ClassCastException with custom Keycloak Authentication Filter

[jdmbg]

Hello,

I already asked this question in this post of the Camunda Forum but received no answer.

I am writing my own Container Based Authentication Filter. I wrote the following java class KeycloakSSOAuthenticationProvider that implements AuthenticationProvider and looks something like this:

package com.somename.sso.camunda;
import org.camunda.bpm.engine.rest.security.auth.AuthenticationProvider;

public class KeycloakSSOAuthenticationProvider implements AuthenticationProvider {

    @Override
    public AuthenticationResult extractAuthenticatedUser(final HttpServletRequest request, final ProcessEngine engine) {
        // Does something
        return authenticationResult;
    }

    private List<String> getUserGroups(final String userId, final ProcessEngine engine) {
        // Does something
        return groupIds;
    }

    public void augmentResponseByAuthenticationChallenge(final HttpServletResponse response,
            final ProcessEngine engine) {
        ;
    }
}

Here ist the filter description from my web.xml file:

<filter>
    <filter-name>Container Based Authentication Filter</filter-name>
    <filter-class>org.camunda.bpm.webapp.impl.security.auth.ContainerBasedAuthenticationFilter</filter-class>
    <init-param>
      <param-name>authentication-provider</param-name>
      <param-value>com.somename.sso.camunda.KeycloakSSOAuthenticationProvider</param-value>
      <!-- <param-value>org.camunda.community.auth.keycloak.sso.KeycloakSSOAuthenticationProvider</param-value> -->
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>Container Based Authentication Filter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
  </filter-mapping>

There is an error at runtime when the filter tries to cast KeycloakSSOAuthenticationProvider to AuthenticationProvider. I would suppose that this casting should not be a problem since the first one implements the second one.

However it appears that KeycloakSSOAuthenticationProvider is loaded by URLClassLoader, while AuthenticationProvider is loaded by ParallelWebappClassLoader and this is creating the error. Here the error log I get when running camunda:

Caused by: java.lang.ClassCastException: class com.somename.sso.camunda.KeycloakSSOAuthenticationProvider cannot be cast to class org.camunda.bpm.engine.rest.security.auth.AuthenticationProvider (com.somename.sso.camunda.KeycloakSSOAuthenticationProvider is in unnamed module of loader java.net.URLClassLoader @6fc6f14e; org.camunda.bpm.engine.rest.security.auth.AuthenticationProvider is in unnamed module of loader org.apache.catalina.loader.ParallelWebappClassLoader @7a498efa)

How should I approach this issue?

[VonDerBeck]

It doesn't look like your question is related to this Camunda Keycloak Identity Provider plugin. Or did I miss something?

[jdmbg]

That is right, I wasn't sure if the question belonged here. Should I post it somewhere else?

[VonDerBeck]

This GitHub project is in fact exclusively dedicated to the Camunda Keycloak Identity Provider. It would be nice not to post general questions here as a bug.

Basic help is available a) in the Camunda Forum and b) in case you have an Enterprise license directly from the Camunda Support. It may be that there is not as much going on in the Camunda Forum as usual - which is simply due to the current COVID 19 circumstances. Therefore it will surely need a little patience.

[jdmbg]

Ok sorry for the inconvinience.