[keycloak-user] How to check permissions on lot of resources
Teddy CHAMBARD
t.chambard at bee-buzziness.com
Tue Dec 19 12:50:33 EST 2017
Hello,
I'm trying to protect resources with keycloak, but I wonder how to protect millions...
I created successfully resources with the Protection API (UMA 2.0), and also created necessary permsions and policies with the Admin REST API.
What I would like to do is simply get the list of resources I should be able to access.
To simplify my needs, here is a simple example :
Bob asks for resource1 and resource2 throught entitlement API
Regarding my policies and permissions Bob only have rights on resource 1 but not on resource2.
I was thinking making a POST request with the following payload :
{
"permissions" : [
{
"resource_set_name" : "resource1"
}, {
"resource_set_name" : "resource2"
}
]
}
would return a RPT with the list of permitted resources (resource1), but I got 403 forbidden without the list of granted resources.
So, I know I could run two separated requests to get my authorizations, but when I have thousands of resources to check, I can't run thousands http requests on entitlement API.
The question is how can I filter the data I retrieved from my database with keycloak in order to get only granted data ?
Keycloak is wonderful, and I would really continue to use it despite this trouble that I encounter.
Thank you very much by advance for your help.
More information about the keycloak-user
mailing list