<div dir="ltr">Hi,<div><br></div><div>I'm currently using beta2 of keycloak, and we are building a new application with keycloak as our security platform.</div><div><br></div><div>In our web module, all pages are located under the path src/main/webapps/views. Navigation to the index.xhtml file under this path triggers keycloack login, as expected. We've enabled self-registration and assigned the default realm role to be "user", so a new user automatically obtains the "user" role. Here is a snippet of our web.xml file.</div>
<div><br></div><div><br></div><div><div><security-constraint></div><div> <web-resource-collection></div><div> <web-resource-name>Users</web-resource-name></div><div> <url-pattern>/views/*</url-pattern></div>
<div> </web-resource-collection></div><div> <auth-constraint></div><div> <role-name>user</role-name></div><div> </auth-constraint></div><div> </security-constraint></div>
</div><div><div><security-constraint></div><div> <web-resource-collection></div><div> <web-resource-name>Supervisor</web-resource-name></div><div> <url-pattern>/views/supervisor/*</url-pattern></div>
<div> </web-resource-collection></div><div> <auth-constraint></div><div> <role-name>supervisor</role-name></div><div> </auth-constraint></div><div> </security-constraint></div>
</div><div><div>...</div><div><br></div><div>In effect any person with "user" role can view any content directly under /views/*. However, the newly enrolled user is able to navigate to other subpaths under the /views like the /views/supervisor/* which should normally require the user to have the additional "supervisor" role in addition to being "user".</div>
<div><br></div><div>So I have 2 questions.</div><div>1. Am I doing something wrong with regards to this setup? Does each registered application also need to have roles specified, or should the realm roles be enough. Or is my understanding wrong?</div>
<div>2. Is there an a means to obtain the roles that a user has after logging in? The IDToken doesn't seem to contain any such information.</div><div><br></div><div>Looking forward to your response. Cheers.</div><br></div>
</div>