[keycloak-user] Keycloak Filters and Roles
Stian Thorgersen
sthorger at redhat.com
Fri Sep 30 04:00:16 EDT 2016
Is the "admin" role a realm role or client role? If it's client role you
need to set use-resource-role-mappings to true in keycloak.json. Also, does
your user have the role and does the client have a scope on the role (or
full scope enabled)?
On 27 September 2016 at 15:43, Rui Neves <ruiwp_93 at hotmail.com> wrote:
> Hello,
>
>
> I am using a java servlet with keycloak filters, so no security
> constraints can be applied. I would like to know how can I block some
> HttpMethods for users of a certain role. I created roles in keycloak, I
> tried to define the auth-constraints within the security-constraints but it
> always returns error 403 Unauthorized.
>
> If I remove the auth constraint and security roles I am able to access the
> method. It seems that it is not recognizing keycloak roles or not mapping
> them between the servlet and keycloak.
>
> I am blocking the method as shown below in the class:
>
>
> @GET at Path("/get")@RolesAllowed("admin")@Produces(MediaType.TEXT_PLAIN)public String delU(@HeaderParam("user_id")) {
> ...}
>
>
> And I have the filters like the link below in the web.xml:
>
> https://keycloak.gitbooks.io/securing-client-applications-
> guide/content/v/2.2/topics/oidc/java/servlet-filter-adapter.html
>
>
> Best Regards
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list