skip to Main Content

I have a spring cloud gateway which is protected using keycloak. Behind the gateway are a few microservices and an angular frontend which is served by an NGINX container. The gateway acts as a keycloak client. The security configuration of the gateway looks like this:

    @Bean
    SecurityWebFilterChain springSecurityFilterChain(
            ServerHttpSecurity http,
            ReactiveClientRegistrationRepository clientRegistrationRepository
    ) {
        return http
                .authorizeExchange(exchange -> exchange
                        .pathMatchers("/", "/*.css", "/*.js", "/favicon.ico").permitAll()
                        .anyExchange().authenticated())
                .exceptionHandling(exceptionHandling ->
                        exceptionHandling.authenticationEntryPoint(
                                new HttpStatusServerEntryPoint(HttpStatus.UNAUTHORIZED)))
                .oauth2Login(Customizer.withDefaults())
                .logout(logout -> logout.logoutSuccessHandler(
                        oidcLogoutSuccessHandler(clientRegistrationRepository)))
                .csrf().disable()
                .build();
    }

The problem occurs when I make a request to the gateway on localhost:9000/, I get redirected to the keycloak login page. When I log in, keycloak redirects me to the angular application. This should not happen because the "/" route shouldn’t be protected. What am I doing wrong?

2

Answers


  1. Chosen as BEST ANSWER

    Solved the problem by annotating my config class with @configuration instead of @enablewebflux since I am using spring boot 3.


  2. It seems the route is protected by keycloak client in Angular. Check auth guard in angular that protects routes and remove "" from that list. See https://github.com/mauriciovigolo/keycloak-angular#authguard for more details

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search