I have multiple resources, each resource pointing to a page on the application. I am using keycloak (v10.0.2) for authentication of requests. I have two users, Admin, and Client. Admin has access to all the resources while Client has access to only a few resources. After assigning permissions on keycloak, I've evaluated on the console and made sure the permissions to resources are granted as I want them to be.
Now, while accessing the application as an Admin, all the resources are accessible like it should be. But when logged in as Client, the login and couple of pages work fine but the remaining fails the OAuth2AuthenticationProcessingFilter. The following is the message from the logs.
DEBUG o.s.security.web.FilterChainProxy.doFilter - /services/customerAPI/listOfCustomers at position 6 of 12 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter'
DEBUG o.s.s.o.p.a.OAuth2AuthenticationProcessingFilter.doFilter - Authentication request failed: error="access_denied", error_description="Invalid token does not contain resource id (ums)"
DEBUG o.s.s.w.h.writers.HstsHeaderWriter.writeHeaders - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@8ff0a24
DEBUG o.s.s.o.p.e.DefaultOAuth2ExceptionRenderer.writeWithMessageConverters - Written [error="access_denied", error_description="Invalid token does not contain resource id (ums)"] as "application/json;charset=UTF-8" using [org.springframework.http.converter.json.MappingJackson2HttpMessageConverter@5adada73]
DEBUG o.s.s.w.c.SecurityContextPersistenceFilter.doFilter - SecurityContextHolder now cleared, as request processing completed
Can someone please help me in finding what I am doing wrong?
