Comments (8)
Hi @Mario-Eis
Which sample did you follow to setup your test? Did you have a quick look at readme at all?
Would you share your unit-test code (and conf)?
Maybe did you @AutoConfigureSecurityAddons (which sets-up spring-boot 2.7+ seb-security) when the sample for KeycloakAuthenticationToken clearly doesn't.
If that's the case
- quick fix: remove @AutoConfigureSecurityAddons and be sure you pull spring-addons-keycloak only (and not any of spring-security-oauth2-...)
- future-proof solution: do not use Keycloak libs at all in your resource server. Use either this lib auto-configuration (and OAuthentication) or spring-security manual configuration (with JwtAuthenticationToken)
With second option, you'll be spring-boot 3 ready, can choose between webmvc or webflux app, and can switch your authorization-server from Keycloak to something else with minimum fuzz.
from spring-addons.
I used the configuration from the official Keycloak documentation in my web service: https://www.keycloak.org/docs/latest/securing_apps/#_spring_security_adapter
And behind the KeycloakWebSecurityConfigurerAdapter there is a WebSecurityConfigurerAdapter.
For my tests I use the spring-addons-keycloak to mock the authentication. So when I run the tests, spring-addons-keycloak are in the classpath. And it seems, as if they register a SecurityFilterChain.
The security-oauth2-... are pulled automatically. Should they be ignored?
from spring-addons.
@Mario-Eis I know Keycloak spring adapter is still depending on WebSecurityConfigurerAdapter (reason for me writing you should use something else to be spring-boot 3 ready). This does not prevent spring-addons-keycloak
from working. If you don't believe me, follow first paragraph of main readme:
git clone https://github.com/ch4mpy/spring-addons.git
cd spring-addons
mvn test
You'll see a module named webmvc-keycloakauthenticationtoken
with passing unit-test. If you open your IDE and browse to spring-addons/samples/webmvc-keycloakauthenticationtoken
, you'll see that it's just an ordinary spring-boot app with Keycloak dependencies and properties (and various flavors of unit tests).
Also you answer to none of my questions. So unless you provide me with your pom (or gradle), web-security conf and unit-test, there is nothing I can do for you.
from spring-addons.
The security-oauth2-... are pulled automatically. Should they be ignored?
Good catch, this transient dependency on spring-security-oauth2-webmvc-addons
is useless and should be removed. You can exclude it untill next release (but I don't believe it will solve your problem by itself).
from spring-addons.
...but I don't believe it will solve your problem by itself
Well, actually it (4.4.8) did solve my problem 😀 All tests are green again!!
Thank you very much for the support! Good job! Your library helps a lot with testing my Keycloak service.
Update:
I use spring boot, but with a part webmvc manual configuration (its complicated ;) ). The keycloak addons are used for mocking the auth while doing integration tests. I guess what happened was: As soon as a test started, spring boot picked up the ServletSecurityBeans (in the classpath while testing) in addition to the KeycloakWebSecurityConfigurerAdapter from the Keycloak library manual config. And boom.
from spring-addons.
Well, actually it (4.4.8) did solve my problem
Good to read.
You should really consider dropping Keycloak libs. Give a try to this instead
from spring-addons.
You should really consider dropping Keycloak libs. Give a try to this instead
I will consider it! Thanks!
from spring-addons.
I use spring boot, but with a part webmvc manual configuration (its complicated ;) )
Then, you could have JwtAuthenticationToken instances in runtime security-context. If so, @WithMockJwtAuth
from spring-security-oauth2-test-webmvc-addons
might be a better fit than @WithMockKeycloakAuth
.
Plus, you can already bump to spring-boot 2.7 (need to give an eye to spring-boot doc to stop extending WebSecurityConfigurerAdapter
)
In any case, you should really have a look at that tutorial, it should greatly simplify your conf.
from spring-addons.
Related Issues (20)
- `authorization-request-params` ignored HOT 1
- POST /logout response Forbidden 403 HOT 9
- Support several JWT authentication converters (or converters with a `@Qualifier` which is not `jwtAuthenticationConverter`)
- Doubled path-prefix by `SpringAddonsServerOAuth2AuthorizationRequestResolver` HOT 1
- Allow anonymous CORS preflight requests (`OPTIONS` requests to a path configured with CORS) HOT 1
- Configuration properties to add parameters to token requests HOT 1
- Spring Starter OICD, Resource Server: Option to disable the default behavior for authorized/protected routes HOT 1
- BFF configuration token is not refreshed HOT 3
- Getting response 401 (Unauthorized) for permit-all requests after update HOT 2
- (Not a bug)Why the custom JwtDecoder bean is useless HOT 2
- `spring-security-oauth2-resource-server`, `spring-security-oauth2-client` and `spring-webflux` should be `optional` dependencies HOT 1
- Support for resource owner password credential flow (ROPC) HOT 1
- Handle CORS Requests with Keycloak's "allowed-origins" claim like the keycloak adapter (now deprecated) HOT 2
- Downstream services times out reading request body when csrf is set to cookie-accessible-from-js HOT 2
- Expand servlet-client tutorial to show calling servlet-resource-server with user that has NICE privileges. HOT 2
- Logout Issue (Invalid CSRF Token) HOT 3
- Import keycloak realms with spring-addons-starters-rest HOT 1
- `@WithOidcLogin` using json file similarly as `@WithJwt` HOT 8
- Need support in resolving 401 Unauthorized Error for Multi Tenant JWT Auth with Resource Server HOT 1
- Invalid SpringAddonsOidcProperties breaks native image HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spring-addons.