Re: [keycloak-user] How to secure JAX-RS service based on reasteasy running on undertow
Hi Bill,it's a mixed approach, maybe this is confusing you.
I don't understand what the flow is below. In your flow above
you said
your server is making a call to the backend service with the token and
is authenticated correctly, right?
My frontend is a WAR running on Tomcat and it is secured by keycloak.
What I don't understand is what you are doing below. Are you
saying you > have a Browser client (Javascript) making a call to your backend?
The WAR serves also an AngularJS dashboard, in this dashboard I
"inject" the token from the server but then I make client side calls.
The flow is:
1- The user call http://.../dashboard
2- The frontend server redirects to the keycloak login
3- Keycloak authenticates the user and redirects to frontend server
4- The frontend server serves the AngularJS dashboard injecting the token
5- The client side dashboard makes ajax calls to the backend to load data
At point 5 I see my backend is logging that the call is AUTHENTICATED
but on client side I see the response is failing.
--
Davide
Attachments:
- attachment.html (text/html — 1.8 KB)