OrestisThanks Bill,I think i may tackle the issue for now through the KeycloakConfigResolver. Maybe return an empty deployment if the API Key is in the request.
Regards
On Wed, Sep 16, 2015 at 2:39 AM, Bill Burke <bburke@redhat.com> wrote:
I'll eventually implement adapter as a filter, but right now security
constraints are required.
> _______________________________________________
On 9/15/2015 5:54 PM, Orestis Tsakiridis wrote:
> Hello,
>
> Is it possible to apply programmatic access control i.e. retrieve
> KeycloakSecurityContext, get token, roles etc, when the
> <security-contraint/> elements have been removed from web.xml?
>
> The reason for that is that when <security-constraints/> are present the
> requests get dropped by the keycloak adapter before reaching the REST
> endpoints implementation in case they are not carrying a token. I'm
> trying to support an alternative authorization mechanism using a custom
> API Key parameter in case the Oauth token header is missing.
>
>
> Regards
>
> Orestis
>
>
>
>
>
>
> keycloak-user mailing list
> keycloak-user@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user