[keycloak-user] default permissions
Pedro Igor Silva
psilva at redhat.com
Fri Nov 10 09:02:56 EST 2017
I'm glad to take a look on it and see how it could fit in our adapters.
Could you create a JIRA and give some link to your code so we can discuss
from there ?
Thanks.
On Fri, Nov 10, 2017 at 10:51 AM, Emilien Bondu <dev.ebondu at gmail.com>
wrote:
> To achieve this, I implemented a KeycloakAnonymousActionsFilter filter to
> handle requests, associated to an AnonymousActionsHandler (extending the
> official AuthenticatedActionsHandler) and an AnonymousPolicyEnforcer (extending
> the official AbstractPolicyEnforcer). Do you think this code should be
> added to the official spring-adapter ?
>
>
> Le 10 nov. 2017 à 12:12, Pedro Igor Silva <psilva at redhat.com> a écrit :
>
> @Emilien Bondu, I was looking that thread again and now I'm wondering if
> you end up with something you can share.
>
> On Fri, Nov 10, 2017 at 9:07 AM, Emilien Bondu <dev.ebondu at gmail.com>
> wrote:
>
>> Hi,
>>
>> Maybe you should have a look here :
>>
>> http://lists.jboss.org/pipermail/keycloak-user/2017-March/009830.html
>>
>>
>> Le 10 nov. 2017 à 11:33, Pedro Igor Silva <psilva at redhat.com> a écrit :
>>
>> Hi,
>>
>> I think you could probably change your application and remove the
>> resources/paths you want to make public from the list of resources
>> protected by the adapter.
>>
>> On Thu, Nov 9, 2017 at 2:06 PM, Corentin Dupont <
>> corentin.dupont at gmail.com>
>> wrote:
>>
>> Another question: how to apply default authorizations?
>>
>> I want to protect my API with authorization in Keycloak. However some
>> resources should be open to the public, accessible without any bearer
>> token.
>> My idea was:
>> - create an "unregistered_user" composite role, containing some basic
>> roles
>> - create a "guest" user, with the unregistered_user role
>> - on the API server, if there is no token in the request I will get the
>> roles of the guest user and user them. If there is a token, I'll use that
>> user permissions.
>> What do you think of that process?
>>
>> Thanks
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
>
>
More information about the keycloak-user
mailing list