I'm in the process of building a new microservice and securing it with access tokens from Keycloak. So far I've been successful, the endpoint /token/test is only accessible with a valid token from Keycloak, the application properties look like this:
keycloak.auth-server-url=http://localhost:8888/auth
keycloak.realm=realm
keycloak.resource=api
keycloak.public-client=true
keycloak.securityConstraints[0].authRoles[0]=basic-token
keycloak.securityConstraints[0].securityCollections[0].name=secured by basic access token
keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/*
This is working fine when starting the project with mvn spring-boot:run (I'm using spring-boot-starter, keycloak-spring-boot-starter and without spring-boot-starter-security which I want to avoid if possible.
Now I'm writing some tests for the fun of it and Keycloak's security constraints are simply not working. I've followed the test setup from https://github.com/cremich/testcontainers-keycloak (with updated versions and JUnit 5), the only difference being that the example is doing a lot of Keycloak setup by hand using spring-boot-starter-security. Why does it only work in tests when done with -security and why does my way not seem to work?
Am I missing something?
Thanks.
Aucun commentaire:
Enregistrer un commentaire