Re: [keycloak-user] Policy Enforcement Mode cannot be changed.
From your logs it seems that access was actually GRANTED. So your user
should be able to access that resource:
Oct 26, 2016 7:37:33
org.keycloak.adapters.authorization.PolicyEnforcer enforce DEBUG:
Returning authorization context with permissions:
You don't have any permission in the logs because when you set
enforcement-mode to DISABLE, the enforcer will just let the request to
pass.
Maybe you have some other constraint applied to your resource within
your application ?
On Wed, 2016-10-26 at 19:40 +0800, Joey wrote:
Hi Guys,
I read from documents, and my understanding is if set Policy
Enforcement Mode to disable, then any users can access all resources.
but I tried to set it to disable. but nothing be changed.
For example,
I have a role call Role_A , and set a user Tom as this Role_A, if I
set a resource access policy without Role_A. this user Tom cannot
access this resource. And I can see some log in tomcat.
Oct 26, 2016 7:37:33 PM
org.keycloak.adapters.authorization.PolicyEnforcer enforce
DEBUG: Policy enforcement is enable. Enforcing policy decisions for
path [http://operation.iishang-intr.com:9111/op/jsp/base/loginStatist
ics/portalLoginStatistics.jsp].
Oct 26, 2016 7:37:33 PM
org.keycloak.adapters.authorization.PolicyEnforcer enforce
DEBUG: Policy enforcement result for path
[http://operation.iishang-intr.com:9111/op/jsp/base/loginStatistics/p
ortalLoginStatistics.jsp]
is : GRANTED
Oct 26, 2016 7:37:33 PM
org.keycloak.adapters.authorization.PolicyEnforcer enforce
DEBUG: Returning authorization context with permissions:
Joey
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Pedro Igor