libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

documentation added

Browse source
This commit is contained in:
Hendrik Ebbers 2017-06-15 12:57:10 +02:00
parent f6ea9fc7d4
commit f5d118595e
1 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
securing_apps/topics/oidc/java/spring-security-adapter.adoc
View file

@ -36,9 +36,7 @@ While its use is not required, it greatly simplifies your security context confi
---- ----
@Configuration @KeycloakConfiguration
@EnableWebSecurity
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter
{ {
/** /**
@ -76,6 +74,11 @@ You must provide a session authentication strategy bean which should be of type
Spring Security's `SessionFixationProtectionStrategy` is currently not supported because it changes the session identifier after login via Keycloak. Spring Security's `SessionFixationProtectionStrategy` is currently not supported because it changes the session identifier after login via Keycloak.
If the session identifier changes, universal log out will not work because Keycloak is unaware of the new session identifier. If the session identifier changes, universal log out will not work because Keycloak is unaware of the new session identifier.
TIP: The `@KeycloakConfiguration` annotation is a metadata annotion that defines all annotations that are needed to integrate
KeyCloak in Spring security. If you have a complexe Spring security setup you can simply have a look ath the annotations of
the `@KeycloakConfiguration` annotation and create your own custom meta annotation or just use specific Spring annotations
for the KeyCloak adapter.
====== XML Configuration ====== XML Configuration
While Spring Security's XML namespace simplifies configuration, customizing the configuration can be a bit verbose. While Spring Security's XML namespace simplifies configuration, customizing the configuration can be a bit verbose.