问题
I am new to Keycloak, I am using the official tutorial project on https://github.com/sebastienblanc/spring-boot-keycloak-tutorial
for integrating with Springboot application, I have setup the KeyCloak server successfully and the spring boot application also directing to the client application I have created on the Realm I have created on KeyCloak, after providing the correct credentials it directs to the forbidden page.
@Controller
class ProductController {
@GetMapping(path = "/products")
public String getProducts(Model model){
model.addAttribute("products", Arrays.asList("iPad","iPhone","iPod"));
return "products";
}
@GetMapping(path = "/logout")
public String logout(HttpServletRequest request) throws ServletException {
request.logout();
return "/";
}
}
Application.properties file
keycloak.auth-server-url=http://localhost:8080/auth
keycloak.realm=springdemo
keycloak.resource=product-app
keycloak.public-client=true
keycloak.security-constraints[0].authRoles[0]=testuser
keycloak.security-
constraints[0].securityCollections[0].patterns[0]=/products/*
server.port=8081
I am not getting any error message from KeyCloak console or spring embedded tomcat console.
Check the tomcat console here - no error
Thank you.
回答1:
I think you have a typo at
keycloak.security-constraints[0].authRoles[0]=testuser , you should specify the role here and not the user.
If you follow the blogpost instructions it should be :
keycloak.security-constraints[0].authRoles[0]=user
回答2:
In my case here I set use-resource-role-mappings to true, considering that it would provide both realm and client roles, but it turns out that if this option is set to true, only client roles are considered.
AFAICS, there is no way to use both.
回答3:
I have tried this Week End to replay the example from the very interesting DEvoxx Sebastien speak.
I had the same 403 error with the role "user" specified in the property
keycloak.security-constraints[0].authRoles[0]=user
The "user" role does not exists in the default keycloak configuration. You have to create it before in your realm (realm/configuration/roles) and assign it to your user (realm/users/user/roles mappings).
回答4:
About that tutorial, I just have a problem with logout feature.
Sometimes the logout does not work.
1) I click on logout and then I click on /products, then I am not redirected to keycloak login page
2) If I click on logout, then I refresh the browser page, then I click on /products I am redirected to the keycloak login page.
It seams to be that the logout implementation from HttpServletRequest is not enough to really logout the user ?
`
@GetMapping(path = "/logout")
public String logout(HttpServletRequest request) throws ServletException{
request.logout();
return "/";
}
`
If somebody has an explanation on that behavior between springboot and keycloak. Thank you.
来源:https://stackoverflow.com/questions/44739006/spring-boot-keycloak-directed-to-403-forbidden