[keycloak-user] Programmatic access control with no <security-constraints/> in web.xml
Orestis Tsakiridis
orestis.tsakiridis at telestax.com
Tue Sep 15 17:54:13 EDT 2015
Hello,
Is it possible to apply programmatic access control i.e. retrieve
KeycloakSecurityContext, get token, roles etc, when the
<security-contraint/> elements have been removed from web.xml?
The reason for that is that when <security-constraints/> are present the
requests get dropped by the keycloak adapter before reaching the REST
endpoints implementation in case they are not carrying a token. I'm trying
to support an alternative authorization mechanism using a custom API Key
parameter in case the Oauth token header is missing.
Regards
Orestis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150916/bedbf727/attachment.html
More information about the keycloak-user
mailing list