Hi all.

I am stuck and I wonder if someone has been through the same issues I am facing with Errai 3.2.0-SNAPSHOT and Keycloak 1.2.0.Final (I have the same issues with older versions too). Ant clue? I am completely out of ideas, especially with the Errai Security Demo seems to work with the same configuration!

Below is my web.xml which closely mimics the one from Errai security demo:

1. What I noticed first was that after a succeessful KC login, KC redirects back to the wrong url: http://localhost:8080/draft/app-login  instead of http://localhost:8080/draft/app-login/index_draft.jsp  The reason turns out to be that the LoginRedirectFilter never gets called,, so the redirectLocation is not picked up!

2. After wasting quite some time, I discovered that I need to comment out the entire <security-constraint> ... </security-constraint> section in my web.xml, to get my debugger prove that the filter now gets called.

Why is <security-constraint> ... </security-constraint> suppressing the filter and why this is not happening with the Errai Security Demo?

Next however, this leads  to a different type of exception in the doFilter() method:

Context Path:

/draft

Servlet Path:

/app-login

Path Info:

null

Query String:

null

Stack Trace

org.jboss.weld.exceptions.IllegalProductException: WELD-000054: Producers cannot produce non-serializable instances for injection into non-transient fields of passivating beans Producer: Producer Method [AuthenticationService] with qualifiers [@Filtered @Any] declared as [[BackedAnnotatedMethod] @Produces @Filtered public org.jboss.errai.security.keycloak.extension.WrappedServiceProducer.getWrappedAuthenticationService()] Injection Point: [BackedAnnotatedField] @Inject @Filtered private org.jboss.errai.security.keycloak.KeycloakAuthenticationService.wrappedAuthService

org.jboss.weld.bean.AbstractProducerBean.checkReturnValue(AbstractProducerBean.java:157)

org.jboss.weld.bean.AbstractProducerBean.create(AbstractProducerBean.java:184)

org.jboss.weld.context.unbound.DependentContextImpl.get(DependentContextImpl.java:69)

org.jboss.weld.manager.BeanManagerImpl.getReference(BeanManagerImpl.java:742)

org.jboss.weld.manager.BeanManagerImpl.getInjectableReference(BeanManagerImpl.java:840)

org.jboss.weld.injection.FieldInjectionPoint.inject(FieldInjectionPoint.java:92)

org.jboss.weld.util.Beans.injectBoundFields(Beans.java:370)

org.jboss.weld.util.Beans.injectFieldsAndInitializers(Beans.java:381)

org.jboss.weld.injection.producer.ResourceInjector$1.proceed(ResourceInjector.java:70)

org.jboss.weld.injection.InjectionContextImpl.run(InjectionContextImpl.java:48)

org.jboss.weld.injection.producer.ResourceInjector.inject(ResourceInjector.java:72)

org.jboss.weld.injection.producer.BasicInjectionTarget.inject(BasicInjectionTarget.java:121)

org.jboss.weld.bean.ManagedBean.create(ManagedBean.java:150)

org.jboss.weld.util.bean.IsolatedForwardingBean.create(IsolatedForwardingBean.java:44)

org.jboss.weld.context.AbstractContext.get(AbstractContext.java:96)

org.jboss.weld.context.PassivatingContextWrapper$AbstractPassivatingContextWrapper.get(PassivatingContextWrapper.java:76)

org.jboss.weld.bean.proxy.ContextBeanInstance.getInstance(ContextBeanInstance.java:98)

org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:99)

org.jboss.errai.security.keycloak.KeycloakAuthenticationService$Proxy$_$$_WeldClientProxy.setSecurityContext(Unknown Source)

org.jboss.errai.security.keycloak.LoginRedirectFilter.doFilter(LoginRedirectFilter.java:68)

====================================================================================

<?xml version="1.0" encoding="UTF-8"?>

<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"

        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

        xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"

        version="3.1">

    <!-- Default page to serve -->

    <welcome-file-list>

        <welcome-file>index_draft.jsp</welcome-file>

    </welcome-file-list>

    <!--  This error page rule responds with the GWT Host page for pushstate Errai Navigation URLs -->

    <error-page>

        <error-code>404</error-code>

        <location>/</location>

    </error-page>

    <!-- Erray Keycloak security --> 

    <filter>

        <filter-name>ErraiLoginRedirectFilter</filter-name>

        <init-param>

            <param-name>redirectLocation</param-name>

            <param-value>/index_draft.jsp</param-value>

        </init-param>

    </filter>

    <!-- JAX-RS configuration-->

    <servlet-mapping>

        <servlet-name>javax.ws.rs.core.Application</servlet-name>

        <url-pattern>/rest/*</url-pattern>

    </servlet-mapping>

    <filter-mapping>

        <filter-name>ErraiUserCookieFilter</filter-name>

        <url-pattern>/index_draft.jsp</url-pattern>

    </filter-mapping>

    <filter-mapping>

        <filter-name>ErraiLoginRedirectFilter</filter-name>

        <url-pattern>/app-login</url-pattern>

    </filter-mapping>

    <security-constraint>

        <web-resource-collection>

            <web-resource-name>Login</web-resource-name>

            <url-pattern>/app-login</url-pattern>

        </web-resource-collection>

        <auth-constraint>

            <role-name>*</role-name>

        </auth-constraint>

    </security-constraint>

    <login-config>

        <auth-method>KEYCLOAK</auth-method>

        <realm-name>TEST</realm-name>

    </login-config>

    <security-role>

        <role-name>user</role-name>

    </security-role>

    <security-role>

        <role-name>admin</role-name>

    </security-role>

</web-app>