[keycloak-user] Annotation-based protection?
Craig Setera
craig at baseventure.com
Wed Sep 26 13:50:55 EDT 2018
We are working to replace our Picketlink-based application code with
Keycloak and OAuth/OpenID Connect. We have a number of JAX-RS services
that have "mixed" resource methods some requiring authentication, while
others do not require any authentication. We mark those that require
authentication with @LoggedIn and use the Picketlink method interception
support to manage access to that method.
What is the best way to replace this kind of functionality of mixed
resource methods, some requiring authentication and others not requiring
authentication? It does not seem like specifying this kind of information
via web.xml is the proper/best approach, since it may force authentication
for services that we don't want to make that a requirement. Is there any
built-in support in Keycloak for this kind of use case?
Thanks,
Craig
=================================
*Craig Setera*
*Chief Technology Officer*
*415-324-5861**craig at baseventure.com <craig at baseventure.com>*
More information about the keycloak-user
mailing list