[keycloak-user] Error 403 Java Spring Boot

[Sebastien Blanc]

Could you try to add this as well ?
keycloak.public-client=true

On Tue, Jul 11, 2017 at 8:00 PM, Dennis H <dennishonders at gmail.com> wrote:

> I receive a http error 403 when accessing a bearer-only resource with
> Postman that is secured with keycloak.
> The user has the needed role.
> Debug logs: BEARER AUTHENTICATED.
> What could be the problem here?
>
> *Application.properties*
>
> keycloak.realm=myrealm
> keycloak.bearer-only=true
> keycloak.auth-server-url=http://localhost:8080/auth
> keycloak.ssl-required=external
> keycloak.resource=my-app
> keycloak.use-resource-role-mappings=true
> keycloak.securityConstraints[0].securityCollections[0].name=secured
> keycloak.securityConstraints[0].authRoles[0]=app-user
> keycloak.securityConstraints[0].securityCollections[0].
> patterns[0]=/secured/*
>
> logging.level.org.keycloak=DEBUG
>
> *Postman*
> http://localhost:8081/secured/posts/0/10
> Authorization: Bearer aDSFla56s...
>
> *Debug*
> 2017-07-11 19:53:41.306 DEBUG 22556 --- [nio-8081-exec-1]
> o.k.adapters.PreAuthActionsHandler       : adminRequest
> http://localhost:8081/secured/posts/0/10
> 2017-07-11 19:53:41.313 DEBUG 22556 --- [nio-8081-exec-1]
> o.k.a.a.ClientCredentialsProviderUtils   : Using provider 'secret' for
> authentication of client 'my-app'
> 2017-07-11 19:53:41.314 DEBUG 22556 --- [nio-8081-exec-1]
> o.k.a.a.ClientCredentialsProviderUtils   : Loaded
> clientCredentialsProvider
> secret
> 2017-07-11 19:53:41.315 DEBUG 22556 --- [nio-8081-exec-1]
> o.k.a.a.ClientCredentialsProviderUtils   : Loaded
> clientCredentialsProvider
> jwt
> 2017-07-11 19:53:41.317 DEBUG 22556 --- [nio-8081-exec-1]
> o.k.a.a.ClientCredentialsProviderUtils   : Loaded
> clientCredentialsProvider
> secret
> 2017-07-11 19:53:41.317 DEBUG 22556 --- [nio-8081-exec-1]
> o.k.a.a.ClientCredentialsProviderUtils   : Loaded
> clientCredentialsProvider
> jwt
> 2017-07-11 19:53:41.354 DEBUG 22556 --- [nio-8081-exec-1]
> o.keycloak.adapters.KeycloakDeployment   : resolveUrls
> 2017-07-11 19:53:41.356 DEBUG 22556 --- [nio-8081-exec-1]
> o.k.adapters.KeycloakDeploymentBuilder   : Use authServerUrl:
> http://localhost:8080/auth, tokenUrl:
> http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/token,
> relativeUrls: NEVER
> 2017-07-11 19:53:41.631 DEBUG 22556 --- [nio-8081-exec-1]
> o.k.a.rotation.JWKPublicKeyLocator       : Realm public keys successfully
> retrieved for client my-app. New kids: [NsYwvDAUJYY3ioS9-0mpo]
> 2017-07-11 19:53:41.641 DEBUG 22556 --- [nio-8081-exec-1]
> o.k.adapters.RequestAuthenticator        : User
> 'c1ed6bf7-5dd-988-94fab8ecf' invoking '
> http://localhost:8081/secured/posts/0/10' on client 'my-app'
> 2017-07-11 19:53:41.642 DEBUG 22556 --- [nio-8081-exec-1]
> o.k.adapters.RequestAuthenticator        : *Bearer AUTHENTICATED*
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>