[keycloak-user] How touser Servlet OAuth Client
Bill Burke
bburke at redhat.com
Thu Apr 23 12:34:22 EDT 2015
Please read this:
http://docs.jboss.org/keycloak/docs/1.2.0.Beta1/userguide/html/ch08.html#jboss-adapter
add a @SecurityDomain("keycloak") to your EJB and it will pick up the
Keylcoak context.
On 4/23/2015 12:16 PM, Marek Posolda wrote:
> You're not wrong. With ServletOAuthClient you have control when you
> redirect user to the KC login screen. But you're completely independent
> on Wildfly container security layers, hence no propagation to EJB layer.
>
> If ServletOAuthClient is good for you, depends on the usecase you want
> to achieve. Maybe it is better for you to add some security-constraints
> URL to your web.xml (for example "/my-protected-url") and you will
> redirect your application to /my-protected-url (with
> httpResponse.sendRedirect) whenever you want your application to be
> logged with keycloak. Then once KC authentication is finished and your
> application will visit "/my-protected-url" as authenticated user, you
> will redirect back to the original URL before authentication.
>
> Not sure if EJB propagation will happen once you're authenticated, but
> visit unprotected URL though... But at least you can give it a shot.
>
> Marek
>
> On 23.4.2015 15:35, Jérôme Blanchard wrote:
>> Hi,
>> I wonder that the Servlet OAuth Client won't propagate authentication
>> to wildfy EJB layer... Am I wrong ?
>> Jérôme.
>>
>> Le mar. 21 avr. 2015 à 18:13, Marek Posolda <mposolda at redhat.com
>> <mailto:mposolda at redhat.com>> a écrit :
>>
>> You can take a look at our examples for how to use
>> ServletOAuthClient. Hopefully it could help with your usecase:
>> https://github.com/keycloak/keycloak/tree/master/examples/demo-template/third-party
>> https://github.com/keycloak/keycloak/tree/master/examples/demo-template/third-party-cdi
>>
>> Marek
>>
>>
>> On 21.4.2015 12:14, Jérôme Blanchard wrote:
>>> Hi all,
>>>
>>> I'm trying to protect a servlet application which can be accessed
>>> either as anonymous user and as authenticated user. Some
>>> resources are protected and my application takes in charge the
>>> access control (not role based) so I can't use the war protection
>>> using role user constraint.
>>> In this case I've removed the role constraint in the web.xml and
>>> the keycloak wildfly (undertow) adapter let me access the
>>> application as unauthentified user (anonymous) which is perfect.
>>> What I want to handle on some AccessDeniedException is to
>>> redirect the user to the authentication server manually. In this
>>> case, user authentified an come back to the protected URL but is
>>> no more anonymous but a authentified user.
>>> Is ther is a way to handle this redirection to the authentication
>>> server manually (I don't know where to store the state variable
>>> allowing keycloak wildfly adapter to handle properly the auth
>>> redirect that include the code).
>>>
>>> Best regards, Jérôme.
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list