10:30 a.m.
I'm using the keycloak javascript adapter and the spring security adapter for my REST
service.
The REST service is configured as a client with 'bearer-only' access type.
The javascript client is authenticated. When it does an ajax call to my REST service I
receive the following error in my browser:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource
at http://localhost:30001/rest1/greeting. (Reason: CORS header
'Access-Control-Allow-Origin' missing).
I have added
"enable-cors": true
to my REST keycloak configuration.
However where do I configure which origins are allowed?
For 'public' and 'confidential' clients you can configure the web origins
in the admin console.
But when I set it to 'bearer-only' this field is gone.
So what exactly are the steps you have to take to configure a javascript client that call
a REST service on another host?
11:23 a.m.
Hi,
I'm not entirely sure but I think that "enable-cors" is not supported for
the Spring Security Adapter.
For now, you have to deal with CORS "manually" on the server side. I think
Spring has a annotation like "@CrossOrigin".
Sebi
On Tue, Aug 2, 2016 at 5:30 PM, Robert van Loenhout <
r.vanloenhout(a)greenvalley.nl> wrote:
I'm using the keycloak javascript adapter and the spring security
adapter
for my REST service.
The REST service is configured as a client with 'bearer-only' access type.
The javascript client is authenticated. When it does an ajax call to my
REST service I receive the following error in my browser:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the
remote resource at http://localhost:30001/rest1/greeting. (Reason: CORS
header 'Access-Control-Allow-Origin' missing).
I have added
"enable-cors": true
to my REST keycloak configuration.
However where do I configure which origins are allowed?
For 'public' and 'confidential' clients you can configure the web
origins
in the admin console.
But when I set it to 'bearer-only' this field is gone.
So what exactly are the steps you have to take to configure a javascript
client that call a REST service on another host?
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2:51 a.m.
Hi,
To make cross origin requests work I had to make the following changes for my REST
service:
Put "enable-cors": true in the json config.
Enable CORS support in Spring. So far I have just put the @CrossOrigin annotation on my
REST controller, which seem to put the request host in the allowed origin response
header.
https://spring.io/blog/2015/06/08/cors-support-in-spring-framework
If someone could explain why both is necessary that would be interesting.
From: Sebastien Blanc [mailto:sblanc@redhat.com]
Sent: 02 August 2016 18:24
To: Robert van Loenhout <r.vanloenhout(a)greenvalley.nl>
Cc: keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Configuring javascript calling REST service
Hi,
I'm not entirely sure but I think that "enable-cors" is not supported for
the Spring Security Adapter.
For now, you have to deal with CORS "manually" on the server side. I think
Spring has a annotation like "@CrossOrigin".
Sebi
On Tue, Aug 2, 2016 at 5:30 PM, Robert van Loenhout
<r.vanloenhout@greenvalley.nl<mailto:r.vanloenhout@greenvalley.nl>> wrote:
I'm using the keycloak javascript adapter and the spring security adapter for my REST
service.
The REST service is configured as a client with 'bearer-only' access type.
The javascript client is authenticated. When it does an ajax call to my REST service I
receive the following error in my browser:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource
at http://localhost:30001/rest1/greeting. (Reason: CORS header
'Access-Control-Allow-Origin' missing).
I have added
"enable-cors": true
to my REST keycloak configuration.
However where do I configure which origins are allowed?
For 'public' and 'confidential' clients you can configure the web origins
in the admin console.
But when I set it to 'bearer-only' this field is gone.
So what exactly are the steps you have to take to configure a javascript client that call
a REST service on another host?
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
3079
days inactive
3081
days old
2 comments
2 participants
participants (2)
-
Robert van Loenhout -
Sebastien Blanc