[keycloak-user] default permissions
Pedro Igor Silva
psilva at redhat.com
Mon Nov 13 07:40:58 EST 2017
Tks.
On Mon, Nov 13, 2017 at 10:32 AM, Corentin Dupont <corentin.dupont at gmail.com
> wrote:
> Done: https://issues.jboss.org/browse/KEYCLOAK-5839
>
>
> On Mon, Nov 13, 2017 at 12:42 PM, Pedro Igor Silva <psilva at redhat.com>
> wrote:
>
>> I see. We don't have anything like that, sorry. But a option to
>> statically DISABLE policy enforcement for a specific path in keycloak.json
>> (policy-enforcer settings).
>>
>> Also, in order to achieve what you want you probably need to ignore
>> bearer token authentication for these paths you want to make public
>> (although they are intercepted by the adapter).
>>
>> Could you fill a JIRA describing your use case and requirements ?
>>
>>
>> On Sun, Nov 12, 2017 at 6:50 PM, Corentin Dupont <
>> corentin.dupont at gmail.com> wrote:
>>
>>> Hi Pedro,
>>> I don't really have public/private paths in the API.
>>> Some resources under those paths can be either public or private,
>>> however.
>>> For instance, a URL would be like that:
>>>
>>> www.example.com/api/v1/cities/rome/houses
>>>
>>> I would like that some cities be accessible by everybody without token,
>>> while some others will be private and require auth token and specific roles
>>> to be accessed.
>>>
>>> Thanks!
>>>
>>>
>>> On Fri, Nov 10, 2017 at 11:33 AM, Pedro Igor Silva <psilva at redhat.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> I think you could probably change your application and remove the
>>>> resources/paths you want to make public from the list of resources
>>>> protected by the adapter.
>>>>
>>>> On Thu, Nov 9, 2017 at 2:06 PM, Corentin Dupont <
>>>> corentin.dupont at gmail.com> wrote:
>>>>
>>>>> Another question: how to apply default authorizations?
>>>>>
>>>>> I want to protect my API with authorization in Keycloak. However some
>>>>> resources should be open to the public, accessible without any bearer
>>>>> token.
>>>>> My idea was:
>>>>> - create an "unregistered_user" composite role, containing some basic
>>>>> roles
>>>>> - create a "guest" user, with the unregistered_user role
>>>>> - on the API server, if there is no token in the request I will get the
>>>>> roles of the guest user and user them. If there is a token, I'll use
>>>>> that
>>>>> user permissions.
>>>>> What do you think of that process?
>>>>>
>>>>> Thanks
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>>
>>>>
>>>
>>
>
More information about the keycloak-user
mailing list