Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
15.0.2
-
None
Description
I've noticed a bug with the Keycloak Spring Boot Adapter while debugging my application.
The four Keycloak security filters (namely KeycloakPreAuthActionsFilter, KeycloakAuthenticationProcessingFilter, KeycloakSecurityContextRequestFilter, KeycloakAuthenticatedActionsFilter) will be added twice to the Spring FilterChain.
To prevent this from happening you should not provide the filters as a bean and at the same time adding them via the "addFilterBefore"/"addFilterAfter" methods to the HttpSecurity object (see KeycloakWebSecurityConfigurerAdapter).
I created a PR that fixes this issue: https://github.com/keycloak/keycloak/pull/8868