[keycloak-user] Keycloak Filters and Roles
Rui Neves
ruiwp_93 at hotmail.com
Tue Sep 27 09:43:39 EDT 2016
Hello,
I am using a java servlet with keycloak filters, so no security constraints can be applied. I would like to know how can I block some HttpMethods for users of a certain role. I created roles in keycloak, I tried to define the auth-constraints within the security-constraints but it always returns error 403 Unauthorized.
If I remove the auth constraint and security roles I am able to access the method. It seems that it is not recognizing keycloak roles or not mapping them between the servlet and keycloak.
I am blocking the method as shown below in the class:
@GET
@Path("/get")
@RolesAllowed("admin")
@Produces(MediaType.TEXT_PLAIN)
public String delU(@HeaderParam("user_id")) {
...
}
And I have the filters like the link below in the web.xml:
https://keycloak.gitbooks.io/securing-client-applications-guide/content/v/2.2/topics/oidc/java/servlet-filter-adapter.html
Best Regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160927/29d6ac86/attachment.html
More information about the keycloak-user
mailing list