[keycloak-dev] KeycloakSecurityContext serialization issue
Leonardo Loch Zanivan
leonardo.zanivan at gmail.com
Tue Apr 21 11:46:43 EDT 2015
Serialization works fine with BearerRequestAuthentication or
Bearer/DirectLoginModule. The only problem is
In RequestAuthentication.java, RefreshableKeycloakSecurityContext is
created with Bearer.getTokenString(), but token string has Basic Auth
credentials instead of access token.
I'll create a JIRA for this.
On Tue, Apr 21, 2015 at 4:17 AM Marek Posolda <mposolda at redhat.com> wrote:
> That's strange, serialization and deserialization of
> KeycloakSecurityContext should work fine. KeycloakSecurityContext actually
> uses java custom serialization (it implements writeObject and readObject
> methods). So during deserialization it calls readObject and creates
> AccessToken and IDToken from the base64 encoded token. This works fine in
> cluster and we also have the test for it:
> If you still seeing issues and you think that it's bug, feel free to
> create JIRA. But please add the exact steps to reproduce to the JIRA.
> On 21.4.2015 00:50, Leonardo Loch Zanivan wrote:
> I'm facing a problem while deserializing KeycloakSecurityContext of a
> Basic Auth KeycloakAccount.
> KeycloakSecurityContext stores Basic Auth base64 token instead of Access
> Token, so deserialization code fail!
> *String parts = encoded.split("\\."); if (parts.length < 2 ||
> parts.length > 3) throw new IllegalArgumentException("Parsing error");*
> keycloak-dev mailing listkeycloak-dev at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-dev
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the keycloak-dev