Hi everybody,
I followed some suggestion and now I made authentication works as follow:
1- The user call http://.../frontend
2- The frontend server redirects to the keycloak login
3- Keycloak authenticates the user and redirects to frontend server
4- The frontend server serves the AngularJS dashboard
5- User clicks to something in AngularJS app, which will send request
to
http://localhost:8080/frontend/someEndpoint
6- Frontend will re-send this to
http://localhost:8080/backend/someBackendEndpoint
7- After backend request is done and received in "frontend" app, it
will resend it back to AngularJS with all the data.
Now I would like to add authorization to backend api, so I added @RolesAllowed
("role") but it does not work:
2014-04-23 23:17:10,694|WARN |core.ExceptionHandler|failed to execute
javax.ws.rs.ForbiddenException: HTTP 403 Forbidden
at
org.jboss.resteasy.plugins.interceptors.RoleBasedSecurityFilter.filter(RoleBasedSecurityFilter.java:45)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:256)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:242)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:229)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
I found out that the realmAccess is null and debugging I thinks the problem
is during authentication when in org.keycloak.RSATokenVerifier at line:
token = input.readJsonContent(AccessToken.class);
What do you think? What am I doing wrong this time?
Thanks.
--
Davide