[keycloak-user] Securing tomcat-based web applications without using container-security(i.e. without using filters, constraints and valves)?

Luis Rodríguez Fernández uo67113 at gmail.com
Thu Mar 29 09:13:47 EDT 2018 

Hello Schenk,

If your Identity Provider "speaks" SAML, you can give a try to
http://www.keycloak.org/docs/latest/securing_apps/index.
html#java-servlet-filter-adapter. I am testing it for some of our
tomcat-based application and it works out-of-the-box (BTW thanks keycloak
folks!).

My deployment descriptors (web.xml) looks like this:

    <filter>
        <filter-name>Keycloak Filter</filter-name>
        <filter-class>org.keycloak.adapters.saml.servlet.
SamlFilter</filter-class>
        <init-param>
            <param-name>keycloak.config.file</param-name>
            <param-value>/usr/local/tomcat/keycloak-saml-servlet-
adapter.xml</param-value>
        </init-param>
    </filter>
    <!-- From the docs: "You must have a filter mapping that covers /saml.
-->
    <filter-mapping>
        <filter-name>Keycloak Filter</filter-name>
        <url-pattern>/saml</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>Keycloak Filter</filter-name>
        <url-pattern>/secure/*</url-pattern>
    </filter-mapping>


In this way, just playing with the url-patterns of my resources I can make
them private or public. E.g.

    <servlet-mapping>
        <servlet-name>SessionExampleServlet</servlet-name>
        <url-pattern>/SessionExample</url-pattern>
        <url-pattern>/secure/SessionExample</url-pattern>
    </servlet-mapping>

Hope it helps,

Luis


2018-03-29 14:38 GMT+02:00 Schenk, Manfred <
Manfred.Schenk at iosb.fraunhofer.de>:

> Hello,
>
> I want to use keycloak for user Authentication in my tomcat based web
> application.
> But since the web application should also be accessible without any login,
> I think I will not be able to use the container-based security and handle
> the keycloak communication by myself from within my web application.
>
> Are there any tutorials or recommandation around for my use case?
> Which (keycloak-)jars do I need for this task?
>
> Thanks in advance,
> Manfred
>
> --
> Manfred Schenk, Fraunhofer IOSB
> Informationsmanagement und Leittechnik
> Fraunhoferstraße 1,76131 Karlsruhe, Germany
> Telefon +49 721 6091-391
> mailto:Manfred.Schenk at iosb.fraunhofer.de
> http://www.iosb.fraunhofer.de
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>



-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett

More information about the keycloak-user mailing list