You can take a look at our demo examples, which contains the scenario like this.

The possible tips:
- Try to see what roles accessToken really contains on your angular side and if it really contains the requested roles. Maybe you're missing "scope" for roles?
- If roles are in accessToken, then doublecheck if they are correctly mapped on your backend rest service side to the JEE roles. For example see adapter option "use-resource-role-mappings"

Marek

On 12/09/16 17:58, Ganga Lakshmanasamy wrote:

Hi,

We have a web application which uses keycloak as its authentication server. Currently, we have enabled keycloak only at our client side which is an angular code. We would like to enable the keycloak security for our rest services as well. So we did the following,

1. Created a new client in our realm for backend services with access type "bearer-only".

2. Configured keycloak adapter in wildfly where our backend rest services are deployed.

3. Added keycloak.json file of backend services client.

4. Logged into our application through our angular client and got the token.

5. Tried accessing the backend rest api with the access token sent as part of header as below.

Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJiMjc0ZTY3My0yOTg1LTQwNmEtOWE0YS1...

Getting 403 Forbidden access error while invoking the rest service even though the user has the required roles set. Please help us in resolving the issue.

Regards,

Ganga Lakshmanasamy
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user