[keycloak-user] REST -> Backend App

Bill Burke bburke at redhat.com
Fri Sep 5 13:19:09 EDT 2014 

A pure servlet filter is on the roadmap, but it wouldn't be as 
seemlessly integrated.  I'll take a look at your problem.

On 9/5/2014 11:59 AM, Red Samh wrote:
>
> Eap 6.x, it would be nice if i could generalize to any war deployed to
> to tomcat or jetty.
>
> Thanks
> Sam
>
> On Sep 5, 2014 11:51 AM, "Bill Burke" <bburke at redhat.com
> <mailto:bburke at redhat.com>> wrote:
>
>     Wildfly or JBoss EAP 6.x or JBoss AS 7.1?
>
>
>     On 9/5/2014 11:49 AM, Red Samh wrote:
>
>         Bill,
>
>         Thanks for the reply.
>
>         Yes it works when I have to call REST to another REST service
>         and any
>         number of hops. The problem is calling a full  fledged
>         application from
>         a REST service that I have the issue. When it is an application
>         that is
>         both Web App + REST and I add the authorization header (bearer)
>         I get an
>         unauthorized 401 (blackbox in the attachment).
>
>         Thanks
>         Sam
>
>
>         On Fri, Sep 5, 2014 at 11:42 AM, Bill Burke <bburke at redhat.com
>         <mailto:bburke at redhat.com>
>         <mailto:bburke at redhat.com <mailto:bburke at redhat.com>>> wrote:
>
>              Should work.  You'll have to actually describe what your
>         problem is or I
>              can't help you.  I'll take a guess though:
>
>              Keycloak doesn't propagate the Authorization bearer token
>         header
>              automatically when you have multiple REST "hops" between
>         multiple
>              servers  You'll have to obtain the access token and set up
>         the HTTP
>              header manually.  The demo customer-portal example in the
>         distro does
>              exactly this, so take a look at that for more details.
>
>              On 9/5/2014 10:58 AM, Red Samh wrote:
>               > Hello,
>               >
>               > We have an application that is protected using Keycloak
>         and a
>              user can
>               > access this application through a web front. After login
>         the user can
>               > use the functionality of the application. The
>         application is also
>               > exposed through REST API's and is protected via keycloak
>         as part
>              of the
>               > application and accessible only after login into the main
>              application.
>               >
>               > We have a
>               >
>               > (Step 1) Javascript application (retrieving data from) ->
>               >
>               > (Step 2) Business Application exposed as REST API (REST
>         API has
>              to make
>               > calls to backend Application mentioned above) ->
>               >
>               > (Step 3) BackEnd Application Server + REST API.
>               >
>               > Directly accessing the BackEnd Application Server works
>         fine but
>              when we
>               > need to call the REST API from another REST service which is
>               > authenticated via Keycloak we have issues.
>               >
>               > We used the existing sample to try and do a POC but not
>         sure what
>              is the
>               > best approach to solve this issue. The part from (Step
>         1) to (Step 2)
>               > works and the REST API is protected using BEARER token.
>         The (Step
>              2) to
>               > (Step 3) is a problem as in (Step 2) we only have the BEARER
>              token and
>               > the BackEnd Application is protected using the full keycloak
>               > configuration. So The BackEnd Application service is not
>              authenticating
>               > by sending in only the BEARER token in the header which
>         is a full
>               > keycloak installation (work as only a web service).
>               >
>               > Thanks
>               > Sam
>               >
>               >
>               > _________________________________________________
>               > keycloak-user mailing list
>               > keycloak-user at lists.jboss.org
>         <mailto:keycloak-user at lists.jboss.org>
>         <mailto:keycloak-user at lists.__jboss.org
>         <mailto:keycloak-user at lists.jboss.org>>
>               > https://lists.jboss.org/__mailman/listinfo/keycloak-user
>         <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>               >
>
>              --
>              Bill Burke
>              JBoss, a division of Red Hat
>         http://bill.burkecentral.com
>              _________________________________________________
>              keycloak-user mailing list
>         keycloak-user at lists.jboss.org
>         <mailto:keycloak-user at lists.jboss.org>
>         <mailto:keycloak-user at lists.__jboss.org
>         <mailto:keycloak-user at lists.jboss.org>>
>         https://lists.jboss.org/__mailman/listinfo/keycloak-user
>         <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
>
>
>     --
>     Bill Burke
>     JBoss, a division of Red Hat
>     http://bill.burkecentral.com
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-user mailing list