Home > database >  Spring Security Keycloak - setting no bearer token to REST request leads to an response with HTML
Spring Security Keycloak - setting no bearer token to REST request leads to an response with HTML

Time:07-21

I'm using a SpringBoot 2 (2.7.0) application (including Spring security 5.7.1) to secure REST endpoints with Keycloak for authentication and authorization. Everything works fine but the only thing which bothers me is when I don't set the bearer token I get a HTTP 400 response. The response itself is correct but the body of the response contains HTML (Keycloak login page).

Is there a way to avoid that the body of the response contains the login page? I would like to set a custom response body.

CodePudding user response:

That is an expected default behavior. If you want to instead get relevant 4xx error instead, you can try setting the the "bearer-only" in your "keycloak.json" file so that it would not redirect API calls (i.e. AJAX calls from browser) to the login page:

{
  ...
  "bearer-only": true
}

CodePudding user response:

Ah, now it's the expected behavior - thanks a lot!

Maybe you can answer one more question: Is it possible to customize these kind of requests. I would like to put an individual error message into the response.

  • Related