>>>> The code is here:
>>>> http://smartling.github.io/spring-security-keycloak/
>>>> Would you be interested in either:
>>>> 1. Us contributing the code to the Keycloak project or
>>>> 2. You integrating the code into the Keycloak project
>>>> We released the code under the Apache 2.0 license to be compatible with
>>>> the
>>>> Keycloak project. Let me know your thoughts.
>>>> Best,
>>>> Scott
>>>> _______________________________________________
>>>> keycloak-dev mailing list
>>>> keycloak-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list