Re: [keycloak-user] default permissions

I see. We don't have anything like that, sorry. But a option to statically DISABLE policy enforcement for a specific path in keycloak.json (policy-enforcer settings). Also, in order to achieve what you want you probably need to ignore bearer token authentication for these paths you want to make public (although they are intercepted by the adapter). Could you fill a JIRA describing your use case and requirements ? On Sun, Nov 12, 2017 at 6:50 PM, Corentin Dupont < corentin.dupont(a)gmail.com&gt; wrote: > Hi Pedro, > I don't really have public/private paths in the API. > Some resources under those paths can be either public or private, however. > For instance, a URL would be like that: > > www.example.com/api/v1/cities/rome/houses > > I would like that some cities be accessible by everybody without token, > while some others will be private and require auth token and specific roles > to be accessed. > > Thanks! > > > On Fri, Nov 10, 2017 at 11:33 AM, Pedro Igor Silva <psilva(a)redhat.com&gt; > wrote: > >> Hi, >> >> I think you could probably change your application and remove the >> resources/paths you want to make public from the list of resources >> protected by the adapter. >> >> On Thu, Nov 9, 2017 at 2:06 PM, Corentin Dupont < >> corentin.dupont(a)gmail.com&gt; wrote: >> >>> Another question: how to apply default authorizations? >>> >>> I want to protect my API with authorization in Keycloak. However some >>> resources should be open to the public, accessible without any bearer >>> token. >>> My idea was: >>> - create an "unregistered_user" composite role, containing some basic >>> roles >>> - create a "guest" user, with the unregistered_user role >>> - on the API server, if there is no token in the request I will get the >>> roles of the guest user and user them. If there is a token, I'll use >>> that >>> user permissions. >>> What do you think of that process? >>> >>> Thanks >>> _______________________________________________ >>> keycloak-user mailing list >>> keycloak-user(a)lists.jboss.org >>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>> >> >> >