[keycloak-user] Error 403 Java Spring Boot
Dennis H
dennishonders at gmail.com
Tue Jul 11 14:00:12 EDT 2017
I receive a http error 403 when accessing a bearer-only resource with
Postman that is secured with keycloak.
The user has the needed role.
Debug logs: BEARER AUTHENTICATED.
What could be the problem here?
*Application.properties*
keycloak.realm=myrealm
keycloak.bearer-only=true
keycloak.auth-server-url=http://localhost:8080/auth
keycloak.ssl-required=external
keycloak.resource=my-app
keycloak.use-resource-role-mappings=true
keycloak.securityConstraints[0].securityCollections[0].name=secured
keycloak.securityConstraints[0].authRoles[0]=app-user
keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/secured/*
logging.level.org.keycloak=DEBUG
*Postman*
http://localhost:8081/secured/posts/0/10
Authorization: Bearer aDSFla56s...
*Debug*
2017-07-11 19:53:41.306 DEBUG 22556 --- [nio-8081-exec-1]
o.k.adapters.PreAuthActionsHandler : adminRequest
http://localhost:8081/secured/posts/0/10
2017-07-11 19:53:41.313 DEBUG 22556 --- [nio-8081-exec-1]
o.k.a.a.ClientCredentialsProviderUtils : Using provider 'secret' for
authentication of client 'my-app'
2017-07-11 19:53:41.314 DEBUG 22556 --- [nio-8081-exec-1]
o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider
secret
2017-07-11 19:53:41.315 DEBUG 22556 --- [nio-8081-exec-1]
o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider
jwt
2017-07-11 19:53:41.317 DEBUG 22556 --- [nio-8081-exec-1]
o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider
secret
2017-07-11 19:53:41.317 DEBUG 22556 --- [nio-8081-exec-1]
o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider
jwt
2017-07-11 19:53:41.354 DEBUG 22556 --- [nio-8081-exec-1]
o.keycloak.adapters.KeycloakDeployment : resolveUrls
2017-07-11 19:53:41.356 DEBUG 22556 --- [nio-8081-exec-1]
o.k.adapters.KeycloakDeploymentBuilder : Use authServerUrl:
http://localhost:8080/auth, tokenUrl:
http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/token,
relativeUrls: NEVER
2017-07-11 19:53:41.631 DEBUG 22556 --- [nio-8081-exec-1]
o.k.a.rotation.JWKPublicKeyLocator : Realm public keys successfully
retrieved for client my-app. New kids: [NsYwvDAUJYY3ioS9-0mpo]
2017-07-11 19:53:41.641 DEBUG 22556 --- [nio-8081-exec-1]
o.k.adapters.RequestAuthenticator : User
'c1ed6bf7-5dd-988-94fab8ecf' invoking '
http://localhost:8081/secured/posts/0/10' on client 'my-app'
2017-07-11 19:53:41.642 DEBUG 22556 --- [nio-8081-exec-1]
o.k.adapters.RequestAuthenticator : *Bearer AUTHENTICATED*
More information about the keycloak-user
mailing list