[keycloak-user] Policy Enforcer in Spring Security Adapter
ebondu
dev.ebondu at gmail.com
Tue Mar 28 04:14:04 EDT 2017
Hi,
All sounds ok with your KC conf,
Here is the Spring security chain I use :
<http auto-config='false' entry-point-ref="authenticationEntryPoint"
create-session="stateless" use-expressions="true">
<custom-filter ref="keycloakPreAuthActionsFilter" before="HEADERS_FILTER"
/>
<custom-filter ref="keycloakAuthenticationProcessingFilter"
before="FORM_LOGIN_FILTER" />
<custom-filter ref="keycloakAuthenticatedActionsFilter"
after="FORM_LOGIN_FILTER" />
...
</http>
The authenticatedActionFilter will check if the required scope defined in
keycloak.json exists in the token, in that case you don't have to use in
spring intercept-url.
Another idea, maybe you should try with just "USER" as role value because by
default spring add a prefix "ROLE_".
--
View this message in context: http://keycloak-user.88327.x6.nabble.com/keycloak-user-Policy-Enforcer-in-Spring-Security-Adapter-tp3324p3351.html
Sent from the keycloak-user mailing list archive at Nabble.com.
More information about the keycloak-user
mailing list