Hi,

In the example, the angular is bootstrapped after the keycloak authentication is properly finished. It's also because keycloak authentication requires redirection of browser to KC and then redirecting back to the app. Theoretically you can combine it that keycloak authentication flow is called just when user visits some "secured" URL of your app, but still after redirecting from KC login screen back to the app, it will be better if angular is bootstrapped after keycloak authentication is finished (so in the "success" callback from keycloak.init call as it's done in the example).

Also note that there is no authorization in the JS application itself. The secured part are rest endpoints, which are secured by Bearer token obtained from the authentication of JS application. This is done in authInterceptor, which adds the bearer token to REST requests.

Marek

On 5.2.2015 18:39, Jorge Dario Arias Lopez wrote:

Hi I'm developing a web page in angular with keycloak for autorization.

I followed this example https://github.com/keycloak/keycloak/tree/master/examples/demo-template/angular-product-app and it works pretty well.

Now I want to secure only part of my application. Is there any way to achieve this behavior.

Thanks in advance

Jorge A.
_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev