[keycloak-user] @RolesAllowed on @Stateless
Juraci Paixão Kröhling
juraci at kroehling.de
Fri Feb 21 14:45:28 EST 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hello,
I'm playing with Keycloak on a pet project, and I'm really impressed
with it. It looks really nice and it's easy to get it working fast.
I have one question, though. I know it's early and it's alpha, but I
wonder if this is a bug or a non-implemented feature :-)
Basically, I wanted to annotate a REST method with
@RolesAllowed("admin") for a DELETE request, and @RolesAllowed("user")
for a @GET, something that works on with the usual scenario.
With Keycloak, however, it seems that it's not being properly
propagated to the EJB layer, so, I get a execution denied on the GET,
even if the user has the "user" role.
I've done a quick experiment, and it's available here:
https://github.com/jpkrohling/sample-ejb-roles-basic
On the master branch, the implementation with Keycloak. At the
"Endpoint" class, I've added the output from Wildfly 8 as a comment:
https://github.com/jpkrohling/sample-ejb-roles-basic/blob/master/src/main/java/org/sample/ejb/basic/Endpoint.java#L25
On the "QuickStartCode" branch, I've done the same:
https://github.com/jpkrohling/sample-ejb-roles-basic/blob/QuickstartCode/src/main/java/org/sample/ejb/basic/Endpoint.java#L25
So, is this scenario supposed to work already, or is it planned for a
future release?
Thanks!
Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBCgAGBQJTB6zYAAoJEDnJtskdmzLMtM4H/R231Yuyt0oTUEn6sOTkwEW+
jZmB61agIOuIa5ZqMukPVozH6xB4RGEUtSBjaC4a3+wdZeEm7jEg/ERqp4XoM2up
53u0v6sWLJRve8Te3L4P2SD9rsiS6Gro54/Wn+ITMcnJt/ERlwQKlwiwj/zEdvNq
nmrr2ZUBDCHmgN9qAbSjjWAP+jRelKd/1yZLhiXmRAnrS21+rMe5hRTV/XFKwmDK
UFO13BKHDlF43OYZTdcYDZwAw8Zj15pewTfti0t7IbjoFKAfzfs3zWuhC8sB4GCp
vHR4CEa/NeOeQVcAPQ9bHcDu3g7QPTqHSY3LzSUVeJ3gOCDG1eO4KaGM4slfp4c=
=fE0v
-----END PGP SIGNATURE-----
More information about the keycloak-user
mailing list