Home

Spring Boot and Keycloak – 401 status code even when resource does not exist

I have problem with my keycloak and Spring Boot configuration. When I try to execute a request for resource which does not exist I receive 401 Http status. Is it a default keycloak configuration? Is it possible to override it to have 404 not found status when url does not exist (some filter order?) or it is proper behavior? Thanks for any clue. Below my keycloak configuration:

@KeycloakConfiguration public class SecurityConfiguration extends KeycloakWebSecurityConfigurerAdapter {      @Autowired     public void configureGlobal(AuthenticationManagerBuilder auth) {         auth.authenticationProvider(keycloakAuthenticationProvider());     }      @Bean     public KeycloakSpringBootConfigResolver keycloakSpringBootConfigResolver() {         return new KeycloakSpringBootConfigResolver();     }      @Override     protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {         return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());     }      @Override     protected void configure(HttpSecurity http) throws Exception {         super.configure(http);         http.authorizeRequests()                 .antMatchers("/api/users")                 .permitAll()                 .anyRequest()                 .fullyAuthenticated();     } }
Asked on July 16, 2020 in Java.
Add Comment
Cancel
1 Answer(s)

You can define your "deny list" urls and use .antMatchers(${Your_Deny_List}).fullyAuthenticated() instead of

.anyRequest()             .fullyAuthenticated();

When you do this spring security only secures your "deny List" and if a url does not exist you receive 404.

Cancel
Answered on July 16, 2020.
Add Comment
Cancel

Your Answer

By posting your answer, you agree to the privacy policy and terms of service.