直接使用access_token时,Keycloak授权失败(403 - 禁止)

时间:2018-05-16 11:28:29

标签: servlets httprequest http-status-code-403 keycloak

我的localhost:8080上运行了 docker-keycloak ,我在localhost:8081上运行了一个运行servlet的 tomcat 服务器{ {1}}我得到了/dummy

现在我已经为Keycloak创建了一个过滤器并添加到Hello World并重新部署了servlet。正如预期的那样,我得到了war 

403 - Forbidden

在Keycloak管理控制台中,我有一个客户端虚拟和一个用户演示(领域也是演示)。

以下是应用中的Type Status Report Description The server understood the request but refuses to authorize it. 

keycloak.json

首先我做:

{
  "realm": "demo",
  "auth-server-url": "http://localhost:8080/auth",
  "ssl-required": "external",
  "resource": "dummy",
  "public-client": true
}

然后我收到这样的内容:

POST http://localhost:8080/auth/realms/demo/protocol/openid-connect
/token?client_id=dummy&username=demo&password=demodemo&grant_type=password
Accept: */*
Cache-Control: no-cache

这再次顺利进行,但是当我执行以下请求时:

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJPcHNsOVltbmdEbmlCWGZheUsxNy1lbEJkZVNqTHlWdjI3QXpLMmVNYTRzIn0.eyJqdGkiOiJlYTc5ZjUzZC0zM2IzLTQ2OGYtOTkzMS03NmFjMGFiOWNmMTUiLCJleHAiOjE1MjY0NjkxMzQsIm5iZiI6MCwiaWF0IjoxNTI2NDY4ODM0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvZGVtbyIsImF1ZCI6ImR1bW15Iiwic3ViIjoiOTUyZjAxNjYtODg4Zi00ZTE0LWFiOTYtZTRmMDcxNmViOTMxIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiZHVtbXkiLCJhdXRoX3RpbWUiOjAsInNlc3Npb25fc3RhdGUiOiJmYWNkNGM2Yi0wMmYzLTQ0NGMtODMxYy1kNjk4ZmVhMzc5YTciLCJhY3IiOiIxIiwiY2xpZW50X3Nlc3Npb24iOiJiNGU0MGEyMS1lMTA1LTRmMTgtOTc2My00Mzk4YzI5NDg3MWEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiZHVtbXkvKiJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJ2aWV3LXByb2ZpbGUiXX19LCJuYW1lIjoiZGVtbyBkZW1vbnN0cmF0aW9uIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiZGVtbyIsImdpdmVuX25hbWUiOiJkZW1vIiwiZmFtaWx5X25hbWUiOiJkZW1vbnN0cmF0aW9uIiwiZW1haWwiOiJkZW1vQGRlbW8uZGUifQ.jLGZV3N40Tl8IVPy1jWiC2tNJsRZ4MQQNL2cl6qgAarzh5HDSQIlbWkcAQZ1zM2SOA3QBs1kXYEBAtPzDP1hClc8j_tAKqVBjUJTQQsb_IloYSOrAXGiubiqsjF_lcjLQXaKrYuDPDjMUGi6mgHNeWNoAePH8RPdl0G6DXhIoRvrycoj1iQ1KD07VX-5QDWaUo-T-MVRjy6EKAQsg4xSdHRXDuYTz1in4Kx7oSQMruWjwS0AbcMhFq7B-u8o_Z5KXZAhzvZ7fnUv-hU4Bn-6gg-j_Xuq1591kcB7iRoINtLMfH_2poKoyj-sbVxqc1NBG32_brgdaGk00kwB6joQsQ",
  "expires_in": 300,
  "refresh_expires_in": 1800,
  "refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJPcHNsOVltbmdEbmlCWGZheUsxNy1lbEJkZVNqTHlWdjI3QXpLMmVNYTRzIn0.eyJqdGkiOiJkODhiNDdiNi1mNDhjLTQyNmUtYTQwMi00NGQ2MDEyYmY0YjEiLCJleHAiOjE1MjY0NzA2MzQsIm5iZiI6MCwiaWF0IjoxNTI2NDY4ODM0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvZGVtbyIsImF1ZCI6ImR1bW15Iiwic3ViIjoiOTUyZjAxNjYtODg4Zi00ZTE0LWFiOTYtZTRmMDcxNmViOTMxIiwidHlwIjoiUmVmcmVzaCIsImF6cCI6ImR1bW15IiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiZmFjZDRjNmItMDJmMy00NDRjLTgzMWMtZDY5OGZlYTM3OWE3IiwiY2xpZW50X3Nlc3Npb24iOiJiNGU0MGEyMS1lMTA1LTRmMTgtOTc2My00Mzk4YzI5NDg3MWEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJ2aWV3LXByb2ZpbGUiXX19fQ.GpHscNZem8-VpOBBBhxeY2ZUkz7YQ6ID--YkZI5tcJAf7BnyJ9gGpI2LMNhfD84qLrP9SeLNqJSWDsXkcSxKjyzb8XT9PJVVKnY_Bz7b-sJ0UVx9FXnI1_bnAEcU7Rvyl0EdVGJXZOSbLCRS7xXXn_GqnnZtoG2sQXPtz4fgIIBROCWkbnKZvHpeBqauuhvORwoB-lqpfdLkmhnomYIfZr6o2GfovkCHYC5-revnzLx7wygczri09sxFOXmNB_VdTU20OA7hmnhi_uE7BGewxuTBspeZ2ieZBLUzka-yFUSzxW2UQPTGvJEj2Czc7iBrw7eTmO_x6VTma--QcNP0ZA",
  "token_type": "bearer",
  "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJPcHNsOVltbmdEbmlCWGZheUsxNy1lbEJkZVNqTHlWdjI3QXpLMmVNYTRzIn0.eyJqdGkiOiIxYzlmZWE1ZS1hZmE0LTRjNDktYjRhOS1lNDM2NjE2NDMxZDkiLCJleHAiOjE1MjY0NjkxMzQsIm5iZiI6MCwiaWF0IjoxNTI2NDY4ODM0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvZGVtbyIsImF1ZCI6ImR1bW15Iiwic3ViIjoiOTUyZjAxNjYtODg4Zi00ZTE0LWFiOTYtZTRmMDcxNmViOTMxIiwidHlwIjoiSUQiLCJhenAiOiJkdW1teSIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6ImZhY2Q0YzZiLTAyZjMtNDQ0Yy04MzFjLWQ2OThmZWEzNzlhNyIsImFjciI6IjEiLCJuYW1lIjoiZGVtbyBkZW1vbnN0cmF0aW9uIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiZGVtbyIsImdpdmVuX25hbWUiOiJkZW1vIiwiZmFtaWx5X25hbWUiOiJkZW1vbnN0cmF0aW9uIiwiZW1haWwiOiJkZW1vQGRlbW8uZGUifQ.ahjp3mrEf8aKSK7Du9xv17Nh47HvxuhfPj--eg5cx9scXpPwi0fSJ9vOvMGisWj1fkfV8A7-bmRqU6_gDVdnAoO3rs6YLx-qP3JHwu21lKhk8EfBEUNIqzNTYc-u0kNtlFpxdlTd0QKQ4wtljxQGSTQgOjBs-04DlYT7DxhG5sjO1PPy20Y51R-pe-UKTMLjAFlb5q4FAEtwXfJxT4bhEmAGDsGmWKLGoo9s3hUoB-etQkyctoV2ZMwO8acVhrX5lmEZp9zqkrRVFqpenvO2Jn1iGR54UrK9AQ5Gq9slJmKGSOIYKfJK_MOO1NycSaph13QlpQ9hy1txqRUTykyNvw",
  "not-before-policy": 0,
  "session_state": "facd4c6b-02f3-444c-831c-d698fea379a7"
}

我仍然得到GET http://localhost:8081/dummy Accept: */* Cache-Control: no-cache Authorization: bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJPcHNsOVltbmdEbmlCWGZheUsxNy1lbEJkZVNqTHlWdjI3QXpLMmVNYTRzIn0.eyJqdGkiOiJlYTc5ZjUzZC0zM2IzLTQ2OGYtOTkzMS03NmFjMGFiOWNmMTUiLCJleHAiOjE1MjY0NjkxMzQsIm5iZiI6MCwiaWF0IjoxNTI2NDY4ODM0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvZGVtbyIsImF1ZCI6ImR1bW15Iiwic3ViIjoiOTUyZjAxNjYtODg4Zi00ZTE0LWFiOTYtZTRmMDcxNmViOTMxIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiZHVtbXkiLCJhdXRoX3RpbWUiOjAsInNlc3Npb25fc3RhdGUiOiJmYWNkNGM2Yi0wMmYzLTQ0NGMtODMxYy1kNjk4ZmVhMzc5YTciLCJhY3IiOiIxIiwiY2xpZW50X3Nlc3Npb24iOiJiNGU0MGEyMS1lMTA1LTRmMTgtOTc2My00Mzk4YzI5NDg3MWEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiZHVtbXkvKiJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJ2aWV3LXByb2ZpbGUiXX19LCJuYW1lIjoiZGVtbyBkZW1vbnN0cmF0aW9uIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiZGVtbyIsImdpdmVuX25hbWUiOiJkZW1vIiwiZmFtaWx5X25hbWUiOiJkZW1vbnN0cmF0aW9uIiwiZW1haWwiOiJkZW1vQGRlbW8uZGUifQ.jLGZV3N40Tl8IVPy1jWiC2tNJsRZ4MQQNL2cl6qgAarzh5HDSQIlbWkcAQZ1zM2SOA3QBs1kXYEBAtPzDP1hClc8j_tAKqVBjUJTQQsb_IloYSOrAXGiubiqsjF_lcjLQXaKrYuDPDjMUGi6mgHNeWNoAePH8RPdl0G6DXhIoRvrycoj1iQ1KD07VX-5QDWaUo-T-MVRjy6EKAQsg4xSdHRXDuYTz1in4Kx7oSQMruWjwS0AbcMhFq7B-u8o_Z5KXZAhzvZ7fnUv-hU4Bn-6gg-j_Xuq1591kcB7iRoINtLMfH_2poKoyj-sbVxqc1NBG32_brgdaGk00kwB6joQsQ

我在这里做错了什么?

我希望从一开始就再次看到403文字。

修改:添加Hello World

web.xml

至于Keycloak版本,我使用<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0" > <!-- This is only here because Maven requires it to make a war. --> <module-name>dummy</module-name> <servlet> <servlet-name>dummy</servlet-name> <servlet-class>com.dummy.HelloWorld</servlet-class> </servlet> <servlet-mapping> <servlet-name>dummy</servlet-name> <url-pattern>/dummy</url-pattern> </servlet-mapping> <filter> <filter-name>Keycloak Filter</filter-name> <filter-class>com.dummy.security.keycloak.OIDCFilter</filter-class> </filter> <filter-mapping> <filter-name>Keycloak Filter</filter-name> <url-pattern>/keycloak/*</url-pattern> <url-pattern>/dummy/*</url-pattern> <url-pattern>/protected/*</url-pattern> </filter-mapping> </web-app>

0 个答案:

没有答案
相关问题
最新问题