Hi there,
I am trying to setup a JAX-RS webservice with keycloak authentication
and want to use the Java EE security annotations (@PermitAll,
@RolesAllowed).
My current implementation works well with one exception:
If I have set an invalid bearer token in the authorization header the
TokenVerifier throws a VerificationException stating: Token is not active.
I fully understand why it is thrown and that the token is checked before
the routing in JAX-RS starts. But if I use @PermitAll I want that
everyone reagrdless of any authorization header can access the resource.
How can I handle this use case?
P.S.: If I access the resource without a token, than I get the correct
result from the webservice.
Best regards
Georg
Show replies by date