[keycloak-user] Securing dynamic services
Jose Suero
josephsuero at gmail.com
Fri Nov 20 19:41:56 EST 2015
i've installed keycloak to secure a software as a service application that
allow users to create scripts they can run as services, for the
authentication part keycloak works like a charm, users are required to
enter a login and I get their roles and everything.
The idea is to let users create services and roles, and assign them to
users, this all works
The issue i'm having is authorization, since i have no knowledge before and
of what services or roles would be created i can't use Security Constrains
on web.xml or annotations.
Since I have the roles I could write a function that does auhorizations,
but would love for keycloak to do it for me, I'm already passing realms to
keycloak as the multi-tenant example, is there any way I could assign urls
to roles I create so keycloak checks where or not I can access that url?
thanks in advance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151120/6ae731f9/attachment.html
More information about the keycloak-user
mailing list