[keycloak-user] default permissions
dev.ebondu at gmail.com
Fri Nov 10 06:07:20 EST 2017
Maybe you should have a look here :
> Le 10 nov. 2017 à 11:33, Pedro Igor Silva <psilva at redhat.com> a écrit :
> I think you could probably change your application and remove the
> resources/paths you want to make public from the list of resources
> protected by the adapter.
> On Thu, Nov 9, 2017 at 2:06 PM, Corentin Dupont <corentin.dupont at gmail.com>
>> Another question: how to apply default authorizations?
>> I want to protect my API with authorization in Keycloak. However some
>> resources should be open to the public, accessible without any bearer
>> My idea was:
>> - create an "unregistered_user" composite role, containing some basic roles
>> - create a "guest" user, with the unregistered_user role
>> - on the API server, if there is no token in the request I will get the
>> roles of the guest user and user them. If there is a token, I'll use that
>> user permissions.
>> What do you think of that process?
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
More information about the keycloak-user