11:41 a.m.
Hi,
I'm facing an issue. I'm running a Spring Boot App and wishes to use the
authorizations services. Permissions are defined in Keycloak for my client
and using the evaluation the work as expected. On my app though I have an
issue, authorization are checked correctly (using the right resources etc)
I can see in the logs that the verification are done correctly but the
access is always granted whereas it should be denied in certains cases.
When I test the permission that should be denied using the evaluation page
of Keycloak access is correctly denied.
To activate the authorization in the app I added the following settings :
keycloak.policy-enforcer-config.on-deny-redirect-to=/
keycloak.securityConstraints[0].authRoles[0]=user
keycloak.securityConstraints[0].securityCollections[0].name=protected
keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/*
Any ideas ?
2:18 p.m.
Can you give an example of a resource definition that matches a protected
resource in your application ? For instance, if you are protecting
"/protected/resource" you should either have a resource in Keycloak mapping
to "/*" or "/protected/resource". This mapping is defined by
resource's
*URI* property.
Regards.
Pedro Igor
On Wed, Aug 23, 2017 at 6:41 AM, Matthias ANGLADE <manglade(a)nextoo.fr>
wrote:
Hi,
I'm facing an issue. I'm running a Spring Boot App and wishes to use the
authorizations services. Permissions are defined in Keycloak for my client
and using the evaluation the work as expected. On my app though I have an
issue, authorization are checked correctly (using the right resources etc)
I can see in the logs that the verification are done correctly but the
access is always granted whereas it should be denied in certains cases.
When I test the permission that should be denied using the evaluation page
of Keycloak access is correctly denied.
To activate the authorization in the app I added the following settings :
keycloak.policy-enforcer-config.on-deny-redirect-to=/
keycloak.securityConstraints[0].authRoles[0]=user
keycloak.securityConstraints[0].securityCollections[0].name=protected
keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/*
Any ideas ?
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2689
days inactive
2689
days old
1 comments
2 participants
participants (2)
-
Matthias ANGLADE -
Pedro Igor Silva