[keycloak-user] Spring security adapter best practices

[Haim Vana]

Hi,

We were wondering what is the best practice for the use of spring security adapter:
I notice that the security context is an instance of RefreshableKeycloakSecurityContext, which means (correct me if I'm wrong) that whenever a token is about to revoke, a refresh is issued.
I used all xml beans that's in the documentation<https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fkeycloak.gitbooks.io%2Fsecuring-client-applications-guide%2Fcontent%2Fv%2F2.4%2Ftopics%2Foidc%2Fjava%2Fspring-security-adapter.html&data=01%7C01%7Cdekela%40perfectomobile.com%7Ccad12cfe9eac4d4f45b308d42cdbefc6%7Cceb4c662d6994e7da0bd272619a46977%7C1&sdata=QkApHJfwICfnYCV%2BXRaE9cRhXHxe4TuyjZQ6%2B5wgqdw%3D&reserved=0>, but still, when I put a breakpoint on RefreshableKeycloakSecurityContext -> refreshExpiredToken, it stops only once - on logout (which is another mystery to me). I also noticed that this method is public yet no other class uses it.
Do I need to invoke it explicitly? Where?

Thanks,
Dekel.

The information contained in this message is proprietary to the sender, protected from disclosure, and may be privileged. The information is intended to be conveyed only to the designated recipient(s) of the message. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, use, distribution or copying of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you.