[keycloak-user] Browser can't load an external secured resource from a link even if user is already logged in
Aritz Maeztu
amaeztu at tesicnor.com
Fri May 13 09:40:01 EDT 2016
Hi all,
We're building a microservice based architecture in which all the
services share the SSO point which is a keycloak server. Services are
Spring Boot based and we're using the Spring Security keycloak adapter
in order to manage our security configuration. We've got some backend
services and the one dealing with the frontend, which is based in JSF.
------------------------- ---------------------------------
- JSF UI service - ------> - Equipment service -
------------------------- ---------------------------------
We can access all the Equipment Service endpoints properly using the
KeycloakRestTemplate. Problem comes when JSF renders a direct link to a
back end endpoint like that: `<img
src="http://localhost:8085/equipment/1/files/main" />`. As our JSF
service is being executed in other port, the browser seems not to have
access to the image and 401 UNAUTHORIZED code is returned. However,
copying the link in the browser bar we can display the image (that's
correct because both services are in the same realm and no further
security is involved).
I've already implemented a solution which implies pointing the src
attribute to the JSF UI service and from there, loading the resource
using the KeycloakRestTemplate (kind of proxy). But it seems strange for
a user not being able to load the resource of the equipment service
directly (that could be because no authorization header is sent when the
browser requests the extra resources). Is there any other workaround for
this?
--
Aritz Maeztu Otaño
Departamento Desarrollo de Software
<https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES>
<http://www.tesicnor.com>
Pol. Ind. Mocholi. C/Rio Elorz, Nave 13E 31110 Noain (Navarra)
Telf.: 948 21 40 40
Fax.: 948 21 40 41
Antes de imprimir este e-mail piense bien si es necesario hacerlo: El
medioambiente es cosa de todos.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160513/cb590a58/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linkdin.gif
Type: image/gif
Size: 1295 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160513/cb590a58/attachment-0001.gif
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo.png
Type: image/png
Size: 2983 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160513/cb590a58/attachment-0001.png
More information about the keycloak-user
mailing list