7:18 a.m.
Hi
First of all, excuse me for poor English.
I am trying to use Keycloak in Spring Boot 2, I read many articles about this matter, such
as follow link:
https://www.keycloak.org/docs/2.5/securing_apps/topics/oidc/java/spring-b...
There was an issue that i can't resolve it. Resource and policy and permissions
defined in admin panel for client, does not any effect on my server. For example I defined
a resource for URL pattern /rest/* and a policy for having ROLE_REST, also I defined a
permission for mapping this resource and policy.
But after running the server, I can use rest services without any limitation and
authentication.
Now the question is: How can I manage Spring Boot application security and permissions
from Keycloak admin panel?
Thank you
2:39 a.m.
Hi Ali,
it looks like you have wrongly configured Spring Boot Keycloak adapter.
Make sure you configured everything which is shown here (especially the
part with security constraints):
https://www.keycloak.org/docs/latest/securing_apps/index.html#_spring_boo...
Michal
On Sat, May 4, 2019 at 2:21 PM Ali Ahmadzadeh Asl <ahmadzadehasl(a)outlook.com>
wrote:
Hi
First of all, excuse me for poor English.
I am trying to use Keycloak in Spring Boot 2, I read many articles about
this matter, such as follow link:
https://www.keycloak.org/docs/2.5/securing_apps/topics/oidc/java/spring-b...
There was an issue that i can't resolve it. Resource and policy and
permissions defined in admin panel for client, does not any effect on my
server. For example I defined a resource for URL pattern /rest/* and a
policy for having ROLE_REST, also I defined a permission for mapping this
resource and policy.
But after running the server, I can use rest services without any
limitation and authentication.
Now the question is: How can I manage Spring Boot application security and
permissions from Keycloak admin panel?
Thank you
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
12:05 a.m.
Hi Michal,
I'm configured my server exactly like this tutorial, but I'm not defined any
keycloak.securityConstraints in application.properties file, I want to define permissions
and policies in Keycloak admin panel. Does this require any special setting? Do anybody
have any sample or tutorial for this?
________________________________
From: Michal Hajas <mhajas(a)redhat.com>
Sent: Monday, May 6, 2019 12:09 PM
To: Ali Ahmadzadeh Asl
Cc: keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Help for using Keycloak in Spring Boot
Hi Ali,
it looks like you have wrongly configured Spring Boot Keycloak adapter. Make sure you
configured everything which is shown here (especially the part with security constraints):
https://www.keycloak.org/docs/latest/securing_apps/index.html#_spring_boo...
Michal
On Sat, May 4, 2019 at 2:21 PM Ali Ahmadzadeh Asl
<ahmadzadehasl@outlook.com<mailto:ahmadzadehasl@outlook.com>> wrote:
Hi
First of all, excuse me for poor English.
I am trying to use Keycloak in Spring Boot 2, I read many articles about this matter, such
as follow link:
https://www.keycloak.org/docs/2.5/securing_apps/topics/oidc/java/spring-b...
There was an issue that i can't resolve it. Resource and policy and permissions
defined in admin panel for client, does not any effect on my server. For example I defined
a resource for URL pattern /rest/* and a policy for having ROLE_REST, also I defined a
permission for mapping this resource and policy.
But after running the server, I can use rest services without any limitation and
authentication.
Now the question is: How can I manage Spring Boot application security and permissions
from Keycloak admin panel?
Thank you
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
12:24 a.m.
Hi Ali,
Have you tried this quickstart that shows how tu use the authz service from
KC
https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-sp...
Also make sure you enable the policy enforcer on the app side in the
configuration , i.e :
keycloak.policy-enforcer-config.on-deny-redirect-to=/accessDenied
sebi
On Tue, May 7, 2019 at 7:07 AM Ali Ahmadzadeh Asl <ahmadzadehasl(a)outlook.com>
wrote:
Hi Michal,
I'm configured my server exactly like this tutorial, but I'm not defined
any keycloak.securityConstraints in application.properties file, I want to
define permissions and policies in Keycloak admin panel. Does this require
any special setting? Do anybody have any sample or tutorial for this?
________________________________
From: Michal Hajas <mhajas(a)redhat.com>
Sent: Monday, May 6, 2019 12:09 PM
To: Ali Ahmadzadeh Asl
Cc: keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Help for using Keycloak in Spring Boot
Hi Ali,
it looks like you have wrongly configured Spring Boot Keycloak adapter.
Make sure you configured everything which is shown here (especially the
part with security constraints):
https://www.keycloak.org/docs/latest/securing_apps/index.html#_spring_boo...
Michal
On Sat, May 4, 2019 at 2:21 PM Ali Ahmadzadeh Asl <
ahmadzadehasl@outlook.com<mailto:ahmadzadehasl@outlook.com>> wrote:
Hi
First of all, excuse me for poor English.
I am trying to use Keycloak in Spring Boot 2, I read many articles about
this matter, such as follow link:
https://www.keycloak.org/docs/2.5/securing_apps/topics/oidc/java/spring-b...
There was an issue that i can't resolve it. Resource and policy and
permissions defined in admin panel for client, does not any effect on my
server. For example I defined a resource for URL pattern /rest/* and a
policy for having ROLE_REST, also I defined a permission for mapping this
resource and policy.
But after running the server, I can use rest services without any
limitation and authentication.
Now the question is: How can I manage Spring Boot application security and
permissions from Keycloak admin panel?
Thank you
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
1:57 a.m.
Hi Ali,
as far as I understand, you have to specify securityContrains (it is also
in authz quickstart:
https://github.com/keycloak/keycloak-quickstarts/blob/latest/app-authz-sp...)
so that Keycloak know about your resources. You can specify your
permissions and policies afterward.
Michal
On Tue, May 7, 2019 at 7:24 AM Sebastien Blanc <sblanc(a)redhat.com> wrote:
Hi Ali,
Have you tried this quickstart that shows how tu use the authz service
from KC
https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-sp...
Also make sure you enable the policy enforcer on the app side in the
configuration , i.e :
keycloak.policy-enforcer-config.on-deny-redirect-to=/accessDenied
sebi
On Tue, May 7, 2019 at 7:07 AM Ali Ahmadzadeh Asl <
ahmadzadehasl(a)outlook.com> wrote:
>
> Hi Michal,
>
> I'm configured my server exactly like this tutorial, but I'm not defined
> any keycloak.securityConstraints in application.properties file, I want to
> define permissions and policies in Keycloak admin panel. Does this require
> any special setting? Do anybody have any sample or tutorial for this?
> ________________________________
> From: Michal Hajas <mhajas(a)redhat.com>
> Sent: Monday, May 6, 2019 12:09 PM
> To: Ali Ahmadzadeh Asl
> Cc: keycloak-user(a)lists.jboss.org
> Subject: Re: [keycloak-user] Help for using Keycloak in Spring Boot
>
> Hi Ali,
>
> it looks like you have wrongly configured Spring Boot Keycloak adapter.
> Make sure you configured everything which is shown here (especially the
> part with security constraints):
> https://www.keycloak.org/docs/latest/securing_apps/index.html#_spring_boo...
>
> Michal
>
> On Sat, May 4, 2019 at 2:21 PM Ali Ahmadzadeh Asl <
> ahmadzadehasl@outlook.com<mailto:ahmadzadehasl@outlook.com>> wrote:
> Hi
> First of all, excuse me for poor English.
>
> I am trying to use Keycloak in Spring Boot 2, I read many articles about
> this matter, such as follow link:
>
>
https://www.keycloak.org/docs/2.5/securing_apps/topics/oidc/java/spring-b...
>
>
> There was an issue that i can't resolve it. Resource and policy and
> permissions defined in admin panel for client, does not any effect on my
> server. For example I defined a resource for URL pattern /rest/* and a
> policy for having ROLE_REST, also I defined a permission for mapping this
> resource and policy.
>
> But after running the server, I can use rest services without any
> limitation and authentication.
> Now the question is: How can I manage Spring Boot application security
> and permissions from Keycloak admin panel?
>
> Thank you
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
3:08 a.m.
Hi guys,
Thank you Michal, Thank you Sebastien. As you know, in the application.properties file of
this project there is a keycloak.securityConstraints which enforce visitors for having
role "user", when I remove this securityConstraints and run the project, every
requests redirects to "/accessDenied" page, though based on permissions defined
in admin panel, url / is public.
If I have to define at least one securityConstraints in application.properties (which in
my opinion, is not a good constraint), how can I define it as a public patterns without
any role constraint?
________________________________
From: Michal Hajas <mhajas(a)redhat.com>
Sent: Tuesday, May 7, 2019 11:27 AM
To: Sebastien Blanc
Cc: Ali Ahmadzadeh Asl; keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Help for using Keycloak in Spring Boot
Hi Ali,
as far as I understand, you have to specify securityContrains (it is also in authz
quickstart:
https://github.com/keycloak/keycloak-quickstarts/blob/latest/app-authz-sp...)
so that Keycloak know about your resources. You can specify your permissions and policies
afterward.
Michal
On Tue, May 7, 2019 at 7:24 AM Sebastien Blanc
<sblanc@redhat.com<mailto:sblanc@redhat.com>> wrote:
Hi Ali,
Have you tried this quickstart that shows how tu use the authz service from KC
https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-sp...
Also make sure you enable the policy enforcer on the app side in the configuration , i.e
:
keycloak.policy-enforcer-config.on-deny-redirect-to=/accessDenied
sebi
On Tue, May 7, 2019 at 7:07 AM Ali Ahmadzadeh Asl
<ahmadzadehasl@outlook.com<mailto:ahmadzadehasl@outlook.com>> wrote:
Hi Michal,
I'm configured my server exactly like this tutorial, but I'm not defined any
keycloak.securityConstraints in application.properties file, I want to define permissions
and policies in Keycloak admin panel. Does this require any special setting? Do anybody
have any sample or tutorial for this?
________________________________
From: Michal Hajas <mhajas@redhat.com<mailto:mhajas@redhat.com>>
Sent: Monday, May 6, 2019 12:09 PM
To: Ali Ahmadzadeh Asl
Cc: keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
Subject: Re: [keycloak-user] Help for using Keycloak in Spring Boot
Hi Ali,
it looks like you have wrongly configured Spring Boot Keycloak adapter. Make sure you
configured everything which is shown here (especially the part with security constraints):
https://www.keycloak.org/docs/latest/securing_apps/index.html#_spring_boo...
Michal
On Sat, May 4, 2019 at 2:21 PM Ali Ahmadzadeh Asl
<ahmadzadehasl@outlook.com<mailto:ahmadzadehasl@outlook.com><mailto:ahmadzadehasl@outlook.com<mailto:ahmadzadehasl@outlook.com>>>
wrote:
Hi
First of all, excuse me for poor English.
I am trying to use Keycloak in Spring Boot 2, I read many articles about this matter, such
as follow link:
https://www.keycloak.org/docs/2.5/securing_apps/topics/oidc/java/spring-b...
There was an issue that i can't resolve it. Resource and policy and permissions
defined in admin panel for client, does not any effect on my server. For example I defined
a resource for URL pattern /rest/* and a policy for having ROLE_REST, also I defined a
permission for mapping this resource and policy.
But after running the server, I can use rest services without any limitation and
authentication.
Now the question is: How can I manage Spring Boot application security and permissions
from Keycloak admin panel?
Thank you
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org><mailto:keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
4:39 p.m.
Hello Ali,
It would be helpful if you could share your application.properties (scrubbing the secrets,
if any) as well as authorization settings in Keycloak.
Please also mind that security constraints (role-based) and authorization are separate
concepts, in the sense that they are configured and enforced differently.
Cheers,
Dmitry Telegin
Opensource IAM consultant
https://www.linkedin.com/in/d-telegin
On Tue, 2019-05-07 at 08:08 +0000, Ali Ahmadzadeh Asl wrote:
Hi guys,
Thank you Michal, Thank you Sebastien. As you know, in the application.properties file of
this project there is a keycloak.securityConstraints which enforce visitors for having
role "user", when I remove this securityConstraints and run the project, every
requests redirects to "/accessDenied" page, though based on permissions defined
in admin panel, url / is public.
If I have to define at least one securityConstraints in application.properties (which in
my opinion, is not a good constraint), how can I define it as a public patterns without
any role constraint?
________________________________
> From: Michal Hajas <mhajas(a)redhat.com>
Sent: Tuesday, May 7, 2019 11:27 AM
To: Sebastien Blanc
Cc: Ali Ahmadzadeh Asl; keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Help for using Keycloak in Spring Boot
Hi Ali,
as far as I understand, you have to specify securityContrains (it is also in authz
quickstart:
https://github.com/keycloak/keycloak-quickstarts/blob/latest/app-authz-sp...)
so that Keycloak know about your resources. You can specify your permissions and policies
afterward.
Michal
> > On Tue, May 7, 2019 at 7:24 AM Sebastien Blanc
<sblanc@redhat.com<mailto:sblanc@redhat.com>> wrote:
Hi Ali,
Have you tried this quickstart that shows how tu use the authz service from KC
https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-sp...
Also make sure you enable the policy enforcer on the app side in the configuration , i.e
:
keycloak.policy-enforcer-config.on-deny-redirect-to=/accessDenied
sebi
> On Tue, May 7, 2019 at 7:07 AM Ali Ahmadzadeh Asl
<ahmadzadehasl@outlook.com<mailto:ahmadzadehasl@outlook.com>> wrote:
Hi Michal,
I'm configured my server exactly like this tutorial, but I'm not defined any
keycloak.securityConstraints in application.properties file, I want to define permissions
and policies in Keycloak admin panel. Does this require any special setting? Do anybody
have any sample or tutorial for this?
________________________________
> > From: Michal Hajas <mhajas@redhat.com<mailto:mhajas@redhat.com>>
Sent: Monday, May 6, 2019 12:09 PM
To: Ali Ahmadzadeh Asl
> Cc: keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
Subject: Re: [keycloak-user] Help for using Keycloak in Spring Boot
Hi Ali,
it looks like you have wrongly configured Spring Boot Keycloak adapter. Make sure you
configured everything which is shown here (especially the part with security constraints):
https://www.keycloak.org/docs/latest/securing_apps/index.html#_spring_boo...
Michal
> > On Sat, May 4, 2019 at 2:21 PM Ali Ahmadzadeh Asl
<ahmadzadehasl@outlook.com<mailto:ahmadzadehasl@outlook.com><mailto:ahmadzadehasl@outlook.com<mailto:ahmadzadehasl@outlook.com>>>
wrote:
Hi
First of all, excuse me for poor English.
I am trying to use Keycloak in Spring Boot 2, I read many articles about this matter,
such as follow link:
https://www.keycloak.org/docs/2.5/securing_apps/topics/oidc/java/spring-b...
There was an issue that i can't resolve it. Resource and policy and permissions
defined in admin panel for client, does not any effect on my server. For example I defined
a resource for URL pattern /rest/* and a policy for having ROLE_REST, also I defined a
permission for mapping this resource and policy.
But after running the server, I can use rest services without any limitation and
authentication.
Now the question is: How can I manage Spring Boot application security and permissions
from Keycloak admin panel?
Thank you
_______________________________________________
keycloak-user mailing list
> >
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org><mailto:keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
> keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
5:01 a.m.
Hi Dmitry,
Based on the previous emails, I have only one problem now. When I set the config
'on-deny-redirect-to' in application.properties file, I have to define at least
one securityConstraints in this file too. How can I define this securityConstraints as a
permit all constraint? something like this:
keycloak.securityConstraints[0].authRoles[0] = none
keycloak.securityConstraints[0].securityCollections[0].name = default
keycloak.securityConstraints[0].securityCollections[0].patterns[0] = /
________________________________
From: Dmitry Telegin <demetrio(a)carretti.pro>
Sent: Thursday, May 9, 2019 2:09 AM
To: Ali Ahmadzadeh Asl; Michal Hajas; Sebastien Blanc
Cc: keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Help for using Keycloak in Spring Boot
Hello Ali,
It would be helpful if you could share your application.properties (scrubbing the secrets,
if any) as well as authorization settings in Keycloak.
Please also mind that security constraints (role-based) and authorization are separate
concepts, in the sense that they are configured and enforced differently.
Cheers,
Dmitry Telegin
Opensource IAM consultant
https://www.linkedin.com/in/d-telegin
On Tue, 2019-05-07 at 08:08 +0000, Ali Ahmadzadeh Asl wrote:
Hi guys,
Thank you Michal, Thank you Sebastien. As you know, in the application.properties file of
this project there is a keycloak.securityConstraints which enforce visitors for having
role "user", when I remove this securityConstraints and run the project, every
requests redirects to "/accessDenied" page, though based on permissions defined
in admin panel, url / is public.
If I have to define at least one securityConstraints in application.properties (which in
my opinion, is not a good constraint), how can I define it as a public patterns without
any role constraint?
________________________________
> From: Michal Hajas <mhajas(a)redhat.com>
Sent: Tuesday, May 7, 2019 11:27 AM
To: Sebastien Blanc
Cc: Ali Ahmadzadeh Asl; keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Help for using Keycloak in Spring Boot
Hi Ali,
as far as I understand, you have to specify securityContrains (it is also in authz
quickstart:
https://github.com/keycloak/keycloak-quickstarts/blob/latest/app-authz-sp...)
so that Keycloak know about your resources. You can specify your permissions and policies
afterward.
Michal
> > On Tue, May 7, 2019 at 7:24 AM Sebastien Blanc
<sblanc@redhat.com<mailto:sblanc@redhat.com>> wrote:
Hi Ali,
Have you tried this quickstart that shows how tu use the authz service from KC
https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-sp...
Also make sure you enable the policy enforcer on the app side in the configuration , i.e
:
keycloak.policy-enforcer-config.on-deny-redirect-to=/accessDenied
sebi
> On Tue, May 7, 2019 at 7:07 AM Ali Ahmadzadeh Asl
<ahmadzadehasl@outlook.com<mailto:ahmadzadehasl@outlook.com>> wrote:
Hi Michal,
I'm configured my server exactly like this tutorial, but I'm not defined any
keycloak.securityConstraints in application.properties file, I want to define permissions
and policies in Keycloak admin panel. Does this require any special setting? Do anybody
have any sample or tutorial for this?
________________________________
> > From: Michal Hajas <mhajas@redhat.com<mailto:mhajas@redhat.com>>
Sent: Monday, May 6, 2019 12:09 PM
To: Ali Ahmadzadeh Asl
> Cc: keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
Subject: Re: [keycloak-user] Help for using Keycloak in Spring Boot
Hi Ali,
it looks like you have wrongly configured Spring Boot Keycloak adapter. Make sure you
configured everything which is shown here (especially the part with security constraints):
https://www.keycloak.org/docs/latest/securing_apps/index.html#_spring_boo...
Michal
> > On Sat, May 4, 2019 at 2:21 PM Ali Ahmadzadeh Asl
<ahmadzadehasl@outlook.com<mailto:ahmadzadehasl@outlook.com><mailto:ahmadzadehasl@outlook.com<mailto:ahmadzadehasl@outlook.com>>>
wrote:
Hi
First of all, excuse me for poor English.
I am trying to use Keycloak in Spring Boot 2, I read many articles about this matter,
such as follow link:
https://www.keycloak.org/docs/2.5/securing_apps/topics/oidc/java/spring-b...
There was an issue that i can't resolve it. Resource and policy and permissions
defined in admin panel for client, does not any effect on my server. For example I defined
a resource for URL pattern /rest/* and a policy for having ROLE_REST, also I defined a
permission for mapping this resource and policy.
But after running the server, I can use rest services without any limitation and
authentication.
Now the question is: How can I manage Spring Boot application security and permissions
from Keycloak admin panel?
Thank you
_______________________________________________
keycloak-user mailing list
> >
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org><mailto:keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
> keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
5:33 a.m.
Hi,
Can anybody help to do this matter? I want to define a security constraint for allowing
any user (even unauthenticated users) to view and access some pages, something like this:
keycloak.securityConstraints[0].authRoles[0] = none
keycloak.securityConstraints[0].securityCollections[0].name = default
keycloak.securityConstraints[0].securityCollections[0].patterns[0] = /
How is this possible?
________________________________
From: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces(a)lists.jboss.org>
on behalf of Ali Ahmadzadeh Asl <ahmadzadehasl(a)outlook.com>
Sent: Tuesday, May 14, 2019 2:31 PM
To: Dmitry Telegin; Michal Hajas; Sebastien Blanc
Cc: keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Help for using Keycloak in Spring Boot
Hi Dmitry,
Based on the previous emails, I have only one problem now. When I set the config
'on-deny-redirect-to' in application.properties file, I have to define at least
one securityConstraints in this file too. How can I define this securityConstraints as a
permit all constraint? something like this:
keycloak.securityConstraints[0].authRoles[0] = none
keycloak.securityConstraints[0].securityCollections[0].name = default
keycloak.securityConstraints[0].securityCollections[0].patterns[0] = /
________________________________
From: Dmitry Telegin <demetrio(a)carretti.pro>
Sent: Thursday, May 9, 2019 2:09 AM
To: Ali Ahmadzadeh Asl; Michal Hajas; Sebastien Blanc
Cc: keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Help for using Keycloak in Spring Boot
Hello Ali,
It would be helpful if you could share your application.properties (scrubbing the secrets,
if any) as well as authorization settings in Keycloak.
Please also mind that security constraints (role-based) and authorization are separate
concepts, in the sense that they are configured and enforced differently.
Cheers,
Dmitry Telegin
Opensource IAM consultant
https://www.linkedin.com/in/d-telegin
On Tue, 2019-05-07 at 08:08 +0000, Ali Ahmadzadeh Asl wrote:
Hi guys,
Thank you Michal, Thank you Sebastien. As you know, in the application.properties file of
this project there is a keycloak.securityConstraints which enforce visitors for having
role "user", when I remove this securityConstraints and run the project, every
requests redirects to "/accessDenied" page, though based on permissions defined
in admin panel, url / is public.
If I have to define at least one securityConstraints in application.properties (which in
my opinion, is not a good constraint), how can I define it as a public patterns without
any role constraint?
________________________________
> From: Michal Hajas <mhajas(a)redhat.com>
Sent: Tuesday, May 7, 2019 11:27 AM
To: Sebastien Blanc
Cc: Ali Ahmadzadeh Asl; keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Help for using Keycloak in Spring Boot
Hi Ali,
as far as I understand, you have to specify securityContrains (it is also in authz
quickstart:
https://github.com/keycloak/keycloak-quickstarts/blob/latest/app-authz-sp...)
so that Keycloak know about your resources. You can specify your permissions and policies
afterward.
Michal
> > On Tue, May 7, 2019 at 7:24 AM Sebastien Blanc
<sblanc@redhat.com<mailto:sblanc@redhat.com>> wrote:
Hi Ali,
Have you tried this quickstart that shows how tu use the authz service from KC
https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-sp...
Also make sure you enable the policy enforcer on the app side in the configuration , i.e
:
keycloak.policy-enforcer-config.on-deny-redirect-to=/accessDenied
sebi
> On Tue, May 7, 2019 at 7:07 AM Ali Ahmadzadeh Asl
<ahmadzadehasl@outlook.com<mailto:ahmadzadehasl@outlook.com>> wrote:
Hi Michal,
I'm configured my server exactly like this tutorial, but I'm not defined any
keycloak.securityConstraints in application.properties file, I want to define permissions
and policies in Keycloak admin panel. Does this require any special setting? Do anybody
have any sample or tutorial for this?
________________________________
> > From: Michal Hajas <mhajas@redhat.com<mailto:mhajas@redhat.com>>
Sent: Monday, May 6, 2019 12:09 PM
To: Ali Ahmadzadeh Asl
> Cc: keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
Subject: Re: [keycloak-user] Help for using Keycloak in Spring Boot
Hi Ali,
it looks like you have wrongly configured Spring Boot Keycloak adapter. Make sure you
configured everything which is shown here (especially the part with security constraints):
https://www.keycloak.org/docs/latest/securing_apps/index.html#_spring_boo...
Michal
> > On Sat, May 4, 2019 at 2:21 PM Ali Ahmadzadeh Asl
<ahmadzadehasl@outlook.com<mailto:ahmadzadehasl@outlook.com><mailto:ahmadzadehasl@outlook.com<mailto:ahmadzadehasl@outlook.com>>>
wrote:
Hi
First of all, excuse me for poor English.
I am trying to use Keycloak in Spring Boot 2, I read many articles about this matter,
such as follow link:
https://www.keycloak.org/docs/2.5/securing_apps/topics/oidc/java/spring-b...
There was an issue that i can't resolve it. Resource and policy and permissions
defined in admin panel for client, does not any effect on my server. For example I defined
a resource for URL pattern /rest/* and a policy for having ROLE_REST, also I defined a
permission for mapping this resource and policy.
But after running the server, I can use rest services without any limitation and
authentication.
Now the question is: How can I manage Spring Boot application security and permissions
from Keycloak admin panel?
Thank you
_______________________________________________
keycloak-user mailing list
> >
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org><mailto:keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
> keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2035
days inactive
2063
days old
8 comments
4 participants
participants (4)
-
Ali Ahmadzadeh Asl -
Dmitry Telegin -
Michal Hajas -
Sebastien Blanc