[keycloak-user] Keycloak Spring Boot Adapter does not populate security context principal
Niels Bertram
nielsbne at gmail.com
Tue Oct 31 10:27:25 EDT 2017
Hi Meissa, in deed this one would probably work. It is not using bearer
only mode (like a REST based micro service would) and it does only use
fixed role names. My example uses the wildcard role restriction which in
the olden days of JSPs meant any role as long as authenticated. Strange
that there are no examples out there. Thanks for taking notice. Kind
Regards, Niels
On Wed, Nov 1, 2017 at 12:15 AM, Meissa M'baye Sakho <msakho at redhat.com>
wrote:
> Niels,
> I've tried the example below and it works fine.
> http://blog.keycloak.org/2017/05/easily-secure-your-spring-boot.html
> Although it's not using CXF.
> Meissa
>
> On Tue, Oct 31, 2017 at 1:25 PM, Niels Bertram <nielsbne at gmail.com> wrote:
>
>> Hi Keycloak Users,
>>
>> I tried to configure a dead simple Spring Boot CXF REST endpoint with
>> Keycloak Spring Boot Adapter in Bearer Only mode without any luck. It
>> appears the Keycloak Tomcat Valve fails authorization even before the
>> keycloak adapter ever gets a chance to parse the Bearer token and setup
>> the
>> session. I would have thought that with AutoConfig it would just be that
>> ... auto config. I added the below keycloak adapter configuration to the
>> application.yml file and made sure all required jars are on the classpath.
>>
>> Does anyone have any suggestions or a link to a working example that shows
>> how to use Spring Boot with Keycloak *AND* CXF ?
>>
>> Many thanks, Niels
>>
>> Example:
>>
>> https://github.com/bertramn/keycloak-secured-rest-endpoint
>>
>>
>> application.yml configuration:
>>
>>
>> keycloak:
>> realm: demo
>> authServerUrl: 'http://localhost:8080/auth'
>> realmKey: 'MIIBIjANBgDAQAB'
>> sslRequired: external
>> resource: test-client
>> bearerOnly: true
>> securityConstraints:
>> - authRoles: [ '*' ]
>> securityCollections:
>> - name: authed
>> patterns: [ '/v1/secured' ]
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
More information about the keycloak-user
mailing list