[keycloak-user] [Authorization] Get user roles from token

Bill Burke bburke at redhat.com
Wed Dec 16 09:45:57 EST 2015 

See use-resource-role-mappings switch:

If set to true, the getResourceAccess("resource-name") roles will be 
mapped into isUserInRole, otherwise getRealmAccess is mapped into 
isUserInRole

Not the best I know.  We've been meaning to add some sort of role 
mapping facility to the adapter.

On 12/16/2015 9:17 AM, Johan Bos wrote:
> Why is HttpRequest.isUserInRole(<role>) not capable to return true when
> the role is present in the AccessToken.getRealmAccess?
>
> Regards,
>
> Johan Bos
>
> Le 16/12/2015 15:09, Bill Burke a écrit :
>> AccessToken.getResourceAccess or AccessToken.getRealmAccess
>>
>> On 12/16/2015 4:51 AM, Tim Dudgeon wrote:
>>> Its not clear to me how you get the assigned roles from the AccessToken.
>>> For instance, is the realm has configured the user to have roles "user"
>>> and "editor" how do I find these in the AccessToken?
>>>
>>> Tim
>>>
>>> On 07/12/2015 02:53, Bill Burke wrote:
>>>> For Java HttpServletRequest.isUserInRole() works.  If you typecast the
>>>> principal to KeycloakPrincipal you can obtain the AccessToken.
>>>>
>>>> On 12/6/2015 5:39 PM, Pavel Maslov wrote:
>>>>> Hi everyone,
>>>>>
>>>>>
>>>>> Do Keycloak adapters support user authorization? I mean, of course
>>>>> they
>>>>> do :) For example, the API I have secured with Keycloak receives a
>>>>> Keycloak access token from the client. How can I validate the token
>>>>> (check user roles) in my code? I am interested in the Java
>>>>> (wildfly) and
>>>>> Javascript adapters.
>>>>>
>>>>> Manually I am using jwt.io <http://jwt.io> to check the token. I am
>>>>> just
>>>>> curious if the Keycloak adapters support smth similar out of the box.
>>>>>
>>>>> Thank you for your answers.
>>>>>
>>>>>
>>>>> Regards,
>>>>> Pavel Maslov, MS
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-user mailing list