Maybe you can use Keycloak authorization services to achieve this. There
is some support for the concept of "Owner", so that only user, who owns
some object can do something with that object.
I suggest to take a look at our quickstarts for the authorization [1],
the documentation [2]. Also some time ago, I did a demo for the
authorization services and it used Sprint & Sprint Security, so maybe
you can take a look as well for the inspiration [3]. There is
presentation of this available on Youtube as well.
[1]
https://github.com/keycloak/keycloak-quickstarts (All quickstarts
starting with "app-authz"
[2]
https://www.keycloak.org/docs/latest/authorization_services/index.html
[3]
https://github.com/mposolda/devconf2019-authz/
Marek
On 03. 12. 19 16:47, Alfonso Vidal GarcĂa wrote:
Hello,
I am wondering if I can implement ACL Security to my Spring Application, to delimit which
objects can retrieve the users, depends on the user. Like the each user can retrieve only
the objects that belong to him.
Thanks in advance!
P Please consider the environment before printing this e-mail.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user