[keycloak-user] Need help configuring security constraints programmatically

Andrey Saroul andrey.saroul at gmail.com
Thu Dec 31 07:34:36 EST 2015


Hello, I'm trying to configure security for simple Spring Rest Webapp and
Keycloak.
I've configured Keycloak server 1.7.0.Final on WildFly 9.0.2 (created
realms, clients, roles, etc.). And it works just fine.
Then I created simple Spring Rest App (boot-less) to test Keycloak security
login. I generated keycloak.json file and put it in my WEB-INF folder.
Then I configured web.xml and Spring dispatcher-servlet.xml. And finally
created annotation driven security config.

protected void configure(HttpSecurity http) throws Exception {
    super.configure(http);
    http.authorizeRequests().antMatchers("/*").hasRole("tms-rest");
}

But when I try to test my web app in browser it does not redirect me to
keycloak login page. I made it work when I configured security-constraint
in web.xml.

<security-constraint>
    <web-resource-collection>
        <web-resource-name>tms</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>tms-rest</role-name>
    </auth-constraint>
</security-constraint>

<security-role>
    <role-name>tms-rest</role-name>
</security-role>


It seems to me that Spring isn't picking up my security rules from security
config bean. Is there any suggestion what am I doing wrong?
And how to be able to set config programmatically?

My app source is in attachment.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151231/26059213/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rest-app.zip
Type: application/zip
Size: 6348 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20151231/26059213/attachment.zip 


More information about the keycloak-user mailing list