[keycloak-user] policy enforcer without content path

Pedro Igor psilva at redhat.com
Sat Dec 24 12:56:29 EST 2016


I think you are hitting https://issues.jboss.org/browse/KEYCLOAK-3261. Right now we have an issue when handling apps deployed at the ROOT context.
On 12/23/2016 1:51:57 PM, uğur kolip <ugur.kolip at gmail.com> wrote:
Also
(i enable authorization , both of emails)
When i use server.host , i get forbidden too. I don't understand why get
this
my application.properties like

server.port = 16085
server.host : example.com
server.contextPath= /photoz-restful-api


keycloak.realm = photoz
keycloak.auth-server-url = http://example.com:16090/auth
keycloak.ssl-required = none
keycloak.resource = photoz-restful-api
keycloak.credentials.secret = secret
keycloak.cors = true

keycloak.securityConstraints[0].securityCollections[0].name = All admin
keycloak.securityConstraints[0].securityCollections[0].authRoles[0] = admin
keycloak.securityConstraints[0].securityCollections[0].authRoles[1] = user
keycloak.securityConstraints[0].securityCollections[0].patterns[0] =
/admin/*
keycloak.securityConstraints[1].securityCollections[0].name = All
keycloak.securityConstraints[1].securityCollections[0].patterns[0] = /*

keycloak.policy-enforcer-config.enforcement-mode = ENFORCING

2016-12-23 15:23 GMT+03:00 uğur kolip :

> Hi
>
> i use keycloack 4.5.0.Final with spring boot adapter.
> When there isn't context path , i get 403 forbidden error. (message:"Could
> not find a configuration for path [/getRoles/alice]."
> path:"/admin/getRoles/alice" )
>
> do we have to add contextPath ? do i do something wrong ? or is it bug ?
>
> if we don't , path be wrong,
>
> My opinion because of these :
> In AbstractPolicyEnforcer class(keycloak-adapter-core) , there are
> String pathInfo = URI.create(request.getURI()).getPath().substring(1);
> String path = pathInfo.substring(pathInfo.indexOf('/'),
> pathInfo.length());
>
> Thank you for helping
>
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user


More information about the keycloak-user mailing list