spring-bootvue.jsoauthkeycloak
Keycloak + SPA as client (Vue) + Spring Cloud Gateway as resource server + Spring Boot Microservices
I want my project to work like this:
Everything fine except for Vue(axios) returns 401 error when I request some data from microservice through gateway.
Authorization token with 'Bearer' is set for each axios request, with exacly same token I can get data using Postman. Also its work if I move
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
and
security:
oauth2:
resourceserver:
jwt:
issuer-uri: http://localhost:8900/realms/SomeRealm
from Spring gateway to microservice.
But I want only gateway to approve token and microservice should not know anything about it or keycloak.
Vue 2, Spring boot 2.17, Java 11, Keycloak 22
Solution
Ok I did it. The problem was with a preflight OPTIONS header, which didn't include token. Solved with SecurityWebFilterChain:
@Bean
public SecurityWebFilterChain securityFilterChain(ServerHttpSecurity http) throws Exception {
http
.authorizeExchange()
.pathMatchers(HttpMethod.OPTIONS).permitAll() // Allow OPTIONS requests without authentication
.anyExchange().authenticated()
.and()
.oauth2ResourceServer()
.jwt();
return http.build();
}
- Can apm-agent-java plugin be placed inside the application JAR file?
- Spring @Sql Annotations, possible to run once before all tests?
- Springboot mySQL Failed to determine a suitable driver class
- Java springboot Validation is not working for me
- How to validate and sanitize HTTP Get with Spring Boot?
- Unable to resolve name [org.hibernate.dialect.MYSQL5Dialect] as strategy [org.hibernate.dialect.Dialect]
- Spring Boot - no log file written (logging.file is not respected)
- Handling Internal Server Error When OAuth Issuer Is Not Available in WebFluxSecurity
- How to use @ServiceConnection with GenericContainer and custom ConnectionDetails
- With deprecation of the `SecurityContextRepository.loadContext(HttpRequestResponseHolder)` method, how do we add `Set-Cookie` to the response?
- Spring Boot + Security + Thymeleaf and CSRF token not injected automatically
- Implementing Custom Expression Handling with Spring Security 6
- Using two or more SecurityFilterChains with Spring Security 6 does not work properly, only one chain is invoked
- Spring Boot With Maven Shade Plugin - Controllers not mapped (404 Error)
- How to fix: Error creating bean with name : Unsatisfied dependency expressed through field
- "httptrace" endpoint of Spring Boot Actuator doesn't exist anymore with Spring Boot 2.2.0
- Using Postgres 16 with Spring Boot 3.3.0
- Default logging file for spring boot application
- Kafka No Acknowledgment available as an argument
- What are git-ref and git-ref-short tags in maven pom file
- Is there some license requirement for spring bom dependencies?
- How to increase the maximum length of SpEL expressions in spring boot 3.3.0?
- Need to Read a file from SFTP endpoint with Proxy enabled in apache camel
- CORS with spring-boot and angularjs not working
- Wiremock dependency not importing classes
- Intermittent Connection Timeout Issues in Java 21/Spring Boot 3.1.6 Application with Multiple API Consumption
- How to persist data in H2 database
- is using DTOs in every case always a good practice?
- How to add custom ApplicationContextInitializer to a spring boot application?
- Patch Request in Java Spring Boot nulls ManyToOne