[keycloak-user] Arquillian / Remote Container / EJB Security

Lauer Markus Markus.Lauer at co-met.info
Thu Mar 24 05:55:17 EDT 2016

> I'm looking for s/th like this:
> https://developer.jboss.org/wiki/TestingSecuredEJBsOnWildFly81xWithArquillian
> This could possibly be combined with:
> https://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#jaas-adapter
> org.keycloak.adapters.jaas.DirectAccessGrantsLoginModule
> But I can not change the "keycloak" security-domain for testing...

Ok. Approaching a solution...

I adopted the JBossLoginContextFactory from the link above:


LoginContext loginContext =
JBossLoginContextFactory.createLoginContext("markus.lauer at co-met.info",

log.info("principals: " + loginContext.getSubject().getPrincipals());

Set<Principal> principals = loginContext.getSubject().getPrincipals();
for ( Principal p : principals ) {
    log.info("name: " + p.getName() + ", type: " + p.getClass());


principals: [40fe2bc5-fc55-496a-b438-0783c7473b90, view-master-data,
user, manage-master-data, markus.lauer at co-met.info]
name: 40fe2bc5-fc55-496a-b438-0783c7473b90, type: class
name: view-master-data, type: class
name: user, type: class org.keycloak.adapters.jaas.RolePrincipal
name: manage-master-data, type: class
name: markus.lauer at co-met.info, type: class

Login works!

But unfortunately I still can not access the secured EJB:

Subject.doAs(loginContext.getSubject(), new PrivilegedAction<Void>() {

   public Void run() {
     log.info("count: " + securedEJB.count());
     return null;


This throws an exception:

javax.ejb.EJBAccessException: WFLYSEC0027: Invalid User

Here is a snippet of SecuredEJB:

@DeclareRoles({ "view-master-data", "manage-master-data" })
public class SecuredEJB {

    public int count() {


Any ideas how to deal with the "Invalid User"?
Perhaps the keycloak UUID vs. username?




Zum Lesen der rechtlichen Hinweise dieser Mail, kopieren Sie bitte die aufgeführte URL in Ihren Browser oder folgen Sie dem Link.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4628 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160324/681872a5/attachment-0001.bin 

More information about the keycloak-user mailing list