Hello,
I’ve got a JEE-Wildfly project configurated with Keycloak. The client has access type ‘confidential’,I’ve ceated two roles(user-admin) and created a user mapped with both roles.
So my goal is to protect my project endpoints(that retrieve data from a database).
I am able to get the access token through the endpoint:
http://localhost:8180/auth/realms/auth-proto-realm/protocol/openid-connect/token
I then use the access token for my GET in the endpoint, so I simply put the access token as a bearer token the authentication header, but what I get is a 403 Forbidden error.
I’ve got a frontend in Angular configurated with access type public, but for now I’m making these requests via Postman.
This is the error I get
My rest endpoint:
@GET
@Produces({MediaType.APPLICATION_JSON})
@Consumes({MediaType.APPLICATION_JSON})
public Response getAll() {
List<UserDto> dtos = userController.getAll();
if (dtos.size() != 0){
return Response.status(Response.Status.OK)
.entity(dtos)
.build();
}else if(dtos.size() == 0){
return Response.status(Response.Status.NO_CONTENT).build();
}else{
return Response.status(Response.Status.BAD_REQUEST).build();
}
My web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>auth_prototype</web-resource-name>
<url-pattern>/api/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>auth-proto-realm</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
keycloak.json:
{
"realm": "auth-proto-realm",
"auth-server-url": "http://localhost:8180/auth/",
"ssl-required": "none",
"resource": "auth-proto-client",
"verify-token-audience": true,
"credentials": {
"secret": "client-secret"
},
"confidential-port": 0,
"policy-enforcer": {},
"enable-cors": true,
"cors-allowed-methods" : "POST, PUT, DELETE, GET",
"use-resource-role-mappings": true
}
My client settings:
Anyone could tell me what I’m doing wrong?
Thanks a lot