<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
At first I had
<div class=""><br class="">
</div>
<div class=""><security-constraint><br class="">
<span class="Apple-tab-span" style="white-space:pre"></span><web-resource-collection><br class="">
<span class="Apple-tab-span" style="white-space:pre"></span><web-resource-name>foobar</web-resource-name><br class="">
<span class="Apple-tab-span" style="white-space:pre"></span><url-pattern>/*</url-pattern><br class="">
<span class="Apple-tab-span" style="white-space:pre"></span><http-method>GET</http-method><br class="">
<span class="Apple-tab-span" style="white-space:pre"> </span> <http-method>POST</http-method><br class="">
<span class="Apple-tab-span" style="white-space:pre"></span></web-resource-collection><br class="">
<span class="Apple-tab-span" style="white-space:pre"></span><user-data-constraint><br class="">
<span class="Apple-tab-span" style="white-space:pre"></span><transport-guarantee>CONFIDENTIAL</transport-guarantee><br class="">
<span class="Apple-tab-span" style="white-space:pre"></span></user-data-constraint><br class="">
<span class="Apple-tab-span" style="white-space:pre"></span></security-constraint></div>
<div class=""><br class="">
</div>
<div class="">Then added </div>
<div class=""><br class="">
</div>
<div class=""><auth-constraint><br class="">
<span class="Apple-tab-span" style="white-space: pre;"></span><role-name>*</role-name><br class="">
<span class="Apple-tab-span" style="white-space: pre;"></span></auth-constraint><br class="">
<span class="Apple-tab-span" style="white-space: pre;"></span></div>
<div class=""><br class="">
</div>
<div class="">And it started working.</div>
<div class=""><br class="">
</div>
<div class="">So without auth-constraint all request are ok even token is not present or valid.</div>
<div class=""><br class="">
</div>
<div class="">Br,</div>
<div class="">Tero</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class="">
<div>
<blockquote type="cite" class="">
<div class="">On 06 Nov 2015, at 14:59 PM, Stian Thorgersen <<a href="mailto:sthorger@redhat.com" class="">sthorger@redhat.com</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div dir="ltr" class="">Did you put any security constraints on the endpoints?</div>
<div class="gmail_extra"><br class="">
<div class="gmail_quote">On 6 November 2015 at 12:36, Tero Ahonen <span dir="ltr" class="">
<<a href="mailto:Tero.Ahonen@cybercom.com" target="_blank" class="">Tero.Ahonen@cybercom.com</a>></span> wrote:<br class="">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word" class="">Hi,
<div class=""><br class="">
</div>
<div class="">I have a rest endpoint running on wildfly 9.</div>
<div class=""><br class="">
</div>
<div class="">Wildfly and application is setup to use Keycloak and request to endpoints are intercepted with keycloak adapter. But is seems to be that it is not working. If auth header is not present keycloak just skips authentication and lets all request thru.
It doesn’t matter do I use curl or browser.</div>
<div class=""><br class="">
</div>
<div class="">Wilfly logs says (last line comes from servlet filter)</div>
<div class=""><br class="">
</div>
<div class="">
<div style="margin:0px;font-size:11px;line-height:normal;font-family:Menlo" class="">
2015-11-06 13:10:23,962 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (default task-17) adminRequest
<a href="https://localhost:8443/foobar/endpoint" target="_blank" class="">https://localhost:8443/foobar/endpoint</a></div>
<div style="margin:0px;font-size:11px;line-height:normal;font-family:Menlo" class="">
2015-11-06 13:10:23,969 TRACE [org.keycloak.adapters.RequestAuthenticator] (default task-17) --> authenticate()</div>
<div style="margin:0px;font-size:11px;line-height:normal;font-family:Menlo" class="">
2015-11-06 13:10:23,969 TRACE [org.keycloak.adapters.RequestAuthenticator] (default task-17) try bearer</div>
<div style="margin:0px;font-size:11px;line-height:normal;font-family:Menlo" class="">
2015-11-06 13:10:23,969 DEBUG [org.keycloak.adapters.RequestAuthenticator] (default task-17) NOT_ATTEMPTED: bearer only</div>
<div style="margin:0px;font-size:11px;line-height:normal;font-family:Menlo" class="">
2015-11-06 13:10:23,970 DEBUG [org.keycloak.adapters.AuthenticatedActionsHandler] (default task-17) AuthenticatedActionsValve.invoke
<a href="https://localhost:8443/foobar/endpoint" target="_blank" class="">https://localhost:8443/foobar/endpoint</a></div>
<div style="margin:0px;font-size:11px;line-height:normal;font-family:Menlo" class="">
2015-11-06 13:10:23,970 INFO [stdout] (default task-17) GET:/foobar/endpoint</div>
</div>
<div style="margin:0px;font-size:11px;line-height:normal;font-family:Menlo" class="">
<br class="">
</div>
<div style="margin:0px;font-size:11px;line-height:normal;font-family:Menlo" class="">
<br class="">
</div>
<div class="">If I add Authorization headar like this </div>
<div class=""><br class="">
</div>
<div class="">
<div style="margin:0px;font-size:11px;line-height:normal;font-family:Menlo" class="">
Authorization: Bearer 123</div>
</div>
<div style="margin:0px;font-size:11px;line-height:normal;font-family:Menlo" class="">
<br class="">
</div>
<div style="margin:0px;font-size:11px;line-height:normal;font-family:Menlo" class="">
I get HTTP/1.1 401 Unauthorized</div>
<div style="margin:0px;font-size:11px;line-height:normal;font-family:Menlo" class="">
<br class="">
</div>
<div style="margin:0px;font-size:11px;line-height:normal;font-family:Menlo" class="">
<div style="margin:0px;line-height:normal" class="">WWW-Authenticate: Bearer realm="saas-pilot", error="invalid_token", error_description="Couldn't parse token”</div>
<div style="margin:0px;line-height:normal" class=""><br class="">
</div>
<div style="margin:0px;line-height:normal" class=""><br class="">
</div>
<div style="margin:0px;line-height:normal" class="">Is there something that I dont understand?</div>
<div style="margin:0px;line-height:normal" class=""><br class="">
</div>
<div style="margin:0px;line-height:normal" class="">I have tried with web.xml/keycloak.json and keycloak subsystem configuration methods, same outcome.</div>
<div style="margin:0px;line-height:normal" class=""><br class="">
</div>
<div style="margin:0px;line-height:normal" class="">Br,</div>
<div style="margin:0px;line-height:normal" class="">Tero</div>
<div style="margin:0px;line-height:normal" class=""><br class="">
</div>
<div style="margin:0px;line-height:normal" class=""><br class="">
</div>
<div style="margin:0px;line-height:normal" class=""><br class="">
</div>
</div>
</div>
<br class="">
_______________________________________________<br class="">
keycloak-user mailing list<br class="">
<a href="mailto:keycloak-user@lists.jboss.org" class="">keycloak-user@lists.jboss.org</a><br class="">
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank" class="">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br class="">
</blockquote>
</div>
<br class="">
</div>
</div>
</blockquote>
</div>
<br class="">
</div>
</div>
</body>
</html>