Spring Boot - KeyCloak directed to 403 forbidden

10,268

Solution 1

I think you have a typo at keycloak.security-constraints[0].authRoles[0]=testuser , you should specify the role here and not the user. If you follow the blogpost instructions it should be : keycloak.security-constraints[0].authRoles[0]=user

Solution 2

In my case here I set use-resource-role-mappings to true, considering that it would provide both realm and client roles, but it turns out that if this option is set to true, only client roles are considered.

AFAICS, there is no way to use both.

Solution 3

I had the same issue and the problem was that I was using variables separated by dashes, instead of camel case. For example, I had this (incorrect):

keycloak:
  auth-server-url: http://localhost:8083/auth
  realm: springdemo
  resource: Resource_Name
  public-client: true
  security-constraints[0].auth-roles[0]: user
  security-constraints[0].security-collections[0].patterns[0]: /

instead of (correct):

keycloak:
  authServerUrl: http://localhost:8083/auth
  realm: springdemo
  resource: Resource_Name
  publicClient: true
  securityConstraints[0].authRoles[0]: user
  securityConstraints[0].securityCollections[0].patterns[0]: /
Share:
10,268
Chamith Chathuka
Author by

Chamith Chathuka

Hi, Thank you for visiting my page

Updated on June 18, 2022

Comments

  • Chamith Chathuka
    Chamith Chathuka almost 2 years

    I am new to Keycloak, I am using the official tutorial project on https://github.com/sebastienblanc/spring-boot-keycloak-tutorial

    for integrating with Springboot application, I have setup the KeyCloak server successfully and the spring boot application also directing to the client application I have created on the Realm I have created on KeyCloak, after providing the correct credentials it directs to the forbidden page.

    @Controller
    class ProductController {
    
    @GetMapping(path = "/products")
    public String getProducts(Model model){
        model.addAttribute("products", Arrays.asList("iPad","iPhone","iPod"));
        return "products";
    }
    
    @GetMapping(path = "/logout")
    public String logout(HttpServletRequest request) throws ServletException {
        request.logout();
        return "/";
    }
    }
    

    Application.properties file

    keycloak.auth-server-url=http://localhost:8080/auth
    keycloak.realm=springdemo
    keycloak.resource=product-app
    keycloak.public-client=true
    
    keycloak.security-constraints[0].authRoles[0]=testuser
    keycloak.security-
    constraints[0].securityCollections[0].patterns[0]=/products/*
    
    server.port=8081
    

    I am not getting any error message from KeyCloak console or spring embedded tomcat console.

    Check the tomcat console here - no error enter image description here

    Thank you.

  • Chamith Chathuka
    Chamith Chathuka over 6 years
    Hi, I also had the same issue, several times.
  • Stephane
    Stephane almost 6 years
    I had a 403 as well because my role was uppercased when in fact it should be lowercased as =user to match the one specified in the Keycloak server.