We have 2 endpoints out of which one is working fine and other is not as required after migrating to keycloak-18.0.1. In web.xml we have added 2 endpoints.
This endpoint is working fine as it ask for authorization. This endpoint is mapped with authorization scopes for particular fields.
<security-constraint>
<web-resource-collection>
<web-resource-name>Employees Resource</web-resource-name>
<url-pattern>/v1/employees/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>employees_api_access</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>employees_api_access</role-name>
</security-role>
This endpoint we want to work without any authorization, but it gives 403 forbidden error.
<security-constraint>
<web-resource-collection>
<web-resource-name>Other resource</web-resource-name>
<url-pattern>/v1/resource/*</url-pattern>
</web-resource-collection>
</security-constraint>
keycloak.json settings:
{
"realm": "integrator",
"auth-server-url": "${keycloak.authserver.url}",
"ssl-required": "all",
"enable-basic-auth": true,
"resource": "employee-api",
"credentials": {
"secret": "${keycloak.employee-api.clientSecret}"
},
"use-resource-role-mappings": true,
"policy-enforcer": {}
}
