[keycloak-user] Application level roles don't work for web.xml restrictions

Orestis Tsakiridis orestis.tsakiridis at telestax.com
Wed Aug 26 04:27:47 EDT 2015


False alarm!

i finally managed to make it work. Behaviour is normal. I was probably
missing sth.

On Wed, Aug 26, 2015 at 9:01 AM, Orestis Tsakiridis <
orestis.tsakiridis at telestax.com> wrote:

> Hello,
>
> Is there any example/documentation on using application roles and the
> "use-resource-role-mappings" property? It seems that they are ignored at
> the JEE level (meaning the roles have no effect when i apply restriction
> through web.xml).
>
> I've been trying to test application roles on the database-service
> example. I added "use-resource-role-mappings" property and enabled
> DirectAccessGrant to manually get a token. I also assigned the
> database-service:'user' role to bburke user and removed the realm-level
> 'user' role.When trying to access the /customers (as bburke) i keep getting
> a 403.
>
> Btw, i've checked the token and it looks perfectly normal. 'user' role is
> there as an application level role.
>
>
> Thanks
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150826/904ddc77/attachment.html 


More information about the keycloak-user mailing list