[keycloak-user] Keycloak Adapter without web.xml security-constraint

Scott Rossillo srossillo at smartling.com
Thu Apr 23 10:47:17 EDT 2015 

Thanks. By implementing the Spring Security adapter, I’m able to get around this by extending RequestAuthenticator. 


> On Apr 23, 2015, at 1:55 AM, Stian Thorgersen <stian at redhat.com> wrote:
> 
> Currently Keycloak adapters are only a way of integrating existing frameworks with Keycloak so adding a event handler etc wouldn't make much sense.
> 
> We have plans on the road-map for a CDI based adapter that gives more capabilities like what you're asking for, but in the mean time you'd need to look at PicketLink, DeltaSpike, or a way to do it with standard JEE security.
> 
> ----- Original Message -----
>> From: "Scott Rossillo" <srossillo at smartling.com>
>> To: "Bill Burke" <bburke at redhat.com>
>> Cc: keycloak-user at lists.jboss.org
>> Sent: Monday, 20 April, 2015 2:50:26 AM
>> Subject: Re: [keycloak-user] Keycloak Adapter without web.xml	security-constraint
>> 
>> Could we have a hook into application code to determine if a resource should
>> be protected by Keycloak? Maybe an event handler?
>> 
>> b oolean shouldProtectResourse(HttpServletRequest)
>> 
>> On Friday, April 17, 2015, Scott Rossillo < srossillo at smartling.com > wrote:
>> 
>> 
>> 
>> I could work around that for interactive logins, but it wouldn’t work for
>> application to application requests. Do you have any pointers on where I
>> could start to manually trigger the adapter?
>> 
>> Do you think it’s a reasonable requirement to have the application determine
>> if the adapter should be triggered? I feel it’s necessary for integration
>> with applications that have to support more than one authentication
>> mechanism.
>> 
>> Let me know.
>> 
>> Thanks in advance,
>> Scott
>> 
>> 
>> On Fri, Apr 17, 2015 at 4:46 PM, Bill Burke < bburke at redhat.com > wrote:
>> 
>> 
>> Our adapters need a security constraint or they won't be triggered.
>> 
>> On 4/17/2015 4:34 PM, Scott Rossillo wrote:
>>> When using a security mechanism, such as Spring Security, it’s possible
>>> that multiple security mechanisms are in place or that only parts of an
>>> application are secured via Keycloak, not a blanket path (e.g. /api/*).
>>> 
>>> What I’m trying to do is use the Spring’s authentication entrypoint to
>>> direct to Keycloak (this part work somewhat) and have the Keycloak
>>> adapter pick up from there (not working).
>>> 
>>> What’s the best way to handle this?
>>> 
>>> Thanks,
>>> Scott
>>> 
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>> 
>> 
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> 
>> 
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list