You can use RoleAllowed on JAX-RS methods, but you'll need to enable the
resteasy config for that. If that's what you mean. You can also use
web.xml servlet security too, but you can't get as fine-grained.
I'll update the example we have for Aerogear, if you want to take one of
those approaches.
On 5/27/2014 1:19 PM, Bruno Oliveira wrote:
Thank you Bill. If I want to restrict the access for my endpoint, for
example:
- admin: can do anything: read, update, delete, create at my endpoints
(on UPS)
- regular user: read only
Which approach would be the best with KC? Interceptors? Servlet filter?
Or there's something already implemented?
On 2014-05-27, Bill Burke wrote:
> Please check out the project here. IMO, this is how you'll want to set
> up aerogear:
>
>
https://github.com/keycloak/keycloak/tree/master/project-integrations/aer...
>
> With aerogear, IMO, you'll want to remove the admin user of the master
> realm. We added a feature that you can have a admin user directly in
> your realm within the admin console. Please read this:
>
>
https://github.com/keycloak/keycloak/tree/master/project-integrations/aer...
>
>
> The realm import enables an admin user with permissions to modify the
> aerogear realm.
>
>
https://github.com/keycloak/keycloak/blob/master/project-integrations/aer...
>
> On 5/27/2014 7:58 AM, Bruno Oliveira wrote:
>> Good morning guys, following the requirements of Push server. We on
>> AeroGear would like to restrict the scope of Admin.
>>
>> Following the integration samples here:
>>
https://github.com/keycloak/keycloak/blob/master/project-integrations/aer....
>>
>> The downside of remove the admin is that we can't manage our users anymore
(correct me if I'm wrong).
>> This is not a big deal if you add a new user or update the current admin with the
appropriate
>> permissions. The odd thing is: after login I'm immediately kicked out of KC
>> admin, probably I'm doing something wrong for sure, but I couldn't
figure
>> out yet.
>>
>> This is the piece of code being tested:
>>
https://github.com/abstractj/aerogear-unifiedpush-server/commit/4814e75f1...
>>
>> And this is the log file:
>>
https://gist.github.com/abstractj/eb75d6210eb29394d139. It seems like
>> everything goes well here:
>>
https://gist.github.com/abstractj/eb75d6210eb29394d139#file-log-txt-L5,
>> but maybe I'm missing the mgmt configuration?
>>
https://gist.github.com/abstractj/eb75d6210eb29394d139#file-log-txt-L7
>>
>> Thanks in advance.
>>
>> --
>>
>> abstractj
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
>
http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
abstractj