!role在访问资源时在密钥斗篷中出错 [英] !role error in keycloak while accessing a resource

查看:72
本文介绍了!role在访问资源时在密钥斗篷中出错的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我已经用Keycloak保护了我的其余api.身份验证后,当我尝试访问rest API时,我得到:

I have secured my rest api with Keycloak. After authentication, when I try to access rest API , I get:

403错误.无法访问Rest API.原因!角色.

403 error. Unable to access rest api. Reason !role.

在配置中,我将角色指定为*:

In configuration I have specified role as *:

    ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
    context.setSecurityHandler(securityHandler);
    securityHandler.addRole("*");
    ConstraintMapping constraintMapping = new ConstraintMapping();
    constraintMapping.setPathSpec("/*");
    Constraint constraint = new Constraint();

    constraint.setAuthenticate(true);
    constraint.setRoles(new String[]{"*"});

我假设通过使用'*'指定任何角色是错误的,还是该错误意味着有所不同?

Was my assumption of specifying any role by using '*' wrong or does the error mean something different?

我在JettyKeycloakAuthentciator日志中看到以下日志:

I see following logs in JettyKeycloakAuthentciator logs:

2018-05-24 12:55:52,253 [DEBUG] [ers.PreAuthActionsHandler(handleRequest)]-adminRequest http://localhost:7100/api/v1/design/test 2018-05 -24 12:55:52,254 [DEBUG] [TokenRequestAuthenticator(thenticateToken)]-验证 access_token 2018-05-24 12:55:52,255 [DEBUG] [TokenRequestAuthenticator(thenticateToken)]-成功授权 2018-05-24 12:55:52,255 [DEBUG] [JettyRequestAuthenticator(rAuthentication)]-正在完成承载 验证.承载角色:[uma_authorization] 2018-05-24 12:55:52,255 [DEBUG] [ters.RequestAuthenticator(eAuthentication)]- 用户'8f9381df-2f7e-4ff8-9ef5-2123b03db3c9'正在调用 ' http://localhost:7100/api/v1/design/test 客户端"my_server" 2018-05-24 12:55:52,255 [DEBUG] [ters.RequestAuthenticator(authenticate)]-承载已授权 2018-05-24 12:55:52,255 [DEBUG] [thenticatedActionsHandler(handledRequest)]- AuthenticatedActionsValve.invoke http://localhost:7100/api/v1/design/test

2018-05-24 12:55:52,253 [DEBUG] [ers.PreAuthActionsHandler(handleRequest )] - adminRequest http://localhost:7100/api/v1/design/test 2018-05-24 12:55:52,254 [DEBUG] [TokenRequestAuthenticator(thenticateToken)] - Verifying access_token 2018-05-24 12:55:52,255 [DEBUG] [TokenRequestAuthenticator(thenticateToken)] - successful authorized 2018-05-24 12:55:52,255 [DEBUG] [JettyRequestAuthenticator(rAuthentication)] - Completing bearer authentication. Bearer roles: [uma_authorization] 2018-05-24 12:55:52,255 [DEBUG] [ters.RequestAuthenticator(eAuthentication)] - User '8f9381df-2f7e-4ff8-9ef5-2123b03db3c9' invoking 'http://localhost:7100/api/v1/design/test' on client 'my_server' 2018-05-24 12:55:52,255 [DEBUG] [ters.RequestAuthenticator(authenticate )] - Bearer AUTHENTICATED 2018-05-24 12:55:52,255 [DEBUG] [thenticatedActionsHandler(handledRequest )] - AuthenticatedActionsValve.invoke http://localhost:7100/api/v1/design/test

推荐答案

设置任何角色的正确方法是:

Turns out the correct way to set any role is:

constraint.setRoles(new String[]{"**"});

双* ,而不是单*

我也删除了这一行:

securityHandler.addRole("*");

这篇关于!role在访问资源时在密钥斗篷中出错的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
Java开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆