Re: [keycloak-user] Policy Enforcer in Spring Security Adapter

Hi, All sounds ok with your KC conf, Here is the Spring security chain I use : <http auto-config='false' entry-point-ref="authenticationEntryPoint" create-session="stateless" use-expressions="true"> <custom-filter ref="keycloakPreAuthActionsFilter" before="HEADERS_FILTER" /> <custom-filter ref="keycloakAuthenticationProcessingFilter" before="FORM_LOGIN_FILTER" /> <custom-filter ref="keycloakAuthenticatedActionsFilter" after="FORM_LOGIN_FILTER" /> ... </http> The authenticatedActionFilter will check if the required scope defined in keycloak.json exists in the token, in that case you don't have to use in spring intercept-url. Another idea, maybe you should try with just "USER" as role value because by default spring add a prefix "ROLE_". -- View this message in context: http://keycloak-user.88327.x6.nabble.com/keycloak-user-Policy-Enforcer-in... Sent from the keycloak-user mailing list archive at Nabble.com.