On 11/10/2014 9:48 AM, Davide Ungari wrote:
following some of your suggestions I designed an application composed of a:
1- frontend web application
2- backend REST API
The frontend has a servlet-proxy to the backend REST API to avoid
Take a look at the CORS spec and also Keycloak's support for it. You
don't need a servlet proxy.
The backend has a bearer-only configuration.
Everything is working until the token does not expire, I tried to force
refresh when I recieve 401 status but it does not work.
Do you mean everything works until the token expires?
What is supposed to be done every time the access tokes expires?
Whoever obtained the access token is responsible for refreshing it. If
keycloak.js library which will handle refreshing tokens. Combine this
with CORS if you need to invoke backend REST services that are on
another domain. There's a few examples in the distro that show how to
JBoss, a division of Red Hat