extending/adding a request filter/interceptor in key cloak application
26 views
Skip to first unread message
Phil Fleischer
Feb 12, 2020, 11:33:56 AM2/12/20
to Keycloak User
Hey folks, long time no see,
I’m looking to add some instrumentation (specifically to new relic) for our keycloak without customizing the core server (ideal using a provider or module). Ideally I’d inject a filter into the filter chain of keycloak application after KeycloakSessionServletFilter, but don’t want or think I can mess with the embedded web.xml.
I found this, which works great… kinda, except it doesn’t run in the context of the application which causes me some issues down stream since it’s not actually running in the KeycloakApplication.
I tried going the “RESTEasy” route by adding ContainerRequestFilter but I’m guessing this isn’t getting injected/registered for various reasons, most likely that I’m adding it in a provider and not the core application.
Anyone ever pull something like this off??
— Phil
<servlet>
<servlet-name>Keycloak REST Interface</servlet-name>
<servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServlet30Dispatcher</servlet-class>
<init-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>org.keycloak.services.resources.KeycloakApplication</param-value>
</init-param>
<init-param>
<param-name>resteasy.servlet.mapping.prefix</param-name>
<param-value>/</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<async-supported>true</async-supported>
</servlet>
<listener>
<listener-class>org.keycloak.services.listeners.KeycloakSessionDestroyListener</listener-class>
</listener>
<filter>
<filter-name>Keycloak Session Management</filter-name>
<filter-class>org.keycloak.services.filters.KeycloakSessionServletFilter</filter-class>
<async-supported>true</async-supported>
</filter>
Phil Fleischer
Feb 12, 2020, 8:30:27 PM2/12/20
to Keycloak User
A really bad idea was to override/extend this class and add my instrumentation to the JtaTransactionManagerLookup provider since it's easily overridden and it's called every request in the KeycloakSessionServletFilter under tx.begin(). This would pain me, I'd rather at least add it to the EventListenerProvider, but it doesn't seem to be instantiated for ALL http requests... I'd really rather a filter, I just couldn't get it to work adding them to META-INF.services in my module/provider.
public interface JtaTransactionManagerLookup extends Provider, ProviderFactory<JtaTransactionManagerLookup> {
@Override
default void close() {
}
@Override
default JtaTransactionManagerLookup create(KeycloakSession session) {
return this;
}
TransactionManager getTransactionManager();
}
Thomas Darimont
Feb 13, 2020, 2:07:02 AM2/13/20
to Phil Fleischer, Keycloak User
Hi Phil,
take a look at this: https://github.com/thomasdarimont/keycloak-extension-playground/tree/master/jaxrs-request-filter-extension
Cheers,
Thomas
--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/c5eb8edc-4287-4cff-9313-10f2879c0eda%40googlegroups.com.
Phil Fleischer
Feb 13, 2020, 12:01:03 PM2/13/20
to Keycloak User
First thing, that worked... I was thinking something like that was possible but couldn't find the container request registry, also I had some minor class loading issues with my module, but was able to figure those out and yeah it works, awesome!
Second, cool repo with all the extension examples, kudos!
Reply all
Reply to author
Forward
0 new messages