[keycloak-user] How to secure JAX-RS service based on reasteasy running on undertow
Davide Ungari
ungarida at gmail.com
Mon Apr 14 19:43:22 EDT 2014
Hi Bill,it's a mixed approach, maybe this is confusing you.
> I don't understand what the flow is below. In your flow above you said
> your server is making a call to the backend service with the token and
> is authenticated correctly, right?
My frontend is a WAR running on Tomcat and it is secured by keycloak.
> What I don't understand is what you are doing below. Are you saying you > have a Browser client (Javascript) making a call to your backend?
The WAR serves also an AngularJS dashboard, in this dashboard I
"inject" the token from the server but then I make client side calls.
The flow is:
1- The user call http://.../dashboard
2- The frontend server redirects to the keycloak login
3- Keycloak authenticates the user and redirects to frontend server
4- The frontend server serves the AngularJS dashboard injecting the token
5- The client side dashboard makes ajax calls to the backend to load data
At point 5 I see my backend is logging that the call is AUTHENTICATED
but on client side I see the response is failing.
--
Davide
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140415/5f85ffe2/attachment.html
More information about the keycloak-user
mailing list