[keycloak-user] @RolesAllowed leads to HTTP 500 when user doesn't have the required role

Nils Preusker n.preusker at gmail.com
Tue Apr 1 15:16:04 EDT 2014


Hi Bill, that did the trick, I just added an exception mapper. Thanks!

About the wildfly issue, can u share a link to it so I can track it? I'm quite eager to get this to work since we want to deploy our war modules without security for test cases (in combination with arquillian). So we just discard the web.xml in the test deployments and the roles allowed annotations are being ignored. But with the security domain annotation that would be a bit more tricky. 

Cheers,
Nils

--
Blog: www.nilspreusker.de

> On Apr 1, 2014, at 15:11, Bill Burke <bburke at redhat.com> wrote:
> 
> I don't have a solution to getting rid of @SecurityDomain yet.  What 
> should happen is that the EJB should inherit the security domain of the 
> WAR, but it doesn't.  I opened a Wildfly bug and hopefully it will be fixed.
> 
> As for this particular bug, it may just be that you have to write an 
> ExceptionMapper and unwrap EJBException.
> 
> Can you show the stack trace in the log?
> 
>> On 4/1/2014 9:09 AM, Nils Preusker wrote:
>> Hey Bill,
>> 
>> it is actually an EJB (@Stateless @Path(...)).
>> 
>> Another question about this: You mention in the user guide that you are
>> planning to improve the integration and get rid of the @SecurityDomain
>> annotation. Are you currently working on this or can you give me some
>> estimate on which release this is planned for?
>> 
>> Cheers,
>> Nils
>> 
>> 
>> On Tue, Apr 1, 2014 at 2:57 PM, Bill Burke <bburke at redhat.com
>> <mailto:bburke at redhat.com>> wrote:
>> 
>>    Just a regular JAX-RS class?  Not an EJB?
>> 
>>>    On 4/1/2014 5:00 AM, Nils Preusker wrote:
>>> Hi,
>>> 
>>> I'm currently testing the @SecurityDomain("keycloak") and
>>    @RolesAllowed
>>> annotations on my JAX-RS services and was surprised to see that I
>>    get a
>>> HTTP 500 (internal server error) when a requesting user doesn't
>>    have the
>>> role that is required by @RolesAllowed. Is this intentional or a
>>    known
>>> issue or am I doing something wrong in the config?
>>> 
>>> I'm using Wildfly 8.0.0.Final with the default RestEasy module. Would
>>> upgrading RestEasy do the trick?
>>> 
>>> Cheers,
>>> Nils
>>> 
>>> 
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> 
>>    --
>>    Bill Burke
>>    JBoss, a division of Red Hat
>>    http://bill.burkecentral.com
>>    _______________________________________________
>>    keycloak-user mailing list
>>    keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>>    https://lists.jboss.org/mailman/listinfo/keycloak-user
>> 
>> 
>> 
>> 
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> 
> -- 
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user



More information about the keycloak-user mailing list