AnswerBun.com

Redirect to Keycloak login page only for specific endpoints by extending KeycloakConfigResolver

I have two endpoints: /v1/host-service/auth and /v1/host-service/employee-profile. When a user is not authorized, I want to open Keycloak login page only for request which is sent to /v1/host-service/auth and get 401 for all other endpoints without redirection to login page.

For some reason I dont’t want to extend KeycloakWebSecurityConfigurerAdapter and trying to solve the problem using multitenancy with extended KeycloakConfigResolver and using and changing bearer-only property

So when I use followed configuration after successfull login I am always getting 401 from all endpoint except /v1/host-service/auth. I can confirm that I have JWT-token in my cookies. The only difference between followed json files is "bearer-only" property

redirect_to_login_page.json

{
  "realm": "myrealm",
  "resource": "platform",
  "auth-server-url": "http://keycloak:32400/auth",
  "bearer-only": false,
  "public-client": false,
  "credentials": {
    "secret": "b4e70446-f9b4-47ed-a4f2-804783ce06ee"
  },
  "token-store": "cookie"
}

401.json

{
  "realm": "myrealm",
  "resource": "platform",
  "auth-server-url": "http://keycloak:32400/auth",
  "bearer-only": true,
  "public-client": false,
  "credentials": {
    "secret": "b4e70446-f9b4-47ed-a4f2-804783ce06ee"
  },
  "token-store": "cookie"
}
import org.keycloak.adapters.KeycloakConfigResolver;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.KeycloakDeploymentBuilder;
import org.keycloak.adapters.OIDCHttpFacade;
import org.springframework.context.annotation.Configuration;

import java.io.InputStream;

@Configuration
public class PathBasedKeycloakConfigResolver implements KeycloakConfigResolver {

    @Override
    public KeycloakDeployment resolve(OIDCHttpFacade.Request request) {
        String configFileName;
        if (request.getRelativePath().contains("auth")) {
            configFileName = "/redirect_to_login_page.json";
        } else {
            configFileName = "/401.json";
        }
        InputStream is = getClass().getResourceAsStream(configFileName);
        return KeycloakDeploymentBuilder.build(is);
    }

}

My controller class


import org.keycloak.KeycloakPrincipal;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.representations.AccessToken;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping(path = "/v1/host-service")
public class HostController {

    @GetMapping(path = "/auth")
    public void auth() {
    }

    @GetMapping("/employee-profile")
    public EmployeeProfileResponse getEmployeeProfile(KeycloakPrincipal<KeycloakSecurityContext> principal) {
        KeycloakSecurityContext context = principal.getKeycloakSecurityContext();
        AccessToken token = context.getToken();
        String fullName = token.getGivenName();
        return new EmployeeProfileResponse(fullName);
    }
}

Additionally if I don’t have this part in application.yml then all my endpoints are not secured.

keycloak:
  security-constraints:
    - auth-roles:
        - '**'
      security-collections:
        - patterns:
            - /*

Stack Overflow Asked by Pavel Fadeev on February 18, 2021

0 Answers

Add your own answers!

Related Questions

Remove web-inspector-hide-shortcut

0  Asked on January 9, 2021 by dumi-padureanu

   

Pandas – Lambda inside apply to return a row

1  Asked on January 9, 2021 by marcio

         

Unclear webhook eventNotification documentation

1  Asked on January 9, 2021 by nolan-aguirre

 

c – Access not within mapped region error

0  Asked on January 9, 2021 by rhcp_lean

     

How to reduce committed memory usage in Java

1  Asked on January 9, 2021 by simon-hu

   

mutool / mulib edit text (with a c programm)

1  Asked on January 9, 2021 by atticus

   

Running browsermob with selenium grid on docker

2  Asked on January 8, 2021 by eduardoreynoso

         

How do I exclude a repeated click event?

2  Asked on January 8, 2021 by jessy

   

handling promises using await and async

2  Asked on January 8, 2021 by jass-preet

   

How to compare data from the same column in a dataframe (Pandas)

4  Asked on January 8, 2021 by abraham-arreola

       

Ask a Question

Get help from others!

© 2022 AnswerBun.com. All rights reserved.