0

I am trying to integrate spring-security 6.0.2 with Keycloak 21.0.2. I based my code on the article https://www.baeldung.com/spring-boot-keycloak with the difference that I have a different directory structure for Thymeleaf, namely it looks like this: templates doctor / patient / index.html - with links to the "doctor" and "patient" directories where the index.html files are located.

The "doctor" directory is to be accessed by users with the USER role, while the "patient" directory is to be accessed without authentication. While access to "patient" is trouble-free, to "doctor" after authentication I get the error code 403.. Please point out where I am doing wrong. Below are excerpts from my classes in java. Keycloak and user configured as in the article, only the name "realms" and "client_id" changed.

application.properties

### server port
server.port=8081

spring.security.oauth2.client.registration.keycloak.client-id=pupil2023-login-app
spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.keycloak.scope=openid

spring.security.oauth2.client.provider.keycloak.issuer-uri=http://localhost:8080/realms/pupil2023
spring.security.oauth2.client.provider.keycloak.user-name-attribute=preferred_username

spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8080/realms/pupil2023

SecurityConfig.java

@Configuration
@EnableWebSecurity
class SecurityConfig {

    private final KeycloakLogoutHandler keycloakLogoutHandler;

    SecurityConfig(KeycloakLogoutHandler keycloakLogoutHandler) {
        this.keycloakLogoutHandler = keycloakLogoutHandler;
    }

    @Bean
    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
    }

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .requestMatchers(new AntPathRequestMatcher("/doctor/**"))
                .hasRole("USER")
                .anyRequest()
                .permitAll();
        http.oauth2Login()
                .and()
                .logout()
                .addLogoutHandler(keycloakLogoutHandler)
                .logoutSuccessUrl("/");
        http.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
        return http.build();
    }

    @Bean
    public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception {
        return http.getSharedObject(AuthenticationManagerBuilder.class)
                .build();
    }
}

UserController.java

@Controller
public class UserController {

    @GetMapping(path = "/")
    public String index() {
        return "index";
    }

    @GetMapping(path = "/logout")
    public String logout(HttpServletRequest request) throws Exception {
        request.logout();
        return "redirect:/";
    }

    @GetMapping(path = "/doctor/")
    public String petIndex(Principal principal, Model model) {
        //model.addAttribute("username", principal.getName());
        return "/doctor/index";
    }

    @GetMapping(path = "/patient/")
    public String testIndex(Principal principal, Model model) {
        //model.addAttribute("username", principal.getName());
        return "/patient/index";
    }
}

i tried different codes in "public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {" but to no avail..

Tomek Janiszewski
  • 1

0 Answers0