Spring Boot - KeyCloak directed to 403 forbidden
Solution 1
I think you have a typo at
keycloak.security-constraints[0].authRoles[0]=testuser
, you should specify the role here and not the user.
If you follow the blogpost instructions it should be :
keycloak.security-constraints[0].authRoles[0]=user
Solution 2
In my case here I set use-resource-role-mappings
to true
, considering that it would provide both realm and client roles, but it turns out that if this option is set to true
, only client roles are considered.
AFAICS, there is no way to use both.
Solution 3
I had the same issue and the problem was that I was using variables separated by dashes, instead of camel case. For example, I had this (incorrect):
keycloak:
auth-server-url: http://localhost:8083/auth
realm: springdemo
resource: Resource_Name
public-client: true
security-constraints[0].auth-roles[0]: user
security-constraints[0].security-collections[0].patterns[0]: /
instead of (correct):
keycloak:
authServerUrl: http://localhost:8083/auth
realm: springdemo
resource: Resource_Name
publicClient: true
securityConstraints[0].authRoles[0]: user
securityConstraints[0].securityCollections[0].patterns[0]: /
Comments
-
Chamith Chathuka almost 2 years
I am new to Keycloak, I am using the official tutorial project on https://github.com/sebastienblanc/spring-boot-keycloak-tutorial
for integrating with Springboot application, I have setup the KeyCloak server successfully and the spring boot application also directing to the client application I have created on the Realm I have created on KeyCloak, after providing the correct credentials it directs to the forbidden page.
@Controller class ProductController { @GetMapping(path = "/products") public String getProducts(Model model){ model.addAttribute("products", Arrays.asList("iPad","iPhone","iPod")); return "products"; } @GetMapping(path = "/logout") public String logout(HttpServletRequest request) throws ServletException { request.logout(); return "/"; } }
Application.properties file
keycloak.auth-server-url=http://localhost:8080/auth keycloak.realm=springdemo keycloak.resource=product-app keycloak.public-client=true keycloak.security-constraints[0].authRoles[0]=testuser keycloak.security- constraints[0].securityCollections[0].patterns[0]=/products/* server.port=8081
I am not getting any error message from KeyCloak console or spring embedded tomcat console.
Check the tomcat console here - no error
Thank you.
-
Chamith Chathuka over 6 yearsHi, I also had the same issue, several times.
-
Stephane almost 6 yearsI had a 403 as well because my role was uppercased when in fact it should be lowercased as
=user
to match the one specified in the Keycloak server.