
<div dir="ltr">Is there any news on this? I tried it on beta-4 on wildfly and I still get the same response.</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Jul 29, 2014 at 5:56 PM, Rodrigo Sasaki <span dir="ltr">&lt;<a href="mailto:rodrigopsasaki@gmail.com" target="_blank">rodrigopsasaki@gmail.com</a>&gt;</span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I made sure of all that, I just recreated everything using realm roles just for the sake of completeness, but I&#39;m still getting a 403</div>

<div class="gmail_extra"><div><div class="h5"><br><br><div class="gmail_quote">On Tue, Jul 29, 2014 at 4:09 PM, Vivek Srivastav (vivsriva) <span dir="ltr">&lt;<a href="mailto:vivsriva@cisco.com" target="_blank">vivsriva@cisco.com</a>&gt;</span> wrote:<br>


<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">


<div style="word-wrap:break-word;color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif">

<div>Make sure you have the following settings configured for your database service:</div>

<div><br>

</div>

<div><img src="cid:7FB161C8-9169-498E-BE38-35D4735A9146" type="image/png"></div>

<div><br>

</div>

<div><br>

</div>

<div><img src="cid:F53847FE-4703-4AB3-9C06-790DC32B5A75" type="image/png"></div>

<div><br>

</div>

<div><br>

</div>

<div>In the web.xml, make sure you have the security setup with the appropriate user role:</div>

<div>

<div>&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;</div>

<div>&lt;web-app xmlns=&quot;<a href="http://java.sun.com/xml/ns/javaee" target="_blank">http://java.sun.com/xml/ns/javaee</a>&quot;</div>

<div>      xmlns:xsi=&quot;<a href="http://www.w3.org/2001/XMLSchema-instance" target="_blank">http://www.w3.org/2001/XMLSchema-instance</a>&quot;</div>

<div>      xsi:schemaLocation=&quot;<a href="http://java.sun.com/xml/ns/javaee" target="_blank">http://java.sun.com/xml/ns/javaee</a> <a href="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" target="_blank">http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd</a>&quot;</div>


<div>      version=&quot;3.0&quot;&gt;</div>

<div><br>

</div>

<div><span style="white-space:pre-wrap"></span>&lt;module-name&gt;database&lt;/module-name&gt;</div>

<div><span style="white-space:pre-wrap"></span></div>

<div>    &lt;security-constraint&gt;</div>

<div>        &lt;web-resource-collection&gt;</div>

<div>            &lt;url-pattern&gt;/*&lt;/url-pattern&gt;</div>

<div>        &lt;/web-resource-collection&gt;</div>

<div>&lt;!--        &lt;user-data-constraint&gt;</div>

<div>            &lt;transport-guarantee&gt;CONFIDENTIAL&lt;/transport-guarantee&gt;</div>

<div>        &lt;/user-data-constraint&gt;  --&gt;</div>

<div>        &lt;auth-constraint&gt;</div>

<div>            &lt;role-name&gt;user&lt;/role-name&gt;</div>

<div>        &lt;/auth-constraint&gt;</div>

<div>    &lt;/security-constraint&gt;</div>

<div><br>

</div>

<div>    &lt;login-config&gt;</div>

<div>        &lt;auth-method&gt;KEYCLOAK&lt;/auth-method&gt;</div>

<div>        &lt;realm-name&gt;demo&lt;/realm-name&gt;</div>

<div>    &lt;/login-config&gt;</div>

<div><br>

</div>

<div>    &lt;security-role&gt;</div>

<div>        &lt;role-name&gt;user&lt;/role-name&gt;</div>

<div>    &lt;/security-role&gt;</div>

<div>&lt;/web-app&gt;</div>

</div>

<div><br>

</div>

<div><br>

</div>

<div><br>

</div>

<span>

<div style="font-family:Calibri;font-size:11pt;text-align:left;color:black;BORDER-BOTTOM:medium none;BORDER-LEFT:medium none;PADDING-BOTTOM:0in;PADDING-LEFT:0in;PADDING-RIGHT:0in;BORDER-TOP:#b5c4df 1pt solid;BORDER-RIGHT:medium none;PADDING-TOP:3pt">


<span style="font-weight:bold">From: </span>Rodrigo Sasaki &lt;<a href="mailto:rodrigopsasaki@gmail.com" target="_blank">rodrigopsasaki@gmail.com</a>&gt;<br>

<span style="font-weight:bold">Date: </span>Tuesday, July 29, 2014 at 12:51 PM<br>

<span style="font-weight:bold">To: </span>Bill Burke &lt;<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>&gt;<br>

<span style="font-weight:bold">Cc: </span>&quot;<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>&quot; &lt;<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>&gt;<br>


<span style="font-weight:bold">Subject: </span>Re: [keycloak-user] Bearer Only Application access with token<br>

</div><div><div>

<div><br>

</div>

<div>

<div>

<div dir="ltr">It is defined under the application itself, so I it&#39;s under the scope. This should be working right?</div>

<div class="gmail_extra"><br>

<br>

<div class="gmail_quote">On Tue, Jul 29, 2014 at 11:59 AM, Bill Burke <span dir="ltr">

&lt;<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>&gt;</span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

What kind of role is it?  Is the new role defined under the<br>

&quot;database-service&quot; application?  If not, then you must add this role to<br>

the &quot;database-service&quot;&#39;s scope in the admin console.<br>

<div><br>

On 7/29/2014 10:51 AM, Rodrigo Sasaki wrote:<br>

&gt; Hi,<br>

&gt;<br>

&gt; I&#39;m trying to secure a bearer-only application with keycloak, to access<br>

&gt; it with access tokens, but I think I&#39;m missing something.<br>

&gt;<br>

&gt; I tried it with the database-service of the unconfigured demo.<br>

&gt;<br>

&gt; 1. I created the user role in the application.<br>

&gt; 2. I assigned that role to my user<br>

&gt; 3. I copied the contents of the installation json to<br>

</div>

&gt; *webapp/META-INF/keycloak.json*<br>

<div>&gt;<br>

&gt; {<br>

&gt;      &quot;realm&quot;: &quot;demo&quot;,<br>

&gt;      &quot;realm-public-key&quot;:<br>

&gt; &quot;MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwRayjzh7W+EfPaeSdyXWLyXof7c3fwD7vb0AEtG+ogLHtMkYiTdX9y/JXOmXwWDzGhx7NM3Q6vkCG0F3lZqOVsSlYH56c5+Ev4QmSGK/+6e+WcZMcgmscoz1OoXKom4+pzqMey42hqdwwMhkvCq/jxJSmUGnZJQuqEKVH00NZ1wIDAQAB&quot;,<br>


&gt;      &quot;bearer-only&quot;: true,<br>

&gt;      &quot;ssl-not-required&quot;: true,<br>

&gt;      &quot;resource&quot;: &quot;database-service&quot;,<br>

&gt;      &quot;use-resource-role-mappings&quot;: true<br>

&gt; }<br>

&gt;<br>

</div>

&gt; 4. Set the auth-method to *KEYCLOAK* on web.xml<br>

&gt; 5. Started the server deploying the *database-service*<br>

&gt; 6. Generated a token using *security-admin-console* client_id and my user<br>

&gt; 7. Submitted a GET request to /localhost:8080/database/customers/<br>

<div>&gt;<br>

&gt; After these steps I get a 403 error, saying that I&#39;m not authorized to<br>

&gt; access the resource, wasn&#39;t this supposed to work?<br>

&gt;<br>

&gt; --<br>

&gt; Rodrigo Sasaki<br>

&gt;<br>

&gt;<br>

</div>

&gt; _______________________________________________<br>

&gt; keycloak-user mailing list<br>

&gt; <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>

&gt; <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">

https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>

&gt;<br>

<span><font color="#888888"><br>

--<br>

Bill Burke<br>

JBoss, a division of Red Hat<br>

<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>

_______________________________________________<br>

keycloak-user mailing list<br>

<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>

<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>

</font></span></blockquote>

</div>

<br>

<br clear="all">

<div><br>

</div>

-- <br>

<div dir="ltr"><font face="Times New Roman">Rodrigo Sasaki</font>

<div></div>

</div>

</div>

</div>

</div>

</div></div></span>

</div>


</blockquote></div><br><br clear="all"><div><br></div></div></div><span class="HOEnZb"><font color="#888888">-- <br><div dir="ltr"><font face="Times New Roman">Rodrigo Sasaki</font><div></div></div>

</font></span></div>

</blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><font face="Times New Roman">Rodrigo Sasaki</font><div></div></div>

</div>