Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Using spring security annotations with keycloak

I'm just a beginner in Spring Security, but I would like to know is it possible to configure keycloak in a way that I can use @PreAuthorize, @PostAuthorize, @Secured and other annotations. For example, I've configured the keycloak-spring-security-adapter and Spring Security in my simple Spring Rest webapp so that I have access to Principal object in my controller, like this:

@RestController
public class TMSRestController {

     @RequestMapping("/greeting")
     public Greeting greeting(Principal principal, @RequestParam(value="name") String name) {
        return new Greeting(String.format(template, name));
     }
...
}

But when I try this (just an example, actually I want to execute custom EL expression before authorization):

@RestController
public class TMSRestController {

    @RequestMapping("/greeting")
    @PreAuthorize("hasRole('ADMIN')")
    public Greeting greeting(Principal principal, @RequestParam(value="name") String name) {
        return new Greeting(String.format(template, name));
    }
...
}

I get exception:

org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext

In my spring security config I enabled global method security:

What do I need to make this spring security annotations work? Is it possible to use this annotation in this context at all?

like image 985
Andrey Sarul Avatar asked Dec 31 '15 22:12

Andrey Sarul


2 Answers

You still have to configure Spring Security using Keycloak. Take a look at the adapter documentation for an annotation based configuration. Once that's set up your Spring Security annotations will work on authorized calls.

like image 192
Scott Avatar answered Nov 01 '22 20:11

Scott


here is example code:

@EnableWebSecurity
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true,
                        securedEnabled = true,
                        jsr250Enabled = true)
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
public class WebSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
 }

and

@PreAuthorize("hasRole('ROLE_ADMIN')")

Apart from this code. you need to do the role mapping for realm roles and client(application roles). the application roles will be put in @PreAuthorize

like image 22
Rahul Baghaniya Avatar answered Nov 01 '22 21:11

Rahul Baghaniya