[keycloak-user] Policy Enforcer in Spring Security Adapter

Король Илья llivezking at gmail.com
Mon Mar 27 08:34:43 EDT 2017 

Hi. Thanks for comment. Please could you share you configs or at least 
what methods did you use? manual configuration in keycloak.json or 
relying on resources defined in keycloak?

And correct me if i'm wrong:

Authorization require RPT token, so for bearer-only client (backend) i 
must provide this token, which is preliminary retrieved via Entitlement 
api or UMA protocol?

And how should be configured client in keycloak? as bearer-only or 
confidential? As i said my application started only if i configured it 
in keycloak as confidential (if make it as bearer-only it fails to start 
and complains to credentials)


According to your notice, i tried manually created config in 
keycloak.json with no success.  I wrote it similarly to config that 
presented in docs:

|{ ... "policy-enforcer": { "user-managed-access" : {}, 
"enforcement-mode" : "ENFORCING" "paths": [ { "path" : "/someUri/*", 
"methods" : [ ... I also tried to remove |||<"user-managed-access" : {},|> entry (docs state that this line enable 
UMA protocol scheme, so without this line adapter should rely on 
provided PRT token) It seems that i tried all available combinations of 
configuration but they all failed. Another thing that i didn't catch is 
resource method configuration (for instance):||{ "method": "DELETE", "scopes" : ["urn:app.com:scopes:delete"] } If i 
configure adapter to retrieve all resource settings from keycloak how 
can i configure methods for resources and its scopes in Keycloak Admin 
Console? |


27.03.2017 18:25, ebondu пишет:
> Hi,
>
> I have been able to use the spring adapter to manage autorizations, however
> there is a bug regarding the security context that may be related to your
> problem (see  KEYCLOAK-3471 <https://issues.jboss.org/browse/KEYCLOAK-3471>
> ).
>
> The policy enforcer will check permissions from the incoming request path,
> so unauthorized requests should not be processed by your controller.
>
> Did you set the "enforcement-mode" field to "ENFORCING" in your
> keycloak.json ?
>
>
>
>
> --
> View this message in context: http://keycloak-user.88327.x6.nabble.com/keycloak-user-Policy-Enforcer-in-Spring-Security-Adapter-tp3324p3326.html
> Sent from the keycloak-user mailing list archive at Nabble.com.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list