[keycloak-user] Use keycloak as I used picketlink

Pedro Igor Silva psilva at redhat.com
Tue Feb 16 20:37:17 EST 2016


Hi Stefano,

    In KC you can use standard JEE security mechanisms to perform RBAC. 

    Another thing you can do is obtain a KeycloakSecurityContext and get roles or any other claim from there. Something like:

        KeycloakSecurityContext securityContext = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName());
        AccessToken token = securityContext.getToken();
        AccessToken.Access realmAccess = token.getRealmAccess();
                
        if (realmAccess.isUserInRole("admin")) {
            // do admin stuff
        }

    You can use a lot of information from the AccessToken to perform local authorization checks. Above is RBAC, but you can also use claims to perform ABAC, for instance.

Regards.
Pedro Igor

----- Original Message -----
From: "Stefano Zaccaria" <zaquas at gmail.com>
To: keycloak-user at lists.jboss.org
Sent: Tuesday, February 16, 2016 9:59:13 PM
Subject: [keycloak-user] Use keycloak as I used picketlink




Hello to all, 
I want to change from picketlink to keycloak 
In my ee app I use keycloack CDI to check the user roles and grant with BasicModel.hasRole(relationshipManager, identity.getAccount(), BasicModel.getRole(identityManager, "admin")) 
or 
Authorization Util.hasRole(identity, partitionManager, "admin"); 
in my bean methods 
How can I made the same thing with Keycloak? 
Thanks in advantage 

Stefano 

_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user


More information about the keycloak-user mailing list