[keycloak-user] Use keycloak as I used picketlink

Pedro Igor Silva psilva at redhat.com
Wed Feb 17 07:35:18 EST 2016


Yes, that is what you can use. But nothing stops you from creating a CDI layer on top of it to better integrate with your app.

In your example, you can easily create an Identity-like and AuthorizationManager-like beans in order to hide/centralize security logic from the rest of your app.

Thanks.

----- Original Message -----
From: "Stefano Zaccaria" <zaquas at gmail.com>
To: "Pedro Igor Silva" <psilva at redhat.com>
Cc: keycloak-user at lists.jboss.org
Sent: Wednesday, February 17, 2016 5:41:59 AM
Subject: Re: [keycloak-user] Use keycloak as I used picketlink

Thanks Pedro!
You are been so clear!!!
So, excuse for my pedantry, the old stuff that I had used with picketlink
and deltaspike I must forget:

es: @LoggedIn, CDI that call picketlink lib etc etc.

In clear I must use only the code that you suggest me... what I read in our
site, in particular in http://picketlink.org/keycloak-merge-faq/

"Q) What happens with PicketLink Java EE related capabilities
A) Based on experience gained with PicketLink project we’ll be introducing
Keycloak SDK component including libraries for easier integration with Java
EE applications"

It must interpret as the code you suggest me?

Thanks very much!



2016-02-17 2:37 GMT+01:00 Pedro Igor Silva <psilva at redhat.com>:

> Hi Stefano,
>
>     In KC you can use standard JEE security mechanisms to perform RBAC.
>
>     Another thing you can do is obtain a KeycloakSecurityContext and get
> roles or any other claim from there. Something like:
>
>         KeycloakSecurityContext securityContext =
> (KeycloakSecurityContext)
> request.getAttribute(KeycloakSecurityContext.class.getName());
>         AccessToken token = securityContext.getToken();
>         AccessToken.Access realmAccess = token.getRealmAccess();
>
>         if (realmAccess.isUserInRole("admin")) {
>             // do admin stuff
>         }
>
>     You can use a lot of information from the AccessToken to perform local
> authorization checks. Above is RBAC, but you can also use claims to perform
> ABAC, for instance.
>
> Regards.
> Pedro Igor
>
> ----- Original Message -----
> From: "Stefano Zaccaria" <zaquas at gmail.com>
> To: keycloak-user at lists.jboss.org
> Sent: Tuesday, February 16, 2016 9:59:13 PM
> Subject: [keycloak-user] Use keycloak as I used picketlink
>
>
>
>
> Hello to all,
> I want to change from picketlink to keycloak
> In my ee app I use keycloack CDI to check the user roles and grant with
> BasicModel.hasRole(relationshipManager, identity.getAccount(),
> BasicModel.getRole(identityManager, "admin"))
> or
> Authorization Util.hasRole(identity, partitionManager, "admin");
> in my bean methods
> How can I made the same thing with Keycloak?
> Thanks in advantage
>
> Stefano
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>



-- 
*Stefano*



More information about the keycloak-user mailing list