ladytaz-rowell
commented
2 years ago I need this too
Open raduromaniuc opened 2 years ago
ladytaz-rowell
commented
2 years ago I need this too
anthonyraymond
commented
2 years ago Take a look at my answer: https://github.com/keycloak/keycloak/issues/12514#issuecomment-1209109769
We have a big problem.
In September last year we developed our web application with the Keycloak Tomcat Adapter according to the latest documentation: https://www.keycloak.org/docs/latest/securing_apps/#_spring_boot_adapter " If you plan to deploy your Spring Application as a WAR then you should not use the Spring Boot Adapter and use the dedicated adapter for the application server or servlet container you are using. Your Spring Boot should also contain a web.xml file. "
Unfortunately, all adapters have been recently deprecated: https://www.keycloak.org/2022/02/adapter-deprecation
We are looking for the best alternative to the Keycloak Tomcat Adapter. Ideally, the alternative would still be a Tomcat Valve that connects to the Keycloak authz server (for the public key), intercepting incoming requests, validating the provided JWT tokens and API paths in web.xml with their corresponding roles (security-constraints), finally setting the principal in the HttpRequest object, using OAuth 2.
Has anyone else had this problem and found a good alternative? Please be kind and share