[keycloak-user] Use keycloak as I used picketlink

Stefano Zaccaria zaquas at gmail.com
Wed Feb 17 02:41:59 EST 2016


Thanks Pedro!
You are been so clear!!!
So, excuse for my pedantry, the old stuff that I had used with picketlink
and deltaspike I must forget:

es: @LoggedIn, CDI that call picketlink lib etc etc.

In clear I must use only the code that you suggest me... what I read in our
site, in particular in http://picketlink.org/keycloak-merge-faq/

"Q) What happens with PicketLink Java EE related capabilities
A) Based on experience gained with PicketLink project we’ll be introducing
Keycloak SDK component including libraries for easier integration with Java
EE applications"

It must interpret as the code you suggest me?

Thanks very much!



2016-02-17 2:37 GMT+01:00 Pedro Igor Silva <psilva at redhat.com>:

> Hi Stefano,
>
>     In KC you can use standard JEE security mechanisms to perform RBAC.
>
>     Another thing you can do is obtain a KeycloakSecurityContext and get
> roles or any other claim from there. Something like:
>
>         KeycloakSecurityContext securityContext =
> (KeycloakSecurityContext)
> request.getAttribute(KeycloakSecurityContext.class.getName());
>         AccessToken token = securityContext.getToken();
>         AccessToken.Access realmAccess = token.getRealmAccess();
>
>         if (realmAccess.isUserInRole("admin")) {
>             // do admin stuff
>         }
>
>     You can use a lot of information from the AccessToken to perform local
> authorization checks. Above is RBAC, but you can also use claims to perform
> ABAC, for instance.
>
> Regards.
> Pedro Igor
>
> ----- Original Message -----
> From: "Stefano Zaccaria" <zaquas at gmail.com>
> To: keycloak-user at lists.jboss.org
> Sent: Tuesday, February 16, 2016 9:59:13 PM
> Subject: [keycloak-user] Use keycloak as I used picketlink
>
>
>
>
> Hello to all,
> I want to change from picketlink to keycloak
> In my ee app I use keycloack CDI to check the user roles and grant with
> BasicModel.hasRole(relationshipManager, identity.getAccount(),
> BasicModel.getRole(identityManager, "admin"))
> or
> Authorization Util.hasRole(identity, partitionManager, "admin");
> in my bean methods
> How can I made the same thing with Keycloak?
> Thanks in advantage
>
> Stefano
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>



-- 
*Stefano*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160217/c17ad289/attachment.html 


More information about the keycloak-user mailing list