Spring Boot I can't switch keycloak and basic authentication

1
votes

NB: I'm using Spring Boot 2.1.10 and Keycloak 6.0.1 I wish I could choose between basic authentication and SSO at launch time for a web application (MVC). So I first integrated Spring Security + Keycloak with keycloak-spring-boot-starter

@SpringBootApplication
@EnableWebSecurity
public class KcApplication {
    public static void main(String[] args) {
        SpringApplication.run(KcApplication.class, args);
    }
}

Then I defined a "sso" Spring profile and a default config:

application.properties goes like this:

spring.application.name=@artifactId@
server.port: 8081
keycloak.enabled=false
spring.main.allow-bean-definition-overriding: true

and application-sso.yml goes like this:

keycloak:
  enabled: true
  auth-server-url: http://localhost:8180/auth
  realm: SpringBootRealm
  resource: spring-app
  credentials:
    secret: 0c8940a4-2065-4810-a366-02877802e762
  principal-attribute: preferred_username

Then I got two different security configurers:

@Configuration @Profile("!sso")
public class BasicAuthConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        super.configure(http);
        http.authorizeRequests()
            .antMatchers("/customers*").authenticated()
            .anyRequest().permitAll()
        .and().httpBasic()  //DEBUG can't force
        .and().logout().logoutSuccessUrl("/");
    }
}

@Configuration @Profile("sso")
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
public class KeycloakAuthConfig extends KeycloakWebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        super.configure(http);
        http.authorizeRequests()
            .antMatchers("/customers*").authenticated()
            .anyRequest().permitAll();
    }
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        KeycloakAuthenticationProvider authProvider = keycloakAuthenticationProvider();
        authProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
        auth.authenticationProvider(authProvider);
    }
    @Bean
    public KeycloakSpringBootConfigResolver keycloakConfigResolver() {
        return new KeycloakSpringBootConfigResolver();
    }
    @Override
    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
    }
}

Everithing launches smoothly in both cases, and the "sso" profile behaves rightly: entering the /consumers path first turns to a redirection to Keycloak and coming back when authenticated. But I can't get the default profile to log me in. When entering /consumers I get an anonymousUser, not being asked to form login.

I guess that the issue comes from something I missed, so I put above as many things as possible. Does anyone knows why I can't login, despite the fact that the right configurer was run at debug? Thank you

1
spring-bootspring-securitysingle-sign-onbasic-authenticationkeycloak
FYI here is the original tutorial used to build up that trial baeldung.com/spring-boot-keycloak - Thomas Escolan

1 Answers

0
votes

Well, it took the weekend for the session to be reset, then it worked! Proof that it's probably the logout that bugs instead... I'm not even sad :-(