访问资源时keycloak中的角色错误
!role error in keycloak while accessing a resource
我已使用 Keycloak 确保我的休息 api。身份验证后,当我尝试访问 rest API 时,我得到:
403 error. Unable to access rest api. Reason !role.
在配置中我将角色指定为 *:
ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
context.setSecurityHandler(securityHandler);
securityHandler.addRole("*");
ConstraintMapping constraintMapping = new ConstraintMapping();
constraintMapping.setPathSpec("/*");
Constraint constraint = new Constraint();
constraint.setAuthenticate(true);
constraint.setRoles(new String[]{"*"});
我使用 '*' 指定任何角色的假设是错误的还是错误的意思不同?
我在 JettyKeycloakAuthentciator 日志中看到以下日志:
2018-05-24 12:55:52,253 [DEBUG]
[ers.PreAuthActionsHandler(handleRequest )] - adminRequest
http://localhost:7100/api/v1/design/test 2018-05-24 12:55:52,254
[DEBUG] [TokenRequestAuthenticator(thenticateToken)] - Verifying
access_token 2018-05-24 12:55:52,255 [DEBUG]
[TokenRequestAuthenticator(thenticateToken)] - successful authorized
2018-05-24 12:55:52,255 [DEBUG]
[JettyRequestAuthenticator(rAuthentication)] - Completing bearer
authentication. Bearer roles: [uma_authorization] 2018-05-24
12:55:52,255 [DEBUG] [ters.RequestAuthenticator(eAuthentication)] -
User '8f9381df-2f7e-4ff8-9ef5-2123b03db3c9' invoking
'http://localhost:7100/api/v1/design/test' on client 'my_server'
2018-05-24 12:55:52,255 [DEBUG]
[ters.RequestAuthenticator(authenticate )] - Bearer AUTHENTICATED
2018-05-24 12:55:52,255 [DEBUG]
[thenticatedActionsHandler(handledRequest )] -
AuthenticatedActionsValve.invoke
http://localhost:7100/api/v1/design/test
原来设置任何角色的正确方法是:
constraint.setRoles(new String[]{"**"});
即双 * 而不是 单 *
此外,我删除了这一行:
securityHandler.addRole("*");
我已使用 Keycloak 确保我的休息 api。身份验证后,当我尝试访问 rest API 时,我得到:
403 error. Unable to access rest api. Reason !role.
在配置中我将角色指定为 *:
ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
context.setSecurityHandler(securityHandler);
securityHandler.addRole("*");
ConstraintMapping constraintMapping = new ConstraintMapping();
constraintMapping.setPathSpec("/*");
Constraint constraint = new Constraint();
constraint.setAuthenticate(true);
constraint.setRoles(new String[]{"*"});
我使用 '*' 指定任何角色的假设是错误的还是错误的意思不同?
我在 JettyKeycloakAuthentciator 日志中看到以下日志:
2018-05-24 12:55:52,253 [DEBUG] [ers.PreAuthActionsHandler(handleRequest )] - adminRequest http://localhost:7100/api/v1/design/test 2018-05-24 12:55:52,254 [DEBUG] [TokenRequestAuthenticator(thenticateToken)] - Verifying access_token 2018-05-24 12:55:52,255 [DEBUG] [TokenRequestAuthenticator(thenticateToken)] - successful authorized 2018-05-24 12:55:52,255 [DEBUG] [JettyRequestAuthenticator(rAuthentication)] - Completing bearer authentication. Bearer roles: [uma_authorization] 2018-05-24 12:55:52,255 [DEBUG] [ters.RequestAuthenticator(eAuthentication)] - User '8f9381df-2f7e-4ff8-9ef5-2123b03db3c9' invoking 'http://localhost:7100/api/v1/design/test' on client 'my_server' 2018-05-24 12:55:52,255 [DEBUG] [ters.RequestAuthenticator(authenticate )] - Bearer AUTHENTICATED 2018-05-24 12:55:52,255 [DEBUG] [thenticatedActionsHandler(handledRequest )] - AuthenticatedActionsValve.invoke http://localhost:7100/api/v1/design/test
原来设置任何角色的正确方法是:
constraint.setRoles(new String[]{"**"});
即双 * 而不是 单 *
此外,我删除了这一行:
securityHandler.addRole("*");