[keycloak-user] Error 403 Java Spring Boot
Karol Buler
K.Buler at adbglobal.com
Wed Jul 12 04:24:20 EDT 2017
I had similar problem. You are using
"keycloak.use-resource-role-mappings=true", check that the user has the
client's role instead realm's role.
On 11.07.2017 20:00, Dennis H wrote:
> I receive a http error 403 when accessing a bearer-only resource with
> Postman that is secured with keycloak.
> The user has the needed role.
> Debug logs: BEARER AUTHENTICATED.
> What could be the problem here?
>
> *Application.properties*
>
> keycloak.realm=myrealm
> keycloak.bearer-only=true
> keycloak.auth-server-url=http://localhost:8080/auth
> keycloak.ssl-required=external
> keycloak.resource=my-app
> keycloak.use-resource-role-mappings=true
> keycloak.securityConstraints[0].securityCollections[0].name=secured
> keycloak.securityConstraints[0].authRoles[0]=app-user
> keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/secured/*
>
> logging.level.org.keycloak=DEBUG
>
> *Postman*
> http://localhost:8081/secured/posts/0/10
> Authorization: Bearer aDSFla56s...
>
> *Debug*
> 2017-07-11 19:53:41.306 DEBUG 22556 --- [nio-8081-exec-1]
> o.k.adapters.PreAuthActionsHandler : adminRequest
> http://localhost:8081/secured/posts/0/10
> 2017-07-11 19:53:41.313 DEBUG 22556 --- [nio-8081-exec-1]
> o.k.a.a.ClientCredentialsProviderUtils : Using provider 'secret' for
> authentication of client 'my-app'
> 2017-07-11 19:53:41.314 DEBUG 22556 --- [nio-8081-exec-1]
> o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider
> secret
> 2017-07-11 19:53:41.315 DEBUG 22556 --- [nio-8081-exec-1]
> o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider
> jwt
> 2017-07-11 19:53:41.317 DEBUG 22556 --- [nio-8081-exec-1]
> o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider
> secret
> 2017-07-11 19:53:41.317 DEBUG 22556 --- [nio-8081-exec-1]
> o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider
> jwt
> 2017-07-11 19:53:41.354 DEBUG 22556 --- [nio-8081-exec-1]
> o.keycloak.adapters.KeycloakDeployment : resolveUrls
> 2017-07-11 19:53:41.356 DEBUG 22556 --- [nio-8081-exec-1]
> o.k.adapters.KeycloakDeploymentBuilder : Use authServerUrl:
> http://localhost:8080/auth, tokenUrl:
> http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/token,
> relativeUrls: NEVER
> 2017-07-11 19:53:41.631 DEBUG 22556 --- [nio-8081-exec-1]
> o.k.a.rotation.JWKPublicKeyLocator : Realm public keys successfully
> retrieved for client my-app. New kids: [NsYwvDAUJYY3ioS9-0mpo]
> 2017-07-11 19:53:41.641 DEBUG 22556 --- [nio-8081-exec-1]
> o.k.adapters.RequestAuthenticator : User
> 'c1ed6bf7-5dd-988-94fab8ecf' invoking'
> http://localhost:8081/secured/posts/0/10' on client 'my-app'
> 2017-07-11 19:53:41.642 DEBUG 22556 --- [nio-8081-exec-1]
> o.k.adapters.RequestAuthenticator : *Bearer AUTHENTICATED*
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
[https://www.adbglobal.com/wp-content/uploads/adb.png]
connecting lives
connecting worlds
More information about the keycloak-user
mailing list