On 2014-05-27, Bill Burke wrote:
You can use RoleAllowed on JAX-RS methods, but you'll need to
enable the
resteasy config for that. If that's what you mean. You can also use
Nailed it Bill, that's exactly what I mean.
web.xml servlet security too, but you can't get as fine-grained.
I'll update the example we have for Aerogear, if you want to take one of
those approaches.
Thanks a lot, I will take a look at the documentation.
On 5/27/2014 1:19 PM, Bruno Oliveira wrote:
>Thank you Bill. If I want to restrict the access for my endpoint, for example:
>
>- admin: can do anything: read, update, delete, create at my endpoints
> (on UPS)
>- regular user: read only
>
>Which approach would be the best with KC? Interceptors? Servlet filter?
>Or there's something already implemented?
>
>On 2014-05-27, Bill Burke wrote:
>>Please check out the project here. IMO, this is how you'll want to set
>>up aerogear:
>>
>>https://github.com/keycloak/keycloak/tree/master/project-integrations/aerogear-ups
>>
>>With aerogear, IMO, you'll want to remove the admin user of the master
>>realm. We added a feature that you can have a admin user directly in
>>your realm within the admin console. Please read this:
>>
>>https://github.com/keycloak/keycloak/tree/master/project-integrations/aerogear-ups
>>
>>
>>The realm import enables an admin user with permissions to modify the
>>aerogear realm.
>>
>>https://github.com/keycloak/keycloak/blob/master/project-integrations/aerogear-ups/auth-server/src/main/webapp/WEB-INF/testrealm.json
>>
>>On 5/27/2014 7:58 AM, Bruno Oliveira wrote:
>>>Good morning guys, following the requirements of Push server. We on
>>>AeroGear would like to restrict the scope of Admin.
>>>
>>>Following the integration samples here:
>>>https://github.com/keycloak/keycloak/blob/master/project-integrations/aerogear-ups/auth-server/src/main/java/org/aerogear/ups/security/UpsSecurityApplication.java#L32.
>>>
>>>The downside of remove the admin is that we can't manage our users
anymore (correct me if I'm wrong).
>>>This is not a big deal if you add a new user or update the current admin with
the appropriate
>>>permissions. The odd thing is: after login I'm immediately kicked out of
KC
>>>admin, probably I'm doing something wrong for sure, but I couldn't
figure
>>>out yet.
>>>
>>>This is the piece of code being tested:
>>>https://github.com/abstractj/aerogear-unifiedpush-server/commit/4814e75f1e5bfc31919bb51f00623a3948829861#diff-fb1187c03792f02a16e7bb8642ad6052R67
>>>
>>>And this is the log file:
>>>https://gist.github.com/abstractj/eb75d6210eb29394d139. It seems like
>>>everything goes well here:
>>>https://gist.github.com/abstractj/eb75d6210eb29394d139#file-log-txt-L5,
>>>but maybe I'm missing the mgmt configuration?
>>>https://gist.github.com/abstractj/eb75d6210eb29394d139#file-log-txt-L7
>>>
>>>Thanks in advance.
>>>
>>>--
>>>
>>>abstractj
>>>_______________________________________________
>>>keycloak-dev mailing list
>>>keycloak-dev(a)lists.jboss.org
>>>https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>>
>>--
>>Bill Burke
>>JBoss, a division of Red Hat
>>http://bill.burkecentral.com
>>_______________________________________________
>>keycloak-dev mailing list
>>keycloak-dev(a)lists.jboss.org
>>https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>--
>
>abstractj
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
--
abstractj