I don't understand your question...This is a keycloak.json setting.
On 12/16/2015 10:45 AM, Johan Bos wrote:
oh when you said:
use-resource-role-mappings
it is only available through the keycloak.json
Nothing from Keycloak Admin UI allows you to set the options, so have the installation
file ready with everything ?
Regards,
Johan Bos
Le 16/12/2015 16:33, Johan Bos a écrit :
> So it is one or the other.
> The switch is at realm level or per clients?
>
> As I tend to make realm role for securing the clients only and
> client/resource roles for internal client management, I should be fine
>
> Still It would help to have some merging/mapping so from client we
> don't have to so much rely on KeyCloak implementation to test roles...
> Issue is that realm role can have same name as client role. But once
> there is always some pitfall to avoid.
>
> Thanks
>
> Regards,
>
> Johan Bos
>
> Le 16/12/2015 15:45, Bill Burke a écrit :
>> See use-resource-role-mappings switch:
>>
>> If set to true, the getResourceAccess("resource-name") roles will be
>> mapped into isUserInRole, otherwise getRealmAccess is mapped into
>> isUserInRole
>>
>> Not the best I know. We've been meaning to add some sort of role
>> mapping facility to the adapter.
>>
>> On 12/16/2015 9:17 AM, Johan Bos wrote:
>>> Why is HttpRequest.isUserInRole(<role>) not capable to return true
when
>>> the role is present in the AccessToken.getRealmAccess?
>>>
>>> Regards,
>>>
>>> Johan Bos
>>>
>>> Le 16/12/2015 15:09, Bill Burke a écrit :
>>>> AccessToken.getResourceAccess or AccessToken.getRealmAccess
>>>>
>>>> On 12/16/2015 4:51 AM, Tim Dudgeon wrote:
>>>>> Its not clear to me how you get the assigned roles from the
>>>>> AccessToken.
>>>>> For instance, is the realm has configured the user to have roles
>>>>> "user"
>>>>> and "editor" how do I find these in the AccessToken?
>>>>>
>>>>> Tim
>>>>>
>>>>> On 07/12/2015 02:53, Bill Burke wrote:
>>>>>> For Java HttpServletRequest.isUserInRole() works. If you
>>>>>> typecast the
>>>>>> principal to KeycloakPrincipal you can obtain the AccessToken.
>>>>>>
>>>>>> On 12/6/2015 5:39 PM, Pavel Maslov wrote:
>>>>>>> Hi everyone,
>>>>>>>
>>>>>>>
>>>>>>> Do Keycloak adapters support user authorization? I mean, of
course
>>>>>>> they
>>>>>>> do :) For example, the API I have secured with Keycloak
receives a
>>>>>>> Keycloak access token from the client. How can I validate the
token
>>>>>>> (check user roles) in my code? I am interested in the Java
>>>>>>> (wildfly) and
>>>>>>> Javascript adapters.
>>>>>>>
>>>>>>> Manually I am using jwt.io <
http://jwt.io> to check the
token. I am
>>>>>>> just
>>>>>>> curious if the Keycloak adapters support smth similar out of
the
>>>>>>> box.
>>>>>>>
>>>>>>> Thank you for your answers.
>>>>>>>
>>>>>>>
>>>>>>> Regards,
>>>>>>> Pavel Maslov, MS
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> keycloak-user mailing list
>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user(a)lists.jboss.org
>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org
>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user