You have to
1) Define a security constraint in web.xml. If you don't do this, then
the keycloak adapter won't be triggered. (Its the same for regular
servlet security + Resteasy)
2) Configure the EJB security domain:
<security-domain name="keycloak">
<authentication>
<login-module
code="org.keycloak.adapters.jboss.KeycloakLoginModule"
flag="required"/>
</authentication>
</security-domain>
On 9/25/2015 7:51 AM, Michal Hajas wrote:
Sorry I forgot to write it in first email, yes without annotations It
works correctly.
----- Original Message -----
From: "Stian Thorgersen" <sthorger(a)redhat.com>
To: "Michal Hajas" <mhajas(a)redhat.com>
Sent: Friday, September 25, 2015 1:45:47 PM
Subject: Re: [keycloak-dev] Run keycloak client with annotations
Can you try without the @RolesAllowed and instead with a security
constraint in web.xml? Just to confirm that the user has the correct roles,
client has correct scope, etc.
On 25 September 2015 at 13:22, Michal Hajas <mhajas(a)redhat.com> wrote:
> If you mean the configuration in standalone.xml then yes, It's the same
> with demo-dist that have keycloak adapter preconfigured.
>
> I enclosed my standalone.xml from wildfly 9 container.
>
> Michal.
>
> ----- Original Message -----
> From: "Stian Thorgersen" <sthorger(a)redhat.com>
> To: "Michal Hajas" <mhajas(a)redhat.com>
> Cc: "keycloak-dev" <keycloak-dev(a)lists.jboss.org>
> Sent: Friday, September 25, 2015 1:08:28 PM
> Subject: Re: [keycloak-dev] Run keycloak client with annotations
>
> Did you add the keycloak security domain as described in docs?
>
> On 25 September 2015 at 12:14, Michal Hajas <mhajas(a)redhat.com> wrote:
>
>> Hi,
>>
>> I tried to run keycloak client with annotations $SecurityDomain,
>> @RolesAllowed etc. (
https://github.com/mhajas/keycloak_annotations )
>>
>> Maybe It is just my mistake, I am not an expert in RestFul services and
>> EJB, but I tried lot of configurations and always ends up with some
> error,
>> mostly with:
>>
>> failed to execute: javax.ws.rs.ForbiddenException: HTTP 403 Forbidden
>> at
>>
>
org.jboss.resteasy.plugins.interceptors.RoleBasedSecurityFilter.filter(RoleBasedSecurityFilter.java:45)
>>
>> I have configured my keycloak adapter correctly according to
>>
http://keycloak.github.io/docs/userguide/html/ch08.html#jboss-adapter
> but
>> I don't know how to configure web.xml. What can be replaced with
>> annotations and what should be preserved.
>>
>> I tried both relative and un-relative scenario.
>>
>> So question is what is wrong with my client?
>>
>> P.S. I think there might be an example with annotation.
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev