[keycloak-user] Anonymous access to scoped resources

Pedro Igor Silva psilva at redhat.com
Mon Mar 6 10:06:15 EST 2017


Hi,

Isn't a option to change your security-constraint settings in web.xml and
avoid the adapter to intercept requests to public resources ?

On Mon, Feb 27, 2017 at 9:52 AM, ebondu <dev.ebondu at gmail.com> wrote:

> Hi all,
>
> I am using Keycloak filters to secure a spring REST API and I need to
> provide an anonymous access to a subset of resources having a given scope
> (like  'urn:scope:read:public'). To me, anonymous means a unauthenticated
> user without access token.
> I defined a dedicted security chain to bybass the authentication filter but
> the authorization filter is expecting an access token to grant requests, so
> I can't use it.
>
> Do I need to implement my own filter only based on the protection API to
> retrieve and check scopes of requested resources or is there a better way
> to
> grant access to resources for anonymous users ?
>
> Thanks.
>
>
>
> --
> View this message in context: http://keycloak-user.88327.x6.
> nabble.com/Anonymous-access-to-scoped-resources-tp2929.html
> Sent from the keycloak-user mailing list archive at Nabble.com.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list