Where are your roles defined? At the realm level? At the application
level? If they are defined at the realm level you need to define a
scope for the application. Go to the admin console. The application
link for your front-end application. Go to the scope menu item and add
the realm roles to the scope for the front-end application.
Build and deploy the preconfigured demo and view the realm in the admin
console. You will see a similar setup where the "customer-portal" and
"product-portal" apps have their scope set to the realm level roles.
Scope is the set of roles an application or oauth client is allowed to
ask for.
On 4/23/2014 5:34 PM, Davide Ungari wrote:
Hi everybody,
I followed some suggestion and now I made authentication works as follow:
1- The user callhttp://.../frontend
2- The frontend server redirects to the keycloak login
3- Keycloak authenticates the user and redirects to frontend server
4- The frontend server serves the AngularJS dashboard
5- User clicks to something in AngularJS app, which will send request
tohttp://localhost:8080/frontend/someEndpoint
6- Frontend will re-send this tohttp://localhost:8080/backend/someBackendEndpoint
7- After backend request is done and received in "frontend" app, it will resend
it back to AngularJS with all the data.
Now I would like to add authorization to backend api, so I added
@RolesAllowed ("role") but it does not work:
2014-04-23 23:17:10,694|WARN |core.ExceptionHandler|failed to execute
javax.ws.rs.ForbiddenException: HTTP 403 Forbidden
at
org.jboss.resteasy.plugins.interceptors.RoleBasedSecurityFilter.filter(RoleBasedSecurityFilter.java:45)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:256)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:242)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:229)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
I found out that the realmAccess is null and debugging I thinks the
problem is during authentication when in org.keycloak.RSATokenVerifier
at line:
token = input.readJsonContent(AccessToken.class);
What do you think? What am I doing wrong this time?
Thanks.
--
Davide
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com