[keycloak-user] How touser Servlet OAuth Client

Bill Burke bburke at redhat.com
Thu Apr 23 12:34:22 EDT 2015


Please read this:

http://docs.jboss.org/keycloak/docs/1.2.0.Beta1/userguide/html/ch08.html#jboss-adapter

add a @SecurityDomain("keycloak") to your EJB and it will pick up the 
Keylcoak context.

On 4/23/2015 12:16 PM, Marek Posolda wrote:
> You're not wrong. With ServletOAuthClient you have control when you
> redirect user to the KC login screen. But you're completely independent
> on Wildfly container security layers, hence no propagation to EJB layer.
>
> If ServletOAuthClient is good for you, depends on the usecase you want
> to achieve. Maybe it is better for you to add some security-constraints
> URL to your web.xml  (for example "/my-protected-url") and you will
> redirect your application to /my-protected-url (with
> httpResponse.sendRedirect) whenever you want your application to be
> logged with keycloak. Then once KC authentication is finished and your
> application will visit "/my-protected-url" as authenticated user, you
> will redirect back to the original URL before authentication.
>
> Not sure if EJB propagation will happen once you're authenticated, but
> visit unprotected URL though... But at least you can give it a shot.
>
> Marek
>
> On 23.4.2015 15:35, Jérôme Blanchard wrote:
>> Hi,
>> I wonder that the Servlet OAuth Client won't propagate authentication
>> to wildfy EJB layer... Am I wrong ?
>> Jérôme.
>>
>> Le mar. 21 avr. 2015 à 18:13, Marek Posolda <mposolda at redhat.com
>> <mailto:mposolda at redhat.com>> a écrit :
>>
>>     You can take a look at our examples for how to use
>>     ServletOAuthClient. Hopefully it could help with your usecase:
>>     https://github.com/keycloak/keycloak/tree/master/examples/demo-template/third-party
>>     https://github.com/keycloak/keycloak/tree/master/examples/demo-template/third-party-cdi
>>
>>     Marek
>>
>>
>>     On 21.4.2015 12:14, Jérôme Blanchard wrote:
>>>     Hi all,
>>>
>>>     I'm trying to protect a servlet application which can be accessed
>>>     either as anonymous user and as authenticated user. Some
>>>     resources are protected and my application takes in charge the
>>>     access control (not role based) so I can't use the war protection
>>>     using role user constraint.
>>>     In this case I've removed the role constraint in the web.xml and
>>>     the keycloak wildfly (undertow) adapter let me access the
>>>     application as unauthentified user (anonymous) which is perfect.
>>>     What I want to handle on some AccessDeniedException is to
>>>     redirect the user to the authentication server manually. In this
>>>     case, user authentified an come back to the protected URL but is
>>>     no more anonymous but a authentified user.
>>>     Is ther is a way to handle this redirection to the authentication
>>>     server manually (I don't know where to store the state variable
>>>     allowing keycloak wildfly adapter to handle properly the auth
>>>     redirect that include the code).
>>>
>>>     Best regards, Jérôme.
>>>
>>>
>>>     _______________________________________________
>>>     keycloak-user mailing list
>>>     keycloak-user at lists.jboss.org  <mailto:keycloak-user at lists.jboss.org>
>>>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-user mailing list