
<html dir="ltr">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

</head>

<body ocsi="0" fpstyle="1" bgcolor="#FFFFFF">

<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">Thanks,<br>

<br>

i forgott to type in the admin url in the admin console.<br>

<div style="font-family: Times New Roman; color: #000000; font-size: 16px">

<hr tabindex="-1">

<div style="direction: ltr;" id="divRpF47033"><font size="2" face="Tahoma" color="#000000"><b>Von:</b> Marek Posolda [mposolda@redhat.com]<br>

<b>Gesendet:</b> Mittwoch, 28. Januar 2015 11:12<br>

<b>Bis:</b> Christoph Machnik; keycloak-user@lists.jboss.org<br>

<b>Betreff:</b> Re: [keycloak-user] User rights after logout<br>

</font><br>

</div>

<div></div>

<div>

<div class="moz-cite-prefix">Hi,<br>

<br>

I've just tried with latest Keycloak on Wildfly but did not see same behaviour. Do you have admin URL set in Keycloak admin console for your application? How are you doing logout in your application? Are you using httpServletRequest.logout() or are you directly

 logout by access to logoutURL like our demo example applications are doing? <br>

<br>

Marek<br>

<br>

On 28.1.2015 10:38, Christoph Machnik wrote:<br>

</div>

<blockquote type="cite"><style id="owaParaStyle" type="text/css">

<!--

p

        {margin-top:0;

        margin-bottom:0}

-->

BODY {direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;}P {margin-top:0;margin-bottom:0;}</style>

<div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">Hi all,<br>

<br>

I have a web-application with keycloak. When a user have to log in this user becomes the rights to see the following pages or not. When this user loggs out an a other user loggs in with other rights to see the following pages or not, he becomes the same rights

 as the first user that logged in.&nbsp; <br>

In the example i log in with support and just can see the support page in the application, when i logg out an log in with admin i just can see the support page and not the admin page, even though i have the admin role. When i restart the server and first log

 in as admin i can see the admin- and the support page. When i log out and now log in with support i have the support rule, but nevertheless i can see the admin- and support page.<br>

<br>

Is there any mistake in int web.xml file ? (following):<br>

<br>

&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;<br>

&lt;web-app xmlns=<a class="moz-txt-link-rfc2396E" href="http://java.sun.com/xml/ns/javaee" target="_blank">&quot;http://java.sun.com/xml/ns/javaee&quot;</a><br>

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; xmlns:xsi=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema-instance" target="_blank">&quot;http://www.w3.org/2001/XMLSchema-instance&quot;</a><br>

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; xsi:schemaLocation=<a class="moz-txt-link-rfc2396E" href="http://java.sun.com/xml/ns/javaeehttp://java.sun.com/xml/ns/javaee/web-app_3_0.xml" target="_blank">&quot;http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xml&quot;</a><br>

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; version=&quot;3.0&quot;&gt;<br>

&nbsp;&nbsp;&nbsp; <br>

&nbsp;&nbsp;&nbsp; &lt;module-name&gt;TestWebApp&lt;/module-name&gt;<br>

&nbsp;&nbsp;&nbsp; <br>

&nbsp;&nbsp;&nbsp; &lt;security-constraint&gt;<br>

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;web-resource-collection&gt;<br>

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;web-resource-name&gt;Admins&lt;/web-resource-name&gt;<br>

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;url-pattern&gt;/views/admin/*&lt;/url-pattern&gt;<br>

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/web-resource-collection&gt;<br>

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;auth-constraint&gt;<br>

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;role-name&gt;admin&lt;/role-name&gt;<br>

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/auth-constraint&gt;<br>

&nbsp;&nbsp;&nbsp; &lt;/security-constraint&gt;<br>

&nbsp;&nbsp;&nbsp; &lt;security-constraint&gt;<br>

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;web-resource-collection&gt;<br>

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;web-resource-name&gt;Support&lt;/web-resource-name&gt;<br>

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;url-pattern&gt;/views/support/*&lt;/url-pattern&gt;<br>

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/web-resource-collection&gt;<br>

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;auth-constraint&gt;<br>

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;role-name&gt;admin&lt;/role-name&gt;<br>

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;role-name&gt;support&lt;/role-name&gt;<br>

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/auth-constraint&gt;<br>

&nbsp;&nbsp;&nbsp; &lt;/security-constraint&gt;<br>

&nbsp;&nbsp;&nbsp; <br>

&nbsp;&nbsp;&nbsp; &lt;login-config&gt;<br>

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;auth-method&gt;KEYCLOAK&lt;/auth-method&gt;<br>

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;realm-name&gt;test&lt;/realm-name&gt;<br>

&nbsp;&nbsp;&nbsp; &lt;/login-config&gt;<br>

&nbsp;&nbsp;&nbsp; <br>

&nbsp;&nbsp;&nbsp; &lt;security-role&gt;<br>

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;role-name&gt;admin&lt;/role-name&gt;<br>

&nbsp;&nbsp;&nbsp; &lt;/security-role&gt;<br>

&nbsp;&nbsp;&nbsp; &lt;security-role&gt;<br>

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;role-name&gt;support&lt;/role-name&gt;<br>

&nbsp;&nbsp;&nbsp; &lt;/security-role&gt;<br>

<br>

&lt;/web-app&gt;<br>

</div>

<br>

<fieldset class="mimeAttachmentHeader" target="_blank"></fieldset> <br>

<pre>_______________________________________________

keycloak-user mailing list

<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>

<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>

</blockquote>

<br>

</div>

</div>

</div>

</body>

</html>