I'll eventually implement adapter as a filter, but right now security
constraints are required.
On 9/15/2015 5:54 PM, Orestis Tsakiridis wrote:
Hello,
Is it possible to apply programmatic access control i.e. retrieve
KeycloakSecurityContext, get token, roles etc, when the
<security-contraint/> elements have been removed from web.xml?
The reason for that is that when <security-constraints/> are present the
requests get dropped by the keycloak adapter before reaching the REST
endpoints implementation in case they are not carrying a token. I'm
trying to support an alternative authorization mechanism using a custom
API Key parameter in case the Oauth token header is missing.
Regards
Orestis
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com