[keycloak-user] Recommendations for protecting REST service with bearer token and basic auth

Bill Burke bburke at redhat.com
Fri Nov 7 21:18:29 EST 2014

If you are using Keycloak, I don't understand why you would want to do 
basic auth.

Eventually I'm going to write a JAAS plugin for simple username/password 
with Keycloak, but I have other stuff in my queue at the moment.  For 
your application, you'd have to write something that obtained a admin 
token and verified username password and downloaded role mappings.

On 11/7/2014 9:16 AM, Gary Brown wrote:
> Hi
> I've just started looking at KeyCloak to use with the Overlord governance projects.
> I have tried the examples, and see how we could leverage KeyCloak to protect the UI apps and the backend REST services they use. However we also need to provide the REST services as independent services using basic auth - but would like the basic auth to be performed against the users managed by KeyCloak.
> Is there any recommendations on how this can be achieved?
> Do we need to provide our own filter - is there any example code to do this?
> Is it possible to do something via the KeyCloak subsystem configuration approach, in case we wanted to secure the REST service without modifying the war?
> Thanks in advance.
> Regards
> Gary
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

Bill Burke
JBoss, a division of Red Hat

More information about the keycloak-user mailing list