The error is not 401, I get a 500 error code. The following is the log
capture of the backend application:
Caused by: java.lang.NullPointerException
at
org.keycloak.adapters.authorization.AbstractPolicyEnforcer.authorize(AbstractPolicyEnforcer.java:69)
at
org.keycloak.adapters.authorization.PolicyEnforcer.enforce(PolicyEnforcer.java:77)
at
org.keycloak.adapters.AuthenticatedActionsHandler.isAuthorized(AuthenticatedActionsHandler.java:142)
... 38 more
I use keycloak 2.3.0.Final whit the following configuration:
1. Backend app in EAR package whit jax rs service and the next
keycloak.json file:
{
"realm": "demo",
"auth-server-url": "http://localhost:8080/auth",
"ssl-required": "external",
"resource": "afiliacion-web",
"credentials": {
"secret": "45226cd3-796e-4e38-9f38-8435877c660b"
},
"policy-enforcer": {}
}
and this is web.xml fiel:
<!-- PRIVATE -->
<security-constraint>
<display-name>Client Area</display-name>
<web-resource-collection>
<web-resource-name>client_resources</web-resource-name>
<url-pattern>/rest/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>HEAD</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<!-- BASIC AUTHENTICATION ALLOW LOGIN FROM REST SERVICE -->
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>demo</realm-name>
</login-config>
<security-role>
<role-name>*</role-name>
</security-role>
2. Front end app is public client in keycloak, and sends all requests to
backend adding the bearer token.
Thank you so much Ebondu.
Gaalvarez.