[keycloak-user] servlet filter and roles
Bill Burke
bburke at redhat.com
Tue Mar 22 10:10:18 EDT 2016
On 3/22/2016 4:33 AM, Simon Gordon wrote:
> Hi
>
> My client applications (some SAML, some OIDC) are all running within Tomcat
> 7 on OpenShift. Since the Keycloak Tomcat adapter is a Valve, the jar needs
> adding into the server classpath which of course I can't do on OpenShift.
> (Or I've struggled to at least!)
>
> Hence I'm using the generic servlet filter adapter. Looking here for SAML:
> http://keycloak.github.io/docs/userguide/saml-client-adapter/html/ch07.html
>
> and here for OIDC:
> http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#d4e1046
>
> I can't see how to achieve the security-constraints (roles primarily). Do I
> need to resort to coding those in the apps, or maybe using JAAS?
You have to code into the app. You could write a filter that did a
HttpServletRequest.isUserInRole() We should probably provide something
like that...
Bill
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list