I have a spring cloud gateway which is protected using keycloak. Behind the gateway are a few microservices and an angular frontend which is served by an NGINX container. The gateway acts as a keycloak client. The security configuration of the gateway looks like this:
@Bean
SecurityWebFilterChain springSecurityFilterChain(
ServerHttpSecurity http,
ReactiveClientRegistrationRepository clientRegistrationRepository
) {
return http
.authorizeExchange(exchange -> exchange
.pathMatchers("/", "/*.css", "/*.js", "/favicon.ico").permitAll()
.anyExchange().authenticated())
.exceptionHandling(exceptionHandling ->
exceptionHandling.authenticationEntryPoint(
new HttpStatusServerEntryPoint(HttpStatus.UNAUTHORIZED)))
.oauth2Login(Customizer.withDefaults())
.logout(logout -> logout.logoutSuccessHandler(
oidcLogoutSuccessHandler(clientRegistrationRepository)))
.csrf().disable()
.build();
}
The problem occurs when I make a request to the gateway on localhost:9000/, I get redirected to the keycloak login page. When I log in, keycloak redirects me to the angular application. This should not happen because the "/" route shouldn’t be protected. What am I doing wrong?
2
Answers
Solved the problem by annotating my config class with @configuration instead of @enablewebflux since I am using spring boot 3.
It seems the route is protected by keycloak client in Angular. Check auth guard in angular that protects routes and remove "" from that list. See https://github.com/mauriciovigolo/keycloak-angular#authguard for more details