[keycloak-user] Retrieving list of application roles for a given realm role
Marek Posolda
mposolda at redhat.com
Thu May 21 02:39:50 EDT 2015
It seems that you can instead use this endpoint for role-by-id:
http://keycloak.github.io/docs/rest-api/admin/realms/%7Brealm%7D/roles-by-id/%7Brole-id%7D/composites/index.html
. This one should require just "view-realm" permissions.
Marek
On 20.5.2015 16:04, Maciej Szewczykowski wrote:
>
> Hi,
>
> I’m working on a simple security service for enterprise application,
> and one of the requirements is to be able to determine list of
> application roles (composites, if I get the vocabulary right) for each
> user that has successfully signed in. User credentials are naturally
> acquired from session token.
>
> According to the REST API docs, you can acquire list of application
> roles for a given realm role with the following request:
>
> /admin/realms/{realm}/roles/{realm_role}/composites
>
> It turns out however that in order to be successfully executed, this
> request requires the user to have „manage-realm” effective role
> assigned. This will naturally be the case only for admin users.
>
> So I’d much appreciate if you could tell whether there is a way (using
> REST API or User/RoleRepresentation objects) to get list of
> application roles for a given realm role without the need of having
> „manage-realm” role assigned.
>
> Thank you in advance for your help.
>
> Best Regards,
>
> *Maciej Szewczykowski *
>
> Java Developer
>
> ------------------------------------------------------------------------
>
> T +44 01628 539 800
>
> E firstname.lastname at pjmedia.co.uk
>
>
> *PJ Media Limited,***
>
> Plac Wolności 21, 05-825
>
> Grodzisk Mazowiecki, Warsaw, Poland
>
>
>
> Brandpath <http://www.brandpath.com/>
>
> PJ MEDIA LIMITED | Registered in England and Wales no. 04946760 |
> Registered Office: Network House, Third Avenue, Globe Park, Marlow,
> Buckinghamshire, SL7 1EY, United Kingdom | Web site:
> http://www.pjmedia.co.uk
>
>
> The contents of this message and any attachments to it are
> confidential and may be legally privileged. If you have received this
> message in error you should delete it from your system immediately and
> advise the sender. To any recipient of this message within PJ Media,
> unless otherwise stated, you should consider this message and
> attachments as PJ Media confidential.
>
> PJ MEDIA LIMITED,
> Registered in England no. 04946760
> Address: Network House, Third Avenue, Globe Park, Marlow, SL7 1EY,
> United Kingdom
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150521/a02fca94/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 9315 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20150521/a02fca94/attachment-0001.jpe
More information about the keycloak-user
mailing list