Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
465c7fd8ec
|
|||
|
6f0af690f2
|
|||
| 0fc59eef0e |
@@ -179,7 +179,8 @@ public class AuthController {
|
|||||||
RequestMethod.PUT, RequestMethod.DELETE,
|
RequestMethod.PUT, RequestMethod.DELETE,
|
||||||
RequestMethod.PATCH})
|
RequestMethod.PATCH})
|
||||||
public Mono<ResponseEntity<?>> forwardAuth(
|
public Mono<ResponseEntity<?>> forwardAuth(
|
||||||
@RequestHeader(HttpHeaders.AUTHORIZATION) String authorizationHeader,
|
@RequestHeader(value = HttpHeaders.AUTHORIZATION, required = false)
|
||||||
|
String authorizationHeader,
|
||||||
@RequestHeader(HEADER_X_FORWARDED_METHOD) String originalMethod,
|
@RequestHeader(HEADER_X_FORWARDED_METHOD) String originalMethod,
|
||||||
@RequestHeader(HEADER_X_FORWARDED_URI) String originalUriString
|
@RequestHeader(HEADER_X_FORWARDED_URI) String originalUriString
|
||||||
) {
|
) {
|
||||||
@@ -199,6 +200,9 @@ public class AuthController {
|
|||||||
if (shouldPassThrough(targetServiceClientId, serviceRelativePath)) {
|
if (shouldPassThrough(targetServiceClientId, serviceRelativePath)) {
|
||||||
return Mono.just(ResponseEntity.status(HttpStatus.NO_CONTENT).build());
|
return Mono.just(ResponseEntity.status(HttpStatus.NO_CONTENT).build());
|
||||||
}
|
}
|
||||||
|
if (authorizationHeader == null) {
|
||||||
|
return Mono.just(ResponseEntity.status(HttpStatus.BAD_REQUEST).build());
|
||||||
|
}
|
||||||
// no pass-through, check permission
|
// no pass-through, check permission
|
||||||
final var accessToken = extractBearerToken(authorizationHeader);
|
final var accessToken = extractBearerToken(authorizationHeader);
|
||||||
if (accessToken == null) {
|
if (accessToken == null) {
|
||||||
|
|||||||
@@ -15,7 +15,8 @@ spring:
|
|||||||
|
|
||||||
# Keycloak Configuration (adjust values as needed)
|
# Keycloak Configuration (adjust values as needed)
|
||||||
keycloak:
|
keycloak:
|
||||||
server-url: ${KEYCLOAK_AUTH_SERVER_URL:http://localhost:9100} # Base URL of your Keycloak instance (NO trailing slash)
|
keycloak-host: ${KEYCLOAK_AUTH_SERVER_URL:http://localhost:9100} # Base URL of your Keycloak instance (NO trailing slash)
|
||||||
|
keycloak-admin-host: ${KEYCLOAK_AUTH_ADMIN_SERVER_URL:http://localhost:9100} # Base URL of your Keycloak instance (NO trailing slash)
|
||||||
realm: ${KEYCLOAK_AUTH_REALM:clevermicro-dev} # The realm name you are using
|
realm: ${KEYCLOAK_AUTH_REALM:clevermicro-dev} # The realm name you are using
|
||||||
client-id: ${KEYCLOAK_AUTH_SERVICE_CLIENT:auth-service} # Client ID created in Keycloak for this service
|
client-id: ${KEYCLOAK_AUTH_SERVICE_CLIENT:auth-service} # Client ID created in Keycloak for this service
|
||||||
client-secret: ${KEYCLOAK_AUTH_SERVICE_SECRET:UJ1sMcWciIRREfjjAGoLHUDynLT4aYdD} # Client Secret from Keycloak (use secrets management!)
|
client-secret: ${KEYCLOAK_AUTH_SERVICE_SECRET:UJ1sMcWciIRREfjjAGoLHUDynLT4aYdD} # Client Secret from Keycloak (use secrets management!)
|
||||||
|
|||||||
Reference in New Issue
Block a user