[keycloak-user] User rights after logout

Christoph Machnik christoph.machnik at traveltainment.de
Wed Jan 28 06:15:14 EST 2015


Thanks,

i forgott to type in the admin url in the admin console.
________________________________
Von: Marek Posolda [mposolda at redhat.com]
Gesendet: Mittwoch, 28. Januar 2015 11:12
Bis: Christoph Machnik; keycloak-user at lists.jboss.org
Betreff: Re: [keycloak-user] User rights after logout

Hi,

I've just tried with latest Keycloak on Wildfly but did not see same behaviour. Do you have admin URL set in Keycloak admin console for your application? How are you doing logout in your application? Are you using httpServletRequest.logout() or are you directly logout by access to logoutURL like our demo example applications are doing?

Marek

On 28.1.2015 10:38, Christoph Machnik wrote:
Hi all,

I have a web-application with keycloak. When a user have to log in this user becomes the rights to see the following pages or not. When this user loggs out an a other user loggs in with other rights to see the following pages or not, he becomes the same rights as the first user that logged in.
In the example i log in with support and just can see the support page in the application, when i logg out an log in with admin i just can see the support page and not the admin page, even though i have the admin role. When i restart the server and first log in as admin i can see the admin- and the support page. When i log out and now log in with support i have the support rule, but nevertheless i can see the admin- and support page.

Is there any mistake in int web.xml file ? (following):

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"<http://java.sun.com/xml/ns/javaee>
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"<http://www.w3.org/2001/XMLSchema-instance>
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xml"<http://java.sun.com/xml/ns/javaeehttp://java.sun.com/xml/ns/javaee/web-app_3_0.xml>
         version="3.0">

    <module-name>TestWebApp</module-name>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Admins</web-resource-name>
            <url-pattern>/views/admin/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Support</web-resource-name>
            <url-pattern>/views/support/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>admin</role-name>
            <role-name>support</role-name>
        </auth-constraint>
    </security-constraint>

    <login-config>
        <auth-method>KEYCLOAK</auth-method>
        <realm-name>test</realm-name>
    </login-config>

    <security-role>
        <role-name>admin</role-name>
    </security-role>
    <security-role>
        <role-name>support</role-name>
    </security-role>

</web-app>



_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150128/611389bc/attachment.html 


More information about the keycloak-user mailing list