I d like to use Keycloak as Security Provider for my wildfly swarm based app. There is only one resource that needs "public access" (/api/systemInfo)... all the other resources should be protected by Keycloak. If I add this to a web.xml (within src/main/WEB-INF), the web.xml looks as below:
<web-app>
<module-name>amigo</module-name>
<security-constraint>
<web-resource-collection>
<url-pattern>/api/systemInfo</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>amigo</realm-name>
</login-config>
Like that, everything works as expected. I can access only /api/systemInfo without login.
But since all my configuration is within default-stages.yml (and the environment depending yml files) I would love to have the security constraints there as well. My default-stages.yml looks like below:
swarm:
context:
path: /
deployment:
app.war:
web:
login-config:
auth-method: KEYCLOAK
security-constraints:
- url-pattern: /api/systemInfo
- url-pattern: /*
roles: [admin]
In my opinion this should behave like the first snippet (web.xml). But it doesnt. It seems like the rule for (/api/systemInfo) is ignored or at least it doesnt work as expected. On /api/systemInfo I get a 403, while on all other requests I get the expected redirect to Keycloak Login.
Does somebody have a idea what I need to adjust to get the same behaviour as using web.xml?
Thanks a lot for your help.
