You can check if the token was issued with the roles you defined in
web.xml/security-constraint.
On Thu, Mar 29, 2018 at 11:20 AM, Filip Kozjak <filip.kozjak(a)gmail.com>
wrote:
Thank you Pedro,
indeed it was a version issue, I was using the older version of Keycloak.
However, after resolving this issue I've encountered a new one with always
getting a *401 Unauthorized* response from the service.
The client code that is calling the service is this:
*String accessToken = AuthzClient.create().obtainAccessToken.getToken();*
WebTarget target = client.target("url");
MyResponse res =
target.request(MediaType.APPLICATION_JSON).*header("Authorization",
"Bearer " + accessToken)*.post(MyResponse.class);
keycloak.json SERVICE
{
"realm": "demo",
"bearer-only": true,
"auth-server-url": "http://127.0.0.1:8780/auth",
"ssl-required": "external",
"resource": "risk-assessment-service",
"confidential-port": 0
}
keycloak.json CLIENT
{
"realm": "demo",
"auth-server-url": "http://127.0.0.1:8780/auth",
"ssl-required": "false",
"resource": "risk-assessment-client",
"credentials": {
"secret": "98f93f5e-e20a-433c-b29a-d3f9cab4bb44"
},
"confidential-port": 0
}
Could the problem be something with SSL? Because my service is not
available on https:// endpoints? Or is the calling code not correct?
On 29 March 2018 at 14:07, Pedro Igor Silva <psilva(a)redhat.com> wrote:
> What version of Keycloak are you using ? Perhaps, Keycloak v4 ?
>
> If so, you need to make sure your keycloak-authz dependency references
> the same version.
>
> The uma-configuration discovery endpoint changed to uma2-configuration.
>
> Regards.
> Pedro Igor
>
> On Thu, Mar 29, 2018 at 4:21 AM, Filip Kozjak <filip.kozjak(a)gmail.com>
> wrote:
>
>> Hi everyone,
>>
>> I am having troubles obtaining access token for my Java EE REST service
>> from Keycloak.
>>
>> I have started Keycloak server at *http://localhost <
http://localhost>*,
>> and I can access the admin console at
>> *http://localhost:8081/auth/admin/master/console/#/realms/demo
>> <
http://localhost:8081/auth/admin/master/console/#/realms/demo>.*
>>
>> Next, I created a new realm "demo" and registered my REST service
there.
>> I've copied the generated *keycloak.json *to the WEB-INF of my service
>> and
>> added what was needed to web.xml. This successfully protected my
>> endpoint.
>> My REST service is up and running on *http://localhost:8080/
>> <
http://localhost:8080/>.*
>>
>> However, now I want to set up a client that would be authorized to access
>> the protected endpoint. The client is running at *http://localhost:9080
>> <
http://localhost:9080>. *Again, it's a Java EE REST service that
talks
>> to
>> the protected service. I registered it as *OAuth Client* in the admin
>> console and again copied the *keycloak.json* to the resources of my app.
>> I
>> am trying to obtain the access token like this:
>>
>> AuthzClient authz = AuthzClient.create();
>> AccessTokenResponse tokenResponse = authzClient.obtainAccessToken();
>>
>> This results in the following error:
>>
>> java.lang.RuntimeException: Could not obtain configuration from server [
>>
http://localhost:8081/auth/realms/demo/.well-known/uma-configuration]
>> .<br>
>> <div id="stack">at
>> org.keycloak.authorization.client.AuthzClient.<init>(AuthzCl
>> ient.java:92)<br>at
>> org.keycloak.authorization.client.AuthzClient.create(AuthzCl
>> ient.java:60)<br>at
>> org.keycloak.authorization.client.AuthzClient.create(AuthzCl
>> ient.java:53)<br>at
>> hr.assecosee.three_ds_2.risk.services.ProxyServiceImpl.invok
>> eRiskLevelApi(ProxyServiceImpl.java:28)<br>at
>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)<br>at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce
>> ssorImpl.java:62)<br>at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
>> thodAccessorImpl.java:43)<br>at
>> java.lang.reflect.Method.invoke(Method.java:498)<br>at
>> com.ibm.ejs.container.EJSContainer.invokeProceed(EJSContaine
>> r.java:5316)<br>...
>> 16 more<br>
>> </div>Caused by:
>> org.keycloak.authorization.client.util.HttpResponseException: Unexpected
>> response from server: 404 / Not Found<br>
>>
>> I posted a question about it on StackOverflow too:
>>
https://stackoverflow.com/questions/49534589/404-not-found-w
>> hile-requesting-token-from-keycloak
>>
>> Is there something I am missing?
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>