I have a web application with Angular 9, keycloak 9 and springboot 2.5 when my rest API is on Windows 10 all works well, but when I put it on Linux I always have an http 401 in response?

I developed a client server application with angular java and keycloak everything works well with a docker for keycloak ensiute I put my UI under docker all works well, last step I but my java code and there I always get a 401 not understand . I tried to get my code out and run it on a linux as a docker doesn’t work either. but only on window and the rest on linux no problem. here are my config and code in java.

This is the adapter

@KeycloakConfiguration
@ConditionalOnProperty(name = "keycloak.enabled", havingValue = "true", matchIfMissing = true)
class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {

    @Autowired
    private Cors cors;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

        KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
        keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
        auth.authenticationProvider(keycloakAuthenticationProvider);
    }

    @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration config = new CorsConfiguration();

        for (String origin : cors.getAllowedOrigin()) {
            config.addAllowedOrigin(origin);
        }
        for (String method : cors.getAllowedMethods()) {
            config.addAllowedMethod(method);
        }
        for (String header : cors.getAllowedHeaders()) {
            config.addAllowedHeader(header);
        }

        config.setAllowCredentials(true);
        config.setMaxAge(cors.getMaxAge());

        source.registerCorsConfiguration(cors.getMapping(), config);
        return source;
    }

    @Bean
    @Override
    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        //return new NullAuthenticatedSessionStrategy();
         return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        super.configure(http);

        http.cors().and().csrf().disable().sessionManagement()
                // use previously declared bean
                .sessionAuthenticationStrategy(sessionAuthenticationStrategy())
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)

                // keycloak filters for securisation
                .and().addFilterBefore(keycloakPreAuthActionsFilter(), LogoutFilter.class)
                .addFilterBefore(keycloakAuthenticationProcessingFilter(), X509AuthenticationFilter.class)
                .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint())

                // delegate logout endpoint to spring security

                .and().logout().addLogoutHandler(keycloakLogoutHandler()).logoutUrl("/logout").logoutSuccessHandler(
                        // logout handler for API
                        (HttpServletRequest request, HttpServletResponse response,
                                Authentication authentication) -> response.setStatus(HttpServletResponse.SC_OK))
                .and()
                // manage routes securisation here
                .authorizeRequests().antMatchers(HttpMethod.OPTIONS).permitAll()

                .antMatchers("/logout", "/", "/unsecured").permitAll().antMatchers("/poc").hasRole("poc")
                .antMatchers("/admin").hasRole("admin").antMatchers("/all").hasRole("all").anyRequest().denyAll();

    }
}

Resolver

public class CustomKeycloakSpringBootConfigResolver extends KeycloakSpringBootConfigResolver {

    private final KeycloakDeployment keycloakDeployment;

    public CustomKeycloakSpringBootConfigResolver(KeycloakSpringBootProperties properties) {
        keycloakDeployment = KeycloakDeploymentBuilder.build(properties);
    }

    @Override
    public KeycloakDeployment resolve(HttpFacade.Request facade) {
        return keycloakDeployment;
    }

}

this is my docker compose file

version: '3'

volumes:
  postgres_data:
      driver: local

services:
  pack-solution-postgres-keycloak:
    container_name: pack-solution-postgres-keycloak
    image: postgres
    volumes:
    - postgres_data:/var/lib/postgresql/data
    networks:
      - pack-solution-network
    environment:
      - POSTGRES_PASSWORD=keycloak
      - POSTGRES_DB=keycloak
      - POSTGRES_USER=keycloak
  pack-solution-keycloak:
    container_name: pack-solution-keycloak
    image: jboss/keycloak
    depends_on:
      - pack-solution-postgres-keycloak
    volumes:
      - ./Scripts/keycloak/Init-keycloak.json:/opt/jboss/keycloak/imports/Init-keycloak.json
      - ./pack-theme:/opt/jboss/keycloak/themes/pack-theme
      - ./fileconfig/standalone.xml:/opt/jboss/keycloak/standalone/configuration/standalone.xml
    command: 
      - "-b 0.0.0.0 -Dkeycloak.import=/opt/jboss/keycloak/imports/Init-keycloak.json"
    networks:
      - pack-solution-network
    environment:
      - DB_VENDOR=POSTGRES
      - DB_ADDR=pack-solution-postgres-keycloak
      - DB_DATABASE=keycloak
      - DB_USER=keycloak
      - DB_PASSWORD=keycloak
      - KEYCLOAK_USER=admin
      - KEYCLOAK_PASSWORD=admin
      - KEYCLAOK_HOSTNAME=pack-solution-keycloak
      - PROXY_ADDRESS_FORWARDING=true
    ports:
      - 8080:8080
  pack-solution-ui:
    container_name: pack-solution-ui
    build: ./ui/dev
    networks:
      - pack-solution-network
    ports:
      - 4200:80
  pack-solution-api:
    container_name: pack-solution-api
    build: ./api/dev
    links:
      - pack-solution-keycloak
    networks:
      - pack-solution-network
    ports:
      - 8081:8080
networks:
  pack-solution-network:
    driver: bridge

my application.yml

########################################
# Spring Boot / Server configuration
########################################
server:
   port: 8080
   use-forward-headers: true

########################################
# Spring Boot / Keycloak Configuration
########################################
keycloak:
    enabled: true
    auth-server-url: http://pack-solution-keycloak:8080/auth
    #auth-server-url: http://localhost:8080/auth
    realm: Pack-Solutions
    resource: PackApi
    ssl-required: external
    #bearer-only: false
    #enable-basic-auth: false
    #use-resource-role-mappings : true
    verify-token-audience: true
    credentials:
        secret: 04ae23ef-a331-427b-8160-15edd68e78e9
    cors: true

##################################################
#keycloak.securityConstraints[0].securityCollections[0].name: insecure endpoint
#keycloak.securityConstraints[0].securityCollections[0].patterns[0]: /unsecured
#keycloak.securityConstraints[0].securityCollections[0].patterns[1]: /
#keycloak.securityConstraints[1].authRoles[0]: poc
#keycloak.securityConstraints[1].securityCollections[0].patterns[0]: /*

######################################
# CORS
######################################
cross-origin-resource-sharing:
  allowed-origin:
    - http://pack-solution-ui:4200/*
    - http://localhost:4200/*
    - http://localhost:4200
    - http://pack-solution-ui:4200
  mapping: /**
  allowed-methods:
    - POST
    - GET
    - OPTIONS
    - DELETE
    - PUT
  allowed-headers:
    - WWW-Authenticate
    - Authorization
    - Content-Type
    - xsrf-token
  exposed-headers:
    - WWW-Authenticate
    - xsrf-token
  max-age: 600

logging:
  level:
    org:
      springframework:
        security: DEBUG
        web: DEBUG

Please if you have question or answer?

This is work on Windows 10 but not on linux …

Can you show us the configuration you’ve done in your Angular app for Keycloak?
Also try to rephrase the question a bit if at all possible because it’s really unclear.

export function initializer(keycloak: KeycloakService): () => Promise<any> {
  return (): Promise<any> => keycloak.init({
      config: {
          url: 'http://localhost:8080/auth',
          realm: 'Pack-Solutions',
          clientId: 'PACK-Solutions'
      },
      initOptions: {
        onLoad: 'login-required',
        checkLoginIframe: false
    },
      enableBearerInterceptor: true,
      bearerPrefix: 'Bearer',
      bearerExcludedUrls: [
          '/assets',
          '/clients/public']
  });
}

Hi Zonaut , I rephrase my question it’s more clear?

I meant the description of your issue because it mentions Docker but it’s not clear what situation does work or not.
I only work with Linux so I don’t know the differences between Windows and Linux on Docker.
When using docker-compose on Windows everything works, but not on Linux?
If that’s the case than this seems Docker related and has nothing to do with the configuration itself.

You are using localhost to test your setup or are you using host name?
Is it the API that throws the 401 or Keycloak? Bash into the API container and see if http://pack-solution-keycloak:8080/auth is reachable.
View your logs of your API and see if there is some useful information there by enabling lower logging levels.

You can always put this setup in a Git repo so we can have a closer look an try running it.

if I start mu rest api on windows and keycloak on linux it’s work fine. but in all linux configuration in docker or in my linux os my rest api alway return 401. this is work only in window… this is my docker configuration:

FROM openjdk:8

COPY backend-0.0.1-SNAPSHOT.jar app.jar

copy application.yml application.yml

ENTRYPOINT [“java”,"-Djava.security.egd=file:/dev/./urandom","-Dspring.config.location=application.yml","-jar","/app.jar"]

If its work on windows I have this stack:

2020-04-01 13:27:37.919 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 1 of 17 in additional filter chain; firing Filter: ‘WebAsyncManagerIntegrationFilter’
2020-04-01 13:27:37.921 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 2 of 17 in additional filter chain; firing Filter: ‘SecurityContextPersistenceFilter’
2020-04-01 13:27:37.941 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 3 of 17 in additional filter chain; firing Filter: ‘HeaderWriterFilter’
2020-04-01 13:27:37.953 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 4 of 17 in additional filter chain; firing Filter: ‘CorsFilter’
2020-04-01 13:27:37.976 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 5 of 17 in additional filter chain; firing Filter: ‘KeycloakPreAuthActionsFilter’
2020-04-01 13:27:37.980 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 6 of 17 in additional filter chain; firing Filter: ‘KeycloakPreAuthActionsFilter’
2020-04-01 13:27:37.980 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 7 of 17 in additional filter chain; firing Filter: ‘LogoutFilter’
2020-04-01 13:27:37.982 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/logout’, GET]
2020-04-01 13:27:37.992 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/poc’; against ‘/logout’
2020-04-01 13:27:37.993 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/logout’, POST]
2020-04-01 13:27:37.994 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request ‘GET /poc’ doesn’t match ‘POST /logout’
2020-04-01 13:27:37.995 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/logout’, PUT]
2020-04-01 13:27:37.996 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request ‘GET /poc’ doesn’t match ‘PUT /logout’
2020-04-01 13:27:37.996 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/logout’, DELETE]
2020-04-01 13:27:37.998 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request ‘GET /poc’ doesn’t match ‘DELETE /logout’
2020-04-01 13:27:38.002 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
2020-04-01 13:27:38.006 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 8 of 17 in additional filter chain; firing Filter: ‘KeycloakAuthenticationProcessingFilter’
2020-04-01 13:27:38.012 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/sso/login’]
2020-04-01 13:27:38.013 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/poc’; against ‘/sso/login’
2020-04-01 13:27:38.014 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=Authorization, expectedHeaderValue=null]
2020-04-01 13:27:38.014 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : matched
2020-04-01 13:27:38.045 DEBUG 24356 — [nio-8081-exec-2] o.s.s.authentication.ProviderManager : Authentication attempt using org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider
2020-04-01 13:27:38.483 WARN 24356 — [nio-8081-exec-2] o.a.c.util.SessionIdGeneratorBase : Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [408] milliseconds.
2020-04-01 13:27:38.489 DEBUG 24356 — [nio-8081-exec-2] o.s.s.core.session.SessionRegistryImpl : Registering session A5D3EC032B6F65A5BF7F21154A71F747, for principal c4e9c1e4-f909-4e3e-8ad7-5830458d1148
2020-04-01 13:27:38.494 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 9 of 17 in additional filter chain; firing Filter: ‘KeycloakAuthenticationProcessingFilter’
2020-04-01 13:27:38.496 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/sso/login’]
2020-04-01 13:27:38.506 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/poc’; against ‘/sso/login’
2020-04-01 13:27:38.511 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=Authorization, expectedHeaderValue=null]
2020-04-01 13:27:38.521 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : matched
2020-04-01 13:27:38.538 DEBUG 24356 — [nio-8081-exec-2] o.s.s.authentication.ProviderManager : Authentication attempt using org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider
2020-04-01 13:27:38.541 DEBUG 24356 — [nio-8081-exec-2] o.s.s.core.session.SessionRegistryImpl : Removing session A5D3EC032B6F65A5BF7F21154A71F747 from principal’s set of registered sessions
2020-04-01 13:27:38.547 DEBUG 24356 — [nio-8081-exec-2] o.s.s.core.session.SessionRegistryImpl : Removing principal c4e9c1e4-f909-4e3e-8ad7-5830458d1148 from registry
2020-04-01 13:27:38.547 DEBUG 24356 — [nio-8081-exec-2] o.s.s.core.session.SessionRegistryImpl : Registering session A5D3EC032B6F65A5BF7F21154A71F747, for principal c4e9c1e4-f909-4e3e-8ad7-5830458d1148
2020-04-01 13:27:38.548 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 10 of 17 in additional filter chain; firing Filter: ‘RequestCacheAwareFilter’
2020-04-01 13:27:38.559 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 11 of 17 in additional filter chain; firing Filter: ‘SecurityContextHolderAwareRequestFilter’
2020-04-01 13:27:38.563 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 12 of 17 in additional filter chain; firing Filter: ‘KeycloakSecurityContextRequestFilter’
2020-04-01 13:27:38.563 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 13 of 17 in additional filter chain; firing Filter: ‘KeycloakAuthenticatedActionsFilter’
2020-04-01 13:27:38.565 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 14 of 17 in additional filter chain; firing Filter: ‘AnonymousAuthenticationFilter’
2020-04-01 13:27:38.566 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.a.AnonymousAuthenticationFilter : SecurityContextHolder not populated with anonymous token, as it already contained: ‘org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken@151aa6b0: Principal: c4e9c1e4-f909-4e3e-8ad7-5830458d1148; Credentials: [PROTECTED]; Authenticated: true; Details: org.keycloak.adapters.springsecurity.account.SimpleKeycloakAccount@274b320e; Granted Authorities: ROLE_poc, ROLE_offline_access, ROLE_uma_authorization’
2020-04-01 13:27:38.577 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 15 of 17 in additional filter chain; firing Filter: ‘SessionManagementFilter’
2020-04-01 13:27:38.626 DEBUG 24356 — [nio-8081-exec-2] s.CompositeSessionAuthenticationStrategy : Delegating to org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy@6f80fafe
2020-04-01 13:27:38.633 DEBUG 24356 — [nio-8081-exec-2] o.s.s.core.session.SessionRegistryImpl : Removing session A5D3EC032B6F65A5BF7F21154A71F747 from principal’s set of registered sessions
2020-04-01 13:27:38.640 DEBUG 24356 — [nio-8081-exec-2] o.s.s.core.session.SessionRegistryImpl : Removing principal c4e9c1e4-f909-4e3e-8ad7-5830458d1148 from registry
2020-04-01 13:27:38.660 DEBUG 24356 — [nio-8081-exec-2] o.s.s.core.session.SessionRegistryImpl : Registering session A5D3EC032B6F65A5BF7F21154A71F747, for principal c4e9c1e4-f909-4e3e-8ad7-5830458d1148
2020-04-01 13:27:38.674 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 16 of 17 in additional filter chain; firing Filter: ‘ExceptionTranslationFilter’
2020-04-01 13:27:38.680 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 17 of 17 in additional filter chain; firing Filter: ‘FilterSecurityInterceptor’
2020-04-01 13:27:38.694 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/logout’, GET]
2020-04-01 13:27:38.704 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/poc’; against ‘/logout’
2020-04-01 13:27:38.708 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/logout’, POST]
2020-04-01 13:27:38.715 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request ‘GET /poc’ doesn’t match ‘POST /logout’
2020-04-01 13:27:38.716 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/logout’, PUT]
2020-04-01 13:27:38.726 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request ‘GET /poc’ doesn’t match ‘PUT /logout’
2020-04-01 13:27:38.726 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/logout’, DELETE]
2020-04-01 13:27:38.727 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request ‘GET /poc’ doesn’t match ‘DELETE /logout’
2020-04-01 13:27:38.728 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
2020-04-01 13:27:38.729 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request ‘GET /poc’ doesn’t match ‘OPTIONS /**’
2020-04-01 13:27:38.730 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/poc’; against ‘/logout’
2020-04-01 13:27:38.730 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/poc’; against ‘/’
2020-04-01 13:27:38.731 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/poc’; against ‘/unsecured’
2020-04-01 13:27:38.732 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/poc’; against ‘/poc’
2020-04-01 13:27:38.733 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /poc; Attributes: [hasRole(‘ROLE_poc’)]
2020-04-01 13:27:38.734 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken@151aa6b0: Principal: c4e9c1e4-f909-4e3e-8ad7-5830458d1148; Credentials: [PROTECTED]; Authenticated: true; Details: org.keycloak.adapters.springsecurity.account.SimpleKeycloakAccount@274b320e; Granted Authorities: ROLE_poc, ROLE_offline_access, ROLE_uma_authorization
2020-04-01 13:27:38.756 DEBUG 24356 — [nio-8081-exec-2] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@27ae8043, returned: 1
2020-04-01 13:27:38.757 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.a.i.FilterSecurityInterceptor : Authorization successful
2020-04-01 13:27:38.759 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.a.i.FilterSecurityInterceptor : RunAsManager did not change Authentication object
2020-04-01 13:27:38.768 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc reached end of additional filter chain; proceeding with original chain
2020-04-01 13:27:38.771 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/sso/login’]
2020-04-01 13:27:38.781 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/poc’; against ‘/sso/login’
2020-04-01 13:27:38.794 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=Authorization, expectedHeaderValue=null]
2020-04-01 13:27:38.805 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : matched
2020-04-01 13:27:38.811 DEBUG 24356 — [nio-8081-exec-2] o.s.s.authentication.ProviderManager : Authentication attempt using org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider
2020-04-01 13:27:38.815 DEBUG 24356 — [nio-8081-exec-2] o.s.s.core.session.SessionRegistryImpl : Removing session A5D3EC032B6F65A5BF7F21154A71F747 from principal’s set of registered sessions
2020-04-01 13:27:38.816 DEBUG 24356 — [nio-8081-exec-2] o.s.s.core.session.SessionRegistryImpl : Removing principal c4e9c1e4-f909-4e3e-8ad7-5830458d1148 from registry
2020-04-01 13:27:38.826 DEBUG 24356 — [nio-8081-exec-2] o.s.s.core.session.SessionRegistryImpl : Registering session A5D3EC032B6F65A5BF7F21154A71F747, for principal c4e9c1e4-f909-4e3e-8ad7-5830458d1148
2020-04-01 13:27:38.855 DEBUG 24356 — [nio-8081-exec-2] o.s.web.servlet.DispatcherServlet : GET “/poc”, parameters={}
2020-04-01 13:27:38.873 DEBUG 24356 — [nio-8081-exec-2] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.packsolution.server.auth.controler.AuthSimpleControler#homePage()
2020-04-01 13:27:38.951 DEBUG 24356 — [nio-8081-exec-2] o.s.s.a.i.a.MethodSecurityInterceptor : Secure object: ReflectiveMethodInvocation: public org.springframework.http.ResponseEntity com.packsolution.server.auth.controler.AuthSimpleControler.homePage(); target is of class [com.packsolution.server.auth.controler.AuthSimpleControler]; Attributes: [[authorize: ‘hasRole(‘poc’) or hasRole(‘admin’)’, filter: ‘null’, filterTarget: ‘null’]]
2020-04-01 13:27:38.951 DEBUG 24356 — [nio-8081-exec-2] o.s.s.a.i.a.MethodSecurityInterceptor : Previously Authenticated: org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken@85b9615: Principal: c4e9c1e4-f909-4e3e-8ad7-5830458d1148; Credentials: [PROTECTED]; Authenticated: true; Details: org.keycloak.adapters.springsecurity.account.SimpleKeycloakAccount@3c1c4a50; Granted Authorities: ROLE_poc, ROLE_offline_access, ROLE_uma_authorization
2020-04-01 13:27:38.957 DEBUG 24356 — [nio-8081-exec-2] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter@1a71e73e, returned: 1
2020-04-01 13:27:38.961 DEBUG 24356 — [nio-8081-exec-2] o.s.s.a.i.a.MethodSecurityInterceptor : Authorization successful
2020-04-01 13:27:38.965 DEBUG 24356 — [nio-8081-exec-2] o.s.s.a.i.a.MethodSecurityInterceptor : RunAsManager did not change Authentication object
2020-04-01 13:27:39.019 DEBUG 24356 — [nio-8081-exec-2] o.s.w.s.m.m.a.HttpEntityMethodProcessor : Using ‘application/json’, given [application/json, text/plain, /] and supported [application/json]
2020-04-01 13:27:39.020 DEBUG 24356 — [nio-8081-exec-2] o.s.w.s.m.m.a.HttpEntityMethodProcessor : Writing [“user with poc or admin role”]
2020-04-01 13:27:39.050 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@2a68064f
2020-04-01 13:27:39.058 DEBUG 24356 — [nio-8081-exec-2] o.s.web.servlet.DispatcherServlet : Completed 200 OK
2020-04-01 13:27:39.063 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally
2020-04-01 13:27:39.064 DEBUG 24356 — [nio-8081-exec-2] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2020-04-01 13:31:27.201 INFO 24356 — [extShutdownHook] o.s.s.concurrent.ThreadPoolTaskExecutor : Shutting down ExecutorService ‘applicationTaskExecutor’

and on linux I have this stack and it’s can’t work:

pack-solution-api | 2020-04-02 20:06:35.115 DEBUG 1 — [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
pack-solution-api | 2020-04-02 20:06:35.120 DEBUG 1 — [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 1 of 13 in additional filter chain; firing Filter: ‘WebAsyncManagerIntegrationFilter’
pack-solution-api | 2020-04-02 20:06:35.120 DEBUG 1 — [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 2 of 13 in additional filter chain; firing Filter: ‘SecurityContextPersistenceFilter’
pack-solution-api | 2020-04-02 20:06:35.121 DEBUG 1 — [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 3 of 13 in additional filter chain; firing Filter: ‘HeaderWriterFilter’
pack-solution-api | 2020-04-02 20:06:35.121 DEBUG 1 — [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 4 of 13 in additional filter chain; firing Filter: ‘CorsFilter’
pack-solution-api | 2020-04-02 20:06:35.122 DEBUG 1 — [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 5 of 13 in additional filter chain; firing Filter: ‘KeycloakPreAuthActionsFilter’
pack-solution-api | 2020-04-02 20:06:35.123 DEBUG 1 — [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 6 of 13 in additional filter chain; firing Filter: ‘LogoutFilter’
pack-solution-api | 2020-04-02 20:06:35.123 DEBUG 1 — [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/logout’, GET]
pack-solution-api | 2020-04-02 20:06:35.124 DEBUG 1 — [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/error’; against ‘/logout’
pack-solution-api | 2020-04-02 20:06:35.124 DEBUG 1 — [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/logout’, POST]
pack-solution-api | 2020-04-02 20:06:35.125 DEBUG 1 — [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request ‘GET /error’ doesn’t match ‘POST /logout’
pack-solution-api | 2020-04-02 20:06:35.126 DEBUG 1 — [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/logout’, PUT]
pack-solution-api | 2020-04-02 20:06:35.127 DEBUG 1 — [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request ‘GET /error’ doesn’t match ‘PUT /logout’
pack-solution-api | 2020-04-02 20:06:35.128 DEBUG 1 — [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/logout’, DELETE]
pack-solution-api | 2020-04-02 20:06:35.129 DEBUG 1 — [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request ‘GET /error’ doesn’t match ‘DELETE /logout’
pack-solution-api | 2020-04-02 20:06:35.130 DEBUG 1 — [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
pack-solution-api | 2020-04-02 20:06:35.130 DEBUG 1 — [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 7 of 13 in additional filter chain; firing Filter: ‘KeycloakAuthenticationProcessingFilter’
pack-solution-api | 2020-04-02 20:06:35.131 DEBUG 1 — [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/sso/login’]
pack-solution-api | 2020-04-02 20:06:35.132 DEBUG 1 — [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/error’; against ‘/sso/login’
pack-solution-api | 2020-04-02 20:06:35.132 DEBUG 1 — [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=Authorization, expectedHeaderValue=null]
pack-solution-api | 2020-04-02 20:06:35.133 DEBUG 1 — [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : matched
pack-solution-api | 2020-04-02 20:06:35.141 DEBUG 1 — [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed

The beginning of the Linux log you posted shows that there is being a redirect to /error so the error is happening before that. You need to see what happens before that.
Also check if http://pack-solution-keycloak:8080/auth is reachable from within the Docker container.

Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter

Try adding ‘Strict-Transport-Security’ your allowed headers config or enable all headers for now

Also try reaching http://pack-solution-keycloak:8080/auth/realms/Pack-Solutions/.well-known/openid-configuration from withing your docker container

Yeah I think I see your problem. You are trying to call Keycloak on localhost in your Spring boot Docker container, it doesn’t know of anything running there on port 8080, only the spring boot application.

That’s why I mentioned that it had to be Docker because of Windows/Linux, it seems that your Docker on Windows runs in host mode or something.
Did you use docker-compose up on Windows and Linux? If yes then check your Docker toolbox or I don’t know the name of it and make sure it behaves like Linux which should be the default.

You need to use http://pack-solution-keycloak:8080/auth/realms/Pack-Solutions/.well-known/openid-configuration
Create an extra profile in your spring boot application, use localhost in your default one and set the url with docker container name in the new one.
Then declare an environment variable in your docker-compose file to use that profile on startup like SPRING_PROFILES_ACTIVE: profilename

Bash into your spring boot container and try to curl http://pack-solution-keycloak:8080/auth/realms/Pack-Solutions/.well-known/openid-configuration first so you know it works that way.
I assumed you did this already as I mentioned it several times in previous comments but you seem to have ignored that advice.

I put this in tomcat under windows And I have same trouble
2020-04-08 22:54:36.119 ERROR 1 — [nio-8081-exec-7] o.k.a.rotation.AdapterRSATokenVerifier : Didn’t find publicKey for kid: mbbKUpzXynAXZa4ZFPADLAgwTrzgOUK2mQPD9uEJV1I
2020-04-08 22:54:36.125 ERROR 1 — [nio-8081-exec-7] o.k.a.BearerTokenRequestAuthenticator : Failed to verify token

But I have public key

Is your previous problem solved? It would be great if you could reply on previous comments without throwing new problems into the mix.

no is the same error, but I active more verbose

It could be a problem with the naming of your clients, Linux is case sensitive so make sure you use the correct client name everywhere. Best to be safe and only use lowercase chars when naming things.