CODEWITHSUNDEEP
spring-boottomcatkeycloak
lesnar
lesnar

Reputation: 2480

Tomcat 9 with keycloak configuration

I am trying to deploy my spring boot application in external tomcat and configure the tomcat 9 with keycloak. i am following this official doc https://www.keycloak.org/docs/latest/securing_apps/#_tomcat_adapter .

My context.xml looks like this

<Context>
    <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
</Context>

keycloak config

{
  "realm": "Project-DEV",
  "auth-server-url": "http://192.168.99.100:9002/auth",
  "ssl-required": "none",
  "resource": "ProjectAuthentication",
  "verify-token-audience": true,
  "credentials": {
    "secret": "0e69d505-1e62-49d3-a086-9234504658e1"
  },
  "confidential-port": 0,
  "policy-enforcer": {}
}

here is my web.xml

<web-app xmlns="http://java.sun.com/xml/ns/javaee"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
      version="3.0">

        <module-name>myprojectl</module-name>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Project</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>uma_protection</role-name>
        </auth-constraint>
    </security-constraint>

    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>this is ignored currently</realm-name>
    </login-config>
</web-app>

and this is how my keycloak config looks like

keycloak confiu

For every API call i am getting 403 . But during debugging i see that token was successfully authentication.

My understanding was for every request Tomcat will call the keycloakAuthenticatorValue first which in result checks the web.xml and then calls the keycloak for authentication and if user is verified then request will be forwarded to my endpoint.

Please correct me if i have understood the whole concept wrong and any pointers here would be highly appreciated. Thanks.

Upvotes: 0

Views: 5837

Answers (1)

Rushikesh
Rushikesh

Reputation: 222

You are missing tag in web.xml which contains security roles that Application adhere to. You will have to add uma-protection inside this tag. Refer https://www.keycloak.org/docs/latest/securing_apps/#_tomcat_adapter

Upvotes: 1

Related Questions