[keycloak-user] @RolesAllowed leads to HTTP 500 when user doesn't have the required role

Bill Burke bburke at redhat.com
Tue Apr 1 09:11:49 EDT 2014 

I don't have a solution to getting rid of @SecurityDomain yet.  What 
should happen is that the EJB should inherit the security domain of the 
WAR, but it doesn't.  I opened a Wildfly bug and hopefully it will be fixed.

As for this particular bug, it may just be that you have to write an 
ExceptionMapper and unwrap EJBException.

Can you show the stack trace in the log?

On 4/1/2014 9:09 AM, Nils Preusker wrote:
> Hey Bill,
>
> it is actually an EJB (@Stateless @Path(...)).
>
> Another question about this: You mention in the user guide that you are
> planning to improve the integration and get rid of the @SecurityDomain
> annotation. Are you currently working on this or can you give me some
> estimate on which release this is planned for?
>
> Cheers,
> Nils
>
>
> On Tue, Apr 1, 2014 at 2:57 PM, Bill Burke <bburke at redhat.com
> <mailto:bburke at redhat.com>> wrote:
>
>     Just a regular JAX-RS class?  Not an EJB?
>
>     On 4/1/2014 5:00 AM, Nils Preusker wrote:
>      > Hi,
>      >
>      > I'm currently testing the @SecurityDomain("keycloak") and
>     @RolesAllowed
>      > annotations on my JAX-RS services and was surprised to see that I
>     get a
>      > HTTP 500 (internal server error) when a requesting user doesn't
>     have the
>      > role that is required by @RolesAllowed. Is this intentional or a
>     known
>      > issue or am I doing something wrong in the config?
>      >
>      > I'm using Wildfly 8.0.0.Final with the default RestEasy module. Would
>      > upgrading RestEasy do the trick?
>      >
>      > Cheers,
>      > Nils
>      >
>      >
>      > _______________________________________________
>      > keycloak-user mailing list
>      > keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>      > https://lists.jboss.org/mailman/listinfo/keycloak-user
>      >
>
>     --
>     Bill Burke
>     JBoss, a division of Red Hat
>     http://bill.burkecentral.com
>     _______________________________________________
>     keycloak-user mailing list
>     keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-user mailing list