[keycloak-user] spring sec/boot:: SPA -> Bearer_1 -> Bearer_2

Fri Nov 25 10:55:39 EST 2016

Yes Sir - thanks.
good old friend!

> The SpringSec Adapter offers a KeycloakRestTemplate that will do all the
> magic for you ;)
> https://github.com/keycloak/keycloak/blob/master/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/client/KeycloakRestTemplate.java
>
> Check an usage example here :
> https://github.com/foo4u/keycloak-spring-demo/blob/master/product-app/src/main/java/org/keycloak/example/spring/product/service/RemoteProductService.java#L19-L28
>
> To get the token "manually", you can try to access the
> KeycloakSecurityContext and extract the token from there, look at this
> method that does this :
>
> https://github.com/keycloak/keycloak/blob/master/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/client/KeycloakClientRequestFactory.java#L64
>
> Hope these pointers will help you
>
> Sebi
>
>
>
>
> On Fri, Nov 25, 2016 at 4:38 PM, java_os <java at neposoft.com> wrote:
>
>> What's the best practice on this scenario:
>> --
>> SPA (has the token from keycloak.js) -->Rest call--> Bearer_1 -->Rest
>> call
>> --> Bearer_2
>>
>> Bearer_1 and Bearer_2 are spring sec/boot enabled.
>> Rest calls between Bearer_1 and Bearer_2 using resttemplates and
>> injecting
>> into "Authorization" header the "Bearer token_long_string"
>>
>> Bearer_1 has the KeycloakAuthenticationToken object.
>> Bearer_2 needs to be feed in with a valid non-expired token somehow -
>> but
>> how? Not sure if one can get this out from KeycloakAuthenticationToken
>> and
>> pass it in onto the header calls to bearer_2.
>> Is this the right approach for in-flight rest calls between 2 bearers?
>>
>> What's the best practice on this scenario?
>> Anyone has done this for real?
>> - thx.
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>