[keycloak-user] RestTemplate support for service account access
Amaeztu
amaeztu at tesicnor.com
Fri Jan 1 13:01:11 EST 2016
Well, this example answers the asked question, so many thanks Scott. However, I still have some doubts.
In the given code, the database service can only be accessed from another client (bearer only). However, let's suppose I also want to have access to its endpoints from a Web browser, for pure administrative purpose and only with the ADMIN role. I should change the access to confidential. Then I want to access the service from the customer app, but, since the current user role might not be ADMIN, I wouldn't be authorized for the remote access.
The only solution I can think for this is to keep the database service access bearer only and implement a specific database-ui service, which should replicate all the original endpoints (this involves adding a new endpoint to the ui service everytime I do it in the db service).
Is there a way for solving this which avoids having an specific ui service implemented? Sorry about all questions I'm still a starter!
Nire Sony Xperia™ telefonotik bidalita
---- Scott Rossillo igorleak idatzi du ----
>Take a look at these Spring samples. It's set up automatically:
>
>https://github.com/foo4u/keycloak-spring-demo/blob/master/customer-app/src/main/java/org/keycloak/example/spring/customer/service/RemoteCustomerService.java
>
>On Tue, Dec 29, 2015 at 12:31 PM Aritz Maeztu <amaeztu at tesicnor.com> wrote:
>
>At this moment there's a KeycloakRestTemplate to use it in Spring which allows an end user to retrieve data from other keycloak clients. However, a client might also be interested in accessing data with its own permissions and with no user interaction. Is there any implementation of a RestTemplate to utilize client service accounts and, if not, are there any plans to write it? This demo seems to do it manually.
>
>Regards
>
>--
>
>Aritz Maeztu Otaño
>Departamento Desarrollo de Software  
>
>Pol. Ind. Mocholi. C/Rio Elorz, Nave 13E 31110 Noain (Navarra)
>Telf.: 948 21 40 40
>Fax.: 948 21 40 41
>
>Antes de imprimir este e-mail piense bien si es necesario hacerlo: El medioambiente es cosa de todos.
>
>_______________________________________________
>keycloak-user mailing list
>keycloak-user at lists.jboss.org
>https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160101/a6387d2c/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linkdin.gif
Type: image/gif
Size: 1295 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160101/a6387d2c/attachment.gif
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo.png
Type: image/png
Size: 2983 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160101/a6387d2c/attachment.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo.png
Type: image/png
Size: 2983 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160101/a6387d2c/attachment-0001.png
More information about the keycloak-user
mailing list