[keycloak-user] Programmatic access control with no <security-constraints/> in web.xml

Orestis Tsakiridis orestis.tsakiridis at telestax.com
Wed Sep 16 03:04:04 EDT 2015


Thanks Bill,

I think i may tackle the issue for now through the KeycloakConfigResolver.
Maybe return an empty deployment if the API Key is in the request.


Regards

Orestis

On Wed, Sep 16, 2015 at 2:39 AM, Bill Burke <bburke at redhat.com> wrote:

> I'll eventually implement adapter as a filter, but right now security
> constraints are required.
>
> On 9/15/2015 5:54 PM, Orestis Tsakiridis wrote:
> > Hello,
> >
> > Is it possible to apply programmatic access control i.e. retrieve
> > KeycloakSecurityContext, get token, roles etc, when the
> > <security-contraint/> elements have been removed from web.xml?
> >
> > The reason for that is that when <security-constraints/> are present the
> > requests get dropped by the keycloak adapter before reaching the REST
> > endpoints implementation in case they are not carrying a token. I'm
> > trying to support an alternative authorization mechanism using a custom
> > API Key parameter in case the Oauth token header is missing.
> >
> >
> > Regards
> >
> > Orestis
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150916/d69109b9/attachment.html 


More information about the keycloak-user mailing list