Re: [keycloak-user] How to secure the application's root
Please ignore this question, just found that I need to add this line
" <auth-constraint>
<role-name>user</role-name>
</auth-constraint>"
to the <security-constraint> section.
Thank you.
On Fri, Aug 5, 2016 at 10:35 PM, Ling <lingvisa(a)gmail.com> wrote:
Hi, if I want to secure the root directory, namely, when I visit
http://localhost:8080/myapp, then it redirects me to the keycloak login
page, asking for credentials. How to achieve that?
I modified the Web.xml as follows, but it doesn't secure anything at all.
I thought this should work "<url-pattern>/*</url-pattern>", but it
doesn't.
<!--
<security-constraint>
<web-resource-collection>
<web-resource-name>Admins</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Login</web-resource-name>
<url-pattern>/login2/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
-->
<security-constraint>
<web-resource-collection>
<web-resource-name>Web Root</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<!--
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
-->
</security-constraint>
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>bword</realm-name>
</login-config>
Attachments:
- attachment.html (text/html — 3.2 KB)