[keycloak-user] Spring Security Adapter working but no Principal

Dominik Guhr pinguwien at gmail.com
Wed Apr 4 13:38:58 EDT 2018 

Hi Marc,

first of all: I've not used kc together with hystrix yet (but just 
building a docker env with spring cloud, kc and ELK, may be part of 
future blog entries) - so, just guessing here.

That said: it may do the trick to use the inheritablethreadlocal 
strategy for your securityconfig (which also gives you the ability to 
use @async) as stated here at line 35:

https://github.com/Pinguwien/guestbook-backend/blob/master/src/main/java/de/codecentric/demo/guestbook/infrastructure/environment/spring/config/SecurityConfig.java

or in my blogentries (german, you know where)

Best regards,
Dominik

Am 04.04.18 um 17:24 schrieb Marc Logemann:
> Hi,
> 
> cant provide that but after extensive debugging we know the problem.
> Had nothing to do with Keycloak Spring Adapter but a Hystrix
> Annotation on the Spring Controller. Hystrix dispatches to a whole new
> thread and this breaks the SecurityContextHolder which is of course
> ThreadLocal based.
> 
> We removed the hystrix stuff for now and will investigate that later on.
> 
> marc
> 
> 
> 2018-04-04 11:24 GMT+02:00 Sebastien Blanc <sblanc at redhat.com>:
>> Do you have a sample project shared somewhere to reproduce this ?
>>
>> On Wed, Apr 4, 2018 at 11:14 AM, Marc Logemann <marc.logemann at gmail.com>
>> wrote:
>>>
>>> Hi,
>>>
>>> i have a weird thing going on. My keycloak Spring Security adapter
>>> works as expected. But i am unable to retrieve the principal. I am
>>> requesting a REST service with a valid Bearer Token. In the REST
>>> controller i want to see the principal via:
>>>
>>> Principal userPrincipal = request.getUserPrincipal();
>>>
>>> or
>>>
>>> Authentication authentication =
>>> SecurityContextHolder.getContext().getAuthentication();
>>> String currentPrincipalName = authentication.getName();
>>>
>>> But everything is null. Funny thing is, the Keycloak Filter set the
>>> Authentication correctly but at the end, in my controller, its not
>>> there anymore.
>>>
>>> here is my filter list:
>>>
>>> Security filter chain: [
>>>    WebAsyncManagerIntegrationFilter
>>>    SecurityContextPersistenceFilter
>>>    HeaderWriterFilter
>>>    KeycloakPreAuthActionsFilter
>>>    LogoutFilter
>>>    KeycloakAuthenticationProcessingFilter
>>>    RequestCacheAwareFilter
>>>    SecurityContextHolderAwareRequestFilter
>>>    AnonymousAuthenticationFilter
>>>    SessionManagementFilter
>>>    ExceptionTranslationFilter
>>>    FilterSecurityInterceptor
>>> ]
>>>
>>> Has anyone experienced something like this or has an idea?
>>>
>>> Thanks
>>> Marc
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list