[keycloak-user] Keycloak Share a resource with other User

Pedro Igor Silva psilva at redhat.com
Tue Sep 17 08:14:36 EDT 2019 

The AuthzClient should be using a token issued on behalf of alice when
invoking the API for creating a ticket. Is that what is happening when you
obtain the client and invoke the endpoint ?

On Tue, Sep 17, 2019 at 5:40 AM Nicola Messina <nikmess at hotmail.it> wrote:

> Hi Pedro,
> tanks for the answer, sorry, but i dont understand how, my code is :
>
>      String resourceId="3707be30-6e85-4d48-92c9-afaf0750eaec";
>      String DestinatarioId="4308881b-5754-44e4-a8c6-dbd13bbbc4a6";
>      String scopeId="3497b93d-ae42-42ee-b825-f1da667902b4";
>
>      String Soggetto =
> keycloak_helper.getKeycloakSecurityContext(request).getToken().getSubject();
>
>      PermissionTicketRepresentation ticket = new
> PermissionTicketRepresentation();
>
>      ticket.setOwner(Soggetto);
>      ticket.setOwnerName("alice");
>
>      ticket.setResource(resourceId);
>      ticket.setResourceName("Foto-Vacci");
>
>      ticket.setRequester(DestinatarioId);
>      ticket.setRequesterName("bob");
>
>      ticket.setScope(scopeId);
>      ticket.setScopeName("foto:view");
>
>      ticket.setGranted(true);
>
>
>  keycloak_helper.getAuthzClient(request).protection().permission().create(ticket);
>
> The request is made from the owner of the resource "alice" and this
> request is made from the Java backend, like the photoz example.
> Can you help me understand what is wrong?
>
> King Regards
>
> ------------------------------
> *Da:* Pedro Igor Silva <psilva at redhat.com>
> *Inviato:* lunedì 16 settembre 2019 23:14
> *A:* Nicola <nikmess at hotmail.it>
> *Cc:* keycloak-user <keycloak-user at lists.jboss.org>
> *Oggetto:* Re: [keycloak-user] Keycloak Share a resource with other User
>
> Hi,
>
> Basically, only the owner can create tickets for his/her resources. You
> need to access the API using a bearer token where the owner of the resource
> is the subject.
>
> Regards.
> Pedro Igor
>
> On Mon, Sep 16, 2019 at 3:21 PM Nicola <nikmess at hotmail.it> wrote:
>
> Hi, i'm new to keycloak, i'm watching the *photoz uma example*, in this
> example a user can *create *a resource and then *share *with other user,
> i'm
> interested to this feature.
>
> Checking in the JavaDOC i've found that from a PermissionResource i can
> create a *PermissionTicketRepresentation*, where i can set the resource,
> the
> scope, the owner and the requester of the resource, i've tried this, but i
> get
>
> /{"error":"not_authorised","error_description":"permissions for
> [3707be30-6e85-4d48-92c9-afaf0750eaec] can be only created by the owner"}/
>
> so, how can i do this via code?
> kind regards
>
>
>
>
> --
> Sent from: http://keycloak-user.88327.x6.nabble.com/
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>

More information about the keycloak-user mailing list