Spring Boot KeyCloak not invoking success handler

Question

I am using Spring Boot KeyCloak in my application to connect with KeyCloak. However I have a custom success handler which is not being invoked. I am not sure why. here is my code:

SecurityConfiguration.java:

@KeycloakConfiguration
public class SecurityConfiguration extends KeycloakWebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) {
        KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
        keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
        auth.authenticationProvider(keycloakAuthenticationProvider);
    }

    @Bean
    public KeycloakSpringBootConfigResolver keycloakConfigResolver() {
        return new KeycloakSpringBootConfigResolver();
    }

    @Bean
    @Primary
    @Override
    protected KeycloakAuthenticationProcessingFilter keycloakAuthenticationProcessingFilter() throws Exception {
        KeycloakAuthenticationProcessingFilter filter = new KeycloakAuthenticationProcessingFilter(authenticationManagerBean());
        filter.setSessionAuthenticationStrategy(sessionAuthenticationStrategy());
        filter.setAuthenticationSuccessHandler(successHandler());
        filter.setAuthenticationFailureHandler(failureHandler());
        return filter;
    }

    @Bean
    @Override
    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        super.configure(http);
        http.csrf().disable().authorizeRequests()
            .antMatchers("/**").authenticated();
    }

    @NotNull
    @Bean
    public KeyCloakAuthSuccessHandler successHandler() {
        return new KeyCloakAuthSuccessHandler(new SavedRequestAwareAuthenticationSuccessHandler());
    }

    @NotNull
    @Bean
    public KeyCloakAuthFailureHandler failureHandler() {
        return new KeyCloakAuthFailureHandler();
    }

}

And in my KeyCloakAuthSuccessHandler.java, I have:

@Slf4j
public class KeyCloakAuthSuccessHandler extends KeycloakAuthenticationSuccessHandler {

    @Autowired
    ObjectMapper mapper;

    public KeyCloakAuthSuccessHandler(AuthenticationSuccessHandler fallback) {
        super(fallback);
    }

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
            throws IOException, ServletException {
        log.error("inside success handler");
        if (authentication.getPrincipal() instanceof KeycloakPrincipal) {
            AccessToken token = ((KeycloakPrincipal<?>) authentication.getPrincipal()).getKeycloakSecurityContext().getToken();
            // do other stuff
        }
    }
}

The above code doesn't invoked the success handler however a similar failure handler is working and getting invoked.

Answer 1

I think you have to write your own KeycloakAuthenticationProcessingFilter using your KeyCloakAuthSuccessHandler.

https://github.com/keycloak/keycloak/blob/main/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java

You can't inject your KeyCloakAuthSuccessHandler.