[keycloak-user] Spring Boot and Keycloak
John Norris
johnnorris-10 at outlook.com
Mon Nov 11 09:03:46 EST 2019
Hi Tony,
thanks for this.
So the spring code already contained the crsf code. Is that not working
properly?
------ Original Message ------
From: "Tony Harris" <Tony.Harris at oneadvanced.com>
To: "John Norris" <johnnorris-10 at outlook.com>;
"keycloak-user at lists.jboss.org" <keycloak-user at lists.jboss.org>
Sent: 11/11/2019 12:18:43
Subject: RE: Spring Boot and Keycloak
>I have seen 403 responses when the CSRF token is not sent with the request.
>
>
>The Spring security code is
>
> protected void configure(HttpSecurity http) throws Exception
> {
> super.configure(http);
> http
> .authorizeRequests()
> .antMatchers("/**").hasRole("user")
> .antMatchers("/", "/login**", "/unpkg.com/**", "/cdn.jsdelivr.net","/error**","/*.js","/*.css")
> .permitAll()
> .anyRequest()
> .authenticated()
> .and()
> .csrf()
> .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
> }
>
More information about the keycloak-user
mailing list