[keycloak-user] Use keycloak as I used picketlink
Pedro Igor Silva
psilva at redhat.com
Tue Feb 16 20:37:17 EST 2016
Hi Stefano,
In KC you can use standard JEE security mechanisms to perform RBAC.
Another thing you can do is obtain a KeycloakSecurityContext and get roles or any other claim from there. Something like:
KeycloakSecurityContext securityContext = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName());
AccessToken token = securityContext.getToken();
AccessToken.Access realmAccess = token.getRealmAccess();
if (realmAccess.isUserInRole("admin")) {
// do admin stuff
}
You can use a lot of information from the AccessToken to perform local authorization checks. Above is RBAC, but you can also use claims to perform ABAC, for instance.
Regards.
Pedro Igor
----- Original Message -----
From: "Stefano Zaccaria" <zaquas at gmail.com>
To: keycloak-user at lists.jboss.org
Sent: Tuesday, February 16, 2016 9:59:13 PM
Subject: [keycloak-user] Use keycloak as I used picketlink
Hello to all,
I want to change from picketlink to keycloak
In my ee app I use keycloack CDI to check the user roles and grant with BasicModel.hasRole(relationshipManager, identity.getAccount(), BasicModel.getRole(identityManager, "admin"))
or
Authorization Util.hasRole(identity, partitionManager, "admin");
in my bean methods
How can I made the same thing with Keycloak?
Thanks in advantage
Stefano
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list