{"id":36418924,"url":"https://github.com/pablobastidasv/kc_security","last_synced_at":"2026-01-11T17:01:51.680Z","repository":{"id":49235322,"uuid":"133399250","full_name":"pablobastidasv/kc_security","owner":"pablobastidasv","description":"Keycloak security to JEE using Soteria","archived":false,"fork":false,"pushed_at":"2021-06-22T14:18:49.000Z","size":93,"stargazers_count":10,"open_issues_count":1,"forks_count":3,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-07-12T19:11:40.273Z","etag":null,"topics":["jee","keycloak-security","pom","soteria"],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pablobastidasv.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-05-14T17:39:12.000Z","updated_at":"2021-06-22T14:18:44.000Z","dependencies_parsed_at":"2022-07-30T07:17:56.761Z","dependency_job_id":null,"html_url":"https://github.com/pablobastidasv/kc_security","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/pablobastidasv/kc_security","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pablobastidasv%2Fkc_security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pablobastidasv%2Fkc_security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pablobastidasv%2Fkc_security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pablobastidasv%2Fkc_security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pablobastidasv","download_url":"https://codeload.github.com/pablobastidasv/kc_security/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pablobastidasv%2Fkc_security/sbom","scorecard":{"id":717154,"data":{"date":"2025-08-11","repo":{"name":"github.com/pablobastidasv/kc_security","commit":"876fdef566c8b2b4a4c18f9fac9a7acf6af35e6a"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.6,"checks":[{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":9,"reason":"binaries present in source code","details":["Warn: binary detected: .mvn/wrapper/maven-wrapper.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 0/15 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 20 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"97 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-h46c-h94j-95f3","Warn: Project is vulnerable to: GHSA-wf8f-6423-gfxg","Warn: Project is vulnerable to: GHSA-288c-cq4h-88gq","Warn: Project is vulnerable to: GHSA-4gq5-ch57-c2mg","Warn: Project is vulnerable to: GHSA-4w82-r329-3q67","Warn: Project is vulnerable to: GHSA-57j2-w4cx-62h2","Warn: Project is vulnerable to: GHSA-5949-rw7g-wx7w","Warn: Project is vulnerable to: GHSA-5r5r-6hpj-8gg9","Warn: Project is vulnerable to: GHSA-5ww9-j83m-q7qx","Warn: Project is vulnerable to: GHSA-645p-88qh-w398","Warn: Project is vulnerable to: GHSA-6fpp-rgj9-8rwc","Warn: Project is vulnerable to: GHSA-6wqp-v4v6-c87c","Warn: Project is vulnerable to: GHSA-85cw-hj65-qqv9","Warn: Project is vulnerable to: GHSA-89qr-369f-5m5x","Warn: Project is vulnerable to: GHSA-8c4j-34r4-xr8g","Warn: Project is vulnerable to: GHSA-8w26-6f25-cm9x","Warn: Project is vulnerable to: GHSA-9gph-22xh-8x98","Warn: Project is vulnerable to: GHSA-9m6f-7xcq-8vf8","Warn: Project is vulnerable to: GHSA-9mxf-g3x6-wv74","Warn: Project is vulnerable to: GHSA-c8hm-7hpq-7jhg","Warn: Project is vulnerable to: GHSA-cf6r-3wgc-h863","Warn: Project is vulnerable to: GHSA-cjjf-94ff-43w7","Warn: Project is vulnerable to: GHSA-cmfg-87vq-g5g4","Warn: Project is vulnerable to: GHSA-cvm9-fjm9-3572","Warn: Project is vulnerable to: GHSA-f3j5-rmmp-3fc5","Warn: Project is vulnerable to: GHSA-f9hv-mg5h-xcw9","Warn: Project is vulnerable to: GHSA-f9xh-2qgp-cq57","Warn: Project is vulnerable to: GHSA-fmmc-742q-jg75","Warn: Project is vulnerable to: GHSA-fqwf-pjwf-7vqv","Warn: Project is vulnerable to: GHSA-gjmw-vf9h-g25v","Warn: Project is vulnerable to: GHSA-gwp4-hfv6-p7hw","Warn: Project is vulnerable to: GHSA-gww7-p5w4-wrfv","Warn: Project is vulnerable to: GHSA-h3cw-g4mq-c5x2","Warn: Project is vulnerable to: GHSA-h822-r4r5-v8jg","Warn: Project is vulnerable to: GHSA-jjjh-jjxp-wpff","Warn: Project is vulnerable to: GHSA-m6x4-97wx-4q27","Warn: Project is vulnerable to: GHSA-mph4-vhrx-mv67","Warn: Project is vulnerable to: GHSA-mx7p-6679-8g3q","Warn: Project is vulnerable to: GHSA-mx9v-gmh4-mgqw","Warn: Project is vulnerable to: GHSA-p43x-xfjf-5jhr","Warn: Project is vulnerable to: GHSA-q93h-jc49-78gg","Warn: Project is vulnerable to: GHSA-qjw2-hr98-qgfh","Warn: Project is vulnerable to: GHSA-qr7j-h6gg-jmgc","Warn: Project is vulnerable to: GHSA-r3gr-cxrf-hg25","Warn: Project is vulnerable to: GHSA-r695-7vr9-jgc2","Warn: Project is vulnerable to: GHSA-rgv9-q543-rqg4","Warn: Project is vulnerable to: GHSA-rpr3-cw39-3pxh","Warn: Project is vulnerable to: GHSA-v585-23hc-c647","Warn: Project is vulnerable to: GHSA-vfqx-33qm-g869","Warn: Project is vulnerable to: GHSA-wh8g-3j2c-rqj5","Warn: Project is vulnerable to: GHSA-x2w5-5m2g-7h5m","Warn: Project is vulnerable to: GHSA-7r82-7xv7-xcpj","Warn: Project is vulnerable to: GHSA-4cx2-fc23-5wg6","Warn: Project is vulnerable to: GHSA-6xx3-rg99-gc3p","Warn: Project is vulnerable to: GHSA-72m5-fvvv-55m6","Warn: Project is vulnerable to: GHSA-8xfc-gm6g-vgpv","Warn: Project is vulnerable to: GHSA-hr8g-6v94-x4m9","Warn: Project is vulnerable to: GHSA-v435-xc8x-wvr9","Warn: Project is vulnerable to: GHSA-wjxj-5m7g-mg7q","Warn: Project is vulnerable to: GHSA-m6mm-q862-j366","Warn: Project is vulnerable to: GHSA-38cg-gg9j-q9j9","Warn: Project is vulnerable to: GHSA-3gg7-9q2x-79fc","Warn: Project is vulnerable to: GHSA-3w4v-rvc4-2xpw","Warn: Project is vulnerable to: GHSA-4fgq-gq9g-3rw7","Warn: Project is vulnerable to: GHSA-4gf2-xv97-63m2","Warn: Project is vulnerable to: GHSA-5cc8-pgp5-7mpm","Warn: Project is vulnerable to: GHSA-6pmv-7pr9-cgrj","Warn: Project is vulnerable to: GHSA-6xp6-fmc8-pmmr","Warn: Project is vulnerable to: GHSA-755v-r4x4-qf7m","Warn: Project is vulnerable to: GHSA-7m27-3587-83xf","Warn: Project is vulnerable to: GHSA-8vf3-4w62-m3pq","Warn: Project is vulnerable to: GHSA-8xj2-47xw-q78c","Warn: Project is vulnerable to: GHSA-93ww-43rr-79v3","Warn: Project is vulnerable to: GHSA-9695-w6h2-jpv9","Warn: Project is vulnerable to: GHSA-9vm7-v8wj-3fqw","Warn: Project is vulnerable to: GHSA-c7xw-p58w-h6fj","Warn: Project is vulnerable to: GHSA-c9x9-xv66-xp3v","Warn: Project is vulnerable to: GHSA-cf8f-w2c5-p5jr","Warn: Project is vulnerable to: GHSA-f32v-vf79-p29q","Warn: Project is vulnerable to: GHSA-fqc7-5xxc-ph7r","Warn: Project is vulnerable to: GHSA-g4gc-rh26-m3p5","Warn: Project is vulnerable to: GHSA-gc52-xj6p-9pxp","Warn: Project is vulnerable to: GHSA-gf2j-7qwg-4f5x","Warn: Project is vulnerable to: GHSA-jh7q-5mwf-qvhw","Warn: Project is vulnerable to: GHSA-m9cj-v55f-8x26","Warn: Project is vulnerable to: GHSA-p5xp-6vpf-jwvh","Warn: Project is vulnerable to: GHSA-pcv5-m2wh-66j3","Warn: Project is vulnerable to: GHSA-q4xq-445g-g6ch","Warn: Project is vulnerable to: GHSA-q6w2-89hq-hq27","Warn: Project is vulnerable to: GHSA-qgmm-f2qw-r95f","Warn: Project is vulnerable to: GHSA-qpq9-jpv4-6gwr","Warn: Project is vulnerable to: GHSA-rpj2-w6fr-79hc","Warn: Project is vulnerable to: GHSA-v436-q368-hvgg","Warn: Project is vulnerable to: GHSA-w97f-w3hq-36g2","Warn: Project is vulnerable to: GHSA-xf46-8vvp-4hxx","Warn: Project is vulnerable to: GHSA-xfqh-7356-vqjj","Warn: Project is vulnerable to: GHSA-xmmm-jw76-q7vg"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T10:03:25.565Z","repository_id":49235322,"created_at":"2025-08-22T10:03:25.565Z","updated_at":"2025-08-22T10:03:25.565Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28314260,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-11T14:58:17.114Z","status":"ssl_error","status_checked_at":"2026-01-11T14:55:53.580Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["jee","keycloak-security","pom","soteria"],"created_at":"2026-01-11T17:01:51.602Z","updated_at":"2026-01-11T17:01:51.666Z","avatar_url":"https://github.com/pablobastidasv.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![](https://jitpack.io/v/pablobastidasv/kc_security.svg)](https://jitpack.io/#pablobastidasv/kc_security)\n[![Maven Central](https://img.shields.io/maven-central/v/io.github.pablobastidasv/kc_security.svg?label=Maven%20Central)](https://search.maven.org/search?q=g:%22io.github.pablobastidasv%22%20AND%20a:%22kc_security%22)\n\n# Keycloak security with Soteria (JEE 8)\n\nThis project is a library to add security to servlets and JaxRS endpoints using the new security specification \n[JSR-375](https://jcp.org/en/jsr/detail?id=375).  \n\n## Getting started\n\n### Dependency\n\n#### Maven central\n\nAdd below dependency to your pom.\n\n```xml\n\u003cdependency\u003e\n    \u003cgroupId\u003eio.github.pablobastidasv\u003c/groupId\u003e\n    \u003cartifactId\u003ekc_security\u003c/artifactId\u003e\n    \u003cversion\u003e{version}\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\n#### Jitpack\n\nTo older versions use jitpack. Add the dependency in your pom as below.\n\n**NOTE**: Last version published on Jetpack.io is 1.2.1\n\n```xml\n\u003crepositories\u003e\n    \u003crepository\u003e\n        \u003cid\u003ejitpack.io\u003c/id\u003e\n        \u003curl\u003ehttps://jitpack.io\u003c/url\u003e\n    \u003c/repository\u003e\n\u003c/repositories\u003e\n```\n\n```xml\n\u003cdependency\u003e\n    \u003cgroupId\u003ecom.github.pablobastidasv\u003c/groupId\u003e\n    \u003cartifactId\u003ekc_security\u003c/artifactId\u003e\n    \u003cversion\u003e{version}\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\n### Configuration\n\nKeycloak security library could be configured through `keycloak.json` file or define main values as environment \nvariable.\n\n#### With specified `keycloak.json` file\n\n**NOTE**: This approach supports full capabilities of `keycloak-servlet-filter-adapter`, the keycloak configuration \nfile is defined and used in total.\n\nCreate a file called `microprofile-config.properties` inside `META-INF` folder and add below property, this value \nshould be the full path to `keycloak` file location.\n\n```properties\nsecurity.kc.file-path=/opt/keycloak.json\n``` \n\n#### With `keycloak.json` file in default location\n\n`keycloak.json` file could be also created in resource folder inside war file to be used as configuration in \ncase `security.kc.file-path` is not specified.\n\n#### With environment variables\n\n**NOTE**: This approach just define basic values to work in development environment or to test applications.  \n\nCreate a file called `microprofile-config.properties` inside `META-INF` folder and add below properties with values \ncorresponding to your configuration.\n\n```properties\nsecurity.kc.realm=my-realm\nsecurity.kc.authServerUrl=https://my-auth-server/auth\nsecurity.kc.clientId=my-client-id\n``` \n\n**NOTE**: As this project use [MP-Config](http://microprofile.io/project/eclipse/microprofile-config) to set the Keycloak \nconfiguration.\n\n## JwtPrincipal\n\nAs a `Principal`, is provided an extension with `JwtPrincipal` which can be injected in your beans via CDI.\n\n```java\n@Inject\nprivate JwtPrincipal principal;\n```\n\nThe `JwtPrincipal` provides util information about the logged user. Bellow this class' attributes: \n\n```java\nString userName;\nString fullName;\nString givenName;\nString familyName;\nString email;\nString picture;\nString token;\nString realm;\nMap\u003cString, Object\u003e claims;\n```\n\n|    Key    | Description |\n|:---------:|-------------|\n|userName   | Keycloak JWT value of: preferred_username\n|fullName   | Keycloak JWT value of: name\n|givenName  | Keycloak JWT value of: given_name\n|familyName | Keycloak JWT value of: family_name\n|email      | Keycloak JWT value of: email\n|picture    | Keycloak JWT value of: picture\n|token      | The JWT token\n|realm      | The realm where authentication was performed\n|claims     | Map of any other claims and data that might be in the IDToken. Could be custom claims set up by the auth server\n\n## Multi-tenant support\n\nSince version `2.x.x` the library provide an alternative to handle multi-tenant\nenvironments.\n\nTo enable the multi-tenant capabilities must be perform the 2 steps\ndescribed below:\n\n  1. Define environment variable `SECURITY_KC_MULTITENANT_ENABLED` to true.\n  2. Implement interface `co.pablob.security.kc.control.MultiTenantProducer`.\n\nNOTE: The property also can be set as `security.kc.multiTenant.enabled`.\n\n### The `MultiTenantProducer` interface\n\nThis interface requires the user to implement the method\n`adapterConfigFromRequest`, this method receives an `String`\nparameter which is the realm Key and thi will identify what tenant information must be loaded.\n\nAdditionally, this method must return and `InputStream` created based on\nthe information that the `keycloak.json` file contains.\n\nBelow an example about how to implement this interface.\n\n```java\npublic class MultiTenantAdapterConfigProducer implements MultiTenantProducer {\n\n    @Override\n    public InputStream adapterConfigFromRequest(String realmKey) {\n        byte[] keycloakConfig = Optional.ofNullable(getKeycloakJsonString(realmKey))\n                .map(String::getBytes)\n                .orElseGet(this::defaultConfig);\n        return new ByteArrayInputStream(keycloakConfig);\n    }\n}\n```\n\nNOTE: By default the value of `realmKey` is the server name returned by `HttpServletRequest::getServerName`,\nif this value is not enough for you, you can always overwrite the method \n`String obtainRealmNameKey(HttpServletRequest request)` and define the key string that fits better to you.\n\n## Tested platforms\n\nThis library has been tested in:\n\n - [Payara 5](http://www.payara.org/)\n - [Openliberty 18.0.0.3](https://openliberty.io)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpablobastidasv%2Fkc_security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpablobastidasv%2Fkc_security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpablobastidasv%2Fkc_security/lists"}