I’ve sat up stand alone Keycloak server and now I am trying to make it working with my spring boot project.
I made a KeycloakSecurityConfig class and sat everything up.
So when I try to make request to /secured I get 401, when I pass the bearer token I get 200. But when I revoke the token I can still get 200 on any endpoint of my app.
When I do request to the introspect endpoint I get {“active”:false}.
Is there a way to set it up that spring will first check if the token is revoked?
This is my security config.
@KeycloakConfiguration
class WebSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.authorizeRequests()
.antMatchers("/secured").authenticated()
.antMatchers("/role/user").hasAnyRole("user")
.antMatchers("/role/admin").hasAnyRole("admin")
.anyRequest()
.permitAll();
http.csrf().disable();
}
@Bean
public ServletListenerRegistrationBean<HttpSessionEventPublisher> httpSessionEventPublisher() {
return new ServletListenerRegistrationBean<HttpSessionEventPublisher>(new HttpSessionEventPublisher());
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
KeycloakAuthenticationProvider keycloakAuthenticationProvider
= keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(
new SimpleAuthorityMapper());
auth.authenticationProvider(keycloakAuthenticationProvider);
}
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
}
@Autowired
public KeycloakClientRequestFactory keycloakClientRequestFactory;
@Bean
@Scope(value=ConfigurableBeanFactory.SCOPE_PROTOTYPE)
public KeycloakRestTemplate keycloakRestTemplate() {
return new KeycloakRestTemplate(keycloakClientRequestFactory);
}
@Bean
public KeycloakSpringBootConfigResolver KeycloakConfigResolver() {
return new KeycloakSpringBootConfigResolver();
}
}
This is my application.properties
keycloak.auth-server-url=http://localhost:8080/auth
keycloak.realm=realm
keycloak.resource=client_id
keycloak.credentials.secret = xxxxxxxxxxxxxxxxxxxxxxx
keycloak.principal-attribute=preferred_username