[keycloak-dev] Authorization with Springboot adapter

Pedro Igor Silva psilva at redhat.com
Fri May 19 09:01:50 EDT 2017


I've created https://issues.jboss.org/browse/KEYCLOAK-4942 after talking
with Sebastien about some issues I'm facing when trying to use a
keycloak.json file with Spring Boot Adapter.

Fell free to watch that issue for updates.

On Fri, May 19, 2017 at 8:01 AM, Pedro Igor Silva <psilva at redhat.com> wrote:

> I'm not sure. But I will check if that is possible. If so, will update
> that quickstart to use keycloak.json instead.
>
> I'm also thinking about a another quickstart to demonstrate how to protect
> APIs in Spring Boot. The one I have is pretty much related with protecting
> web applications, but we probably need another one to also demonstrate
> API/service security.
>
> On Thu, May 18, 2017 at 10:19 PM, Crafton Williams <
> crafton.williams at qut.edu.au> wrote:
>
>> Hi Pedro:
>>
>>
>>
>> This is a huge help, thanks!
>>
>>
>>
>> A few questions though...is this is the only way to implement Authz with
>> keyclaok and springboot? Is it possible to use the
>> keycloak-spring-boot-adapter along with keycloak.json configured as a
>> policy enforcer? I found it to be a very nice way of separating the
>> security concern from the code itself.
>>
>>
>>
>>
>>
>> Cheers,
>>
>>
>>
>> Crafton
>>
>>
>>
>>
>>
>> *From: *Pedro Igor Silva <psilva at redhat.com>
>> *Sent: *Friday, 19 May 2017 9:33 AM
>> *To: *Crafton Williams <crafton.williams at qut.edu.au>
>> *Cc: *keycloak-dev at lists.jboss.org
>> *Subject: *Re: [keycloak-dev] Authorization with Springboot adapter
>>
>>
>>
>> I've sent a PR [1] with a quickstart for Spring Boot. Will work with some
>> more examples covering specific features of Keycloak Authorization
>> Services.
>>
>>
>>
>> Please let me know what you think about it. It is basically a Spring Boot
>> Web application protected with simple fine-grained permissions.
>>
>>
>>
>> [1] https://github.com/keycloak/keycloak-quickstarts/pull/26
>>
>>
>>
>> Regards.
>> Pedro Igor
>>
>>
>>
>>
>>
>> On Thu, May 18, 2017 at 9:35 AM, Pedro Igor Silva <psilva at redhat.com>
>> wrote:
>>
>> Btw, you are not the first one asking for more details about Spring boot
>> integration. That is why I want to review this ....
>>
>>
>>
>> On Thu, May 18, 2017 at 9:34 AM, Pedro Igor Silva <psilva at redhat.com>
>> wrote:
>>
>> We are really missing examples and documentation to Spring Boot Adapter.
>> Will write an example/template and review docs.
>>
>>
>>
>> Can give you an answer right now because I've tested authz with spring
>> boot only a very few times. But you should not get this error at all.
>>
>>
>>
>> Will have something today.
>>
>>
>>
>>
>>
>>
>>
>> On Thu, May 18, 2017 at 3:17 AM, Crafton Williams <
>> crafton.williams at qut.edu.au> wrote:
>>
>> Hi All:
>>
>> I’m trying to configure a basic springboot app using the springboot
>> keycloak adapter. Authentication works as expected but I’m a bit confused
>> as to how to configure the policy enforcer in yaml. The documentation shows
>> configuring the policy-enforcer as a json document however the springboot
>> config implies a only policy-enforcer-config. In any case, I did try the
>> json doc but it wasn’t picked up by the adapter.
>>
>> I’m using 3.0.0.Final and tried the following in my yaml file(omitted the
>> rest of the path info for brevity):
>>
>> Policy-enforcer-config:
>>   Enforcement-mode: ENFORCING
>>   paths:
>>
>>   *   name: blah
>>
>> The exception I got was:
>>
>> org.springframework.context.ApplicationContextException: Unable to start
>> embedded container; nested exception is org.springframework.beans.factory.BeanCreationException:
>> Error creating bean with name 'tomcatEmbeddedServletContainerFactory'
>> defined in class path resource [org/springframework/boot/auto
>> configure/web/EmbeddedServletContainerAutoConfiguration$EmbeddedTomcat.class]:
>> Initialization of bean failed; nested exception is
>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
>> creating bean with name 'org.keycloak.adapters.springb
>> oot.KeycloakSpringBootConfiguration': Unsatisfied dependency expressed
>> through method 'setKeycloakSpringBootProperties' parameter 0; nested
>> exception is org.springframework.beans.factory.BeanCreationException:
>> Error creating bean with name 'keycloak-org.keycloak.adapter
>> s.springboot.KeycloakSpringBootProperties': Could not bind properties to
>> KeycloakSpringBootProperties (prefix=keycloak, ignoreInvalidFields=false,
>> ignoreUnknownFields=false, ignoreNestedProperties=false); nested exception
>> is org.springframework.beans.InvalidPropertyException: Invalid property
>> 'policyEnforcerConfig.paths[0]' of bean class
>> [org.keycloak.adapters.springboot.KeycloakSpringBootProperties]: Illegal
>> attempt to get property 'paths' threw exception; nested exception is
>> java.lang.UnsupportedOperationException
>>
>> Is there an example project somewhere that can guide me in configuring
>> the policy enforcer for the springboot adapter?
>>
>> Cheers,
>>
>> Crafton
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>


More information about the keycloak-dev mailing list