I use user from keycloak to get Token keycloak
when i call API with token i receive this error
{
Denied access to [rest.enabled] for user [duong] by io.jmix.security.impl.constraint.SpecificConstraintImpl
Send an error response with error code: 403 and message: User is not allowed to use the REST API
}
i certainly my user have enough role in roleassignment in database
i manage role in jmix
this is my config
jmix.oidc.use-default-configuration=true
spring.security.oauth2.client.registration.keycloak.client-id=myapp
spring.security.oauth2.client.registration.keycloak.client-secret=Qs4EhtFx00jv4NFOKAbi9m7NytspjFyf
spring.security.oauth2.client.registration.keycloak.scope=openid, profile, email
spring.security.oauth2.client.provider.keycloak.issuer-uri=http://localhost:8080/realms/myapp
spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8080/realms/myapp
spring.security.oauth2.client.provider.keycloak.user-name-attribute=preferred_username
1 Like
Hi,
A detailed manual for setting up Keycloak can be found here:
First, you need to check if the Claim Mapper in Keycloak is configured correctly to ensure that the list of roles from Keycloak is included in the token.
Secondly, check whether the roles are mapped to the authorities correctly.
Also, if you configure role assignment in Keycloak instead of Jmix, the role will be automatically added to the user upon login.
Regards,
Sergey.
but i just manage role in jmix, don’t wanna manage role in keycloak so, in the token from jmix don’t have role