# Структура JWT токена: {
"exp": 1640995200,
"iat": 1640908800,
"auth_time": 1640908800,
"jti": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
"iss": "https://keycloak.soberis.com/realms/soberis",
"aud": "soberis-client",
"sub": "f:uuid:550e8400-e29b-41d4-a716-446655440000",
"typ": "Bearer",
"azp": "soberis-client",
"session_state": "4b4a2f48-e1ec-4c51-9c8e-7e4f5e4c2b1a",
"acr": "1",
"realm_access": {
"roles": [
"upload_schema",
"read_metrics",
"api_keys_management"
]
},
"scope": "openid profile email",
"email_verified": true,
"preferred_username": "admin",
"given_name": "Administrator",
"family_name": "User",
"email": "admin@soberis.com"
}
# Передача токена в запросах
# JWT токен передается в заголовке Authorizationс префиксом Bearer.
curl -X GET "https://your-domain.com/sbrs-schema/list" \
-H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..." \
-H "Content-Type: application/json" \
-H "SBRS-Correlation-Id: unique-correlation-id" \
-H "SBRS-Originator: your-application" \
-H "SBRS-Message-Id: unique-message-id"
# HTTP 401 Unauthorized
# Отсутствует или недействителен токен аутентификации
{
"error": "Unauthorized",
"message": "Authentication token is required",
"status": 401,
"path": "/sbrs-schema/list"
}
# HTTP 403 Forbidden
# Недостаточно прав для выполнения операции
{
"error": "Access Denied",
"message": "Access denied. Required role 'upload_schema' for operation '/sbrs-schema/upload'",
"status": 403,
"timestamp": "2024-01-15T10:30:00Z"
}
2024-01-15 10:30:15.123 INFO [http-nio-8080-exec-1] c.s.u.JwtUtil : Operation 'schema-upload' performed by user: admin
2024-01-15 10:30:15.124 INFO [http-nio-8080-exec-1] c.s.u.RoleUtil : Operation 'schema-upload' attempted by user: admin with roles: [upload_schema, read_metrics]
2024-01-15 10:30:15.125 INFO [http-nio-8080-exec-1] c.s.c.SchemaController : Received schema-upload request - Correlation ID: req-123, Originator: soberis-frontend, Message ID: msg-456
2024-01-15 10:31:20.789 WARN [http-nio-8080-exec-2] c.s.c.JwtAuthenticationEntryPoint : Unauthorized access attempt to: /sbrs-schema/list - Full authentication is required to access this resource
2024-01-15 10:31:20.790 WARN [http-nio-8080-exec-2] c.s.u.RoleUtil : Operation 'schema-list' attempted by unknown user with roles: []