<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-2">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.Stylwiadomocie-mail17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="PL" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Hi,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’m working on a simple security service for enterprise application, and one of the requirements is to be able to determine list of application roles (composites, if I get the vocabulary right) for each user that has successfully signed
in. User credentials are naturally acquired from session token. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">According to the REST API docs, you can acquire list of application roles for a given realm role with the following request:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="color:#2F5597">/admin/realms/{realm}/roles/{realm_role}/composites<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">It turns out however that in order to be successfully executed, this request requires the user to have „manage-realm” effective role assigned. This will naturally be the case only for admin users.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">So I’d much appreciate if you could tell whether there is a way (using REST API or User/RoleRepresentation objects) to get list of application roles for a given realm role without the need of having „manage-realm” role assigned.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thank you in advance for your help.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;mso-fareast-language:PL">Best Regards,<o:p></o:p></span></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="background:white;border-collapse:collapse">
<tbody>
<tr>
<td style="padding:0cm 0cm 0cm 0cm">
<table class="MsoNormalTable" border="0" cellpadding="0">
<tbody>
<tr style="height:9.0pt">
<td style="padding:0cm 0cm 0cm 0cm;height:9.0pt">
<p class="MsoNormal" style="line-height:9.0pt"><b><span style="font-size:9.0pt;color:#0084AF;mso-fareast-language:EN-GB">Maciej Szewczykowski
<o:p></o:p></span></b></p>
</td>
</tr>
<tr style="height:7.5pt">
<td style="padding:0cm 0cm 0cm 0cm;height:7.5pt">
<p class="MsoNormal" style="line-height:7.5pt"><span style="font-size:7.5pt;color:#0084AF;mso-fareast-language:EN-GB">Java Developer<o:p></o:p></span></p>
</td>
</tr>
<tr style="height:3.0pt">
<td style="padding:0cm 0cm 0cm 0cm;height:3.0pt">
<div class="MsoNormal" align="center" style="text-align:center"><span style="font-size:2.0pt;font-family:"Times New Roman",serif;mso-fareast-language:EN-GB">
<hr size="2" width="100%" noshade="" style="color:#A0A0A0" align="center">
</span></div>
</td>
</tr>
<tr style="height:7.5pt">
<td style="padding:0cm 0cm 0cm 0cm;height:7.5pt">
<p class="MsoNormal" style="mso-line-height-alt:6.0pt"><span style="font-size:7.5pt;color:#69747A;mso-fareast-language:EN-GB">T +44 01628 539 800</span><span style="font-size:7.5pt;font-family:"Arial",sans-serif;color:#69747A;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
</td>
</tr>
<tr style="height:7.5pt">
<td style="padding:0cm 0cm 0cm 0cm;height:7.5pt">
<p class="MsoNormal" style="mso-line-height-alt:6.0pt"><span style="font-size:7.5pt;color:#69747A;mso-fareast-language:EN-GB">E firstname.lastname@pjmedia.co.uk<o:p></o:p></span></p>
</td>
</tr>
<tr style="height:3.0pt">
<td style="padding:.75pt .75pt .75pt .75pt;height:3.0pt"></td>
</tr>
<tr style="height:7.5pt">
<td style="padding:0cm 0cm 0cm 0cm;height:7.5pt">
<p class="MsoNormal" style="mso-line-height-alt:6.0pt"><b><span style="font-size:7.5pt;color:#69747A;mso-fareast-language:EN-GB">PJ Media Limited,</span></b><b><span lang="EN-US" style="font-size:7.5pt;font-family:"Arial",sans-serif;color:#69747A;mso-fareast-language:EN-GB"><o:p></o:p></span></b></p>
</td>
</tr>
<tr style="height:7.5pt">
<td style="padding:0cm 0cm 0cm 0cm;height:7.5pt">
<p class="MsoNormal" style="mso-line-height-alt:6.0pt"><span style="font-size:7.5pt;color:#69747A;mso-fareast-language:EN-GB">Plac
</span><span style="font-size:7.5pt;color:#69747A;mso-fareast-language:EN-GB">Wolności
</span><span style="font-size:7.5pt;color:#69747A;mso-fareast-language:EN-GB">21, 05-825<o:p></o:p></span></p>
</td>
</tr>
<tr style="height:7.5pt">
<td style="padding:0cm 0cm 0cm 0cm;height:7.5pt">
<p class="MsoNormal" style="mso-line-height-alt:6.0pt"><span style="font-size:7.5pt;color:#69747A;mso-fareast-language:EN-GB">Grodzisk Mazowiecki, Warsaw, Poland<o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" align="center" style="text-align:center"><a href="http://www.brandpath.com/"><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:blue;border:none windowtext 1.0pt;padding:0cm;mso-fareast-language:PL;text-decoration:none"><img border="0" width="204" height="146" id="Picture_x0020_21" src="cid:image001.jpg@01D09316.98B29B70" alt="Brandpath"></span></a><span lang="EN-US" style="font-size:12.0pt;font-family:"Times New Roman",serif;color:#71787D;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="font-size:7.0pt;mso-fareast-language:PL">PJ MEDIA LIMITED | Registered in England and Wales no. 04946760 | Registered Office: Network House, Third Avenue, Globe Park, Marlow, Buckinghamshire, SL7 1EY, United Kingdom | Web site:
http://www.pjmedia.co.uk</span><span lang="EN-US" style="font-size:7.0pt;font-family:"Arial",sans-serif;color:#71787D;mso-fareast-language:JA"><o:p></o:p></span></p>
<div style="mso-element:para-border-div;border:none;border-bottom:solid windowtext 1.0pt;padding:0cm 0cm 1.0pt 0cm">
<p class="MsoNormal" style="border:none;padding:0cm"><span style="font-size:7.0pt;mso-fareast-language:PL"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<br clear="both">
The contents of this message and any attachments to it are confidential and may be legally privileged. If you have received this message in error you should delete it from your system immediately and advise the sender. To any recipient of this message within PJ Media, unless otherwise stated, you should consider this message and attachments as PJ Media confidential.<BR>
<BR>
PJ MEDIA LIMITED,<BR>
Registered in England no. 04946760<BR>
Address: Network House, Third Avenue, Globe Park, Marlow, SL7 1EY, United Kingdom<BR>
</body>
</html>