[keycloak-user] Configuring javascript calling REST service

Robert van Loenhout r.vanloenhout at greenvalley.nl
Thu Aug 4 03:51:17 EDT 2016 

Hi,

To make cross origin requests work I had to make the following changes for my REST service:

Put "enable-cors": true in the json config.
Enable CORS support in Spring. So far I have just put the @CrossOrigin annotation on my REST controller, which seem to put the request host in the allowed origin response header.
https://spring.io/blog/2015/06/08/cors-support-in-spring-framework
If someone could explain why both is necessary that would be interesting.


From: Sebastien Blanc [mailto:sblanc at redhat.com]
Sent: 02 August 2016 18:24
To: Robert van Loenhout <r.vanloenhout at greenvalley.nl>
Cc: keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Configuring javascript calling REST service

Hi,
I'm not entirely sure but I think that "enable-cors" is not supported for the Spring Security Adapter.
For now, you have to deal with CORS "manually" on the server side. I think Spring has a annotation like "@CrossOrigin".
Sebi

On Tue, Aug 2, 2016 at 5:30 PM, Robert van Loenhout <r.vanloenhout at greenvalley.nl<mailto:r.vanloenhout at greenvalley.nl>> wrote:
I'm using the keycloak javascript adapter and the spring security adapter for my REST service.
The REST service is configured as a client with 'bearer-only' access type.
The javascript client is authenticated. When it does an ajax call to my REST service I receive the following error in my browser:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:30001/rest1/greeting. (Reason: CORS header 'Access-Control-Allow-Origin' missing).

I have added
"enable-cors": true
to my REST keycloak configuration.
However where do I configure which origins are allowed?

For 'public' and 'confidential' clients you can configure the web origins in the admin console.
But when I set it to 'bearer-only' this field is gone.

So what exactly are the steps you have to take to configure a javascript client that call a REST service on another host?

_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160804/175b40d1/attachment.html

More information about the keycloak-user mailing list