8:06 a.m.
So it's working now?
No auth-constraint = no need to authenticate ;)
On 6 November 2015 at 14:06, Tero Ahonen <Tero.Ahonen(a)cybercom.com> wrote:
At first I had
<security-constraint>
<web-resource-collection>
<web-resource-name>foobar</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Then added
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
And it started working.
So without auth-constraint all request are ok even token is not present or
valid.
Br,
Tero
On 06 Nov 2015, at 14:59 PM, Stian Thorgersen <sthorger(a)redhat.com> wrote:
Did you put any security constraints on the endpoints?
On 6 November 2015 at 12:36, Tero Ahonen <Tero.Ahonen(a)cybercom.com> wrote:
> Hi,
>
> I have a rest endpoint running on wildfly 9.
>
> Wildfly and application is setup to use Keycloak and request to endpoints
> are intercepted with keycloak adapter. But is seems to be that it is not
> working. If auth header is not present keycloak just skips authentication
> and lets all request thru. It doesn’t matter do I use curl or browser.
>
> Wilfly logs says (last line comes from servlet filter)
>
> 2015-11-06 13:10:23,962 DEBUG
> [org.keycloak.adapters.PreAuthActionsHandler] (default task-17)
> adminRequest https://localhost:8443/foobar/endpoint
> 2015-11-06 13:10:23,969 TRACE
> [org.keycloak.adapters.RequestAuthenticator] (default task-17) -->
> authenticate()
> 2015-11-06 13:10:23,969 TRACE
> [org.keycloak.adapters.RequestAuthenticator] (default task-17) try bearer
> 2015-11-06 13:10:23,969 DEBUG
> [org.keycloak.adapters.RequestAuthenticator] (default task-17)
> NOT_ATTEMPTED: bearer only
> 2015-11-06 13:10:23,970 DEBUG
> [org.keycloak.adapters.AuthenticatedActionsHandler] (default task-17)
> AuthenticatedActionsValve.invoke https://localhost:8443/foobar/endpoint
> 2015-11-06 13:10:23,970 INFO [stdout] (default task-17)
> GET:/foobar/endpoint
>
>
> If I add Authorization headar like this
>
> Authorization: Bearer 123
>
> I get HTTP/1.1 401 Unauthorized
>
> WWW-Authenticate: Bearer realm="saas-pilot",
error="invalid_token",
> error_description="Couldn't parse token”
>
>
> Is there something that I dont understand?
>
> I have tried with web.xml/keycloak.json and keycloak subsystem
> configuration methods, same outcome.
>
> Br,
> Tero
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>