[keycloak-user] Spring sec - roles - how?
java_os
java at neposoft.com
Tue Dec 13 17:51:13 EST 2016
Hi All,
I put up this question a while back and now back to it since no answer,
this time with some hope.
I have this SPA (keycloak.js) calling into Rest api bearer protected by KC
- all good.
I use KC brokering, so on the Idp side ADFS . User logs in against idp,
where in ADFS is configured with a claim that acts as a role. On SPA I can
map out that claim from the token.
The rest api is protected by kc spring sec. I want (and this is what I do
not know) to configure spring sec to react when the call is made to a
specific rest endpoint when the user does not have a specific role
(returning 401).
How can I do this spring sec way - how can I configure spring sec to say
check at runtime the users's role for a specific endpoint and deny access
to the resource.
The big un-known to me is: how does KC client role (which is some static
config) relates to the runtime user's role coming from Idp.
Anyone has done this - am sure this is a common use case.
Whoever knows this please share.
Thank you and appreciate it.
More information about the keycloak-user
mailing list