[keycloak-user] keycloak-servlet-filter-adapter and bearer-only

Ramon Rockx ramon at iqnomy.com
Tue Jan 12 03:45:56 EST 2016


Hi all,

Maybe someone can help me out with the following;
I'm trying to secure my Jax-RS services with Keycloak 1.7.0.Final. I
configured for this a client in Keycloak with access type 'bearer-only'.
Since I am using GlassFish 3.1 (no adapter available), I use the
'keycloak-servlet-filter-adapter'.
When accessing one of the Jax-RS services with a valid token, GlassFish
will throw an exception (with no relevant info in it). I debugged it, and
found out that the HttpServletRequestWrapper, which is returned by the
servlet filter, has no account property in it (see also
FilterSessionStore.buildWrapper(HttpSession,
KeycloakAccount)). And when GlassFish will try to access, for example the
wrapper's principal, this will cause a NPE.
It seems that FilterRequestAuthenticator.completeBearerAuthentication(KeycloakPrincipal<RefreshableKeycloakSecurityContext>,
String) does not store the account in the tokenStore.
Should I use this feature differently? Or is access type 'bearer-only'
simply not supported by the servlet filter?

Thanks!

Ramon Rockx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160112/210bd196/attachment.html 


More information about the keycloak-user mailing list