[keycloak-user] Policy Enforcer in Spring Security Adapter
Король Илья
llivezking at gmail.com
Wed Mar 29 07:13:46 EDT 2017
Hi. You were right authenticatedActionFilter was the key bean for making
authorization working. I also used you fix for bug from your first message.
Thank you very much for your help!
28.03.2017 18:14, ebondu пишет:
> Hi,
>
> All sounds ok with your KC conf,
>
> Here is the Spring security chain I use :
>
> <http auto-config='false' entry-point-ref="authenticationEntryPoint"
> create-session="stateless" use-expressions="true">
>
> <custom-filter ref="keycloakPreAuthActionsFilter" before="HEADERS_FILTER"
> />
> <custom-filter ref="keycloakAuthenticationProcessingFilter"
> before="FORM_LOGIN_FILTER" />
> <custom-filter ref="keycloakAuthenticatedActionsFilter"
> after="FORM_LOGIN_FILTER" />
> ...
> </http>
>
> The authenticatedActionFilter will check if the required scope defined in
> keycloak.json exists in the token, in that case you don't have to use in
> spring intercept-url.
>
> Another idea, maybe you should try with just "USER" as role value because by
> default spring add a prefix "ROLE_".
>
>
>
>
> --
> View this message in context: http://keycloak-user.88327.x6.nabble.com/keycloak-user-Policy-Enforcer-in-Spring-Security-Adapter-tp3324p3351.html
> Sent from the keycloak-user mailing list archive at Nabble.com.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list