Spring cloud gateway redirects to keycloak even though authentication is not required for route

Question

I have a spring cloud gateway which is protected using keycloak. Behind the gateway are a few microservices and an angular frontend which is served by an NGINX container. The gateway acts as a keycloak client. The security configuration of the gateway looks like this:

    @Bean
    SecurityWebFilterChain springSecurityFilterChain(
            ServerHttpSecurity http,
            ReactiveClientRegistrationRepository clientRegistrationRepository
    ) {
        return http
                .authorizeExchange(exchange -> exchange
                        .pathMatchers("/", "/*.css", "/*.js", "/favicon.ico").permitAll()
                        .anyExchange().authenticated())
                .exceptionHandling(exceptionHandling ->
                        exceptionHandling.authenticationEntryPoint(
                                new HttpStatusServerEntryPoint(HttpStatus.UNAUTHORIZED)))
                .oauth2Login(Customizer.withDefaults())
                .logout(logout -> logout.logoutSuccessHandler(
                        oidcLogoutSuccessHandler(clientRegistrationRepository)))
                .csrf().disable()
                .build();
    }

The problem occurs when I make a request to the gateway on localhost:9000/, I get redirected to the keycloak login page. When I log in, keycloak redirects me to the angular application. This should not happen because the "/" route shouldn't be protected. What am I doing wrong?

Answer 1

Solved the problem by annotating my config class with @configuration instead of @enablewebflux since I am using spring boot 3.

Answer 2

It seems the route is protected by keycloak client in Angular. Check auth guard in angular that protects routes and remove "" from that list. See https://github.com/mauriciovigolo/keycloak-angular#authguard for more details