Use serialization filter (ObjectInputerFilter) with Keycloak adapter and Memcached
I'm using Spring Security Keycloak adapter 12.0.1 and Memcached for session replication. When the session is loaded from Memcached, classes from the Keyclaok adapter are deserialized. The read method of the class KeycloakSecurityContext contains DelegatingSerializationFilter.builder() .addAllowedClass(KeycloakSecurityContext.class) .setFilter(in); ...which sets an…