[keycloak-user] Securing dynamic services

Travis De Silva traviskds at gmail.com
Mon Nov 23 14:45:46 EST 2015


What I have done is mapped my urls (i.e. resource) to roles in my own app.

Then I have a security filter that will get the user roles from keycloak
and check if the role has access to the urls (i.e. resource). Note my
services are JEE.

I am also very keen if this can be done within keycloak. Stain any pointers
to the POC that I can look into to understand the keycloak approach?

Cheers
Travis


On Mon, 23 Nov 2015 at 20:46 Stian Thorgersen <sthorger at redhat.com> wrote:

> We are currently doing a POC on adding authorization services to Keycloak.
> In summary what roles can access what URLs, but much more flexible and
> powerful than that. That's not going to be ready until sometime next year.
>
> If you're interested you could give that a go, but it's pre-alpha at the
> moment, so not something to use in production for sure.
>
> On 21 November 2015 at 01:41, Jose Suero <josephsuero at gmail.com> wrote:
>
>> i've installed keycloak to secure a software as a service application
>> that allow users to create scripts they can run as services, for the
>> authentication part keycloak works like a charm, users are required to
>> enter a login and I get their roles and everything.
>>
>> The idea is to let users create services and roles, and assign them to
>> users, this all works
>>
>> The issue i'm having is authorization, since i have no knowledge before
>> and of what services or roles would be created i can't use Security
>> Constrains on web.xml or annotations.
>>
>> Since I have the roles I could write a function that does auhorizations,
>> but would love for keycloak to do it for me, I'm already passing realms to
>> keycloak as the multi-tenant example, is there any way I could assign urls
>> to roles I create so keycloak checks where or not I can access that url?
>>
>>
>> thanks in advance
>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151123/5acd0888/attachment.html 


More information about the keycloak-user mailing list