11:04 a.m.
Hi, i'm new to keycloak, i'm watching the *photoz uma example*, in this
example a user can *create *a resource and then *share *with other user, i'm
interested to this feature.
Checking in the JavaDOC i've found that from a PermissionResource i can
create a *PermissionTicketRepresentation*, where i can set the resource, the
scope, the owner and the requester of the resource, i've tried this, but i
get
/{"error":"not_authorised","error_description":"permissions
for
[3707be30-6e85-4d48-92c9-afaf0750eaec] can be only created by the owner"}/
so, how can i do this via code?
kind regards
--
Sent from: http://keycloak-user.88327.x6.nabble.com/
4:14 p.m.
Hi,
Basically, only the owner can create tickets for his/her resources. You
need to access the API using a bearer token where the owner of the resource
is the subject.
Regards.
Pedro Igor
On Mon, Sep 16, 2019 at 3:21 PM Nicola <nikmess(a)hotmail.it> wrote:
Hi, i'm new to keycloak, i'm watching the *photoz uma
example*, in this
example a user can *create *a resource and then *share *with other user,
i'm
interested to this feature.
Checking in the JavaDOC i've found that from a PermissionResource i can
create a *PermissionTicketRepresentation*, where i can set the resource,
the
scope, the owner and the requester of the resource, i've tried this, but i
get
/{"error":"not_authorised","error_description":"permissions
for
[3707be30-6e85-4d48-92c9-afaf0750eaec] can be only created by the owner"}/
so, how can i do this via code?
kind regards
--
Sent from: http://keycloak-user.88327.x6.nabble.com/
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3:40 a.m.
New subject: R: Keycloak Share a resource with other User
Hi Pedro,
tanks for the answer, sorry, but i dont understand how, my code is :
String resourceId="3707be30-6e85-4d48-92c9-afaf0750eaec";
String DestinatarioId="4308881b-5754-44e4-a8c6-dbd13bbbc4a6";
String scopeId="3497b93d-ae42-42ee-b825-f1da667902b4";
String Soggetto =
keycloak_helper.getKeycloakSecurityContext(request).getToken().getSubject();
PermissionTicketRepresentation ticket = new PermissionTicketRepresentation();
ticket.setOwner(Soggetto);
ticket.setOwnerName("alice");
ticket.setResource(resourceId);
ticket.setResourceName("Foto-Vacci");
ticket.setRequester(DestinatarioId);
ticket.setRequesterName("bob");
ticket.setScope(scopeId);
ticket.setScopeName("foto:view");
ticket.setGranted(true);
keycloak_helper.getAuthzClient(request).protection().permission().create(ticket);
The request is made from the owner of the resource "alice" and this request is
made from the Java backend, like the photoz example.
Can you help me understand what is wrong?
King Regards
________________________________
Da: Pedro Igor Silva <psilva(a)redhat.com>
Inviato: lunedì 16 settembre 2019 23:14
A: Nicola <nikmess(a)hotmail.it>
Cc: keycloak-user <keycloak-user(a)lists.jboss.org>
Oggetto: Re: [keycloak-user] Keycloak Share a resource with other User
Hi,
Basically, only the owner can create tickets for his/her resources. You need to access the
API using a bearer token where the owner of the resource is the subject.
Regards.
Pedro Igor
On Mon, Sep 16, 2019 at 3:21 PM Nicola
<nikmess@hotmail.it<mailto:nikmess@hotmail.it>> wrote:
Hi, i'm new to keycloak, i'm watching the *photoz uma example*, in this
example a user can *create *a resource and then *share *with other user, i'm
interested to this feature.
Checking in the JavaDOC i've found that from a PermissionResource i can
create a *PermissionTicketRepresentation*, where i can set the resource, the
scope, the owner and the requester of the resource, i've tried this, but i
get
/{"error":"not_authorised","error_description":"permissions
for
[3707be30-6e85-4d48-92c9-afaf0750eaec] can be only created by the owner"}/
so, how can i do this via code?
kind regards
--
Sent from: http://keycloak-user.88327.x6.nabble.com/
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
7:14 a.m.
The AuthzClient should be using a token issued on behalf of alice when
invoking the API for creating a ticket. Is that what is happening when you
obtain the client and invoke the endpoint ?
On Tue, Sep 17, 2019 at 5:40 AM Nicola Messina <nikmess(a)hotmail.it> wrote:
Hi Pedro,
tanks for the answer, sorry, but i dont understand how, my code is :
String resourceId="3707be30-6e85-4d48-92c9-afaf0750eaec";
String DestinatarioId="4308881b-5754-44e4-a8c6-dbd13bbbc4a6";
String scopeId="3497b93d-ae42-42ee-b825-f1da667902b4";
String Soggetto =
keycloak_helper.getKeycloakSecurityContext(request).getToken().getSubject();
PermissionTicketRepresentation ticket = new
PermissionTicketRepresentation();
ticket.setOwner(Soggetto);
ticket.setOwnerName("alice");
ticket.setResource(resourceId);
ticket.setResourceName("Foto-Vacci");
ticket.setRequester(DestinatarioId);
ticket.setRequesterName("bob");
ticket.setScope(scopeId);
ticket.setScopeName("foto:view");
ticket.setGranted(true);
keycloak_helper.getAuthzClient(request).protection().permission().create(ticket);
The request is made from the owner of the resource "alice" and this
request is made from the Java backend, like the photoz example.
Can you help me understand what is wrong?
King Regards
------------------------------
*Da:* Pedro Igor Silva <psilva(a)redhat.com>
*Inviato:* lunedì 16 settembre 2019 23:14
*A:* Nicola <nikmess(a)hotmail.it>
*Cc:* keycloak-user <keycloak-user(a)lists.jboss.org>
*Oggetto:* Re: [keycloak-user] Keycloak Share a resource with other User
Hi,
Basically, only the owner can create tickets for his/her resources. You
need to access the API using a bearer token where the owner of the resource
is the subject.
Regards.
Pedro Igor
On Mon, Sep 16, 2019 at 3:21 PM Nicola <nikmess(a)hotmail.it> wrote:
Hi, i'm new to keycloak, i'm watching the *photoz uma example*, in this
example a user can *create *a resource and then *share *with other user,
i'm
interested to this feature.
Checking in the JavaDOC i've found that from a PermissionResource i can
create a *PermissionTicketRepresentation*, where i can set the resource,
the
scope, the owner and the requester of the resource, i've tried this, but i
get
/{"error":"not_authorised","error_description":"permissions
for
[3707be30-6e85-4d48-92c9-afaf0750eaec] can be only created by the owner"}/
so, how can i do this via code?
kind regards
--
Sent from: http://keycloak-user.88327.x6.nabble.com/
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2:30 a.m.
New subject: R: Keycloak Share a resource with other User
I don't think that token is from Alice, the keycloak_helper class is
public class keycloak_helper {
public static PermissionResource getUserPermissionResource(HttpServletRequest
request)
{
return getAuthzClient(request).protection().permission();
}
public static AuthzClient getAuthzClient(HttpServletRequest request) {
return getAuthorizationContext(request).getClient();
}
private static ClientAuthorizationContext getAuthorizationContext(HttpServletRequest
request) {
return
ClientAuthorizationContext.class.cast(getKeycloakSecurityContext(request).getAuthorizationContext());
}
public static KeycloakSecurityContext getKeycloakSecurityContext(HttpServletRequest
request) {
return
KeycloakSecurityContext.class.cast(request.getAttribute(KeycloakSecurityContext.class.getName()));
}
}
the code is taken from photoz-uma example, at this point I don't know how to take this
token, can you tell me how to get the token?
I can retrieve the Alice token from the request parameter?
is this information present in the documentation?
If you can explain this point for a moment, you would give me a great help.
Thanks, Nicola
________________________________
Da: Pedro Igor Silva <psilva(a)redhat.com>
Inviato: martedì 17 settembre 2019 14:14
A: Nicola Messina <nikmess(a)hotmail.it>
Cc: keycloak-user <keycloak-user(a)lists.jboss.org>
Oggetto: Re: [keycloak-user] Keycloak Share a resource with other User
The AuthzClient should be using a token issued on behalf of alice when invoking the API
for creating a ticket. Is that what is happening when you obtain the client and invoke the
endpoint ?
On Tue, Sep 17, 2019 at 5:40 AM Nicola Messina
<nikmess@hotmail.it<mailto:nikmess@hotmail.it>> wrote:
Hi Pedro,
tanks for the answer, sorry, but i dont understand how, my code is :
String resourceId="3707be30-6e85-4d48-92c9-afaf0750eaec";
String DestinatarioId="4308881b-5754-44e4-a8c6-dbd13bbbc4a6";
String scopeId="3497b93d-ae42-42ee-b825-f1da667902b4";
String Soggetto =
keycloak_helper.getKeycloakSecurityContext(request).getToken().getSubject();
PermissionTicketRepresentation ticket = new PermissionTicketRepresentation();
ticket.setOwner(Soggetto);
ticket.setOwnerName("alice");
ticket.setResource(resourceId);
ticket.setResourceName("Foto-Vacci");
ticket.setRequester(DestinatarioId);
ticket.setRequesterName("bob");
ticket.setScope(scopeId);
ticket.setScopeName("foto:view");
ticket.setGranted(true);
keycloak_helper.getAuthzClient(request).protection().permission().create(ticket);
The request is made from the owner of the resource "alice" and this request is
made from the Java backend, like the photoz example.
Can you help me understand what is wrong?
King Regards
________________________________
Da: Pedro Igor Silva <psilva@redhat.com<mailto:psilva@redhat.com>>
Inviato: lunedì 16 settembre 2019 23:14
A: Nicola <nikmess@hotmail.it<mailto:nikmess@hotmail.it>>
Cc: keycloak-user
<keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>>
Oggetto: Re: [keycloak-user] Keycloak Share a resource with other User
Hi,
Basically, only the owner can create tickets for his/her resources. You need to access the
API using a bearer token where the owner of the resource is the subject.
Regards.
Pedro Igor
On Mon, Sep 16, 2019 at 3:21 PM Nicola
<nikmess@hotmail.it<mailto:nikmess@hotmail.it>> wrote:
Hi, i'm new to keycloak, i'm watching the *photoz uma example*, in this
example a user can *create *a resource and then *share *with other user, i'm
interested to this feature.
Checking in the JavaDOC i've found that from a PermissionResource i can
create a *PermissionTicketRepresentation*, where i can set the resource, the
scope, the owner and the requester of the resource, i've tried this, but i
get
/{"error":"not_authorised","error_description":"permissions
for
[3707be30-6e85-4d48-92c9-afaf0750eaec] can be only created by the owner"}/
so, how can i do this via code?
kind regards
--
Sent from: http://keycloak-user.88327.x6.nabble.com/
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
1940
days inactive
1942
days old
4 comments
3 participants
participants (3)
-
Nicola -
Nicola Messina
-
Pedro Igor Silva