[keycloak-user] How to authorize JAX-RS service based on reasteasy
Bill Burke
bburke at redhat.com
Wed Apr 23 17:43:17 EDT 2014
Where are your roles defined? At the realm level? At the application
level? If they are defined at the realm level you need to define a
scope for the application. Go to the admin console. The application
link for your front-end application. Go to the scope menu item and add
the realm roles to the scope for the front-end application.
Build and deploy the preconfigured demo and view the realm in the admin
console. You will see a similar setup where the "customer-portal" and
"product-portal" apps have their scope set to the realm level roles.
Scope is the set of roles an application or oauth client is allowed to
ask for.
On 4/23/2014 5:34 PM, Davide Ungari wrote:
> Hi everybody,
> I followed some suggestion and now I made authentication works as follow:
>
> 1- The user callhttp://.../frontend
>
> 2- The frontend server redirects to the keycloak login
>
> 3- Keycloak authenticates the user and redirects to frontend server
>
> 4- The frontend server serves the AngularJS dashboard
>
> 5- User clicks to something in AngularJS app, which will send request tohttp://localhost:8080/frontend/someEndpoint
>
> 6- Frontend will re-send this tohttp://localhost:8080/backend/someBackendEndpoint
>
> 7- After backend request is done and received in "frontend" app, it will resend it back to AngularJS with all the data.
>
>
> Now I would like to add authorization to backend api, so I added
> @RolesAllowed ("role") but it does not work:
> 2014-04-23 23:17:10,694|WARN |core.ExceptionHandler|failed to execute
> javax.ws.rs.ForbiddenException: HTTP 403 Forbidden
> at
> org.jboss.resteasy.plugins.interceptors.RoleBasedSecurityFilter.filter(RoleBasedSecurityFilter.java:45)
> at
> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:256)
> at
> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:242)
> at
> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:229)
> at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
> at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)
> at
> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)
> at
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
> at
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>
> I found out that the realmAccess is null and debugging I thinks the
> problem is during authentication when in org.keycloak.RSATokenVerifier
> at line:
> token = input.readJsonContent(AccessToken.class);
>
> What do you think? What am I doing wrong this time?
>
> Thanks.
>
>
>
>
> --
> Davide
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list