Hi there, I'm working on a Shiro/Keycloak integration, and the authentication part is working. But I suspect I might not be doing it the "proper" way.
I've created an AuthenticationFilter where I check if there is an active authenticated keycloak user, and if so I build a Shiro Subject and bind it to the ThreadContext. So I have two questions: 1. Although it works ok, I didn't find a way to associate the Keycloak roles with the Shiro Subject. How can I, after creating a Shiro Subject, add roles to it? (relevant code: https://github.com/tbrugz/queryon/blob/master/qon-auth-keycloak/src/main/java/tbrugz/queryon/shiro/KeycloakAuthFilter.java#L52) 2. To use an AuthenticationFilter might not be the best way to do this, and maybe it would be better to use something like an AuthorizingRealm... If so, is there any example that fits this kind of integration? Regards, Telmo ps: Also, if anyone is interested in such an integration, documentation and code can be found here: https://github.com/tbrugz/queryon/tree/master/qon-auth-keycloak
