7:14 a.m.
The AuthzClient should be using a token issued on behalf of alice when
invoking the API for creating a ticket. Is that what is happening when you
obtain the client and invoke the endpoint ?
On Tue, Sep 17, 2019 at 5:40 AM Nicola Messina <nikmess(a)hotmail.it> wrote:
Hi Pedro,
tanks for the answer, sorry, but i dont understand how, my code is :
String resourceId="3707be30-6e85-4d48-92c9-afaf0750eaec";
String DestinatarioId="4308881b-5754-44e4-a8c6-dbd13bbbc4a6";
String scopeId="3497b93d-ae42-42ee-b825-f1da667902b4";
String Soggetto =
keycloak_helper.getKeycloakSecurityContext(request).getToken().getSubject();
PermissionTicketRepresentation ticket = new
PermissionTicketRepresentation();
ticket.setOwner(Soggetto);
ticket.setOwnerName("alice");
ticket.setResource(resourceId);
ticket.setResourceName("Foto-Vacci");
ticket.setRequester(DestinatarioId);
ticket.setRequesterName("bob");
ticket.setScope(scopeId);
ticket.setScopeName("foto:view");
ticket.setGranted(true);
keycloak_helper.getAuthzClient(request).protection().permission().create(ticket);
The request is made from the owner of the resource "alice" and this
request is made from the Java backend, like the photoz example.
Can you help me understand what is wrong?
King Regards
------------------------------
*Da:* Pedro Igor Silva <psilva(a)redhat.com>
*Inviato:* lunedì 16 settembre 2019 23:14
*A:* Nicola <nikmess(a)hotmail.it>
*Cc:* keycloak-user <keycloak-user(a)lists.jboss.org>
*Oggetto:* Re: [keycloak-user] Keycloak Share a resource with other User
Hi,
Basically, only the owner can create tickets for his/her resources. You
need to access the API using a bearer token where the owner of the resource
is the subject.
Regards.
Pedro Igor
On Mon, Sep 16, 2019 at 3:21 PM Nicola <nikmess(a)hotmail.it> wrote:
Hi, i'm new to keycloak, i'm watching the *photoz uma example*, in this
example a user can *create *a resource and then *share *with other user,
i'm
interested to this feature.
Checking in the JavaDOC i've found that from a PermissionResource i can
create a *PermissionTicketRepresentation*, where i can set the resource,
the
scope, the owner and the requester of the resource, i've tried this, but i
get
/{"error":"not_authorised","error_description":"permissions
for
[3707be30-6e85-4d48-92c9-afaf0750eaec] can be only created by the owner"}/
so, how can i do this via code?
kind regards
--
Sent from: http://keycloak-user.88327.x6.nabble.com/
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user