[keycloak-user] Policy Enforcement Mode cannot be changed.
Pedro Igor Craveiro e Silva
psilva at redhat.com
Wed Oct 26 07:55:56 EDT 2016
>From your logs it seems that access was actually GRANTED. So your user
should be able to access that resource:
Oct 26, 2016 7:37:33
org.keycloak.adapters.authorization.PolicyEnforcer enforce DEBUG:
Returning authorization context with permissions:
You don't have any permission in the logs because when you set
enforcement-mode to DISABLE, the enforcer will just let the request to
pass.
Maybe you have some other constraint applied to your resource within
your application ?
On Wed, 2016-10-26 at 19:40 +0800, Joey wrote:
> Hi Guys,
>
> I read from documents, and my understanding is if set Policy
> Enforcement Mode to disable, then any users can access all resources.
> but I tried to set it to disable. but nothing be changed.
>
> For example,
>
> I have a role call Role_A , and set a user Tom as this Role_A, if I
> set a resource access policy without Role_A. this user Tom cannot
> access this resource. And I can see some log in tomcat.
>
> Oct 26, 2016 7:37:33 PM
> org.keycloak.adapters.authorization.PolicyEnforcer enforce
>
> DEBUG: Policy enforcement is enable. Enforcing policy decisions for
> path [http://operation.iishang-intr.com:9111/op/jsp/base/loginStatist
> ics/portalLoginStatistics.jsp].
>
> Oct 26, 2016 7:37:33 PM
> org.keycloak.adapters.authorization.PolicyEnforcer enforce
>
> DEBUG: Policy enforcement result for path
> [http://operation.iishang-intr.com:9111/op/jsp/base/loginStatistics/p
> ortalLoginStatistics.jsp]
> is : GRANTED
>
> Oct 26, 2016 7:37:33 PM
> org.keycloak.adapters.authorization.PolicyEnforcer enforce
>
> DEBUG: Returning authorization context with permissions:
>
>
> Joey
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Pedro Igor
More information about the keycloak-user
mailing list