Re: [keycloak-user] Keycloak policies eval

Hi there, I use this url to get my users access token (" http://localhost:8090/auth/realms/MYREALM/protocol/openid-connect/token&q...) with username, password, client_id, realm, client secret and grant type, the last one with the value "password". My question is how to make this request not returning any access token therefore not allowing authentication on my Realm using some kind of policy (time and role-based). Best regards, Simão Silva On Tue, Apr 2, 2019 at 10:28 AM Sebastien Blanc <sblanc(a)redhat.com&gt; wrote: > We need more info here. Do you want just authentication with simple RBAC > or do you want to use the authorization layer ? Have you seen our > Springboot quickstarts ? > > On Sun, Mar 31, 2019 at 2:15 PM Simão Silva <simao.sfos(a)gmail.com&gt; wrote: > >> Hi there, >> >> I'm implementing keycloak for authentication in a server with spring >> boot. I'm doing something like "@RequestMapping("/login") " in java but >> the policies aren't taken into account, because I can login with every >> user >> in the client. I want something like this >> >> https://github.com/keycloak/keycloak-quickstarts/blob/latest/app-authz-je... >> , >> that tells me if the user can or not access the specific client in a >> resource. What should I do? >> >> Best regards, >> Simão Silva >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user > >