8:43 a.m.
Hello,
I am using a java servlet with keycloak filters, so no security constraints can be
applied. I would like to know how can I block some HttpMethods for users of a certain
role. I created roles in keycloak, I tried to define the auth-constraints within the
security-constraints but it always returns error 403 Unauthorized.
If I remove the auth constraint and security roles I am able to access the method. It
seems that it is not recognizing keycloak roles or not mapping them between the servlet
and keycloak.
I am blocking the method as shown below in the class:
@GET
@Path("/get")
@RolesAllowed("admin")
@Produces(MediaType.TEXT_PLAIN)
public String delU(@HeaderParam("user_id")) {
...
}
And I have the filters like the link below in the web.xml:
https://keycloak.gitbooks.io/securing-client-applications-guide/content/v...
Best Regards
3 a.m.
Is the "admin" role a realm role or client role? If it's client role you
need to set use-resource-role-mappings to true in keycloak.json. Also, does
your user have the role and does the client have a scope on the role (or
full scope enabled)?
On 27 September 2016 at 15:43, Rui Neves <ruiwp_93(a)hotmail.com> wrote:
Hello,
I am using a java servlet with keycloak filters, so no security
constraints can be applied. I would like to know how can I block some
HttpMethods for users of a certain role. I created roles in keycloak, I
tried to define the auth-constraints within the security-constraints but it
always returns error 403 Unauthorized.
If I remove the auth constraint and security roles I am able to access the
method. It seems that it is not recognizing keycloak roles or not mapping
them between the servlet and keycloak.
I am blocking the method as shown below in the class:
@GET@Path("/get")@RolesAllowed("admin")(a)Produces(MediaType.TEXT_PLAIN)public
String delU(@HeaderParam("user_id")) {
...}
And I have the filters like the link below in the web.xml:
https://keycloak.gitbooks.io/securing-client-applications-
guide/content/v/2.2/topics/oidc/java/servlet-filter-adapter.html
Best Regards
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3022
days inactive
3025
days old
1 comments
2 participants
participants (2)
-
Rui Neves -
Stian Thorgersen