Hi, i will check your spring configuration example tomorrow at work. My
spring configs with filtering by roles (ROLE_USER, ROLE_ADMIN defined in
keycloak as realm roles) works without any problems, so role based
access control via spring+keycloak was ok right out of the box.
Anyway thank you very much for your advices.
28.03.2017 8:14, ebondu пишет:
Hi,
All sounds ok with your KC conf,
Here is the Spring security chain I use :
<http auto-config='false'
entry-point-ref="authenticationEntryPoint"
create-session="stateless" use-expressions="true">
<custom-filter ref="keycloakPreAuthActionsFilter"
before="HEADERS_FILTER"
/>
<custom-filter ref="keycloakAuthenticationProcessingFilter"
before="FORM_LOGIN_FILTER" />
<custom-filter ref="keycloakAuthenticatedActionsFilter"
after="FORM_LOGIN_FILTER" />
...
</http>
The authenticatedActionFilter will check if the required scope defined in
keycloak.json exists in the token, in that case you don't have to use in
spring intercept-url.
Another idea, maybe you should try with just "USER" as role value because by
default spring add a prefix "ROLE_".
--
View this message in context:
http://keycloak-user.88327.x6.nabble.com/keycloak-user-Policy-Enforcer-in...
Sent from the keycloak-user mailing list archive at
Nabble.com.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user