Hi all,
We're building a microservice based architecture in which all the
services share the SSO point which is a keycloak server. Services
are Spring Boot based and we're using the Spring Security keycloak
adapter in order to manage our security configuration. We've got
some backend services and the one dealing with the frontend, which
is based in JSF.
-------------------------
---------------------------------
- JSF UI service - ------> - Equipment service -
-------------------------
---------------------------------
We can access all the Equipment Service endpoints properly using the KeycloakRestTemplate. Problem comes when JSF renders a direct link to a back end endpoint like that: `<img src="http://localhost:8085/equipment/1/files/main" />`. As our JSF service is being executed in other port, the browser seems not to have access to the image and 401 UNAUTHORIZED code is returned. However, copying the link in the browser bar we can display the image (that's correct because both services are in the same realm and no further security is involved).
I've already implemented a solution which implies pointing the
src attribute to the JSF UI service and from there, loading the
resource using the KeycloakRestTemplate (kind of proxy). But it
seems strange for a user not being able to load the resource of
the equipment service directly (that could be because no
authorization header is sent when the browser requests the extra
resources). Is there any other workaround for this?
| Aritz Maeztu Otaņo Departamento Desarrollo de Software |
|
| |
Pol. Ind.
Mocholi. C/Rio Elorz, Nave 13E 31110 Noain (Navarra) |
| Antes de imprimir este e-mail piense bien si es necesario hacerlo: El medioambiente es cosa de todos. | |