[keycloak-user] Configuring 'LOGOUT' with keycloak-spring-security-adapter.
Sachin Rastogi
sr.misc at gmail.com
Wed May 16 11:32:47 EDT 2018
try the following in the Controller
@GetMapping("/logout")
public String logout(HttpServletRequest request) throws Exception {
request.logout();
return "redirect:/";
}
On Wed, May 16, 2018 at 2:52 PM, saloni udani <saloniudani.23 at gmail.com>
wrote:
> Hi
>
> I have a spring-boot 2 application which I am trying to secure with
> Keycloak. I have used 'keycloak-spring-security-adapter' and
> 'keycloak-spring-boot-2-starter' adapters.
>
> Following is my security configuration
> --------
>
> import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
> import org.keycloak.adapters.springsecurity.authentication.
> KeycloakAuthenticationProvider;
> import org.keycloak.adapters.springsecurity.config.
> KeycloakWebSecurityConfigurerAdapter;
> import org.keycloak.adapters.springsecurity.filter.
> KeycloakAuthenticatedActionsFilter;
> import org.keycloak.adapters.springsecurity.filter.
> KeycloakAuthenticationProcessingFilter;
> import org.keycloak.adapters.springsecurity.filter.
> KeycloakPreAuthActionsFilter;
> import org.keycloak.adapters.springsecurity.filter.
> KeycloakSecurityContextRequestFilter;
> import org.springframework.beans.factory.annotation.Autowired;
> import org.springframework.boot.autoconfigure.condition.
> ConditionalOnProperty;
> import org.springframework.boot.web.servlet.FilterRegistrationBean;
> import org.springframework.context.annotation.Bean;
> import org.springframework.context.annotation.Configuration;
> import org.springframework.security.config.annotation.
> authentication.builders.AuthenticationManagerBuilder;
> import org.springframework.security.config.annotation.method.
> configuration.EnableGlobalMethodSecurity;
> import org.springframework.security.config.annotation.web.
> builders.HttpSecurity;
> import org.springframework.security.config.annotation.web.configuration.
> EnableWebSecurity;
> import org.springframework.security.core.authority.mapping.
> SimpleAuthorityMapper;
> import org.springframework.security.core.session.SessionRegistryImpl;
> import org.springframework.security.web.authentication.logout.
> LogoutFilter;
> import org.springframework.security.web.authentication.preauth.
> x509.X509AuthenticationFilter;
> import org.springframework.security.web.authentication.session.
> RegisterSessionAuthenticationStrategy;
> import org.springframework.security.web.authentication.session.
> SessionAuthenticationStrategy;
> import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
>
> @ConditionalOnProperty(value = "keycloak.enabled")
> @Configuration
> @EnableWebSecurity
> public class KeycloakSecurityConfiguration extends
> KeycloakWebSecurityConfigurerAdapter {
>
>
> @Autowired
> public void configureGlobal(AuthenticationManagerBuilder auth)
> throws Exception {
> KeycloakAuthenticationProvider keycloakAuthenticationProvider
> = keycloakAuthenticationProvider();
> keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new
> SimpleAuthorityMapper());
> auth.authenticationProvider(keycloakAuthenticationProvider);
> }
>
> @Bean
> public KeycloakSpringBootConfigResolver keycloakConfigResolver() {
> return new KeycloakSpringBootConfigResolver();
> }
>
> // Specifies the session authentication strategy
> @Bean
> @Override
> protected SessionAuthenticationStrategy sessionAuthenticationStrategy()
> {
> return new RegisterSessionAuthenticationStrategy(new
> SessionRegistryImpl());
> }
>
> @Override
> protected void configure(HttpSecurity http) throws Exception {
> super.configure(http);
> http
> .addFilterBefore(keycloakPreAuthActionsFilter(),
> LogoutFilter.class)
> .addFilterBefore(keycloakAuthenticationProcessingFilter(),
> X509AuthenticationFilter.class)
> .exceptionHandling().authenticationEntryPoint(
> authenticationEntryPoint())
> .and()
> .authorizeRequests()
> .antMatchers("/**").hasRole("superuser")
> .anyRequest().permitAll();
> }
>
> @Bean
> public FilterRegistrationBean
> keycloakAuthenticationProcessingFilterRegistrationBean(
> KeycloakAuthenticationProcessingFilter filter) {
> FilterRegistrationBean registrationBean = new
> FilterRegistrationBean(filter);
> registrationBean.setEnabled(false);
> return registrationBean;
> }
>
> @Bean
> public FilterRegistrationBean keycloakPreAuthActionsFilterRe
> gistrationBean(
> KeycloakPreAuthActionsFilter filter) {
> FilterRegistrationBean registrationBean = new
> FilterRegistrationBean(filter);
> registrationBean.setEnabled(false);
> return registrationBean;
> }
>
> @Bean
> public FilterRegistrationBean keycloakAuthenticatedActionsFilterBean(
> KeycloakAuthenticatedActionsFilter filter) {
> FilterRegistrationBean registrationBean = new
> FilterRegistrationBean(filter);
> registrationBean.setEnabled(false);
> return registrationBean;
> }
>
> @Bean
> public FilterRegistrationBean keycloakSecurityContextRequest
> FilterBean(
> KeycloakSecurityContextRequestFilter filter) {
> FilterRegistrationBean registrationBean = new
> FilterRegistrationBean(filter);
> registrationBean.setEnabled(false);
> return registrationBean;
> }
> }
>
> --------
>
> Following are the keycloak properties from application.properties
> --------
>
> keycloak.enabled=true
> keycloak.auth-server-url=http://localhost:8180/auth
> keycloak.realm=MyRealm
> keycloak.resource=my-app
> keycloak.public-client=true
>
> keycloak.security-constraints[0].authRoles[0]=superuser
> keycloak.security-constraints[0].securityCollections[0].patterns[0]=/*
>
>
> --------
>
> I am successfully able to login via Keycloak and serve my app. But I am
> stucked for logout. I believe that as we already use keycloak spring
> security adapter, any custom logout handler should not be required.
>
> Here is an excerpt from a html page which handles logout
> ----------
>
> <form action="/logout" method="post">
> <input type="hidden"
> name="${_csrf.parameterName}"
> value="${_csrf.token}"/>
> <input type="submit" value="Logout">
> </form>
>
>
> ----------
>
> This does not work and on hitting 'Logout' button , it posts request to '
> http://localhost:8080/logout' (my app runs on 8080) and returns 403.
>
> Kindly guide me through the logout process.
>
>
> Thanks
> Saloni Udani
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list