<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
OK, many thanks Scott!<br>
<br>
<div class="moz-cite-prefix">05/01/2016 19:14(e)an, Scott Rossillo
igorleak idatzi zuen:<br>
</div>
<blockquote
cite="mid:F041362E-BC8B-4F86-8D95-19169D5EF016@smartling.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<div class="">If you want the database service to redirect users
to the login page, it must be changed to confidential. If the
front end itself is a client of Keycloak, then leaving the
service as bearer only is fine.</div>
<div class=""><br class="">
</div>
<div class="">The example is obviously a bit contrived but the
idea was that no user, even an admin, would authenticate
directly to the database service. If there were to be an admin
interface for the database, it would be another client in the
same realm. Ultimately it’s a design decision you have to make
when you consider what works well for your organization.</div>
<div class=""><br class="">
</div>
<div class="">
<div class="">Scott Rossillo</div>
<div class="">Smartling | Senior Software Engineer</div>
<div class=""><a moz-do-not-send="true"
href="mailto:srossillo@smartling.com" class="">srossillo@smartling.com</a></div>
<div class=""><br class="">
</div>
<div class=""><br class="">
<span style="color: rgb(169, 169, 169); font-family: gesta,
Arial, Helvetica, sans-serif; font-size: 14px; line-height:
20px; widows: 1; background-color: rgb(255, 255, 255);"
class=""></span>
<div id="watermark" style="box-sizing: border-box; color:
rgb(169, 169, 169); font-family: gesta, Arial, Helvetica,
sans-serif; font-size: 14px; line-height: 20px; widows: 1;
background-color: rgb(255, 255, 255);" class=""><a
moz-do-not-send="true" href="http://www.sigstr.com/"
style="box-sizing: border-box; color: rgb(0, 124, 194);
text-decoration: none; background-color: transparent;
outline: 0px !important;" class=""><img
moz-do-not-send="true" alt="Powered by Sigstr"
src="https://app.sigstr.com/uc/55e5d41c6533390d03580000/watermark"
style="box-sizing: border-box; border: 0px;
vertical-align: top; max-width: 100%; height: auto;
width: inherit; color: rgb(99, 99, 99); font-family:
Helvetica; font-size: 11px;" class="" border="0"></a></div>
</div>
</div>
<br class="">
<div>
<blockquote type="cite" class="">
<div class="">On Jan 5, 2016, at 10:30 AM, Amaeztu <<a
moz-do-not-send="true" href="mailto:amaeztu@tesicnor.com"
class=""><a class="moz-txt-link-abbreviated" href="mailto:amaeztu@tesicnor.com">amaeztu@tesicnor.com</a></a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<p dir="ltr" class="">Well, this example answers the asked
question, so many thanks Scott. However, I still have some
doubts.</p>
<p dir="ltr" class="">In the given code, the database
service can only be accessed from another client (bearer
only). However, let's suppose I also want to have access
to its endpoints from a Web browser, for pure
administrative purpose and only with the ADMIN role. I
should change the access to confidential. Then I want to
access the service from the customer app, but, since the
current user role might not be ADMIN, I wouldn't be
authorized for the remote access.</p>
<p dir="ltr" class="">The only solution I can think for this
is to keep the database service access bearer only and
implement a specific database-ui service, which should
replicate all the original endpoints (this involves adding
a new endpoint to the ui service everytime I do it in the
db service).</p>
<p dir="ltr" class="">Is there a way for solving this which
avoids having an specific ui service implemented? Sorry
about all questions I'm still a starter!</p>
<p dir="ltr" class="">Nire Sony Xperia™ telefonotik bidalita</p>
<br class="">
<br class="">
---- Scott Rossillo igorleak idatzi du ----<br class="">
<br class="">
Take a look at these Spring samples. It's set up
automatically:<br class="">
<br class="">
<a moz-do-not-send="true"
href="https://github.com/foo4u/keycloak-spring-demo/blob/master/customer-app/src/main/java/org/keycloak/example/spring/customer/service/RemoteCustomerService.java"
class="">https://github.com/foo4u/keycloak-spring-demo/blob/master/customer-app/src/main/java/org/keycloak/example/spring/customer/service/RemoteCustomerService.java</a><br
class="">
<div class="gmail_quote">
<div dir="ltr" class="">On Tue, Dec 29, 2015 at 12:31 PM
Aritz Maeztu <<a moz-do-not-send="true"
href="mailto:amaeztu@tesicnor.com" class="">amaeztu@tesicnor.com</a>>
wrote:<br class="">
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000" class=""> At this
moment there's a KeycloakRestTemplate to use it in
Spring which allows an end user to retrieve data from
other keycloak clients. However, a client might also
be interested in accessing data with its own
permissions and with no user interaction. Is there any
implementation of a RestTemplate to utilize client
service accounts and, if not, are there any plans to
write it? This <a moz-do-not-send="true"
href="https://github.com/keycloak/keycloak/blob/master/examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductServiceAccountServlet.java"
target="_blank" class="">demo </a>seems to do it
manually.<br class="">
<br class="">
Regards<br class="">
<div class="">-- <br class="">
<div class="">
<table style="width:600;border-collapse:collapse"
class="">
<tbody class="">
<tr class="">
<td
style="border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:#989898"
class=""> <span style="font-weight:bold"
class="">Aritz Maeztu Otaño</span><br
class="">
<span style="font-size:12px" class="">Departamento
Desarrollo de Software</span> </td>
<td
style="border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:#989898;padding-left:20px"
class=""> <a moz-do-not-send="true"
href="https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES"
target="_blank" class=""> <object
class=""
data="cid:part2.07090107.03080009@tesicnor.com"
type="application/x-apple-msg-attachment" border="0"></object> </a> <br>
</td>
</tr>
<tr class="">
<td class=""> <a moz-do-not-send="true"
href="http://www.tesicnor.com/"
target="_blank" class=""> <object
class=""
data="cid:part4.04050905.06000504@tesicnor.com"
type="application/x-apple-msg-attachment" border="0" width="143"></object>
</a> <br>
</td>
<td style="font-size:12px" class="">
<p style="padding-left:20px" class=""> <span
class="">Pol. Ind. Mocholi.</span> <span
class="">C/Rio Elorz, Nave 13E </span><span
style="font-weight:bold" class="">31110
Noain (Navarra)</span><br class="">
<span class="">Telf.: 948 21 40 40</span>
<br class="">
<span class="">Fax.: 948 21 40 41</span>
<br class="">
</p>
</td>
</tr>
<tr class="">
<td colspan="2" class=""> <span
style="color:#009900;font-size:12px"
class="">Antes de imprimir este e-mail
piense bien si es necesario hacerlo: El
medioambiente es cosa de todos.</span> </td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
_______________________________________________<br
class="">
keycloak-user mailing list<br class="">
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org"
target="_blank" class="">keycloak-user@lists.jboss.org</a><br
class="">
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer" target="_blank" class="">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></blockquote>
</div>
<span id="cid:%3C%3E"><logo.png></span><span
id="cid:%3C%3E"><logo.png></span><span
id="cid:%3C%3E"><logo.png></span></div>
</blockquote>
</div>
<br class="">
</blockquote>
<br>
<div class="moz-signature">-- <br>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<div class="moz-signature">
<table style="cellspadding: 0; width: 600; align: left;
border-collapse: collapse;">
<tbody>
<tr>
<td style="border-bottom-width: 1px; border-bottom-style:
solid; border-bottom-color: #989898;"> <span
style="font-weight:bold">Aritz Maeztu Otaño</span><br>
<span style="font-size: 12px;">Departamento Desarrollo
de Software</span> </td>
<td style="border-bottom-width: 1px; border-bottom-style:
solid; border-bottom-color: #989898; padding-left:
20px;"> <a target="_blank"
href="https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES">
<img src="cid:part12.07020604.00050803@tesicnor.com"
border="0">
<!--<img src="linkdin.gif" border="0" />--> </a> </td>
</tr>
<tr>
<td> <a target="_blank" href="http://www.tesicnor.com"> <img
shrinktofit="true"
src="cid:part14.09080706.09080804@tesicnor.com"
border="0" width="143">
<!--<img shrinktofit="true" src="logo.png" width="143" border="0" />-->
</a> </td>
<td style="font-size: 12px;">
<p style="padding-left: 20px;"> <span>Pol. Ind.
Mocholi.</span> <span>C/Rio Elorz, Nave 13E </span><span
style="font-weight:bold">31110 Noain (Navarra)</span><br>
<span>Telf.: 948 21 40 40</span> <br>
<span>Fax.: 948 21 40 41</span> <br>
</p>
</td>
</tr>
<tr>
<td colspan="2"> <span style="color: #009900;font-size:
12px;">Antes de imprimir este e-mail piense bien si es
necesario hacerlo: El medioambiente es cosa de todos.</span>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</body>
</html>