2

How to map security constraint to defult page ? e.g. I'm using Keycloak and i want my app to redirect to Keycloak's login page whenever user tries to achieve my app: localhost:8080/ <- this must redirect to Keycloak's login page.

I tried the following patterns:

1. super.configure(http);
    http
            .csrf()
            .disable()
            .authorizeRequests()
            .antMatchers("/*").hasRole("ADMIN");

2.super.configure(http);
    http
            .csrf()
            .disable()
            .authorizeRequests()
            .antMatchers("/").hasRole("ADMIN");


3.super.configure(http);
    http
            .csrf()
            .disable()
            .authorizeRequests()
            .antMatchers("/**").hasRole("ADMIN");

4.super.configure(http);
    http
            .csrf()
            .disable()
            .authorizeRequests()
            .anyRequest().hasRole("ADMIN");


5.super.configure(http);
    http
            .csrf()
            .disable()
            .authorizeRequests()
            .antMatchers("*").hasRole("ADMIN");

But none of them works...

Btw when i type sub-urls e.g. localhost:8080/users, everything works fine and Keycloak's login page occurs.

M. Deinum
  • 115,695
  • 22
  • 220
  • 224
Mukhamedali Zhadigerov
  • 811
  • 1
  • 15
  • 32

1 Answers1

2

It's an issue with the Spring Security adapter. A workaround is to redirect your user to some other path (e.g. /home.html) when the root path is requested. In a @Controller:

@RequestMapping("/")
protected String redirect() 
{
    return "redirect:/home.html";
}

See also:

Aritz
  • 30,971
  • 16
  • 136
  • 217