<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">You can take a look at our demo
examples, which contains the scenario like this. <br>
<br>
The possible tips:<br>
- Try to see what roles accessToken really contains on your
angular side and if it really contains the requested roles. Maybe
you're missing "scope" for roles?<br>
- If roles are in accessToken, then doublecheck if they are
correctly mapped on your backend rest service side to the JEE
roles. For example see adapter option "use-resource-role-mappings"<br>
<br>
Marek<br>
<br>
On 12/09/16 17:58, Ganga Lakshmanasamy wrote:<br>
</div>
<blockquote
cite="mid:CABzz26Sagk=GQGMKNQF0TQ4jWDiOpRVB7f6suUzZY6HvBn34Ew@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_quote">
<div dir="ltr">Hi,
<div><br>
</div>
<div>We have a web application which uses keycloak as its
authentication server. Currently, we have enabled keycloak
only at our client side which is an angular code. We would
like to enable the keycloak security for our rest services
as well. So we did the following,</div>
<div>1. Created a new client in our realm for backend
services with access type "bearer-only".</div>
<div>2. Configured keycloak adapter in wildfly where our
backend rest services are deployed.</div>
<div>3. Added keycloak.json file of backend services client.</div>
<div>4. Logged into our application through our angular
client and got the token.</div>
<div>5. Tried accessing the backend rest api with the access
token sent as part of header as below.</div>
<div>Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.<wbr>eyJqdGkiOiJiMjc0ZTY3My0yOTg1LT<wbr>QwNmEtOWE0YS1...<br>
</div>
<div><br>
</div>
<div>Getting<b> 403 Forbidden access</b> error while
invoking the rest service even though the user has the
required roles set. Please help us in resolving the issue.</div>
<div><br>
</div>
<div>Regards,</div>
<div>Ganga Lakshmanasamy</div>
<div><br>
</div>
</div>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<p><br>
</p>
</body>
</html>