[keycloak-dev] Run keycloak client with annotations
Michal Hajas
mhajas at redhat.com
Fri Sep 25 09:09:36 EDT 2015
Ok now It is working https://github.com/mhajas/keycloak_annotations/commit/a3916bdf5eaeb8a7ae62124b882ad3e0ec6ee200 , but isn't there possibility to use annotation without security constraint and login-config/auth-method in web.xml?
I thought that annotation @SecurityDomain("keycloak") triggers keycloak adapter. Now It is working without @SecurityDomain and even without declaring roles, and works correctly because I have to have keycloak_admin role to access page, is it correct?
----- Original Message -----
From: "Bill Burke" <bburke at redhat.com>
To: keycloak-dev at lists.jboss.org
Sent: Friday, September 25, 2015 2:43:07 PM
Subject: Re: [keycloak-dev] Run keycloak client with annotations
You have to
1) Define a security constraint in web.xml. If you don't do this, then
the keycloak adapter won't be triggered. (Its the same for regular
servlet security + Resteasy)
2) Configure the EJB security domain:
<security-domain name="keycloak">
<authentication>
<login-module
code="org.keycloak.adapters.jboss.KeycloakLoginModule"
flag="required"/>
</authentication>
</security-domain>
On 9/25/2015 7:51 AM, Michal Hajas wrote:
> Sorry I forgot to write it in first email, yes without annotations It works correctly.
>
> ----- Original Message -----
> From: "Stian Thorgersen" <sthorger at redhat.com>
> To: "Michal Hajas" <mhajas at redhat.com>
> Sent: Friday, September 25, 2015 1:45:47 PM
> Subject: Re: [keycloak-dev] Run keycloak client with annotations
>
> Can you try without the @RolesAllowed and instead with a security
> constraint in web.xml? Just to confirm that the user has the correct roles,
> client has correct scope, etc.
>
> On 25 September 2015 at 13:22, Michal Hajas <mhajas at redhat.com> wrote:
>
>> If you mean the configuration in standalone.xml then yes, It's the same
>> with demo-dist that have keycloak adapter preconfigured.
>>
>> I enclosed my standalone.xml from wildfly 9 container.
>>
>> Michal.
>>
>> ----- Original Message -----
>> From: "Stian Thorgersen" <sthorger at redhat.com>
>> To: "Michal Hajas" <mhajas at redhat.com>
>> Cc: "keycloak-dev" <keycloak-dev at lists.jboss.org>
>> Sent: Friday, September 25, 2015 1:08:28 PM
>> Subject: Re: [keycloak-dev] Run keycloak client with annotations
>>
>> Did you add the keycloak security domain as described in docs?
>>
>> On 25 September 2015 at 12:14, Michal Hajas <mhajas at redhat.com> wrote:
>>
>>> Hi,
>>>
>>> I tried to run keycloak client with annotations $SecurityDomain,
>>> @RolesAllowed etc. ( https://github.com/mhajas/keycloak_annotations )
>>>
>>> Maybe It is just my mistake, I am not an expert in RestFul services and
>>> EJB, but I tried lot of configurations and always ends up with some
>> error,
>>> mostly with:
>>>
>>> failed to execute: javax.ws.rs.ForbiddenException: HTTP 403 Forbidden
>>> at
>>>
>> org.jboss.resteasy.plugins.interceptors.RoleBasedSecurityFilter.filter(RoleBasedSecurityFilter.java:45)
>>>
>>> I have configured my keycloak adapter correctly according to
>>> http://keycloak.github.io/docs/userguide/html/ch08.html#jboss-adapter
>> but
>>> I don't know how to configure web.xml. What can be replaced with
>>> annotations and what should be preserved.
>>>
>>> I tried both relative and un-relative scenario.
>>>
>>> So question is what is wrong with my client?
>>>
>>> P.S. I think there might be an example with annotation.
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list