Fix: Correct OIDC authentication permissions to allow public access to landing page
Changes: - Removed unrecognized property quarkus.oidc.authentication.redirect-path-after-login - Changed authenticated.paths from /* to /pages/secure/* to allow public landing page - Added applies-to=JAXRS,SERVLET to both public and authenticated permissions - Documented importance of permission order (most specific first) This fixes the 403 Forbidden error on https://unionflow.lions.dev root path. Now: - / and /index.xhtml are publicly accessible (landing page) - /pages/secure/* requires authentication - After login, restore-path-after-redirect will redirect to originally requested page 🤖 Generated with Claude Code Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
dahoud
@@ -110,7 +110,6 @@ quarkus.oidc.authentication.redirect-path=/auth/callback
|
|||||||
quarkus.oidc.authentication.force-redirect-https-scheme=true
|
quarkus.oidc.authentication.force-redirect-https-scheme=true
|
||||||
quarkus.oidc.authentication.restore-path-after-redirect=true
|
quarkus.oidc.authentication.restore-path-after-redirect=true
|
||||||
# Default landing page after successful login
|
# Default landing page after successful login
|
||||||
quarkus.oidc.authentication.redirect-path-after-login=/pages/secure/dashboard.xhtml
|
|
||||||
quarkus.oidc.authentication.scopes=openid,profile,email,roles
|
quarkus.oidc.authentication.scopes=openid,profile,email,roles
|
||||||
quarkus.oidc.token.issuer=https://security.lions.dev/realms/unionflow
|
quarkus.oidc.token.issuer=https://security.lions.dev/realms/unionflow
|
||||||
quarkus.oidc.tls.verification=required
|
quarkus.oidc.tls.verification=required
|
||||||
@@ -122,13 +121,16 @@ quarkus.oidc.verify-access-token=true
|
|||||||
# Activation de la sécurité
|
# Activation de la sécurité
|
||||||
quarkus.security.auth.enabled=true
|
quarkus.security.auth.enabled=true
|
||||||
|
|
||||||
|
# IMPORTANT: L'ordre des permissions compte - les plus spécifiques doivent être EN PREMIER
|
||||||
# Chemins publics (non protégés par OIDC) - Production
|
# Chemins publics (non protégés par OIDC) - Production
|
||||||
quarkus.http.auth.permission.public.paths=/,/index.xhtml,/pages/public/*,/auth/*,/q/*,/q/oidc/*,/favicon.ico,/resources/*,/META-INF/resources/*,/images/*,/jakarta.faces.resource/*,/javax.faces.resource/*
|
quarkus.http.auth.permission.public.paths=/,/index.xhtml,/pages/public/*,/auth/*,/q/*,/q/oidc/*,/favicon.ico,/resources/*,/META-INF/resources/*,/images/*,/jakarta.faces.resource/*,/javax.faces.resource/*
|
||||||
quarkus.http.auth.permission.public.policy=permit
|
quarkus.http.auth.permission.public.policy=permit
|
||||||
|
quarkus.http.auth.permission.public.applies-to=JAXRS,SERVLET
|
||||||
|
|
||||||
# Tous les autres chemins nécessitent une authentification
|
# Tous les autres chemins nécessitent une authentification
|
||||||
quarkus.http.auth.permission.authenticated.paths=/*
|
quarkus.http.auth.permission.authenticated.paths=/pages/secure/*
|
||||||
quarkus.http.auth.permission.authenticated.policy=authenticated
|
quarkus.http.auth.permission.authenticated.policy=authenticated
|
||||||
|
quarkus.http.auth.permission.authenticated.applies-to=JAXRS,SERVLET
|
||||||
|
|
||||||
# Configuration Session - Production
|
# Configuration Session - Production
|
||||||
unionflow.session.timeout=${SESSION_TIMEOUT:1800}
|
unionflow.session.timeout=${SESSION_TIMEOUT:1800}
|
||||||
|
|||||||
Reference in New Issue
Block a user