Home

Api complains no-referrer-when-downgrade with Keycloak

I am trying to secure my api service that is running on jetty with Keycloak according to the documentation on https://www.keycloak.org/docs/latest/securing_apps/index.html#_jetty9_adapter.

I have created a clients user-svc that has the following installation in Keycloak:

{   "realm": "databaker",   "bearer-only": true,   "auth-server-url": "http://localhost:8080/auth/",   "ssl-required": "external",   "resource": "user-svc",   "confidential-port": 0 }

The jetty-web.xml configuration:

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd"> <Configure class="org.eclipse.jetty.webapp.WebAppContext">     <Get name="securityHandler">         <Set name="authenticator">             <New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">                 <Set name="adapterConfig">                     <New class="org.keycloak.representations.adapters.config.AdapterConfig">                         <Set name="realm">databaker</Set>                         <Set name="resource">user-svc</Set>                         <Set name="authServerUrl">http://localhost:8080/auth/</Set>                         <Set name="sslRequired">external</Set>                         <Set name="bearerOnly">true</Set>                         <Set name="confidentialPort">0</Set>                     </New>                 </Set>             </New>         </Set>     </Get> </Configure>

and web.xml:

<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">     <servlet>         <servlet-name>user-svc</servlet-name>         <servlet-class>io.databaker.UserSvcServlet</servlet-class>         <async-supported>true</async-supported>     </servlet>     <servlet-mapping>         <servlet-name>user-svc</servlet-name>         <url-pattern>/*</url-pattern>     </servlet-mapping>      <security-constraint>         <web-resource-collection>             <web-resource-name>user-svc</web-resource-name>             <url-pattern>/*</url-pattern>         </web-resource-collection>         <auth-constraint>             <role-name>user</role-name>         </auth-constraint>         <user-data-constraint>             <transport-guarantee>CONFIDENTIAL</transport-guarantee>         </user-data-constraint>     </security-constraint>      <login-config>         <auth-method>BASIC</auth-method>         <realm-name>this is ignored currently</realm-name>     </login-config>      <security-role>         <role-name>admin</role-name>     </security-role>     <security-role>         <role-name>user</role-name>     </security-role>      <filter>         <filter-name>cross-origin</filter-name>         <filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>         <init-param>             <param-name>allowedOrigins</param-name>             <param-value>http://localhost:3000</param-value>         </init-param>         <init-param>             <param-name>allowedMethods</param-name>             <param-value>GET,POST,HEAD,PUT,HEAD,OPTIONS</param-value>         </init-param>         <init-param>             <param-name>allowedHeaders</param-name>             <param-value>X-Requested-With,Content-Type,Accept,Origin,Cache-Control</param-value>         </init-param>         <init-param>             <param-name>chainPreflight</param-name>             <param-value>false</param-value>         </init-param>         <async-supported>true</async-supported>     </filter>     <filter-mapping>         <filter-name>cross-origin</filter-name>         <url-pattern>/*</url-pattern>         <url-pattern>/user/*</url-pattern>         <url-pattern>/genders</url-pattern>         <url-pattern>/interests</url-pattern>     </filter-mapping> </web-app>

The user-svc service is running on http://localhost:9090

java -jar start.jar -Djetty.http.port=9090 2020-07-13 10:20:16 INFO  log:169 - Logging initialized @230ms to org.eclipse.jetty.util.log.Slf4jLog 2020-07-13 10:20:17 WARN  HomeBaseWarning:72 - This instance of Jetty is not running from a separate {jetty.base} directory, this is not recommended.  See documentation at http://www.eclipse.org/jetty/documentation/current/startup.html 2020-07-13 10:20:17 INFO  Server:360 - jetty-9.4.29.v20200521; built: 2020-05-21T17:20:40.598Z; git: 77c232aed8a45c818fd27232278d9f95a021095e; jvm 11.0.7+10-LTS 2020-07-13 10:20:17 INFO  ScanningAppProvider:128 - Deployment monitor [file:///home/developer/playground/user-svc-env/jetty-svc/webapps/] at interval 1 2020-07-13 10:20:18 INFO  AnnotationConfiguration:473 - Scanning elapsed time=588ms 2020-07-13 10:20:18 INFO  session:334 - DefaultSessionIdManager workerName=node0 2020-07-13 10:20:18 INFO  session:339 - No SessionScavenger set, using defaults 2020-07-13 10:20:18 INFO  session:140 - node0 Scavenging every 600000ms 2020-07-13 10:20:18 INFO  ContextHandler:849 - Started o.e.j.w.WebAppContext@14dd7b39{root,/,file:///tmp/jetty-0_0_0_0-9090-root_war-_-any-934191447021540237.dir/webapp/,AVAILABLE}{/home/developer/playground/user-svc-env/jetty-svc/webapps/root.war} 2020-07-13 10:20:18 INFO  AbstractConnector:331 - Started ServerConnector@18ca3c62{HTTP/1.1, (http/1.1)}{0.0.0.0:9090} 2020-07-13 10:20:18 INFO  Server:400 - Started @1892ms

When calling the api service from the webapp, I have got the following error message enter image description here

What am I doing wrong?

Asked on July 16, 2020 in Java.
Add Comment
Cancel
0 Answer(s)

Your Answer

By posting your answer, you agree to the privacy policy and terms of service.