[keycloak-user] servlet filter (KeycloakOIDCFilter) not working 4.0.0
Nhut Thai Le
ntle at castortech.com
Wed Aug 22 16:03:50 EDT 2018
Hello,
I compiled the oidc servlet-filter then wrap both the servlet-filter and
the servlet-adapter-spi jar in an osgi bundle (attached) in order to use
them in our osgi env. Here is the code:
Dictionary<String, Object> filterProps = new Hashtable<String, Object>();
String[] urls = { "/*" };
// String[] servlets = {"My Servlet", "Faces Servlet"};
filterProps.put(HttpWhiteboardConstants.HTTP_WHITEBOARD_FILTER_NAME,
"keycloakFilter"); //$NON-NLS-1$
filterProps.put(HttpWhiteboardConstants.HTTP_WHITEBOARD_FILTER_PATTERN,
urls);
filterProps.put(HttpWhiteboardConstants.HTTP_WHITEBOARD_SERVLET_INIT_PARAM_PREFIX
+ "realm", "realm1");
filterProps.put(HttpWhiteboardConstants.HTTP_WHITEBOARD_SERVLET_INIT_PARAM_PREFIX
+ "resource", "tenant1");
filterProps.put(HttpWhiteboardConstants.HTTP_WHITEBOARD_SERVLET_INIT_PARAM_PREFIX
+ "auth-server-url", "https://testa.com:8543/auth");
filterProps.put(HttpWhiteboardConstants.HTTP_WHITEBOARD_SERVLET_INIT_PARAM_PREFIX
+ "ssl-required", "all");
Dictionary<String, String> creds = new Hashtable<String, String>();
creds.put("secret", "this is not a secret");
filterProps.put(HttpWhiteboardConstants.HTTP_WHITEBOARD_SERVLET_INIT_PARAM_PREFIX
+ "credentials", creds);
filterProps.put(HttpWhiteboardConstants.HTTP_WHITEBOARD_SERVLET_INIT_PARAM_PREFIX
+ "use-resource-role-mappings", "true");
filterProps.put(HttpWhiteboardConstants.HTTP_WHITEBOARD_SERVLET_INIT_PARAM_PREFIX
+ "disable-trust-manager", "true");
// filterProps.put("servletNames", servlets);
keycloakFilter = context.registerService(Filter.class,
new KeycloakOIDCFilter(), filterProps);
When I start equinox, i see the bundle get activated but going to the
protected url (here is /) i got 403 instead of a redirect to keycloak login
page.
The code above is inspired from
the
KC
documentation "The Keycloak filter has the same configuration parameters as
the other adapters except you must define them as filter init params
instead of context params "(
https://www.keycloak.org/docs/latest/securing_apps/index.html#_servlet_filter_adapter
)
, and the example of registering servlet filter using whiteboard pattern on
pax-web (
https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/whiteboard/src/main/java/org/ops4j/pax/web/extender/samples/whiteboard/internal/Activator.java).
Therefore i'm not sure the problem is on keycloak (bad bundle, wrong
configuration supplied to the filter) or pax-web (wrong registration
syntax). Hope to get some insight here
Thai
More information about the keycloak-user
mailing list