Juan,
I'm not sure that your environment is like mine but I have something
like:
@Path("/user")
@Stateless
public class UserService {
...
@Path("/getUserInformation")
@Produces({ MediaType.APPLICATION_JSON })
@GET
@HttpConstraint(rolesAllowed = {"companyAdmin"})
public Response getUserInformation(@Context HttpServletRequest
request) {
}
}
This means that someone had to have already logged in elsewhere and
be in the companyAdmin role before they will have the ability to
call the getUserInformation method. If they are not logged in or
are not in that roll they will get a forbidden message. Any methods
that do not have the HttpConstraint annotation are not protected.
Is this what you're looking for?
On 06/19/2015 12:32 PM, Juan Diego
wrote:
How can I secure a method for a role, if a rest
service has multiple methods.
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Scott Dunbar
Xigole Systems, Inc.
Enterprise consulting, development, and hosting
303·667·6343