[keycloak-user] Securing backend rest methods

Scott Dunbar scott at xigole.com
Fri Jun 19 15:19:28 EDT 2015 

Juan,
I'm not sure that your environment is like mine but I have something like:


@Path("/user")
@Stateless
public class UserService {

...

     @Path("/getUserInformation")
     @Produces({ MediaType.APPLICATION_JSON })
     @GET
     @HttpConstraint(rolesAllowed = {"companyAdmin"})
     public Response getUserInformation(@Context HttpServletRequest 
request) {
     }
}

This means that someone had to have already logged in elsewhere and be 
in the companyAdmin role before they will have the ability to call the 
getUserInformation method.  If they are not logged in or are not in that 
roll they will get a forbidden message.  Any methods that do not have 
the HttpConstraint annotation are not protected.

Is this what you're looking for?




On 06/19/2015 12:32 PM, Juan Diego wrote:
> How can I secure a method for a role, if a rest service has multiple 
> methods.
>
> On Fri, Jun 19, 2015 at 2:49 AM, Stian Thorgersen <stian at redhat.com 
> <mailto:stian at redhat.com>> wrote:
>
>     Keycloak is based on roles and we don't have support for groups.
>     By using composite roles you can model groups as a role though.
>
>     ----- Original Message -----
>     > From: "Juan Diego" <juandiego83 at gmail.com
>     <mailto:juandiego83 at gmail.com>>
>     > To: "keycloak-user" <keycloak-user at lists.jboss.org
>     <mailto:keycloak-user at lists.jboss.org>>
>     > Sent: Thursday, 18 June, 2015 8:35:08 PM
>     > Subject: [keycloak-user] Securing backend rest methods
>     >
>     > Hi,
>     >
>     > I was looking in the examples but I cannot find the right one.
>     Is there an
>     > example that shows how to secure just a method of a rest for a
>     certain
>     > group, allow all groups to the rest method. Like in picketlinks
>     you could
>     > create your own @Admin @Mygroup annotation and add it to a function.
>     >
>     > Thanks,
>     >
>     > Juan diego
>     >
>     > _______________________________________________
>     > keycloak-user mailing list
>     > keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>     > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-- 
Scott Dunbar
Xigole Systems, Inc.
Enterprise consulting, development, and hosting
303·667·6343
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150619/c13e7914/attachment.html

More information about the keycloak-user mailing list