<div dir="ltr">Hi,<div><br></div><div>I have the war file of service bearer only application in <b>jboss deployments folder, </b>the auth-server.war for keycloak is also at the same location.</div><div><br></div><div>Roles configured:-</div><div><img src="cid:ii_14dbeca548e2e58e" alt="Inline image 1" width="472" height="136"><br></div><div><br></div><div>Here' my web.xml for service bearer only application:-</div><div><br></div><div><img src="cid:ii_14dbed93f3336999" alt="Inline image 2" width="472" height="272"><br></div><div><br></div><div>Here's the setting for the bearer only application in keycloak</div><div><br></div><div><img src="cid:ii_14dbedc6478e1f94" alt="Inline image 3" width="472" height="262"><br></div><div><br></div><div>User Role Mappings</div><div><br></div><div><img src="cid:ii_14dbee4cb5e64fd0" alt="Inline image 1" width="472" height="348"><br></div><div><br></div><div>I am using REST services to fulfill the request. Here's a snippet of code:-</div><div><br></div><div><div><b><i>KeycloakSecurityContext securityContext = (KeycloakSecurityContext) httpRequest</i></b></div><div><b><i><span class="" style="white-space:pre"> </span>.getAttribute(KeycloakSecurityContext.class.getName());</i></b></div><div><b><i>AccessToken accessToken = securityContext.getToken();</i></b></div></div><div><br></div><div><br></div><div>OAuth Client Scope Mappings:-</div><div><br></div><div><img src="cid:ii_14dbeebaff520bf8" alt="Inline image 2" width="472" height="262"><br></div><div><br></div><div><br></div><div>Please let me know, if any more information is required.</div><div><br></div><div><br></div><div>Regards,</div><div>Arjit Agrawal</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jun 4, 2015 at 6:02 PM, Stian Thorgersen <span dir="ltr"><<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">We'll need much more info here. How have you secured the app? Is it a WAR? Do you require any roles for the resource you're invoking? Are you sending a bearer token with the request? How do you get the request? Does the user have the required roles? Does the client have the required scope?<br>
<span class=""><br>
----- Original Message -----<br>
> From: "Arjit Agrawal" <<a href="mailto:arjit.agrawal.07@gmail.com">arjit.agrawal.07@gmail.com</a>><br>
> To: "keycloak-user" <<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>><br>
> Sent: Thursday, 4 June, 2015 5:49:08 AM<br>
> Subject: [keycloak-user] HTTP 403 Forbidden while connecting to bearer only application<br>
><br>
> Hi,<br>
><br>
> I have a new application - 'testapi' under a new realm - 'testrealm'. This<br>
> application is to be used as an API. Its an bearer only application .<br>
><br>
> I have also made an OAuth Client to access this service.<br>
><br>
> I am using iOS AeroGear plugin in my project to connect to API service with<br>
> all the required creditionals like clientId, roles etc.<br>
><br>
> Version of Keycloak - 1.0-beta3 .<br>
> Version of Jboss - JBoss AS 7.1.1<br>
><br>
</span>> Its hosted on Amazon AWS . (I tried the same in my local environment it was<br>
<span class="">> working but when i have done the same on Amazon server, i am getting this<br>
> issue.)<br>
><br>
><br>
> Thanks for any help on this one.<br>
><br>
> Regards,<br>
> Arjit Agrawal<br>
><br>
</span>> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature">Arjit Agrawal<br>AKGEC, Ghaziabad</div>
</div>