[keycloak-user] How to secure JAX-RS service based on reasteasy running on undertow

Marek Posolda mposolda at redhat.com
Mon Apr 14 03:56:49 EDT 2014 

On 14.4.2014 09:18, Davide Ungari wrote:
> Hi Marek,
> I worked on it during the weekend.
>
> Now my problem is the header like: Authorization: Bearer 
> <your_access_token> .
>
> I'm running the frontend on Tomcat, I made an adapter for it 
> https://github.com/ungarida/keycloak/, I adapted AS7.
>
> Now I can not figure out how to retrieve the access token to include 
> it in the JS that call the JAX-RS service.
If your frontend is JEE application, then you can use something like 
this example is doing 
https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L46 
. Note that KeycloakSecurityContext is added automatically to request by 
the adapter of your frontend application (In this case customer-portal 
application, which is just simple servlet JEE application). So you need 
to make sure that your Tomcat adapter is adding it as well.

You can take a deeper look at existing examples and try them on AS7 for 
inspiration. I think that your Tomcat adapter should be quite similar to 
the already existing AS7 adapter as AS7 is using jboss-web, which is 
defacto Tomcat stuff:-)

Marek
>
>
>
> --
> Davide
>
>
> On Mon, Apr 14, 2014 at 8:44 AM, Marek Posolda <mposolda at redhat.com 
> <mailto:mposolda at redhat.com>> wrote:
>
>     Hi Davide,
>
>     I think that this exactly is already addressed by our examples.
>     You can take a look especially at this example
>     https://github.com/keycloak/keycloak/tree/master/examples/demo-template/database-service
>     which is JAX-RS service service based on resteasy, which requires
>     Bearer token authentication, so all requests sent to it from
>     "frontend" applications like "customer-portal" or "product-portal"
>     need to contain header like: Authorization: Bearer
>     <your_access_token> .
>
>     You can try existing set of examples to see how it all works
>     together. See instructions in README files under
>     https://github.com/keycloak/keycloak/tree/master/examples/demo-template
>
>     Marek
>
>
>     On 12.4.2014 10:58, Davide Ungari wrote:
>>     Hi everybody,
>>     I configured keycloak with mongodb,
>>     then I secured frontend on Tomcat making an adapter.
>>
>>     I need to secure backend, it is an JAX-RS service based on
>>     resteasy and running on undertow.
>>
>>     I do not use EJB so I need some help to figure out the best way
>>     to implement security with keycloak in my scenario.
>>
>>     Suggestions?
>>
>>     --
>>     Davide
>>
>>
>>     _______________________________________________
>>     keycloak-user mailing list
>>     keycloak-user at lists.jboss.org  <mailto:keycloak-user at lists.jboss.org>
>>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140414/5f2396fc/attachment.html

More information about the keycloak-user mailing list