SpringBoot/SpringSecurity: Access SecurityContext from custom KeycloakConfigResolver

Hello,

I’m trying to configure the security of a Spring Boot application with a multi-tenancy approach.
I have the use case where a same REST endpoint can be secured by multiple Keycloak realms.
The resolver is correctly instantiated and called properly, but it appears that because of the Spring Security filter chain, there’s some places where the resolver is called but the SecurityContext is not yet initialized so that SecurityContextHolder.getContext() returns null.

The only workaround I found at the moment is by manually parsing the JWT in the request to fetch the realm and then load the correct configuration as a KeycloakDeployment class but I find it somewhat dirty.

Would there be any other option allowing me to secure the same endpoint with different realms ?

Thanks

3 Likes