[keycloak-user] Securing dynamic services
Stian Thorgersen
sthorger at redhat.com
Mon Nov 23 15:07:47 EST 2015
We should hopefully have an early alpha ready in a few weeks.
On 23 November 2015 at 20:45, Travis De Silva <traviskds at gmail.com> wrote:
> What I have done is mapped my urls (i.e. resource) to roles in my own app.
>
> Then I have a security filter that will get the user roles from keycloak
> and check if the role has access to the urls (i.e. resource). Note my
> services are JEE.
>
> I am also very keen if this can be done within keycloak. Stain any
> pointers to the POC that I can look into to understand the keycloak
> approach?
>
> Cheers
> Travis
>
>
> On Mon, 23 Nov 2015 at 20:46 Stian Thorgersen <sthorger at redhat.com> wrote:
>
>> We are currently doing a POC on adding authorization services to
>> Keycloak. In summary what roles can access what URLs, but much more
>> flexible and powerful than that. That's not going to be ready until
>> sometime next year.
>>
>> If you're interested you could give that a go, but it's pre-alpha at the
>> moment, so not something to use in production for sure.
>>
>> On 21 November 2015 at 01:41, Jose Suero <josephsuero at gmail.com> wrote:
>>
>>> i've installed keycloak to secure a software as a service application
>>> that allow users to create scripts they can run as services, for the
>>> authentication part keycloak works like a charm, users are required to
>>> enter a login and I get their roles and everything.
>>>
>>> The idea is to let users create services and roles, and assign them to
>>> users, this all works
>>>
>>> The issue i'm having is authorization, since i have no knowledge before
>>> and of what services or roles would be created i can't use Security
>>> Constrains on web.xml or annotations.
>>>
>>> Since I have the roles I could write a function that does auhorizations,
>>> but would love for keycloak to do it for me, I'm already passing realms to
>>> keycloak as the multi-tenant example, is there any way I could assign urls
>>> to roles I create so keycloak checks where or not I can access that url?
>>>
>>>
>>> thanks in advance
>>>
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151123/1dde9de4/attachment.html
More information about the keycloak-user
mailing list