Search code examples
angularspring-bootkeycloakhttp-status-code-401

Angular - Spring Boot - Keycloak - 401 Error

I´m trying to implement an Angular Application with Spring Boot Restservice secured by Keycloak.

Local on my Computer everything works find. The Angular Application is bootstrapt by Keycloak (with keycloak-angular) so I have to sign in to see the application. The application sends Restcalls to Spring Boot toghether with the token. The Restservice is keycloak.bearer-only receives the token and filters using the roles in the token.

This works really well locally, but from the moment I deploy this on a server I get an 401 Error everytime I try to access my Restservice with enabled keycloak. (I´m signed in on Keycloak and have a valid token).

This is what I get on Spring Boot Debug Log:

2020-04-06 12:28:54.854 DEBUG 1962 --- [nio-2001-exec-2] o.s.web.servlet.DispatcherServlet        : "ERROR" dispatch for GET "/error", parameters={}
2020-04-06 12:28:54.875 DEBUG 1962 --- [nio-2001-exec-2] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)
2020-04-06 12:28:54.970 DEBUG 1962 --- [nio-2001-exec-2] o.s.w.s.m.m.a.HttpEntityMethodProcessor  : Using 'application/json', given [application/json, text/plain, */*] and supported [application/json, application/*+json, application/json, application/*+json]
2020-04-06 12:28:54.971 DEBUG 1962 --- [nio-2001-exec-2] o.s.w.s.m.m.a.HttpEntityMethodProcessor  : Writing [{timestamp=Mon Apr 06 12:28:54 CEST 2020, status=401, error=Unauthorized, message=No message availab (truncated)...]
2020-04-06 12:28:55.051 DEBUG 1962 --- [nio-2001-exec-2] o.s.web.servlet.DispatcherServlet        : Exiting from "ERROR" dispatch, status 401

The Keycloak-Part of my Spring Boot application.properties:

keycloak.enabled=true
keycloak.auth-server-url=http://172.16.1.20:8180/auth
keycloak.realm=Immodat
keycloak.resource=login-app
keycloak.bearer-only=true
keycloak.cors=true
keycloak.security-constraints[0].authRoles[0]=aa.intern.write
keycloak.security-constraints[0].securityCollections[0].patterns[0]=/

There is one RestController annotated with CrossOrigin. And all methods in it have GetMapping, PostMapping,...

@RestController
@CrossOrigin
public class FormController {

    @PostMapping("/forms")
    Form createForm(@RequestBody Form form) {
        /* ... */
    }

    @GetMapping("/forms/{name}")
    Form getForm(@PathVariable String name) {
        /* ... */
    }

    .
    .
    .
}

In Keycloak-Client-Settings Return-Url and Web-Origin are both set to "*" to allow access from everywhere.

Is there anything I´m missing? Locally everything works fine. On server also if Keycloak is disabled, but all three together are not working.

Solution

  • Ok, I found the problem. Maybe a little bit stupid.

    One of the three servers had the wrong time, so the Keycloak-Token wasn´t valid for this one.

    Check your Servertimes if you have an 401 Error and don´t know why!