[keycloak-user] Support for CORS Access-Control-Expose-Headers in 2.0.0.Final

Hubert Przybysz h.p.przybysz at gmail.com
Mon Jul 11 14:25:50 EDT 2016


I have created KEYCLOAK-3297 <https://issues.jboss.org/browse/KEYCLOAK-3297>
 .

On Mon, Jul 11, 2016 at 7:29 PM, Bruno Oliveira <bruno at abstractj.org> wrote:

> Please, go ahead and create one. I couldn't find any Jira related to this.
>
> On Mon, Jul 11, 2016 at 1:36 PM Hubert Przybysz <h.p.przybysz at gmail.com>
> wrote:
>
>> Does anyone know when it will be possible to configure the adapters with
>> CORS expose headers?
>>
>> I don't find any jira for it.
>>
>> Br / Hubert.
>>
>> On Mon, Jul 11, 2016 at 6:13 PM, Bruno Oliveira <bruno at abstractj.org>
>> wrote:
>>
>>> You are right Hubert it's not supported at keycloak.json file, I just
>>> overlooked the code.
>>> Sorry about that.
>>>
>>> On 2016-07-11, Hubert Przybysz wrote:
>>> > Thanks for the info.
>>> >
>>> > I've tried configuring cors-exposed-headers in a JBOSS EAP 6 adapter
>>> like
>>> > this:
>>> >
>>> > keycloak.json:
>>> > {
>>> > ...
>>> >
>>> >   "enable-cors" : true,
>>> >
>>> >   "cors-allowed-methods" : "POST,PUT,DELETE,GET",
>>> >
>>> >   "cors-allowed-headers" :
>>> > "Accept,Content-Type,If-Match,If-None-Match,Origin",
>>> >
>>> >   "cors-exposed-headers" : "ETag,Location",
>>> >
>>> > ...
>>> >
>>> > }
>>> >
>>> >
>>> > But the adapter does not recognise this config and fails to start:
>>> >
>>> > 10:57:15,923 ERROR [org.apache.catalina.core] (ServerService Thread
>>> Pool --
>>> > 69) JBWEB001097: Error starting context /data:
>>> java.lang.RuntimeException:
>>> > com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException:
>>> > Unrecognized field "cors-exposed-headers" (class
>>> > org.keycloak.representations.adapters.config.AdapterConfig), not
>>> marked as
>>> > ignorable (32 known properties: "ssl-required", "cors-allowed-headers",
>>> > "register-node-period", "turn-off-change-session-id-on-login",
>>> > "truststore", "always-refresh-token", "client-key-password",
>>> > "policy-enforcer", "token-store", "resource", "realm", "proxy-url",
>>> > "disable-trust-manager", "bearer-only", "truststore-password",
>>> > "use-resource-role-mappings", "connection-pool-size",
>>> "client-keystore",
>>> > "register-node-at-startup", "client-keystore-password",
>>> "auth-server-url",
>>> > "cors-allowed-methods", "public-client", "expose-token",
>>> > "token-minimum-time-to-live", "enable-basic-auth", "cors-max-age",
>>> > "enable-cors", "allow-any-hostname", "realm-public-key", "credentials",
>>> > "principal-attribute"])
>>> >
>>> >  at [Source: java.io.ByteArrayInputStream at 67593e31; line: 14, column:
>>> 29]
>>> > (through reference chain:
>>> >
>>> org.keycloak.representations.adapters.config.AdapterConfig["cors-exposed-headers"])
>>> >
>>> > at
>>> >
>>> org.keycloak.adapters.KeycloakDeploymentBuilder.loadAdapterConfig(KeycloakDeploymentBuilder.java:137)
>>> > [keycloak-adapter-core-2.0.0.Final.jar:2.0.0.Final]
>>> >
>>> > at
>>> >
>>> org.keycloak.adapters.KeycloakDeploymentBuilder.build(KeycloakDeploymentBuilder.java:126)
>>> > [keycloak-adapter-core-2.0.0.Final.jar:2.0.0.Final]
>>> >
>>> > at
>>> >
>>> org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.keycloakInit(AbstractKeycloakAuthenticatorValve.java:133)
>>> > [keycloak-tomcat-core-adapter-2.0.0.Final.jar:2.0.0.Final]
>>> >
>>> > at
>>> >
>>> org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.lifecycleEvent(AbstractKeycloakAuthenticatorValve.java:75)
>>> > [keycloak-tomcat-core-adapter-2.0.0.Final.jar:2.0.0.Final]
>>> >
>>> > at
>>> >
>>> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:115)
>>> > [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]
>>> >
>>> > at
>>> >
>>> org.apache.catalina.core.StandardContext.start(StandardContext.java:3775)
>>> > [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]
>>> >
>>> > at
>>> >
>>> org.jboss.as.web.deployment.WebDeploymentService.doStart(WebDeploymentService.java:163)
>>> > [jboss-as-web-7.5.0.Final-redhat-21.jar:7.5.0.Final-redhat-21]
>>> >
>>> > at
>>> >
>>> org.jboss.as.web.deployment.WebDeploymentService.access$000(WebDeploymentService.java:61)
>>> > [jboss-as-web-7.5.0.Final-redhat-21.jar:7.5.0.Final-redhat-21]
>>> >
>>> > at
>>> >
>>> org.jboss.as.web.deployment.WebDeploymentService$1.run(WebDeploymentService.java:96)
>>> > [jboss-as-web-7.5.0.Final-redhat-21.jar:7.5.0.Final-redhat-21]
>>> >
>>> > at
>>> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
>>> > [rt.jar:1.7.0_80]
>>> >
>>> > at java.util.concurrent.FutureTask.run(FutureTask.java:262)
>>> > [rt.jar:1.7.0_80]
>>> >
>>> > at
>>> >
>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>>> > [rt.jar:1.7.0_80]
>>> >
>>> > at
>>> >
>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>>> > [rt.jar:1.7.0_80]
>>> >
>>> > at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_80]
>>> >
>>> > at org.jboss.threads.JBossThread.run(JBossThread.java:122)
>>> >
>>> > Caused by:
>>> > com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException:
>>> > Unrecognized field "cors-exposed-headers" (class
>>> > org.keycloak.representations.adapters.config.AdapterConfig), not
>>> marked as
>>> > ignorable (32 known properties: "ssl-required", "cors-allowed-headers",
>>> > "register-node-period", "turn-off-change-session-id-on-login",
>>> > "truststore", "always-refresh-token", "client-key-password",
>>> > "policy-enforcer", "token-store", "resource", "realm", "proxy-url",
>>> > "disable-trust-manager", "bearer-only", "truststore-password",
>>> > "use-resource-role-mappings", "connection-pool-size",
>>> "client-keystore",
>>> > "register-node-at-startup", "client-keystore-password",
>>> "auth-server-url",
>>> > "cors-allowed-methods", "public-client", "expose-token",
>>> > "token-minimum-time-to-live", "enable-basic-auth", "cors-max-age",
>>> > "enable-cors", "allow-any-hostname", "realm-public-key", "credentials",
>>> > "principal-attribute"])
>>> >
>>> >  at [Source: java.io.ByteArrayInputStream at 67593e31; line: 14, column:
>>> 29]
>>> > (through reference chain:
>>> >
>>> org.keycloak.representations.adapters.config.AdapterConfig["cors-exposed-headers"])
>>> >
>>> > at
>>> >
>>> com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException.from(UnrecognizedPropertyException.java:51)
>>> >
>>> > at
>>> >
>>> com.fasterxml.jackson.databind.DeserializationContext.reportUnknownProperty(DeserializationContext.java:817)
>>> >
>>> > at
>>> >
>>> com.fasterxml.jackson.databind.deser.std.StdDeserializer.handleUnknownProperty(StdDeserializer.java:958)
>>> >
>>> > at
>>> >
>>> com.fasterxml.jackson.databind.deser.BeanDeserializerBase.handleUnknownProperty(BeanDeserializerBase.java:1324)
>>> >
>>> > at
>>> >
>>> com.fasterxml.jackson.databind.deser.BeanDeserializerBase.handleUnknownVanilla(BeanDeserializerBase.java:1302)
>>> >
>>> > at
>>> >
>>> com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:249)
>>> >
>>> > at
>>> >
>>> com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:136)
>>> >
>>> > at
>>> >
>>> com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:3564)
>>> >
>>> > at
>>> >
>>> com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2650)
>>> >
>>> > at
>>> >
>>> org.keycloak.adapters.KeycloakDeploymentBuilder.loadAdapterConfig(KeycloakDeploymentBuilder.java:135)
>>> > [keycloak-adapter-core-2.0.0.Final.jar:2.0.0.Final]
>>> >
>>> > ... 14 more
>>> >
>>> >
>>> > 10:57:15,973 ERROR [org.apache.catalina.core] (ServerService Thread
>>> Pool --
>>> > 69) JBWEB001103: Error detected during context /data start, will stop
>>> it
>>> >
>>> > 10:57:15,985 ERROR [org.jboss.msc.service.fail] (ServerService Thread
>>> Pool
>>> > -- 69) MSC000001: Failed to start service
>>> > jboss.web.deployment.default-host./data:
>>> > org.jboss.msc.service.StartException in service
>>> > jboss.web.deployment.default-host./data:
>>> > org.jboss.msc.service.StartException in anonymous service: JBAS018040:
>>> > Failed to start context
>>> >
>>> > at
>>> >
>>> org.jboss.as.web.deployment.WebDeploymentService$1.run(WebDeploymentService.java:99)
>>> >
>>> > at
>>> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
>>> > [rt.jar:1.7.0_80]
>>> >
>>> > at java.util.concurrent.FutureTask.run(FutureTask.java:262)
>>> > [rt.jar:1.7.0_80]
>>> >
>>> > at
>>> >
>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>>> > [rt.jar:1.7.0_80]
>>> >
>>> > at
>>> >
>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>>> > [rt.jar:1.7.0_80]
>>> >
>>> > at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_80]
>>> >
>>> > at org.jboss.threads.JBossThread.run(JBossThread.java:122)
>>> >
>>> > Caused by: org.jboss.msc.service.StartException in anonymous service:
>>> > JBAS018040: Failed to start context
>>> >
>>> > at
>>> >
>>> org.jboss.as.web.deployment.WebDeploymentService.doStart(WebDeploymentService.java:168)
>>> >
>>> > at
>>> >
>>> org.jboss.as.web.deployment.WebDeploymentService.access$000(WebDeploymentService.java:61)
>>> >
>>> > at
>>> >
>>> org.jboss.as.web.deployment.WebDeploymentService$1.run(WebDeploymentService.java:96)
>>> >
>>> > ... 6 more
>>> >
>>> >
>>> > 10:57:16,019 ERROR [org.jboss.as.controller.management-operation]
>>> > (Controller Boot Thread) JBAS014612: Operation ("deploy") failed -
>>> address:
>>> > ([("deployment" =>
>>> "webims-jcom-data-1.3.1-SNAPSHOT-secure-keycloak.war")])
>>> > - failure description: {"JBAS014671: Failed services" =>
>>> > {"jboss.web.deployment.default-host./data" =>
>>> > "org.jboss.msc.service.StartException in service
>>> > jboss.web.deployment.default-host./data:
>>> > org.jboss.msc.service.StartException in anonymous service: JBAS018040:
>>> > Failed to start context
>>> >
>>> >     Caused by: org.jboss.msc.service.StartException in anonymous
>>> service:
>>> > JBAS018040: Failed to start context"}}
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > On Sat, Jul 9, 2016 at 7:38 AM, Bruno Oliveira <bruno at abstractj.org>
>>> wrote:
>>> >
>>> > > As far as I can tell, yes.
>>> > >
>>> > > See:
>>> > >
>>> > >
>>> https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/clients/client-oidc.html
>>> > >
>>> > >
>>> https://github.com/keycloak/keycloak/blob/5c98b8c6ae7052b2d906156d8fc212ccd9dfd57d/services/src/main/java/org/keycloak/services/resources/Cors.java#L143
>>> > >
>>> > > On 2016-07-08, Hubert Przybysz wrote:
>>> > > > Hi,
>>> > > >
>>> > > > Is configuration of CORS Access-Control-Expose-Headers supported in
>>> > > > 2.0.0.Final adapters?
>>> > > >
>>> > > > Best regards / Hubert.
>>> > >
>>> > > > _______________________________________________
>>> > > > keycloak-user mailing list
>>> > > > keycloak-user at lists.jboss.org
>>> > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>> > >
>>> > >
>>> > > --
>>> > >
>>> > > abstractj
>>> > > PGP: 0x84DC9914
>>> > >
>>>
>>> --
>>>
>>> abstractj
>>> PGP: 0x84DC9914
>>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160711/c818ce3b/attachment.html 


More information about the keycloak-user mailing list