[keycloak-user] TOMCAT exclude protection for endpoint
Christopher Wallace
cjwallac at gmail.com
Fri Dec 4 09:15:36 EST 2015
We are using Apache TOMCAT v. 8.0.18. We have a Javascript application that
we would like to configure web.xml using KEYCLOAK to protect all root URI's
'/' except '/tracking'. Is there a way to exclude '/tracking' from being
protected either in the KEYCLOAK admin console or in the WEB.XML itself.
Some additional information is for the tracking URL we will use both HTTP
and WEBSOCKETS protocols. Our current approach was to specifically protect
all URI except for '/tracking' but that doesn't seem to be working as a
solution.
We have attached our example WEB.XML attempting to specifically protect
URLs:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>ROOT</module-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>APP</web-resource-name>
<url-pattern>/app/*</url-pattern>
</web-resource-collection>
<!--API-->
<web-resource-collection>
<web-resource-name>API</web-resource-name>
<url-pattern>/api/*</url-pattern>
</web-resource-collection>
<!--HTML-->
<web-resource-collection>
<web-resource-name>HTML</web-resource-name>
<url-pattern>*.html</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>worktrac</realm-name>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>
We appreciate your feedback and thoughts on a solution.
- Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151204/a4184529/attachment.html
More information about the keycloak-user
mailing list