[keycloak-user] Spring boot + keycloak
Sebastien Blanc
sblanc at redhat.com
Tue Dec 13 08:16:53 EST 2016
I can still not reproduce it, could you file a jira ticket please ?
On Tue, Dec 13, 2016 at 8:47 AM, Ondra Pala <pala.ondra at gmail.com> wrote:
> Wildfly in version:2.0.10.Final
>
> 2016-12-12 17:12 GMT+01:00 Sebastien Blanc <sblanc at redhat.com>:
>
>> Do you have many a simple project that you can share with us on github
>> (your modified version of https://github.com/foo4u/keycloak-spring-demo
>> for instance) ?
>>
>> And can you also say which version of Wildfly you are using ?
>>
>>
>>
>> On Mon, Dec 12, 2016 at 3:48 PM, Ondra Pala <pala.ondra at gmail.com> wrote:
>>
>>> War in Wildfly ...
>>>
>>> 2016-12-12 15:45 GMT+01:00 Sebastien Blanc <sblanc at redhat.com>:
>>>
>>>> Are you running your Spring Boot app standalone or do you deploy a war
>>>> in Wildfly/EAP ?
>>>>
>>>> On Mon, Dec 12, 2016 at 3:43 PM, Ondra Pala <pala.ondra at gmail.com>
>>>> wrote:
>>>>
>>>>> Thanks you are right, but now I get exception:
>>>>>
>>>>> There was an unexpected error (type=Internal Server Error, status=500).
>>>>> loader constraint violation in interface itable initialization: when
>>>>> resolving method "org.keycloak.adapters.springs
>>>>> ecurity.facade.SimpleHttpFacade.getRequest()Lorg/keycloak/ad
>>>>> apters/spi/HttpFacade$Request;" the class loader (instance of
>>>>> org/jboss/modules/ModuleClassLoader) of the current class,
>>>>> org/keycloak/adapters/springsecurity/facade/SimpleHttpFacade, and the
>>>>> class loader (instance of org/jboss/modules/ModuleClassLoader) for
>>>>> interface org/keycloak/adapters/spi/HttpFacade have different Class
>>>>> objects for the type org/keycloak/adapters/spi/HttpFacade$Request
>>>>> used in the signature
>>>>>
>>>>>
>>>>>
>>>>> 2016-12-12 13:54 GMT+01:00 Sebastien Blanc <sblanc at redhat.com>:
>>>>>
>>>>>> But have you moved your keycloak config to applciation.properties
>>>>>> instead of using keycloak.json ? If you want to keep the keycloak.json,
>>>>>> just remove the SpringBoot Keycloak adapter dependency and it should be
>>>>>> also good.
>>>>>>
>>>>>> On Mon, Dec 12, 2016 at 12:38 PM, Ondra Pala <pala.ondra at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> My pom.xml file looks like:
>>>>>>>
>>>>>>> <!-- Spring boot - HTML templates -->
>>>>>>> <dependency>
>>>>>>> <groupId>org.springframework.boot</groupId>
>>>>>>> <artifactId>spring-boot-starter-thymeleaf</artifactId>
>>>>>>> </dependency>
>>>>>>>
>>>>>>> <!-- Spring boot - developers tools -->
>>>>>>> <dependency>
>>>>>>> <groupId>org.springframework.boot</groupId>
>>>>>>> <artifactId>spring-boot-devtools</artifactId>
>>>>>>> <optional>true</optional>
>>>>>>> </dependency>
>>>>>>>
>>>>>>> <!-- Spring boot - for deploying Spring boot application to Apache
>>>>>>> Tomcat -->
>>>>>>> <dependency>
>>>>>>> <groupId>org.springframework.boot</groupId>
>>>>>>> <artifactId>spring-boot-starter-tomcat</artifactId>
>>>>>>> <scope>provided</scope>
>>>>>>> </dependency>
>>>>>>>
>>>>>>> <!-- Spring boot security and actuator -->
>>>>>>> <dependency>
>>>>>>> <groupId>org.springframework.boot</groupId>
>>>>>>> <artifactId>spring-boot-starter-security</artifactId>
>>>>>>> </dependency>
>>>>>>> <dependency>
>>>>>>> <groupId>org.springframework.boot</groupId>
>>>>>>> <artifactId>spring-boot-starter-actuator</artifactId>
>>>>>>> </dependency>
>>>>>>>
>>>>>>> <!-- LDAP -->
>>>>>>> <dependency>
>>>>>>> <groupId>org.springframework.security</groupId>
>>>>>>> <artifactId>spring-security-ldap</artifactId>
>>>>>>> </dependency>
>>>>>>> <dependency>
>>>>>>> <groupId>org.apache.directory.server</groupId>
>>>>>>> <artifactId>apacheds-server-jndi</artifactId>
>>>>>>> <version>${apacheds.version}</version>
>>>>>>> </dependency>
>>>>>>>
>>>>>>> <!-- Slf4j logging - compatible with Apacheds-server-jndi -->
>>>>>>> <dependency>
>>>>>>> <groupId>org.slf4j</groupId>
>>>>>>> <artifactId>log4j-over-slf4j</artifactId>
>>>>>>> </dependency>
>>>>>>> <dependency>
>>>>>>> <groupId>org.slf4j</groupId>
>>>>>>> <artifactId>jul-to-slf4j</artifactId>
>>>>>>> </dependency>
>>>>>>> <dependency>
>>>>>>> <groupId>org.slf4j</groupId>
>>>>>>> <artifactId>jcl-over-slf4j</artifactId>
>>>>>>> </dependency>
>>>>>>> <dependency>
>>>>>>> <groupId>org.slf4j</groupId>
>>>>>>> <artifactId>slf4j-api</artifactId>
>>>>>>> </dependency>
>>>>>>> <dependency>
>>>>>>> <groupId>org.springframework</groupId>
>>>>>>> <artifactId>spring-web</artifactId>
>>>>>>> </dependency>
>>>>>>> <dependency>
>>>>>>> <groupId>com.fasterxml.jackson.core</groupId>
>>>>>>> <artifactId>jackson-databind</artifactId>
>>>>>>> </dependency>
>>>>>>> <!-- Keycloak -->
>>>>>>> <dependency>
>>>>>>> <groupId>org.keycloak</groupId>
>>>>>>> <artifactId>keycloak-spring-security-adapter</artifactId>
>>>>>>> <version>2.4.0.Final</version>
>>>>>>> </dependency>
>>>>>>> <dependency>
>>>>>>> <groupId>org.keycloak</groupId>
>>>>>>> <artifactId>keycloak-spring-boot-adapter</artifactId>
>>>>>>> <version>2.4.0.Final</version>
>>>>>>> </dependency>
>>>>>>> <dependency>
>>>>>>> <groupId>org.keycloak</groupId>
>>>>>>> <artifactId>keycloak-tomcat8-adapter</artifactId>
>>>>>>> <version>2.4.0.Final</version>
>>>>>>> </dependency>
>>>>>>> <dependency>
>>>>>>> <groupId>net.rossillo.mvc.cache</groupId>
>>>>>>> <artifactId>spring-mvc-cache-control</artifactId>
>>>>>>> <version>1.1.1-RELEASE</version>
>>>>>>> </dependency>
>>>>>>> <dependency>
>>>>>>> <groupId>org.keycloak</groupId>
>>>>>>> <artifactId>keycloak-common</artifactId>
>>>>>>> <version>2.4.0.Final</version>
>>>>>>> </dependency>
>>>>>>> </dependencies>
>>>>>>>
>>>>>>> I add KeycloakConfigResolver bean from org.keycloak.adapters but I
>>>>>>> still get the same exception.
>>>>>>>
>>>>>>> Thanks very much for your answer.
>>>>>>>
>>>>>>> Ondra
>>>>>>>
>>>>>>>
>>>>>>> 2016-12-12 12:17 GMT+01:00 Ondra Pala <pala.ondra at gmail.com>:
>>>>>>>
>>>>>>>> Hello, thanks for you answer. Are you mean
>>>>>>>> remove keycloak-spring-boot-adapter?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> 2016-12-12 10:54 GMT+01:00 Sebastien Blanc <sblanc at redhat.com>:
>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>> Did you also added the SpringBoot Keycloak Adapter ? In this case
>>>>>>>>> it will look for the configuration in application.properties but on the
>>>>>>>>> other side the Spring Security won't work, so you have 2 options :
>>>>>>>>> - Remove the SpringBoot adapter
>>>>>>>>> - Or tell the SpringSecurity it has to use the SpringBoot Config
>>>>>>>>> resolver. Add this in your SecurityConfig class :
>>>>>>>>>
>>>>>>>>> @Bean
>>>>>>>>> public KeycloakConfigResolver KeycloakConfigResolver(){
>>>>>>>>> return new KeycloakSpringBootConfigResolver();
>>>>>>>>> }
>>>>>>>>> FYI We have a ticket to make this integration seamless
>>>>>>>>> https://issues.jboss.org/browse/KEYCLOAK-4054?filter=12329075
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, Dec 12, 2016 at 10:46 AM, Ondra Pala <pala.ondra at gmail.com
>>>>>>>>> > wrote:
>>>>>>>>>
>>>>>>>>>> Hello We use this example: https://github.com/foo4u/keycl
>>>>>>>>>> oak-spring-demo
>>>>>>>>>> (for Spring boot and Keycloak)
>>>>>>>>>>
>>>>>>>>>> I have keycloak.json(realm in this file exists) file in my
>>>>>>>>>> WEB-INF folder,
>>>>>>>>>> but when I run my application, I get exception:
>>>>>>>>>>
>>>>>>>>>> java.lang.RuntimeException: Must set 'realm' in config
>>>>>>>>>>
>>>>>>>>>> Full stack of this exception:
>>>>>>>>>>
>>>>>>>>>> java.lang.RuntimeException: Must set 'realm' in config
>>>>>>>>>> at
>>>>>>>>>> org.keycloak.adapters.KeycloakDeploymentBuilder.internalBuil
>>>>>>>>>> d(KeycloakDeploymentBuilder.java:53)
>>>>>>>>>>
>>>>>>>>>> ~[keycloak-adapter-core-2.4.0.Final.jar:2.4.0.Final]
>>>>>>>>>> at
>>>>>>>>>> org.keycloak.adapters.KeycloakDeploymentBuilder.build(Keyclo
>>>>>>>>>> akDeploymentBuilder.java:152)
>>>>>>>>>>
>>>>>>>>>> ~[keycloak-adapter-core-2.4.0.Final.jar:2.4.0.Final]
>>>>>>>>>> at
>>>>>>>>>> org.keycloak.adapters.springboot.KeycloakSpringBootConfigRes
>>>>>>>>>> olver.resolve(KeycloakSpringBootConfigResolver.java:37)
>>>>>>>>>>
>>>>>>>>>> ~[keycloak-spring-boot-adapter-2.4.0.Final.jar:2.4.0.Final]
>>>>>>>>>> at
>>>>>>>>>> org.keycloak.adapters.AdapterDeploymentContext.resolveDeploy
>>>>>>>>>> ment(AdapterDeploymentContext.java:88)
>>>>>>>>>>
>>>>>>>>>> ~[keycloak-adapter-core-2.4.0.Final.jar:2.4.0.Final]
>>>>>>>>>> at
>>>>>>>>>> org.keycloak.adapters.PreAuthActionsHandler.preflightCors(Pr
>>>>>>>>>> eAuthActionsHandler.java:107)
>>>>>>>>>>
>>>>>>>>>> ~[keycloak-adapter-core-2.4.0.Final.jar:2.4.0.Final]
>>>>>>>>>> at
>>>>>>>>>> org.keycloak.adapters.PreAuthActionsHandler.handleRequest(Pr
>>>>>>>>>> eAuthActionsHandler.java:79)
>>>>>>>>>>
>>>>>>>>>> ~[keycloak-adapter-core-2.4.0.Final.jar:2.4.0.Final]
>>>>>>>>>> at
>>>>>>>>>> org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorVa
>>>>>>>>>> lve.invoke(AbstractKeycloakAuthenticatorValve.java:183)
>>>>>>>>>>
>>>>>>>>>> ~[keycloak-tomcat-core-adapter-2.4.0.Final.jar:2.4.0.Final]
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHo
>>>>>>>>>> stValve.java:140)
>>>>>>>>>>
>>>>>>>>>> ~[tomcat-embed-core-8.5.5.jar:8.5.5]
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo
>>>>>>>>>> rtValve.java:79)
>>>>>>>>>>
>>>>>>>>>> [tomcat-embed-core-8.5.5.jar:8.5.5]
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(Standard
>>>>>>>>>> EngineValve.java:87)
>>>>>>>>>>
>>>>>>>>>> [tomcat-embed-core-8.5.5.jar:8.5.5]
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd
>>>>>>>>>> apter.java:349)
>>>>>>>>>> [tomcat-embed-core-8.5.5.jar:8.5.5]
>>>>>>>>>> at
>>>>>>>>>> org.apache.coyote.http11.Http11Processor.service(Http11Proce
>>>>>>>>>> ssor.java:784)
>>>>>>>>>> [tomcat-embed-core-8.5.5.jar:8.5.5]
>>>>>>>>>> at
>>>>>>>>>> org.apache.coyote.AbstractProcessorLight.process(AbstractPro
>>>>>>>>>> cessorLight.java:66)
>>>>>>>>>>
>>>>>>>>>> [tomcat-embed-core-8.5.5.jar:8.5.5]
>>>>>>>>>> at
>>>>>>>>>> org.apache.coyote.AbstractProtocol$ConnectionHandler.process
>>>>>>>>>> (AbstractProtocol.java:802)
>>>>>>>>>>
>>>>>>>>>> [tomcat-embed-core-8.5.5.jar:8.5.5]
>>>>>>>>>> at
>>>>>>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun
>>>>>>>>>> (NioEndpoint.java:1410)
>>>>>>>>>>
>>>>>>>>>> [tomcat-embed-core-8.5.5.jar:8.5.5]
>>>>>>>>>> at
>>>>>>>>>> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketPro
>>>>>>>>>> cessorBase.java:49)
>>>>>>>>>>
>>>>>>>>>> [tomcat-embed-core-8.5.5.jar:8.5.5]
>>>>>>>>>> at
>>>>>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
>>>>>>>>>> Executor.java:1142)
>>>>>>>>>>
>>>>>>>>>> [na:1.8.0_101]
>>>>>>>>>> at
>>>>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
>>>>>>>>>> lExecutor.java:617)
>>>>>>>>>>
>>>>>>>>>> [na:1.8.0_101]
>>>>>>>>>> at
>>>>>>>>>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r
>>>>>>>>>> un(TaskThread.java:61)
>>>>>>>>>>
>>>>>>>>>> [tomcat-embed-core-8.5.5.jar:8.5.5]
>>>>>>>>>> at java.lang.Thread.run(Thread.java:745) [na:1.8.0_101]
>>>>>>>>>>
>>>>>>>>>> Our configuration of security looks like:
>>>>>>>>>>
>>>>>>>>>> /**
>>>>>>>>>> * Application security configuration.
>>>>>>>>>> *
>>>>>>>>>> *
>>>>>>>>>> * @author Scott Rossillo
>>>>>>>>>> */
>>>>>>>>>> @Configuration
>>>>>>>>>> @EnableWebSecurity
>>>>>>>>>> @ComponentScan(basePackageClasses =
>>>>>>>>>> KeycloakSecurityComponents.class)
>>>>>>>>>> public class SecurityConfig extends KeycloakWebSecurityConfigurerA
>>>>>>>>>> dapter
>>>>>>>>>> {
>>>>>>>>>>
>>>>>>>>>> @Autowired
>>>>>>>>>> public void configureGlobal(AuthenticationManagerBuilder
>>>>>>>>>> auth)
>>>>>>>>>> throws Exception {
>>>>>>>>>> auth
>>>>>>>>>> .authenticationProvider(keycloakAuthenticationProvider());
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>> @Autowired
>>>>>>>>>> public KeycloakClientRequestFactory
>>>>>>>>>> keycloakClientRequestFactory;
>>>>>>>>>>
>>>>>>>>>> @Bean
>>>>>>>>>> public CacheControlHandlerInterceptor
>>>>>>>>>> cacheControlHandlerInterceptor() {
>>>>>>>>>> return new CacheControlHandlerInterceptor();
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> @Bean
>>>>>>>>>> public FilterRegistrationBean
>>>>>>>>>> keycloakAuthenticationProcessingFilterRegistrationBean(
>>>>>>>>>> KeycloakAuthenticationProcessingFilter filter) {
>>>>>>>>>> FilterRegistrationBean registrationBean = new
>>>>>>>>>> FilterRegistrationBean(filter);
>>>>>>>>>> registrationBean.setEnabled(false);
>>>>>>>>>> return registrationBean;
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>> @Bean
>>>>>>>>>> public FilterRegistrationBean
>>>>>>>>>> keycloakPreAuthActionsFilterRegistrationBean(
>>>>>>>>>> KeycloakPreAuthActionsFilter filter) {
>>>>>>>>>> FilterRegistrationBean registrationBean = new
>>>>>>>>>> FilterRegistrationBean(filter);
>>>>>>>>>> registrationBean.setEnabled(false);
>>>>>>>>>> return registrationBean;
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> @Bean
>>>>>>>>>> @Scope(ConfigurableBeanFactory.SCOPE_PROTOTYPE)
>>>>>>>>>> public KeycloakRestTemplate keycloakRestTemplate() {
>>>>>>>>>> return new KeycloakRestTemplate(keycloakC
>>>>>>>>>> lientRequestFactory);
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>> @Bean
>>>>>>>>>> @Override
>>>>>>>>>> protected SessionAuthenticationStrategy
>>>>>>>>>> sessionAuthenticationStrategy() {
>>>>>>>>>> return new RegisterSessionAuthenticationStrategy(new
>>>>>>>>>> SessionRegistryImpl());
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>> @Override
>>>>>>>>>> protected void configure(HttpSecurity http) throws Exception
>>>>>>>>>> {
>>>>>>>>>> System.out.println("config");
>>>>>>>>>> super.configure(http);
>>>>>>>>>> http
>>>>>>>>>> .authorizeRequests()
>>>>>>>>>> .antMatchers("/*").denyAll();
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Can you please tell me, where it could by mistake.
>>>>>>>>>>
>>>>>>>>>> Thanks for your answer and time.
>>>>>>>>>>
>>>>>>>>>> Ondrej Pala
>>>>>>>>>> _______________________________________________
>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
More information about the keycloak-user
mailing list