Thanks, i forgott to type in the admin url in the admin console. ________________________________ Von: Marek Posolda [mposolda(a)redhat.com] Gesendet: Mittwoch, 28. Januar 2015 11:12 Bis: Christoph Machnik; keycloak-user(a)lists.jboss.org Betreff: Re: [keycloak-user] User rights after logout Hi, I've just tried with latest Keycloak on Wildfly but did not see same behaviour. Do you have admin URL set in Keycloak admin console for your application? How are you doing logout in your application? Are you using httpServletRequest.logout() or are you directly logout by access to logoutURL like our demo example applications are doing? Marek On 28.1.2015 10:38, Christoph Machnik wrote: Hi all, I have a web-application with keycloak. When a user have to log in this user becomes the rights to see the following pages or not. When this user loggs out an a other user loggs in with other rights to see the following pages or not, he becomes the same rights as the first user that logged in. In the example i log in with support and just can see the support page in the application, when i logg out an log in with admin i just can see the support page and not the admin page, even though i have the admin role. When i restart the server and first log in as admin i can see the admin- and the support page. When i log out and now log in with support i have the support rule, but nevertheless i can see the admin- and support page. Is there any mistake in int web.xml file ? (following): <?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://java.sun.com/xml/ns/javaee"<http://java.sun.co... xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"<http:/... xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xml"<http://java.su... version="3.0"> <module-name>TestWebApp</module-name> <security-constraint> <web-resource-collection> <web-resource-name>Admins</web-resource-name> <url-pattern>/views/admin/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Support</web-resource-name> <url-pattern>/views/support/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> <role-name>support</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>KEYCLOAK</auth-method> <realm-name>test</realm-name> </login-config> <security-role> <role-name>admin</role-name> </security-role> <security-role> <role-name>support</role-name> </security-role> </web-app> _______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user