Hi Yegui,
Please take a look at BeerCloak:
https://github.com/dteleguin/beercloak
This all is in fact a long story; the talks about the hypothetical
Realm Admin Resource SPI have been circulating for years, but
unfortunately we haven't come up with anything yet [1]. At the moment,
the techniques for building protected REST resources (and more) have
been collected and published as BeerCloak.
In BeerCloak, the resource is protected with custom roles. If you're ok
with the built-in roles, your code will be much simpler.
Feel free to ask me any questions regarding BeerCloak. Also I'm
planning to port BeerCloak to the new technique introduced in Keycloak
3.2.0, so the could would become simpler. Stay tuned!
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+ 42 (022) 888-30-71E-mail: info@acutus.pro
[1]
http://lists.jboss.org/pipermail/keycloak-dev/2017-July/009648.html
On Thu, 2018-07-05 at 15:57 -0400, Yegui Cai wrote:
Hi.
Would it be possible to add an admin rest API via building a SPI? If
so,
any doc/resource I should check? I played with the REST resource SPI
under
example directory. However, it is not protected yet. What mechanism
can I
take to protect the newly added API?
Thanks!
Yegui
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user