11:40 a.m.
Great,
I would be pleased to see this feature as an official one. Of course some specificities
due to my business use case will may not be relevant for the community but lets discuss
them. I will create an issue and publish the code ASAP (next week hopefully, but as new
features will not be accepted until 4.0...).
Emilien
Le 10 nov. 2017 à 15:02, Pedro Igor Silva <psilva(a)redhat.com> a
écrit :
I'm glad to take a look on it and see how it could fit in our adapters. Could you
create a JIRA and give some link to your code so we can discuss from there ?
Thanks.
On Fri, Nov 10, 2017 at 10:51 AM, Emilien Bondu <dev.ebondu(a)gmail.com
<mailto:dev.ebondu@gmail.com>> wrote:
To achieve this, I implemented a KeycloakAnonymousActionsFilter filter to handle
requests, associated to an AnonymousActionsHandler (extending the official
AuthenticatedActionsHandler) and an AnonymousPolicyEnforcer (extending the official
AbstractPolicyEnforcer). Do you think this code should be added to the official
spring-adapter ?
> Le 10 nov. 2017 à 12:12, Pedro Igor Silva <psilva(a)redhat.com
<mailto:psilva@redhat.com>> a écrit :
>
> @Emilien Bondu, I was looking that thread again and now I'm wondering if you end
up with something you can share.
>
> On Fri, Nov 10, 2017 at 9:07 AM, Emilien Bondu <dev.ebondu(a)gmail.com
<mailto:dev.ebondu@gmail.com>> wrote:
> Hi,
>
> Maybe you should have a look here :
>
> http://lists.jboss.org/pipermail/keycloak-user/2017-March/009830.html
<http://lists.jboss.org/pipermail/keycloak-user/2017-March/009830.html>
>
>
>> Le 10 nov. 2017 à 11:33, Pedro Igor Silva <psilva(a)redhat.com
<mailto:psilva@redhat.com>> a écrit :
>>
>> Hi,
>>
>> I think you could probably change your application and remove the
>> resources/paths you want to make public from the list of resources
>> protected by the adapter.
>>
>> On Thu, Nov 9, 2017 at 2:06 PM, Corentin Dupont <corentin.dupont(a)gmail.com
<mailto:corentin.dupont@gmail.com>>
>> wrote:
>>
>>> Another question: how to apply default authorizations?
>>>
>>> I want to protect my API with authorization in Keycloak. However some
>>> resources should be open to the public, accessible without any bearer
>>> token.
>>> My idea was:
>>> - create an "unregistered_user" composite role, containing some
basic roles
>>> - create a "guest" user, with the unregistered_user role
>>> - on the API server, if there is no token in the request I will get the
>>> roles of the guest user and user them. If there is a token, I'll use
that
>>> user permissions.
>>> What do you think of that process?
>>>
>>> Thanks
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
>>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
>