[keycloak-user] KeycloakWebSecurityConfigurerAdapter and sessionAuthenticationStrategy()
Leonid Rozenblyum
lrozenblyum at gmail.com
Thu May 30 02:43:47 EDT 2019
Hello!
I'm using keycloak-spring-security and I have a question related to
usefulness of sessionAuthenticationStrategy() used twice in
the KeycloakWebSecurityConfigurerAdapter.
1) it's used for
KeycloakAuthenticationProcessingFilter
filter.setSessionAuthenticationStrategy(sessionAuthenticationStrategy());
2) it's passed to httpSecurity
http
.sessionManagement()
.sessionAuthenticationStrategy(sessionAuthenticationStrategy())
While the first usage looks fine and indeed in-use, the second one
intention is unclear.
It has influence on SessionManagementFilter however in keycloak filter
chain the session management filter is not invoked on successful
authentication
(KeycloakAuthenticationProcessingFilter.continueChainBeforeSuccessfulAuthentication
is false).
Are there any real cases when this http session authentication strategy
initialization is useful?
Thanks for your help!
More information about the keycloak-user
mailing list