[keycloak-user] User rights after logout

Marek Posolda mposolda at redhat.com
Wed Jan 28 05:12:50 EST 2015


Hi,

I've just tried with latest Keycloak on Wildfly but did not see same 
behaviour. Do you have admin URL set in Keycloak admin console for your 
application? How are you doing logout in your application? Are you using 
httpServletRequest.logout() or are you directly logout by access to 
logoutURL like our demo example applications are doing?

Marek

On 28.1.2015 10:38, Christoph Machnik wrote:
> Hi all,
>
> I have a web-application with keycloak. When a user have to log in 
> this user becomes the rights to see the following pages or not. When 
> this user loggs out an a other user loggs in with other rights to see 
> the following pages or not, he becomes the same rights as the first 
> user that logged in.
> In the example i log in with support and just can see the support page 
> in the application, when i logg out an log in with admin i just can 
> see the support page and not the admin page, even though i have the 
> admin role. When i restart the server and first log in as admin i can 
> see the admin- and the support page. When i log out and now log in 
> with support i have the support rule, but nevertheless i can see the 
> admin- and support page.
>
> Is there any mistake in int web.xml file ? (following):
>
> <?xml version="1.0" encoding="UTF-8"?>
> <web-app xmlns="http://java.sun.com/xml/ns/javaee"
>          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>          xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
> http://java.sun.com/xml/ns/javaee/web-app_3_0.xml"
>          version="3.0">
>
>     <module-name>TestWebApp</module-name>
>
>     <security-constraint>
>         <web-resource-collection>
> <web-resource-name>Admins</web-resource-name>
> <url-pattern>/views/admin/*</url-pattern>
>         </web-resource-collection>
>         <auth-constraint>
>             <role-name>admin</role-name>
>         </auth-constraint>
>     </security-constraint>
>     <security-constraint>
>         <web-resource-collection>
> <web-resource-name>Support</web-resource-name>
> <url-pattern>/views/support/*</url-pattern>
>         </web-resource-collection>
>         <auth-constraint>
>             <role-name>admin</role-name>
>             <role-name>support</role-name>
>         </auth-constraint>
>     </security-constraint>
>
>     <login-config>
>         <auth-method>KEYCLOAK</auth-method>
>         <realm-name>test</realm-name>
>     </login-config>
>
>     <security-role>
>         <role-name>admin</role-name>
>     </security-role>
>     <security-role>
>         <role-name>support</role-name>
>     </security-role>
>
> </web-app>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150128/96797858/attachment.html 


More information about the keycloak-user mailing list