[keycloak-user] About using Spring Boot adapter

java_os java at neposoft.com
Mon Oct 17 12:02:47 EDT 2016


It is correct.
I am opening a jira now.
Thank you.


> To recap :
>
> You have built a WAR with Spring-boot, that uses Spring-security and
> deployed on EAP 7 , correct ?
> I don't think we have tried this scenario indeed ;)
>
> Could you open a jira adding some more details and log files ?
>
> Thx,
>
>
>
> On Sun, Oct 16, 2016 at 12:47 PM, java_os <java at neposoft.com> wrote:
>
>> if i switch to spring boot adapter, it works localhost embedded tomcat,
>> but deployed under jboss/undertow it does not even protect the endpoint.
>> In spring sec setup at least i can see it protects it but i suspect is
>> undertow that is the isshe with the too many redirects. The only way i
>> canget it working is standard jee protecting ir by web.xml, but it's not
>> what i want to do.
>> The gus at jboss wondering if they even tried this scenario that Im
>> facing.
>> thanks
>>
>> >I call the rest from a spa front(angular) sending in bearer token
>> >- Authorization in the http header. I see Keycloak filter configured
>> through
>> > spring sec does work , but right after spring sec redirects badly to
>> the
>> > root context back and forth and getting too many redirects back to the
>> > front.
>> > This git (
>> https://github.com/cternes/slackspace-angular-spring-keycloak
>> )
>> > works ok on mvn spring:boot run on localhost and embedded tomcat. I do
>> the
>> > same but deployed in jboss eap 7 with keycloack as separate instance
>> for
>> > auth.
>> >
>> > Anymore ideas? thx
>> >
>> >>
>> >  So are you trying to access the rest endpoint using a browser? Try to
>> >> access it using a dedicated tool like postman.
>> >>
>> >> Just grab an access token from the authentication endpoint and use it
>> in
>> >> the authorization header to access it.
>> >>
>> >> I originally had some problems with the browser similar to yours
>> because
>> >> of my reverse proxy filtering the  cookie headers (which I think
>> isn't
>> >> your case).
>> >>
>> >>
>> >> Nire Sony Xperiaâ„¢ telefonotik bidalita
>> >>
>> >> ---- java_os igorleak idatzi du ----
>> >>
>> >>>Around same context, here in the pain i go through
>> >>>My rest war is spring boot which i want to protect it through
>> keycloak
>> >>>spring security adapter with no luck. I can see that keycloak filter
>> >>> gets
>> >>>in first, authenticates fine bearer, but then spring sec gets in, it
>> >>>redirects internally to the root context of my rest end point and
>> starts
>> >>>the dance getting into too many redirects. This is deployed on jboss
>> eap
>> >>>7, goa all the adapters installed.
>> >>>Anyone here got a scenario like mine working, or are we saying spring
>> >>> sec
>> >>>not working under jboss eap/ undertow?
>> >>>thx
>> >>>
>> >>>> Hello there, I am using AngularJS client (fronted) and Spring Boot
>> >>>> with
>> >>>> Keycloak adapter (backend). In the backend, I am trying to expose a
>> >>>> unprotected (naked) API for the client to use, so I would like to
>> make
>> >>>> sure
>> >>>> that keycloak doesn't try to protect it. So I have the following
>> >>>> questions
>> >>>> related to using Keycloak with Spring Boot:
>> >>>>
>> >>>> 1) How the Keycloak intercepts incoming HTTP requests: do incoming
>> >>>> requests
>> >>>> come the Spring Boot and at what point the Keycloak comes into the
>> >>>> play?
>> >>>> Also, how can I make sure that certain Rest applications are left
>> >>>> unprotected? From the documentation I can see a simple way of
>> >>>> protecting
>> >>>> certain URLs, but this brings me to my second question...
>> >>>>
>> >>>> 2)  Where can I find full documentation about all the configuration
>> >>>> possibilities for the Spring Boot Adapter? If I'll have to dive
>> into
>> >>>> the
>> >>>> code, could some one kindly point a correct starting point and give
>> >>>> instructions how to learn to extract all of the configuration
>> >>>> properties
>> >>>> like "security collections" etc. (see below). The traditional
>> >>>> "web.xml"
>> >>>> is
>> >>>> quite easy the read and understand, but it isn't one-to-one mapping
>> >>>> with
>> >>>> "application.properties" file content. With further info it might
>> be
>> >>>> possible to use Spring Boot's code based configuration methods too.
>> >>>>
>> >>>> Thanks in advance, best regards, Jari
>> >>>>
>> >>>> --- The current documentation ---
>> >>>>
>> >>>> You also need to specify the J2EE security config that would
>> normally
>> >>>> go
>> >>>> in
>> >>>> the web.xml. Here’s an example configuration:
>> >>>>
>> >>>> keycloak.securityConstraints[0].securityCollections[0].name =
>> insecure
>> >>>> stuff
>> >>>> keycloak.securityConstraints[0].securityCollections[0].authRoles[0]
>> =
>> >>>> admin
>> >>>> keycloak.securityConstraints[0].securityCollections[0].authRoles[0]
>> =
>> >>>> user
>> >>>> keycloak.securityConstraints[0].securityCollections[0].patterns[0]
>> =
>> >>>> /insecure
>> >>>>
>> >>>> keycloak.securityConstraints[0].securityCollections[1].name = admin
>> >>>> stuff
>> >>>> keycloak.securityConstraints[0].securityCollections[1].authRoles[0]
>> =
>> >>>> admin
>> >>>> keycloak.securityConstraints[0].securityCollections[1].patterns[0]
>> =
>> >>>> /admin
>> >>>> _______________________________________________
>> >>>> keycloak-user mailing list
>> >>>> keycloak-user at lists.jboss.org
>> >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >>>
>> >>>
>> >>>_______________________________________________
>> >>>keycloak-user mailing list
>> >>>keycloak-user at lists.jboss.org
>> >>>https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >>
>> >
>> >
>> >
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>




More information about the keycloak-user mailing list