[keycloak-dev] Keycloak 6.0.1 and Spring(boot-starter-security) 2.1.7.RELEASE on WildFly not working
Sebastien Blanc
sblanc at redhat.com
Fri Aug 23 11:43:27 EDT 2019
Hi Carsten !
Happy you you try out my examples ;)
If you believe this is a bug, please open a bug in Jira and even better if
you have some ideas on how to fix this don't be shy and propose a Pull
Request. Anyway, on the ticket, try to share a reproducible example so that
we can work on it all together.
Sebi
On Fri, Aug 23, 2019 at 5:19 PM Carsten Rudat <Carsten.Rudat at faktorzehn.de>
wrote:
> Hi Keycloak-Dev,
>
> first of all: awesome product, I like it very much; it’s really feature
> rich!
>
> My current goal/challenge: I have a vaadin-8 application running on
> WildFly 17. It uses spring-security (old one..) and I successfully used
> Keycloak with JeePreAuthSecurityConfig.
>
> Now, I’m a fan of Keycloak SSO and I want to use the KeycloakRestTemplate.
> Therefore I tried to change to Spring-Web-Security with Keycloak. I
> followed Sebis products-app (monkey-see-monkey-do) and picket
> spring-boot-starter-security:2.1.7.RELEASE and the newes
> Keycloak-spring-security-adapter:6.0.1.
>
> Running my app on http://localhost:8081/myContentRoot/myVaadinView ,
> Keycloak kicks in an redirects me to the Keycloak login. That redirects me
> to ../myVaadinView/sso/login with some state parameters. But here the
> success-story ends: I’m not redirected to “myVaadinView” as expected, but
> to “myContentRoot/”, where I am rejected with HTTP-Status 403 ☹
>
> Debugging the whole thing twice (Sebis Spring-boot Tomcat- and my WildFly
> Undertow-container), I found
> org.springframework.security.web.authentication.
> SavedRequestAwareAuthenticationSuccessHandler#onAuthenticationSuccess where
> Spring-Web-Security tries to find the original request. On WildFly this
> *always* fails, because
> org.keycloak.adapters.OAuthRequestAuthenticator#resolveCode creates a new
> HTTP-Session (reqAuthenticator.changeHttpSessionId(true)).
> On Tomcat that works (I think this is a bug in Tomcat) because
> request.getSession(true) returns the current session, if it exists and is
> valid (org.apache.catalina.connector.Request.doGetSession(boolean)).
>
> How could I deal with that? It seems to be a bug or a design problem to
> get the old request from the session vs. creating a new one.
>
> Carsten
>
>
>
> ----------------------------------------------------------------------------------
>
> Faktor Zehn GmbH Sitz der Gesellschaft: Muenchen Registernummer:
> HRB 242535 Registergericht: Amtsgericht Muenchen
> Geschaeftsfuehrung: Dr. Florian Schwandt, Joerg Renger
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list