<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="DE-CH" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US">Hy @ll,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">For my current project I use Docker and run each service in a own container, and spread the services over multiple servers. All connected via REST.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">For the security I found Keycloak, and I think it’s a really cool tool. But I never was the best friend of security… JASS/Spring Security…<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">My problem is, I try to use the cors example (https://github.com/keycloak/keycloak/tree/master/examples/cors). I also use AngularJS for the frontend that consumes multiple REST Services.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">But I don’t get it to work. I always get the following error:<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas;color:red">XMLHttpRequest cannot load
<a href="http://162.244.28.89:8080/BrandService/resources/brands/">http://162.244.28.89:8080/BrandService/resources/brands/</a>. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://162.244.28.89' is therefore not allowed
access. The response had HTTP status code 403.</span><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Google Chrome give me the following output for the http request:<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">Remote Address:162.244.28.89:8080<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">Request
<a href="URL:http://162.244.28.89:8080/BrandService/resources/brands/">URL:http://162.244.28.89:8080/BrandService/resources/brands/</a><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">Request Method:GET<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">Status Code:403 Forbidden<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><b><u><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">Request Headersview source<o:p></o:p></span></u></b></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">Accept:application/json, text/plain, */*<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="FR-CH" style="font-size:10.0pt;font-family:Consolas">Accept-Encoding:gzip, deflate, sdch<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="FR-CH" style="font-size:10.0pt;font-family:Consolas">Accept-Language:de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="FR-CH" style="font-size:10.0pt;font-family:Consolas">Authorization:Bearer eyJhbGciOiJSUzI1NiJ9….ay2Sr-GP0CYfSDV7O2Q8sNyx91RgHdhy2S600NYEHUFG2VoF5cRCDBJpkuPbcXVtz2liMy-80S3KY9lfII<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="FR-CH" style="font-size:10.0pt;font-family:Consolas">Connection:keep-alive<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="FR-CH" style="font-size:10.0pt;font-family:Consolas">Host:162.244.28.89:8080<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="FR-CH" style="font-size:10.0pt;font-family:Consolas">Origin:http://162.244.28.89<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">Referer:http://162.244.28.89/<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.99 Safari/537.36<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><b><u><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">Response Headersview source<o:p></o:p></span></u></b></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">Cache-Control:no-cache, no-store, must-revalidate<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">Connection:keep-alive<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">Content-Length:68<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">Content-Type:text/html;charset=UTF-8<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">Date:Fri, 23 Jan 2015 19:23:33 GMT<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">Expires:0<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">Pragma:no-cache<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">Server:WildFly/8<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">X-Powered-By:Undertow/1<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">ConsoleSearchEmulationRendering</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">What I don’t get is the response header. Shouldn’t there be the following header settings:<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">Access-Control-Allow-Credentials:true<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">Access-Control-Allow-Headers:origin,accept,content-type<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">Access-Control-Allow-Methods:GET, POST, PUT, DELETE, OPTIONS, HEAD<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">Access-Control-Allow-Origin:*<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">Access-Control-Max-Age:151200<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">Allow:HEAD, POST, GET, OPTIONS, PUT</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">My keycloak.json looks like that:<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">{<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas"> "realm": "openPixx",<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas"> "realm-public-key": "…bmwCckE..gWjLQIDAQAB",<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas"> "ssl-required": "external",<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas"> "resource": "BrandService",<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas"> "bearer-only": true,<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas"> "cors-max-age" : 1000,<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas"> "enable-cors": true,<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas"> "cors-allowed-methods" : "POST, PUT, DELETE, GET"<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">}</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">In Keycloak I’ve defined the BrandFrontend:<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">Enabled: true<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">Client Protocol: openid-connect<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">Access Type: public<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">Redirect URL:
<a href="http://162.244.28.89/*">http://162.244.28.89/*</a><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">Web Origin:
<a href="http://162.244.28.89">http://162.244.28.89</a></span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">For the AngularJS part I’ve used the </span>
<span lang="EN-US" style="font-size:10.0pt;font-family:Consolas">authinterceptor from the example</span><span lang="EN-US">.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">If you have read until here.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Thank you very much and sorry for my bad English
</span><span lang="EN-US" style="font-family:Wingdings">J</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Greets<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Rob<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
</div>
</body>
</html>