resource-server_with_jwtauthenticationtoken doesn't work about spring-addons HOT 2 CLOSED

Your web browser is not a REST client. Use something like Postman to retrieve an access-token from Keycloak and build requests with Authorization header.

If you open your browser console, you should see that what you got is a 401 (Unauthorized which means that authorization is missing or invalid) and not a 302 (redirect to login). This is intended.

Building an auth2 client running in web browser is out of the scope of this tutorial which is focused on resource-server only. You can find a working sample of client with Angular here.

I'm surprised you get an exception: the browser you use probably chose to process that 401 error by displaying a login form and then retrying the request with Basic authentication header which should result in an other 401 (resource server expects a JWT issued by the configured authorization-server as Bearer Authorization, not a basic Authorization).

Would you share your complete modified project source on a drive or something (my email is ch4mp[at]c4-soft.com)?

from spring-addons.

Thank you for sharing your project. I think it behaves as expected. Please see the Prerequisites section I just added to clarify what is required and how resource-servers behave.

You have a stack-trace because you set spring log-level to TRACE. The error you see is because Authorization header is missing, resulting in authentication failure.

I believe this error is further intercepted and a 401 is returned (you should be able to see return code value in your client console).

Regarding actuator, you need to enable it:

management.endpoint.health.probes.enabled=true
management.health.readinessstate.enabled=true
management.health.livenessstate.enabled=true
management.endpoints.web.exposure.include=*

I will add this to tutorial properties.

from spring-addons.