Hi there,
I’m developing 2 services(keycloak clients). One for UI(credential) and another for REST API(bearer-only). I have tested without SSL and they’ve worked fine till now. But if I wanted to apply SSL on my REST API(using self-signed cert), what should I do? ‘KeycloakRestTemplate’ makes exception with message like this:
java.lang.IllegalStateException: Cannot set authorization header because Authentication is of type class org.springframework.security.authentication.AnonymousAuthenticationToken but class org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken is required
Then I tried some code snippet that I used for non-OAuth2 REST API, but same result
SSLContext context;
try {
TrustStrategy acceptingTrustStrategy = new TrustSelfSignedStrategy();
context = SSLContexts.custom()
.setProtocol("TLS")
.loadTrustMaterial(null, acceptingTrustStrategy)
.build();
context.init(
null,
new TrustManager[] { new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {}
public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {}
public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; }
}
},
new java.security.SecureRandom());
} catch(Exception e) {
System.err.println(e);
return null;
}
SSLConnectionSocketFactory scsf = new SSLConnectionSocketFactory(context, NoopHostnameVerifier.INSTANCE);
KeycloakClientRequestFactory factory = new KeycloakClientRequestFactory();
factory.setReadTimeout(5000);
factory.setConnectTimeout(3000);
CloseableHttpClient httpClient = HttpClientBuilder.create()
.setMaxConnTotal(100)
.setMaxConnPerRoute(5)
.setSSLContext(context)
.setSSLSocketFactory(scsf)
.build();
factory.setHttpClient(httpClient);
KeycloakRestTemplate restTemplate = new KeycloakRestTemplate(factory);
ResponseEntity<String[]> response = restTemplate.getForEntity(serviceUrl, String[].class);