[keycloak-user] Spring sec - roles - how?

Sebastien Blanc sblanc at redhat.com
Wed Dec 14 01:43:52 EST 2016


Is this not working  ?
http.authorizeRequests().antMatchers("/products*").hasRole("MY_MAPPED_LDAP_ROLE")
?




On Tue, Dec 13, 2016 at 11:51 PM, java_os <java at neposoft.com> wrote:

> Hi All,
> I put up this question a while back and now back to it since no answer,
> this time with some hope.
> I have this SPA (keycloak.js) calling into Rest api bearer protected by KC
> - all good.
> I use KC brokering, so on the Idp side ADFS . User logs in against idp,
> where in ADFS is configured with a claim that acts as a role. On SPA I can
> map out that claim from the token.
> The rest api is protected by kc spring sec. I want (and this is what I do
> not know) to configure spring sec to react when the call is made to a
> specific rest endpoint when the user does not have a specific role
> (returning 401).
> How can I do this spring sec way - how can I configure spring sec to say
> check at runtime the users's role for a specific endpoint and deny access
> to the resource.
> The big un-known to me is: how does KC client role (which is some static
> config) relates to the runtime user's role coming from Idp.
> Anyone has done this - am sure this is a common use case.
> Whoever knows this please share.
> Thank you and appreciate it.
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list