[keycloak-user] spring sec/boot:: SPA -> Bearer_1 -> Bearer_2

Sebastien Blanc sblanc at redhat.com
Fri Nov 25 10:49:22 EST 2016

The SpringSec Adapter offers a KeycloakRestTemplate that will do all the
magic for you ;)

Check an usage example here :

To get the token "manually", you can try to access the
KeycloakSecurityContext and extract the token from there, look at this
method that does this :


Hope these pointers will help you


On Fri, Nov 25, 2016 at 4:38 PM, java_os <java at neposoft.com> wrote:

> What's the best practice on this scenario:
> --
> SPA (has the token from keycloak.js) -->Rest call--> Bearer_1 -->Rest call
> --> Bearer_2
> Bearer_1 and Bearer_2 are spring sec/boot enabled.
> Rest calls between Bearer_1 and Bearer_2 using resttemplates and injecting
> into "Authorization" header the "Bearer token_long_string"
> Bearer_1 has the KeycloakAuthenticationToken object.
> Bearer_2 needs to be feed in with a valid non-expired token somehow - but
> how? Not sure if one can get this out from KeycloakAuthenticationToken and
> pass it in onto the header calls to bearer_2.
> Is this the right approach for in-flight rest calls between 2 bearers?
> What's the best practice on this scenario?
> Anyone has done this for real?
> - thx.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list