[keycloak-user] default permissions
corentin.dupont at gmail.com
Mon Nov 13 07:32:45 EST 2017
On Mon, Nov 13, 2017 at 12:42 PM, Pedro Igor Silva <psilva at redhat.com>
> I see. We don't have anything like that, sorry. But a option to statically
> DISABLE policy enforcement for a specific path in keycloak.json
> (policy-enforcer settings).
> Also, in order to achieve what you want you probably need to ignore bearer
> token authentication for these paths you want to make public (although they
> are intercepted by the adapter).
> Could you fill a JIRA describing your use case and requirements ?
> On Sun, Nov 12, 2017 at 6:50 PM, Corentin Dupont <
> corentin.dupont at gmail.com> wrote:
>> Hi Pedro,
>> I don't really have public/private paths in the API.
>> Some resources under those paths can be either public or private, however.
>> For instance, a URL would be like that:
>> I would like that some cities be accessible by everybody without token,
>> while some others will be private and require auth token and specific roles
>> to be accessed.
>> On Fri, Nov 10, 2017 at 11:33 AM, Pedro Igor Silva <psilva at redhat.com>
>>> I think you could probably change your application and remove the
>>> resources/paths you want to make public from the list of resources
>>> protected by the adapter.
>>> On Thu, Nov 9, 2017 at 2:06 PM, Corentin Dupont <
>>> corentin.dupont at gmail.com> wrote:
>>>> Another question: how to apply default authorizations?
>>>> I want to protect my API with authorization in Keycloak. However some
>>>> resources should be open to the public, accessible without any bearer
>>>> My idea was:
>>>> - create an "unregistered_user" composite role, containing some basic
>>>> - create a "guest" user, with the unregistered_user role
>>>> - on the API server, if there is no token in the request I will get the
>>>> roles of the guest user and user them. If there is a token, I'll use
>>>> user permissions.
>>>> What do you think of that process?
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
More information about the keycloak-user