[keycloak-user] keycloak and spring security
Scott Rossillo
srossillo at smartling.com
Tue Aug 2 12:32:55 EDT 2016
Ah, I misread. Ok, so you need to configure the Spring security filters to protected the wicket app.
Probably something like the DelegatingFilterProxy:
http://docs.spring.io/spring-security/site/docs/4.1.1.RELEASE/reference/htmlsingle/#delegating-filter-proxy
Scott Rossillo
Smartling | Senior Software Engineer
srossillo at smartling.com
> On Aug 2, 2016, at 3:37 AM, Robert van Loenhout <r.vanloenhout at greenvalley.nl> wrote:
>
> Thanks for the links Scott. Although I am not actually using spring boot with wicket at the moment.
> Still…. this might come in handy.
>
>
> From: Scott Rossillo [mailto:srossillo at smartling.com]
> Sent: 02 August 2016 00:07
> To: Robert van Loenhout <r.vanloenhout at greenvalley.nl>
> Cc: keycloak-user at lists.jboss.org
> Subject: Re: [keycloak-user] keycloak and spring security
>
> Seems the Spring Security filter chain isn’t being invoked on requests to the WicketServlet.
>
> Spring Boot is very opinionated about how it does things so I’m not entirely sure what the best approach is. However, I did find a boot starer for wicket[0] that provides some information on
> using Spring Security + Wicket[1].
>
> [0]: https://github.com/MarcGiffing/wicket-spring-boot <https://github.com/MarcGiffing/wicket-spring-boot>
> [1]: https://github.com/MarcGiffing/wicket-spring-boot#extension-spring-security <https://github.com/MarcGiffing/wicket-spring-boot#extension-spring-security>
>
>
> Scott Rossillo
> Smartling | Senior Software Engineer
> srossillo at smartling.com <mailto:srossillo at smartling.com>
>
> On Aug 1, 2016, at 10:09 AM, Robert van Loenhout <r.vanloenhout at greenvalley.nl <mailto:r.vanloenhout at greenvalley.nl>> wrote:
>
> I’m trying to create a test application using spring and wicket (without spring boot). I’m unable to trigger any authentication redirect.
> I have added a SecurityConfig class as specified by the manual, and it’s been picked up by Spring.
> For example my configure method is called
>
> @Override
> protected void configure(HttpSecurity http) throws Exception {
> super.configure(http);
> http.authorizeRequests().anyRequest().authenticated();
> }
>
> However whatever page I call it is returned without taking any security into account.
>
> This is my web.xml
>
> <servlet>
> <servlet-name>wicket</servlet-name>
> <servlet-class>org.apache.wicket.protocol.http.WicketServlet</servlet-class>
> <init-param>
> <param-name>applicationFactoryClassName</param-name>
> <param-value>org.apache.wicket.spring.SpringWebApplicationFactory</param-value>
> </init-param>
> <init-param>
> <param-name>applicationBean</param-name>
> <param-value>wicketApplication</param-value>
> </init-param>
> <load-on-startup>1</load-on-startup>
> </servlet>
>
> <servlet-mapping>
> <servlet-name>wicket</servlet-name>
> <url-pattern>/*</url-pattern>
> </servlet-mapping>
>
> <context-param>
> <param-name>contextConfigLocation</param-name>
> <param-value>/WEB-INF/applicationContext.xml</param-value>
> </context-param>
>
> <listener>
> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
> </listener>
>
> The applicationContext does a component-scan.
> Did I miss something that I need to add?
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user <https://lists.jboss.org/mailman/listinfo/keycloak-user>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160802/566d89cb/attachment-0001.html
More information about the keycloak-user
mailing list