[keycloak-user] Policy Enforcer in Spring Security Adapter

Король Илья llivezking at gmail.com
Tue Mar 28 05:35:43 EDT 2017


Hi, i will check your spring configuration example tomorrow at work. My 
spring configs with filtering by roles (ROLE_USER, ROLE_ADMIN defined in 
keycloak as realm roles) works without any problems, so role based 
access control via spring+keycloak was ok right out of the box.


Anyway thank you very much for your advices.


28.03.2017 8:14, ebondu пишет:
> Hi,
>
> All sounds ok with your KC conf,
>
> Here is the Spring security chain I use :
>
> <http auto-config='false' entry-point-ref="authenticationEntryPoint"
> create-session="stateless" use-expressions="true">
>     
>   	<custom-filter ref="keycloakPreAuthActionsFilter" before="HEADERS_FILTER"
> />
> 	<custom-filter ref="keycloakAuthenticationProcessingFilter"
> before="FORM_LOGIN_FILTER" />
> 	<custom-filter ref="keycloakAuthenticatedActionsFilter"
> after="FORM_LOGIN_FILTER" />
> ...
> </http>
>
> The authenticatedActionFilter will check if the required scope defined in
> keycloak.json exists in the token, in that case you don't have to use in
> spring intercept-url.
>
> Another idea, maybe you should try with just "USER" as role value because by
> default spring add a prefix "ROLE_".
>
>
>
>
> --
> View this message in context: http://keycloak-user.88327.x6.nabble.com/keycloak-user-Policy-Enforcer-in-Spring-Security-Adapter-tp3324p3351.html
> Sent from the keycloak-user mailing list archive at Nabble.com.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user



More information about the keycloak-user mailing list