@Override public void handleDeployment(DeploymentInfo deploymentInfo, ServletContext servletContext) { if (!isAuthenticationMechanismPresent(deploymentInfo, "KEYCLOAK")) { log.info("auth-method is not keycloak!"); return; } log.info("KeycloakServletException initialization"); InputStream is = servletContext.getResourceAsStream("/WEB-INF/keycloak.json"); if (is == null) throw new RuntimeException("Unable to find /WEB-INF/keycloak.json configuration file"); RealmConfigurationLoader loader = new RealmConfigurationLoader(is); loader.init(true); AdapterConfig keycloakConfig = loader.getAdapterConfig(); RealmConfiguration realmConfiguration = loader.getRealmConfiguration(); PreflightCorsHandler.Wrapper preflight = new PreflightCorsHandler.Wrapper(keycloakConfig); UserSessionManagement userSessionManagement = new UserSessionManagement(realmConfiguration); ServletKeycloakAuthenticationMechanism auth = null; if (keycloakConfig.isBearerOnly()) { auth = new ServletKeycloakAuthenticationMechanism( keycloakConfig, loader.getResourceMetadata(), deploymentInfo.getConfidentialPortManager()); } else { auth = new ServletKeycloakAuthenticationMechanism( userSessionManagement, keycloakConfig, realmConfiguration, deploymentInfo.getConfidentialPortManager()); } ServletAuthenticatedActionsHandler.Wrapper actions = new ServletAuthenticatedActionsHandler.Wrapper(keycloakConfig); // setup handlers deploymentInfo.addInitialHandlerChainWrapper(preflight); // cors preflight deploymentInfo.addOuterHandlerChainWrapper( new ServletAdminActionsHandler.Wrapper(realmConfiguration, userSessionManagement)); final ServletKeycloakAuthenticationMechanism theAuth = auth; deploymentInfo.addAuthenticationMechanism( "KEYCLOAK", new AuthenticationMechanismFactory() { @Override public AuthenticationMechanism create( String s, FormParserFactory formParserFactory, Map<String, String> stringStringMap) { return theAuth; } }); // authentication deploymentInfo.addInnerHandlerChainWrapper( ServletPropagateSessionHandler.WRAPPER); // propagates SkeletonKeySession deploymentInfo.addInnerHandlerChainWrapper(actions); // handles authenticated actions and cors. deploymentInfo.setIdentityManager( new IdentityManager() { @Override public Account verify(Account account) { log.info("Verifying account in IdentityManager"); return account; } @Override public Account verify(String id, Credential credential) { log.warn("Shouldn't call verify!!!"); throw new IllegalStateException("Not allowed"); } @Override public Account verify(Credential credential) { log.warn("Shouldn't call verify!!!"); throw new IllegalStateException("Not allowed"); } }); log.info("Setting jsession cookie path to: " + deploymentInfo.getContextPath()); ServletSessionConfig cookieConfig = new ServletSessionConfig(); cookieConfig.setPath(deploymentInfo.getContextPath()); deploymentInfo.setServletSessionConfig(cookieConfig); }