3:44 a.m.
Sebastien... you are my HERO ! Thanks ;)
On 24.10.2017 10:36, Sebastien Blanc wrote:
Even easier with Spring Boot ;) :
keycloak.security-constraints[0].authRoles[0]=admin
keycloak.security-constraints[0].securityCollections[0].methods[0]=POST
keycloak.security-constraints[0].securityCollections[0].patterns[0]=/products/*
keycloak.security-constraints[1].authRoles[0]=user
keycloak.security-constraints[1].securityCollections[0].methods[0]=GET
keycloak.security-constraints[1].securityCollections[0].patterns[0]=/products/*
On Tue, Oct 24, 2017 at 10:34 AM, Karol Buler <K.Buler(a)adbglobal.com
<mailto:K.Buler@adbglobal.com>> wrote:
Unfortunately this is spring-boot application, but there is
possibility to attach web.xml I think. Thanks! I consider to use
it instead of Zuul.
On 24.10.2017 10:28, Sebastien Blanc wrote:
> Are you in a Java EE app ?
>
> In your security constraints, you can specify which method is
> allowed along with the role. For instance :
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>admin</web-resource-name>
> <url-pattern>/users</url-pattern>
> <http-method>POST</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>admin</role-name>
> </auth-constraint>
> </security-constraint>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>user</web-resource-name>
> <url-pattern>/users</url-pattern>
> <http-method>GET</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>user</role-name>
> </auth-constraint>
> </security-constraint>
>
>
>
> On Tue, Oct 24, 2017 at 9:45 AM, Karol Buler
> <K.Buler(a)adbglobal.com <mailto:K.Buler@adbglobal.com>> wrote:
>
> Hi Bettina,
>
> thank you for response, but this is not exactly what I want. With
> enforcement filter we can define which methods (paths) should be
> protected, but not which ROLE has access to the resources.
>
> I realized this with API Gateway based on Zuul.
>
> Regards,
> Karol
>
>
> On 24.10.2017 08:09, Hübner, Bettina wrote:
> > Hi Karol,
> >
> > Perhaps this might help you:
> >
>
http://www.keycloak.org/docs/latest/authorization_services/topics/enforce...
>
<http://www.keycloak.org/docs/latest/authorization_services/topics/enforce...
> >
> > Regards,
> > Bettina
> >
> >
> >
> >
> > -----Ursprüngliche Nachricht-----
> > Von: keycloak-user-bounces(a)lists.jboss.org
> <mailto:keycloak-user-bounces@lists.jboss.org>
> [mailto:keycloak-user-bounces@lists.jboss.org
> <mailto:keycloak-user-bounces@lists.jboss.org>] Im Auftrag
> von Karol Buler
> > Gesendet: Montag, 23. Oktober 2017 10:45
> > An: keycloak-user(a)lists.jboss.org
> <mailto:keycloak-user@lists.jboss.org>
> > Betreff: [keycloak-user] Securing GET/POST/DELETE in
> different way
> >
> > Hi all,
> >
> > is there any possibility to secure GET/POST/DELETE etc.
> methods in a
> > different way?
> >
> > e.g.
> >
> > endpoint: /users
> >
> > GET: for Keycloak's role 'user'
> >
> > POST: for Keycloak's role 'users_admin'
> >
> > and so on. Result is that user with 'user' cannot create
> another user in
> > our system.
> >
> > Regards,
> > Karol
> >
> > [https://www.adbglobal.com/wp-content/uploads/adb.png
> <https://www.adbglobal.com/wp-content/uploads/adb.png>]
> > adbglobal.com
> <http://adbglobal.com><https://www.adbglobal.com
> <https://www.adbglobal.com>>
> >
> [https://www.adbglobal.com/wp-content/uploads/linkedin_logo.png
>
<https://www.adbglobal.com/wp-content/uploads/linkedin_logo.png>]<ht...
> <https://www.linkedin.com/company/adb/>>
> [https://www.adbglobal.com/wp-content/uploads/twitter_logo.png
> <https://www.adbglobal.com/wp-content/uploads/twitter_logo.png>]
> <https://twitter.com/adb_global
> <https://twitter.com/adb_global>>
> [https://www.adbglobal.com/wp-content/uploads/pinterest_logo.png
> <https://www.adbglobal.com/wp-content/uploads/pinterest_logo.png>]
> <https://pinterest.com/adbglobal/pins/
> <https://pinterest.com/adbglobal/pins/>>
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> <mailto:keycloak-user@lists.jboss.org>
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> <mailto:keycloak-user@lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
>
![https://www.adbglobal.com/wp-content/uploads/linkedin_logo.png>]<ht...](https://www.adbglobal.com/wp-content/uploads/linkedin_logo.png%3E]%3Chttps://www.linkedin.com/company/adb/){kind=link}
