[keycloak-user] Spring boot + keycloak

Sebastien Blanc sblanc at redhat.com
Mon Dec 12 04:54:53 EST 2016


Hi,
Did you also added the SpringBoot Keycloak Adapter ? In this case it will
look for the configuration in application.properties but on the other side
the Spring Security won't work, so you have 2 options :
- Remove the SpringBoot adapter
- Or tell the SpringSecurity it has to use the SpringBoot Config resolver.
Add this in your SecurityConfig class :

@Bean
    public KeycloakConfigResolver KeycloakConfigResolver(){
       return new KeycloakSpringBootConfigResolver();
    }
FYI We have a ticket to make this integration seamless
https://issues.jboss.org/browse/KEYCLOAK-4054?filter=12329075


On Mon, Dec 12, 2016 at 10:46 AM, Ondra Pala <pala.ondra at gmail.com> wrote:

> Hello We use this example: https://github.com/foo4u/keycloak-spring-demo
> (for Spring boot and Keycloak)
>
> I have keycloak.json(realm in this file exists) file in my WEB-INF folder,
> but when I run my application, I get exception:
>
> java.lang.RuntimeException: Must set 'realm' in config
>
> Full stack of this exception:
>
> java.lang.RuntimeException: Must set 'realm' in config
>     at
> org.keycloak.adapters.KeycloakDeploymentBuilder.internalBuild(
> KeycloakDeploymentBuilder.java:53)
>
> ~[keycloak-adapter-core-2.4.0.Final.jar:2.4.0.Final]
>      at
> org.keycloak.adapters.KeycloakDeploymentBuilder.build(
> KeycloakDeploymentBuilder.java:152)
>
> ~[keycloak-adapter-core-2.4.0.Final.jar:2.4.0.Final]
>      at
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(
> KeycloakSpringBootConfigResolver.java:37)
>
> ~[keycloak-spring-boot-adapter-2.4.0.Final.jar:2.4.0.Final]
>      at
> org.keycloak.adapters.AdapterDeploymentContext.resolveDeployment(
> AdapterDeploymentContext.java:88)
>
> ~[keycloak-adapter-core-2.4.0.Final.jar:2.4.0.Final]
>     at
> org.keycloak.adapters.PreAuthActionsHandler.preflightCors(
> PreAuthActionsHandler.java:107)
>
> ~[keycloak-adapter-core-2.4.0.Final.jar:2.4.0.Final]
>     at
> org.keycloak.adapters.PreAuthActionsHandler.handleRequest(
> PreAuthActionsHandler.java:79)
>
> ~[keycloak-adapter-core-2.4.0.Final.jar:2.4.0.Final]
>      at
> org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.invoke(
> AbstractKeycloakAuthenticatorValve.java:183)
>
> ~[keycloak-tomcat-core-adapter-2.4.0.Final.jar:2.4.0.Final]
>      at
> org.apache.catalina.core.StandardHostValve.invoke(
> StandardHostValve.java:140)
>
> ~[tomcat-embed-core-8.5.5.jar:8.5.5]
>      at
> org.apache.catalina.valves.ErrorReportValve.invoke(
> ErrorReportValve.java:79)
>
> [tomcat-embed-core-8.5.5.jar:8.5.5]
>      at
> org.apache.catalina.core.StandardEngineValve.invoke(
> StandardEngineValve.java:87)
>
> [tomcat-embed-core-8.5.5.jar:8.5.5]
>      at
> org.apache.catalina.connector.CoyoteAdapter.service(
> CoyoteAdapter.java:349)
> [tomcat-embed-core-8.5.5.jar:8.5.5]
>      at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:784)
> [tomcat-embed-core-8.5.5.jar:8.5.5]
>      at
> org.apache.coyote.AbstractProcessorLight.process(
> AbstractProcessorLight.java:66)
>
> [tomcat-embed-core-8.5.5.jar:8.5.5]
>      at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(
> AbstractProtocol.java:802)
>
> [tomcat-embed-core-8.5.5.jar:8.5.5]
>      at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.
> doRun(NioEndpoint.java:1410)
>
> [tomcat-embed-core-8.5.5.jar:8.5.5]
>      at
> org.apache.tomcat.util.net.SocketProcessorBase.run(
> SocketProcessorBase.java:49)
>
> [tomcat-embed-core-8.5.5.jar:8.5.5]
>      at
> java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
>
> [na:1.8.0_101]
>      at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
>
> [na:1.8.0_101]
>      at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(
> TaskThread.java:61)
>
> [tomcat-embed-core-8.5.5.jar:8.5.5]
>      at java.lang.Thread.run(Thread.java:745) [na:1.8.0_101]
>
> Our configuration of security looks like:
>
> /**
>  * Application security configuration.
>  *
>  *
>  * @author Scott Rossillo
>  */
> @Configuration
> @EnableWebSecurity
> @ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
> public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter
> {
>
>     @Autowired
>     public void configureGlobal(AuthenticationManagerBuilder auth)
> throws Exception {
>         auth
> .authenticationProvider(keycloakAuthenticationProvider());
>     }
>
>     @Autowired
>     public KeycloakClientRequestFactory keycloakClientRequestFactory;
>
>     @Bean
>     public CacheControlHandlerInterceptor
> cacheControlHandlerInterceptor() {
>         return new CacheControlHandlerInterceptor();
>     }
>
>
>     @Bean
>     public FilterRegistrationBean
> keycloakAuthenticationProcessingFilterRegistrationBean(
>             KeycloakAuthenticationProcessingFilter filter) {
>         FilterRegistrationBean registrationBean = new
> FilterRegistrationBean(filter);
>         registrationBean.setEnabled(false);
>         return registrationBean;
>     }
>
>     @Bean
>     public FilterRegistrationBean
> keycloakPreAuthActionsFilterRegistrationBean(
>             KeycloakPreAuthActionsFilter filter) {
>         FilterRegistrationBean registrationBean = new
> FilterRegistrationBean(filter);
>         registrationBean.setEnabled(false);
>         return registrationBean;
>     }
>
>
>     @Bean
>     @Scope(ConfigurableBeanFactory.SCOPE_PROTOTYPE)
>     public KeycloakRestTemplate keycloakRestTemplate() {
>         return new KeycloakRestTemplate(keycloakClientRequestFactory);
>     }
>
>     @Bean
>     @Override
>     protected SessionAuthenticationStrategy
> sessionAuthenticationStrategy() {
>          return new RegisterSessionAuthenticationStrategy(new
> SessionRegistryImpl());
>     }
>
>     @Override
>     protected void configure(HttpSecurity http) throws Exception
>     {
>         System.out.println("config");
>         super.configure(http);
>         http
>                 .authorizeRequests()
>                 .antMatchers("/*").denyAll();
>     }
>
> }
>
>
> Can you please tell me, where it could by mistake.
>
> Thanks for your answer and time.
>
> Ondrej Pala
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list