<div dir="ltr"><div><div><div>Hi,<br><br></div>I'm not entirely sure but I think that "enable-cors" is not supported for the Spring Security Adapter. <br></div>For now, you have to deal with CORS "manually" on the server side. I think Spring has a annotation like "@CrossOrigin".<br><br></div>Sebi<br><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Aug 2, 2016 at 5:30 PM, Robert van Loenhout <span dir="ltr"><<a href="mailto:r.vanloenhout@greenvalley.nl" target="_blank">r.vanloenhout@greenvalley.nl</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div link="#0563C1" vlink="#954F72" lang="NL">
<div>
<p class="MsoNormal"><span lang="EN-US">I'm using the keycloak javascript adapter and the spring security adapter for my REST service.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">The REST service is configured as a client with 'bearer-only' access type.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">The javascript client is authenticated. When it does an ajax call to my REST service I receive the following error in my browser:<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at <a href="http://localhost:30001/rest1/greeting" target="_blank">http://localhost:30001/rest1/greeting</a>. (Reason: CORS header 'Access-Control-Allow-Origin' missing).<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">I have added<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">"enable-cors": true<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">to my REST keycloak configuration.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">However where do I configure which origins are allowed?<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">For 'public' and 'confidential' clients you can configure the web origins in the admin console.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">But when I set it to 'bearer-only' this field is gone.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">So what exactly are the steps you have to take to configure a javascript client that call a REST service on another host?<u></u><u></u></span></p>
</div>
</div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>