[keycloak-user] Recommendations for protecting REST service with bearer token and basic auth
Bill Burke
bburke at redhat.com
Fri Nov 7 21:18:29 EST 2014
If you are using Keycloak, I don't understand why you would want to do
basic auth.
Eventually I'm going to write a JAAS plugin for simple username/password
with Keycloak, but I have other stuff in my queue at the moment. For
your application, you'd have to write something that obtained a admin
token and verified username password and downloaded role mappings.
On 11/7/2014 9:16 AM, Gary Brown wrote:
> Hi
>
> I've just started looking at KeyCloak to use with the Overlord governance projects.
>
> I have tried the examples, and see how we could leverage KeyCloak to protect the UI apps and the backend REST services they use. However we also need to provide the REST services as independent services using basic auth - but would like the basic auth to be performed against the users managed by KeyCloak.
>
> Is there any recommendations on how this can be achieved?
>
> Do we need to provide our own filter - is there any example code to do this?
>
> Is it possible to do something via the KeyCloak subsystem configuration approach, in case we wanted to secure the REST service without modifying the war?
>
> Thanks in advance.
>
> Regards
> Gary
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list