[keycloak-user] Check ownership of resource with keycloak Authorization
Richard van Duijn
rjvduijn at gmail.com
Thu Dec 8 04:36:35 EST 2016
I'm investigating the possibility of securing my application with keycloak
using both Authentication and Authorization.
I was wondering if I can check ownership of a resource (i.e. a picture in a
database) with keycloak policies.
I see there is an example in the documentation using a Drools Policy which
checks the ownership of the resource, but that is limited to the client
being the owner of the resource.
What i'd like to accomplish is to see if userA has access to documentA. Can
the drools engine query a database to fetch the required dataField or is
there another approach for this to be done?
Thanks for any pointers...
/Richard
More information about the keycloak-user
mailing list