[keycloak-user] How to secure the application's root
Ling
lingvisa at gmail.com
Sat Aug 6 01:35:27 EDT 2016
Hi, if I want to secure the root directory, namely, when I visit
http://localhost:8080/myapp, then it redirects me to the keycloak login
page, asking for credentials. How to achieve that?
I modified the Web.xml as follows, but it doesn't secure anything at all. I
thought this should work "<url-pattern>/*</url-pattern>", but it doesn't.
<!--
<security-constraint>
<web-resource-collection>
<web-resource-name>Admins</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Login</web-resource-name>
<url-pattern>/login2/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
-->
<security-constraint>
<web-resource-collection>
<web-resource-name>Web Root</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<!--
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
-->
</security-constraint>
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>bword</realm-name>
</login-config>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160805/3fa54250/attachment-0001.html
More information about the keycloak-user
mailing list