[keycloak-user] Issue with authorization configuration in a Spring Boot environment

Pedro Igor Silva psilva at redhat.com
Wed Aug 23 08:18:21 EDT 2017


Can you give an example of a resource definition that matches a protected
resource in your application ? For instance, if you are protecting
"/protected/resource" you should either have a resource in Keycloak mapping
to "/*" or "/protected/resource". This mapping is defined by resource's
*URI* property.

Regards.
Pedro Igor

On Wed, Aug 23, 2017 at 6:41 AM, Matthias ANGLADE <manglade at nextoo.fr>
wrote:

> Hi,
>
> I'm facing an issue. I'm running a Spring Boot App and wishes to use the
> authorizations services. Permissions are defined in Keycloak for my client
> and using the evaluation the work as expected. On my app though I have an
> issue, authorization are checked correctly (using the right resources etc)
> I can see in the logs that the verification are done correctly but the
> access is always granted whereas it should be denied in certains cases.
>
> When I test the permission that should be denied using the evaluation page
> of Keycloak access is correctly denied.
>
> To activate the authorization in the app I added the following settings :
>
> keycloak.policy-enforcer-config.on-deny-redirect-to=/
> keycloak.securityConstraints[0].authRoles[0]=user
> keycloak.securityConstraints[0].securityCollections[0].name=protected
> keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/*
>
>
> Any ideas ?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list