[keycloak-user] Keycloak Adapter without web.xml security-constraint

Stian Thorgersen stian at redhat.com
Thu Apr 23 01:55:52 EDT 2015 

Currently Keycloak adapters are only a way of integrating existing frameworks with Keycloak so adding a event handler etc wouldn't make much sense.

We have plans on the road-map for a CDI based adapter that gives more capabilities like what you're asking for, but in the mean time you'd need to look at PicketLink, DeltaSpike, or a way to do it with standard JEE security.

----- Original Message -----
> From: "Scott Rossillo" <srossillo at smartling.com>
> To: "Bill Burke" <bburke at redhat.com>
> Cc: keycloak-user at lists.jboss.org
> Sent: Monday, 20 April, 2015 2:50:26 AM
> Subject: Re: [keycloak-user] Keycloak Adapter without web.xml	security-constraint
> 
> Could we have a hook into application code to determine if a resource should
> be protected by Keycloak? Maybe an event handler?
> 
> b oolean shouldProtectResourse(HttpServletRequest)
> 
> On Friday, April 17, 2015, Scott Rossillo < srossillo at smartling.com > wrote:
> 
> 
> 
> I could work around that for interactive logins, but it wouldn’t work for
> application to application requests. Do you have any pointers on where I
> could start to manually trigger the adapter?
> 
> Do you think it’s a reasonable requirement to have the application determine
> if the adapter should be triggered? I feel it’s necessary for integration
> with applications that have to support more than one authentication
> mechanism.
> 
> Let me know.
> 
> Thanks in advance,
> Scott
> 
> 
> On Fri, Apr 17, 2015 at 4:46 PM, Bill Burke < bburke at redhat.com > wrote:
> 
> 
> Our adapters need a security constraint or they won't be triggered.
> 
> On 4/17/2015 4:34 PM, Scott Rossillo wrote:
> > When using a security mechanism, such as Spring Security, it’s possible
> > that multiple security mechanisms are in place or that only parts of an
> > application are secured via Keycloak, not a blanket path (e.g. /api/*).
> > 
> > What I’m trying to do is use the Spring’s authentication entrypoint to
> > direct to Keycloak (this part work somewhat) and have the Keycloak
> > adapter pick up from there (not working).
> > 
> > What’s the best way to handle this?
> > 
> > Thanks,
> > Scott
> > 
> > 
> > 
> > 
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > 
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> 
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list