I developed a client server application with angular java and keycloak everything works well with a docker for keycloak ensiute I put my UI under docker all works well, last step I but my java code and there I always get a 401 not understand . I tried to get my code out and run it on a linux as a docker doesn’t work either. but only on window and the rest on linux no problem. here are my config and code in java.
This is the adapter
@KeycloakConfiguration
@ConditionalOnProperty(name = "keycloak.enabled", havingValue = "true", matchIfMissing = true)
class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
@Autowired
private Cors cors;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
auth.authenticationProvider(keycloakAuthenticationProvider);
}
@Bean
public CorsConfigurationSource corsConfigurationSource() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
for (String origin : cors.getAllowedOrigin()) {
config.addAllowedOrigin(origin);
}
for (String method : cors.getAllowedMethods()) {
config.addAllowedMethod(method);
}
for (String header : cors.getAllowedHeaders()) {
config.addAllowedHeader(header);
}
config.setAllowCredentials(true);
config.setMaxAge(cors.getMaxAge());
source.registerCorsConfiguration(cors.getMapping(), config);
return source;
}
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
//return new NullAuthenticatedSessionStrategy();
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.cors().and().csrf().disable().sessionManagement()
// use previously declared bean
.sessionAuthenticationStrategy(sessionAuthenticationStrategy())
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
// keycloak filters for securisation
.and().addFilterBefore(keycloakPreAuthActionsFilter(), LogoutFilter.class)
.addFilterBefore(keycloakAuthenticationProcessingFilter(), X509AuthenticationFilter.class)
.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint())
// delegate logout endpoint to spring security
.and().logout().addLogoutHandler(keycloakLogoutHandler()).logoutUrl("/logout").logoutSuccessHandler(
// logout handler for API
(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) -> response.setStatus(HttpServletResponse.SC_OK))
.and()
// manage routes securisation here
.authorizeRequests().antMatchers(HttpMethod.OPTIONS).permitAll()
.antMatchers("/logout", "/", "/unsecured").permitAll().antMatchers("/poc").hasRole("poc")
.antMatchers("/admin").hasRole("admin").antMatchers("/all").hasRole("all").anyRequest().denyAll();
}
}
Resolver
public class CustomKeycloakSpringBootConfigResolver extends KeycloakSpringBootConfigResolver {
private final KeycloakDeployment keycloakDeployment;
public CustomKeycloakSpringBootConfigResolver(KeycloakSpringBootProperties properties) {
keycloakDeployment = KeycloakDeploymentBuilder.build(properties);
}
@Override
public KeycloakDeployment resolve(HttpFacade.Request facade) {
return keycloakDeployment;
}
}
this is my docker compose file
version: '3'
volumes:
postgres_data:
driver: local
services:
pack-solution-postgres-keycloak:
container_name: pack-solution-postgres-keycloak
image: postgres
volumes:
- postgres_data:/var/lib/postgresql/data
networks:
- pack-solution-network
environment:
- POSTGRES_PASSWORD=keycloak
- POSTGRES_DB=keycloak
- POSTGRES_USER=keycloak
pack-solution-keycloak:
container_name: pack-solution-keycloak
image: jboss/keycloak
depends_on:
- pack-solution-postgres-keycloak
volumes:
- ./Scripts/keycloak/Init-keycloak.json:/opt/jboss/keycloak/imports/Init-keycloak.json
- ./pack-theme:/opt/jboss/keycloak/themes/pack-theme
- ./fileconfig/standalone.xml:/opt/jboss/keycloak/standalone/configuration/standalone.xml
command:
- "-b 0.0.0.0 -Dkeycloak.import=/opt/jboss/keycloak/imports/Init-keycloak.json"
networks:
- pack-solution-network
environment:
- DB_VENDOR=POSTGRES
- DB_ADDR=pack-solution-postgres-keycloak
- DB_DATABASE=keycloak
- DB_USER=keycloak
- DB_PASSWORD=keycloak
- KEYCLOAK_USER=admin
- KEYCLOAK_PASSWORD=admin
- KEYCLAOK_HOSTNAME=pack-solution-keycloak
- PROXY_ADDRESS_FORWARDING=true
ports:
- 8080:8080
pack-solution-ui:
container_name: pack-solution-ui
build: ./ui/dev
networks:
- pack-solution-network
ports:
- 4200:80
pack-solution-api:
container_name: pack-solution-api
build: ./api/dev
links:
- pack-solution-keycloak
networks:
- pack-solution-network
ports:
- 8081:8080
networks:
pack-solution-network:
driver: bridge
my application.yml
########################################
# Spring Boot / Server configuration
########################################
server:
port: 8080
use-forward-headers: true
########################################
# Spring Boot / Keycloak Configuration
########################################
keycloak:
enabled: true
auth-server-url: http://pack-solution-keycloak:8080/auth
#auth-server-url: http://localhost:8080/auth
realm: Pack-Solutions
resource: PackApi
ssl-required: external
#bearer-only: false
#enable-basic-auth: false
#use-resource-role-mappings : true
verify-token-audience: true
credentials:
secret: 04ae23ef-a331-427b-8160-15edd68e78e9
cors: true
##################################################
#keycloak.securityConstraints[0].securityCollections[0].name: insecure endpoint
#keycloak.securityConstraints[0].securityCollections[0].patterns[0]: /unsecured
#keycloak.securityConstraints[0].securityCollections[0].patterns[1]: /
#keycloak.securityConstraints[1].authRoles[0]: poc
#keycloak.securityConstraints[1].securityCollections[0].patterns[0]: /*
######################################
# CORS
######################################
cross-origin-resource-sharing:
allowed-origin:
- http://pack-solution-ui:4200/*
- http://localhost:4200/*
- http://localhost:4200
- http://pack-solution-ui:4200
mapping: /**
allowed-methods:
- POST
- GET
- OPTIONS
- DELETE
- PUT
allowed-headers:
- WWW-Authenticate
- Authorization
- Content-Type
- xsrf-token
exposed-headers:
- WWW-Authenticate
- xsrf-token
max-age: 600
logging:
level:
org:
springframework:
security: DEBUG
web: DEBUG
Please if you have question or answer?
This is work on Windows 10 but not on linux …
zonaut
April 2, 2020, 5:25pm
2
Can you show us the configuration you’ve done in your Angular app for Keycloak?
Also try to rephrase the question a bit if at all possible because it’s really unclear.
export function initializer(keycloak: KeycloakService): () => Promise<any> {
return (): Promise<any> => keycloak.init({
config: {
url: 'http://localhost:8080/auth',
realm: 'Pack-Solutions',
clientId: 'PACK-Solutions'
},
initOptions: {
onLoad: 'login-required',
checkLoginIframe: false
},
enableBearerInterceptor: true,
bearerPrefix: 'Bearer',
bearerExcludedUrls: [
'/assets',
'/clients/public']
});
}
Hi Zonaut , I rephrase my question it’s more clear?
zonaut
April 2, 2020, 9:31pm
5
I meant the description of your issue because it mentions Docker but it’s not clear what situation does work or not.
I only work with Linux so I don’t know the differences between Windows and Linux on Docker.
When using docker-compose on Windows everything works, but not on Linux?
If that’s the case than this seems Docker related and has nothing to do with the configuration itself.
You are using localhost to test your setup or are you using host name?
Is it the API that throws the 401 or Keycloak? Bash into the API container and see if http://pack-solution-keycloak:8080/auth is reachable.
View your logs of your API and see if there is some useful information there by enabling lower logging levels.
You can always put this setup in a Git repo so we can have a closer look an try running it.
if I start mu rest api on windows and keycloak on linux it’s work fine. but in all linux configuration in docker or in my linux os my rest api alway return 401. this is work only in window… this is my docker configuration:
FROM openjdk:8
COPY backend-0.0.1-SNAPSHOT.jar app.jar
copy application.yml application.yml
ENTRYPOINT [“java”,"-Djava.security.egd=file:/dev/./urandom","-Dspring.config.location=application.yml","-jar","/app.jar"]
If its work on windows I have this stack:
2020-04-01 13:27:37.919 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 1 of 17 in additional filter chain; firing Filter: ‘WebAsyncManagerIntegrationFilter’
2020-04-01 13:27:37.921 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 2 of 17 in additional filter chain; firing Filter: ‘SecurityContextPersistenceFilter’
2020-04-01 13:27:37.941 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 3 of 17 in additional filter chain; firing Filter: ‘HeaderWriterFilter’
2020-04-01 13:27:37.953 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 4 of 17 in additional filter chain; firing Filter: ‘CorsFilter’
2020-04-01 13:27:37.976 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 5 of 17 in additional filter chain; firing Filter: ‘KeycloakPreAuthActionsFilter’
2020-04-01 13:27:37.980 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 6 of 17 in additional filter chain; firing Filter: ‘KeycloakPreAuthActionsFilter’
2020-04-01 13:27:37.980 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 7 of 17 in additional filter chain; firing Filter: ‘LogoutFilter’
2020-04-01 13:27:37.982 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/logout’, GET]
2020-04-01 13:27:37.992 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/poc’; against ‘/logout’
2020-04-01 13:27:37.993 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/logout’, POST]
2020-04-01 13:27:37.994 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request ‘GET /poc’ doesn’t match ‘POST /logout’
2020-04-01 13:27:37.995 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/logout’, PUT]
2020-04-01 13:27:37.996 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request ‘GET /poc’ doesn’t match ‘PUT /logout’
2020-04-01 13:27:37.996 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/logout’, DELETE]
2020-04-01 13:27:37.998 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request ‘GET /poc’ doesn’t match ‘DELETE /logout’
2020-04-01 13:27:38.002 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
2020-04-01 13:27:38.006 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 8 of 17 in additional filter chain; firing Filter: ‘KeycloakAuthenticationProcessingFilter’
2020-04-01 13:27:38.012 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/sso/login’]
2020-04-01 13:27:38.013 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/poc’; against ‘/sso/login’
2020-04-01 13:27:38.014 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=Authorization, expectedHeaderValue=null]
2020-04-01 13:27:38.014 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : matched
2020-04-01 13:27:38.045 DEBUG 24356 — [nio-8081-exec-2] o.s.s.authentication.ProviderManager : Authentication attempt using org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider
2020-04-01 13:27:38.483 WARN 24356 — [nio-8081-exec-2] o.a.c.util.SessionIdGeneratorBase : Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [408] milliseconds.
2020-04-01 13:27:38.489 DEBUG 24356 — [nio-8081-exec-2] o.s.s.core.session.SessionRegistryImpl : Registering session A5D3EC032B6F65A5BF7F21154A71F747, for principal c4e9c1e4-f909-4e3e-8ad7-5830458d1148
2020-04-01 13:27:38.494 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 9 of 17 in additional filter chain; firing Filter: ‘KeycloakAuthenticationProcessingFilter’
2020-04-01 13:27:38.496 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/sso/login’]
2020-04-01 13:27:38.506 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/poc’; against ‘/sso/login’
2020-04-01 13:27:38.511 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=Authorization, expectedHeaderValue=null]
2020-04-01 13:27:38.521 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : matched
2020-04-01 13:27:38.538 DEBUG 24356 — [nio-8081-exec-2] o.s.s.authentication.ProviderManager : Authentication attempt using org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider
2020-04-01 13:27:38.541 DEBUG 24356 — [nio-8081-exec-2] o.s.s.core.session.SessionRegistryImpl : Removing session A5D3EC032B6F65A5BF7F21154A71F747 from principal’s set of registered sessions
2020-04-01 13:27:38.547 DEBUG 24356 — [nio-8081-exec-2] o.s.s.core.session.SessionRegistryImpl : Removing principal c4e9c1e4-f909-4e3e-8ad7-5830458d1148 from registry
2020-04-01 13:27:38.547 DEBUG 24356 — [nio-8081-exec-2] o.s.s.core.session.SessionRegistryImpl : Registering session A5D3EC032B6F65A5BF7F21154A71F747, for principal c4e9c1e4-f909-4e3e-8ad7-5830458d1148
2020-04-01 13:27:38.548 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 10 of 17 in additional filter chain; firing Filter: ‘RequestCacheAwareFilter’
2020-04-01 13:27:38.559 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 11 of 17 in additional filter chain; firing Filter: ‘SecurityContextHolderAwareRequestFilter’
2020-04-01 13:27:38.563 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 12 of 17 in additional filter chain; firing Filter: ‘KeycloakSecurityContextRequestFilter’
2020-04-01 13:27:38.563 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 13 of 17 in additional filter chain; firing Filter: ‘KeycloakAuthenticatedActionsFilter’
2020-04-01 13:27:38.565 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 14 of 17 in additional filter chain; firing Filter: ‘AnonymousAuthenticationFilter’
2020-04-01 13:27:38.566 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.a.AnonymousAuthenticationFilter : SecurityContextHolder not populated with anonymous token, as it already contained: ‘org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken@151aa6b0: Principal: c4e9c1e4-f909-4e3e-8ad7-5830458d1148; Credentials: [PROTECTED]; Authenticated: true; Details: org.keycloak.adapters.springsecurity.account.SimpleKeycloakAccount@274b320e; Granted Authorities: ROLE_poc, ROLE_offline_access, ROLE_uma_authorization’
2020-04-01 13:27:38.577 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 15 of 17 in additional filter chain; firing Filter: ‘SessionManagementFilter’
2020-04-01 13:27:38.626 DEBUG 24356 — [nio-8081-exec-2] s.CompositeSessionAuthenticationStrategy : Delegating to org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy@6f80fafe
2020-04-01 13:27:38.633 DEBUG 24356 — [nio-8081-exec-2] o.s.s.core.session.SessionRegistryImpl : Removing session A5D3EC032B6F65A5BF7F21154A71F747 from principal’s set of registered sessions
2020-04-01 13:27:38.640 DEBUG 24356 — [nio-8081-exec-2] o.s.s.core.session.SessionRegistryImpl : Removing principal c4e9c1e4-f909-4e3e-8ad7-5830458d1148 from registry
2020-04-01 13:27:38.660 DEBUG 24356 — [nio-8081-exec-2] o.s.s.core.session.SessionRegistryImpl : Registering session A5D3EC032B6F65A5BF7F21154A71F747, for principal c4e9c1e4-f909-4e3e-8ad7-5830458d1148
2020-04-01 13:27:38.674 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 16 of 17 in additional filter chain; firing Filter: ‘ExceptionTranslationFilter’
2020-04-01 13:27:38.680 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc at position 17 of 17 in additional filter chain; firing Filter: ‘FilterSecurityInterceptor’
2020-04-01 13:27:38.694 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/logout’, GET]
2020-04-01 13:27:38.704 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/poc’; against ‘/logout’
2020-04-01 13:27:38.708 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/logout’, POST]
2020-04-01 13:27:38.715 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request ‘GET /poc’ doesn’t match ‘POST /logout’
2020-04-01 13:27:38.716 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/logout’, PUT]
2020-04-01 13:27:38.726 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request ‘GET /poc’ doesn’t match ‘PUT /logout’
2020-04-01 13:27:38.726 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/logout’, DELETE]
2020-04-01 13:27:38.727 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request ‘GET /poc’ doesn’t match ‘DELETE /logout’
2020-04-01 13:27:38.728 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
2020-04-01 13:27:38.729 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request ‘GET /poc’ doesn’t match ‘OPTIONS /**’
2020-04-01 13:27:38.730 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/poc’; against ‘/logout’
2020-04-01 13:27:38.730 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/poc’; against ‘/’
2020-04-01 13:27:38.731 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/poc’; against ‘/unsecured’
2020-04-01 13:27:38.732 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/poc’; against ‘/poc’
2020-04-01 13:27:38.733 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /poc; Attributes: [hasRole(‘ROLE_poc’)]
2020-04-01 13:27:38.734 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken@151aa6b0: Principal: c4e9c1e4-f909-4e3e-8ad7-5830458d1148; Credentials: [PROTECTED]; Authenticated: true; Details: org.keycloak.adapters.springsecurity.account.SimpleKeycloakAccount@274b320e; Granted Authorities: ROLE_poc, ROLE_offline_access, ROLE_uma_authorization
2020-04-01 13:27:38.756 DEBUG 24356 — [nio-8081-exec-2] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@27ae8043, returned: 1
2020-04-01 13:27:38.757 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.a.i.FilterSecurityInterceptor : Authorization successful
2020-04-01 13:27:38.759 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.a.i.FilterSecurityInterceptor : RunAsManager did not change Authentication object
2020-04-01 13:27:38.768 DEBUG 24356 — [nio-8081-exec-2] o.s.security.web.FilterChainProxy : /poc reached end of additional filter chain; proceeding with original chain
2020-04-01 13:27:38.771 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/sso/login’]
2020-04-01 13:27:38.781 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/poc’; against ‘/sso/login’
2020-04-01 13:27:38.794 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=Authorization, expectedHeaderValue=null]
2020-04-01 13:27:38.805 DEBUG 24356 — [nio-8081-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : matched
2020-04-01 13:27:38.811 DEBUG 24356 — [nio-8081-exec-2] o.s.s.authentication.ProviderManager : Authentication attempt using org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider
2020-04-01 13:27:38.815 DEBUG 24356 — [nio-8081-exec-2] o.s.s.core.session.SessionRegistryImpl : Removing session A5D3EC032B6F65A5BF7F21154A71F747 from principal’s set of registered sessions
2020-04-01 13:27:38.816 DEBUG 24356 — [nio-8081-exec-2] o.s.s.core.session.SessionRegistryImpl : Removing principal c4e9c1e4-f909-4e3e-8ad7-5830458d1148 from registry
2020-04-01 13:27:38.826 DEBUG 24356 — [nio-8081-exec-2] o.s.s.core.session.SessionRegistryImpl : Registering session A5D3EC032B6F65A5BF7F21154A71F747, for principal c4e9c1e4-f909-4e3e-8ad7-5830458d1148
2020-04-01 13:27:38.855 DEBUG 24356 — [nio-8081-exec-2] o.s.web.servlet.DispatcherServlet : GET “/poc”, parameters={}
2020-04-01 13:27:38.873 DEBUG 24356 — [nio-8081-exec-2] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.packsolution.server.auth.controler.AuthSimpleControler#homePage()
2020-04-01 13:27:38.951 DEBUG 24356 — [nio-8081-exec-2] o.s.s.a.i.a.MethodSecurityInterceptor : Secure object: ReflectiveMethodInvocation: public org.springframework.http.ResponseEntity com.packsolution.server.auth.controler.AuthSimpleControler.homePage(); target is of class [com.packsolution.server.auth.controler.AuthSimpleControler]; Attributes: [[authorize: ‘hasRole(‘poc’) or hasRole(‘admin’)’, filter: ‘null’, filterTarget: ‘null’]]
2020-04-01 13:27:38.951 DEBUG 24356 — [nio-8081-exec-2] o.s.s.a.i.a.MethodSecurityInterceptor : Previously Authenticated: org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken@85b9615: Principal: c4e9c1e4-f909-4e3e-8ad7-5830458d1148; Credentials: [PROTECTED]; Authenticated: true; Details: org.keycloak.adapters.springsecurity.account.SimpleKeycloakAccount@3c1c4a50; Granted Authorities: ROLE_poc, ROLE_offline_access, ROLE_uma_authorization
2020-04-01 13:27:38.957 DEBUG 24356 — [nio-8081-exec-2] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter@1a71e73e, returned: 1
2020-04-01 13:27:38.961 DEBUG 24356 — [nio-8081-exec-2] o.s.s.a.i.a.MethodSecurityInterceptor : Authorization successful
2020-04-01 13:27:38.965 DEBUG 24356 — [nio-8081-exec-2] o.s.s.a.i.a.MethodSecurityInterceptor : RunAsManager did not change Authentication object
2020-04-01 13:27:39.019 DEBUG 24356 — [nio-8081-exec-2] o.s.w.s.m.m.a.HttpEntityMethodProcessor : Using ‘application/json’, given [application/json, text/plain, / ] and supported [application/json]
2020-04-01 13:27:39.020 DEBUG 24356 — [nio-8081-exec-2] o.s.w.s.m.m.a.HttpEntityMethodProcessor : Writing [“user with poc or admin role”]
2020-04-01 13:27:39.050 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@2a68064f
2020-04-01 13:27:39.058 DEBUG 24356 — [nio-8081-exec-2] o.s.web.servlet.DispatcherServlet : Completed 200 OK
2020-04-01 13:27:39.063 DEBUG 24356 — [nio-8081-exec-2] o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally
2020-04-01 13:27:39.064 DEBUG 24356 — [nio-8081-exec-2] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2020-04-01 13:31:27.201 INFO 24356 — [extShutdownHook] o.s.s.concurrent.ThreadPoolTaskExecutor : Shutting down ExecutorService ‘applicationTaskExecutor’
and on linux I have this stack and it’s can’t work:
pack-solution-api | 2020-04-02 20:06:35.115 DEBUG 1 — [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
pack-solution-api | 2020-04-02 20:06:35.120 DEBUG 1 — [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 1 of 13 in additional filter chain; firing Filter: ‘WebAsyncManagerIntegrationFilter’
pack-solution-api | 2020-04-02 20:06:35.120 DEBUG 1 — [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 2 of 13 in additional filter chain; firing Filter: ‘SecurityContextPersistenceFilter’
pack-solution-api | 2020-04-02 20:06:35.121 DEBUG 1 — [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 3 of 13 in additional filter chain; firing Filter: ‘HeaderWriterFilter’
pack-solution-api | 2020-04-02 20:06:35.121 DEBUG 1 — [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 4 of 13 in additional filter chain; firing Filter: ‘CorsFilter’
pack-solution-api | 2020-04-02 20:06:35.122 DEBUG 1 — [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 5 of 13 in additional filter chain; firing Filter: ‘KeycloakPreAuthActionsFilter’
pack-solution-api | 2020-04-02 20:06:35.123 DEBUG 1 — [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 6 of 13 in additional filter chain; firing Filter: ‘LogoutFilter’
pack-solution-api | 2020-04-02 20:06:35.123 DEBUG 1 — [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/logout’, GET]
pack-solution-api | 2020-04-02 20:06:35.124 DEBUG 1 — [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/error’; against ‘/logout’
pack-solution-api | 2020-04-02 20:06:35.124 DEBUG 1 — [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/logout’, POST]
pack-solution-api | 2020-04-02 20:06:35.125 DEBUG 1 — [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request ‘GET /error’ doesn’t match ‘POST /logout’
pack-solution-api | 2020-04-02 20:06:35.126 DEBUG 1 — [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/logout’, PUT]
pack-solution-api | 2020-04-02 20:06:35.127 DEBUG 1 — [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request ‘GET /error’ doesn’t match ‘PUT /logout’
pack-solution-api | 2020-04-02 20:06:35.128 DEBUG 1 — [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/logout’, DELETE]
pack-solution-api | 2020-04-02 20:06:35.129 DEBUG 1 — [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request ‘GET /error’ doesn’t match ‘DELETE /logout’
pack-solution-api | 2020-04-02 20:06:35.130 DEBUG 1 — [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
pack-solution-api | 2020-04-02 20:06:35.130 DEBUG 1 — [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 7 of 13 in additional filter chain; firing Filter: ‘KeycloakAuthenticationProcessingFilter’
pack-solution-api | 2020-04-02 20:06:35.131 DEBUG 1 — [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern=’/sso/login’]
pack-solution-api | 2020-04-02 20:06:35.132 DEBUG 1 — [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/error’; against ‘/sso/login’
pack-solution-api | 2020-04-02 20:06:35.132 DEBUG 1 — [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=Authorization, expectedHeaderValue=null]
pack-solution-api | 2020-04-02 20:06:35.133 DEBUG 1 — [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : matched
pack-solution-api | 2020-04-02 20:06:35.141 DEBUG 1 — [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
zonaut
April 2, 2020, 11:22pm
9
The beginning of the Linux log you posted shows that there is being a redirect to /error so the error is happening before that. You need to see what happens before that.
Also check if http://pack-solution-keycloak:8080/auth is reachable from within the Docker container.
zonaut
April 3, 2020, 4:29pm
11
Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter
Try adding ‘Strict-Transport-Security’ your allowed headers config or enable all headers for now
Also try reaching http://pack-solution-keycloak:8080/auth/realms/Pack-Solutions/.well-known/openid-configuration from withing your docker container
zonaut
April 6, 2020, 1:34pm
14
Yeah I think I see your problem. You are trying to call Keycloak on localhost in your Spring boot Docker container, it doesn’t know of anything running there on port 8080, only the spring boot application.
That’s why I mentioned that it had to be Docker because of Windows/Linux, it seems that your Docker on Windows runs in host mode or something.
Did you use docker-compose up on Windows and Linux? If yes then check your Docker toolbox or I don’t know the name of it and make sure it behaves like Linux which should be the default.
You need to use http://pack-solution-keycloak:8080/auth/realms/Pack-Solutions/.well-known/openid-configuration
Create an extra profile in your spring boot application, use localhost in your default one and set the url with docker container name in the new one.
Then declare an environment variable in your docker-compose file to use that profile on startup like SPRING_PROFILES_ACTIVE: profilename
Bash into your spring boot container and try to curl http://pack-solution-keycloak:8080/auth/realms/Pack-Solutions/.well-known/openid-configuration first so you know it works that way.
I assumed you did this already as I mentioned it several times in previous comments but you seem to have ignored that advice.
I put this in tomcat under windows And I have same trouble
2020-04-08 22:54:36.119 ERROR 1 — [nio-8081-exec-7] o.k.a.rotation.AdapterRSATokenVerifier : Didn’t find publicKey for kid: mbbKUpzXynAXZa4ZFPADLAgwTrzgOUK2mQPD9uEJV1I
2020-04-08 22:54:36.125 ERROR 1 — [nio-8081-exec-7] o.k.a.BearerTokenRequestAuthenticator : Failed to verify token
But I have public key
zonaut
April 9, 2020, 12:01pm
16
Is your previous problem solved? It would be great if you could reply on previous comments without throwing new problems into the mix.
no is the same error, but I active more verbose
zonaut
April 9, 2020, 2:26pm
18
It could be a problem with the naming of your clients, Linux is case sensitive so make sure you use the correct client name everywhere. Best to be safe and only use lowercase chars when naming things.