[keycloak-user] default permissions

Emilien Bondu dev.ebondu at gmail.com
Fri Nov 10 07:51:27 EST 2017


To achieve this, I implemented a KeycloakAnonymousActionsFilter filter to handle requests, associated to an AnonymousActionsHandler (extending the official AuthenticatedActionsHandler) and an AnonymousPolicyEnforcer (extending the official AbstractPolicyEnforcer). Do you think this code should be added to the official spring-adapter ?


> Le 10 nov. 2017 à 12:12, Pedro Igor Silva <psilva at redhat.com> a écrit :
> 
> @Emilien Bondu, I was looking that thread again and now I'm wondering if you end up with something you can share. 
> 
> On Fri, Nov 10, 2017 at 9:07 AM, Emilien Bondu <dev.ebondu at gmail.com <mailto:dev.ebondu at gmail.com>> wrote:
> Hi,
> 
> Maybe you should have a look here :
> 
> http://lists.jboss.org/pipermail/keycloak-user/2017-March/009830.html <http://lists.jboss.org/pipermail/keycloak-user/2017-March/009830.html>
> 
> 
>> Le 10 nov. 2017 à 11:33, Pedro Igor Silva <psilva at redhat.com <mailto:psilva at redhat.com>> a écrit :
>> 
>> Hi,
>> 
>> I think you could probably change your application and remove the
>> resources/paths you want to make public from the list of resources
>> protected by the adapter.
>> 
>> On Thu, Nov 9, 2017 at 2:06 PM, Corentin Dupont <corentin.dupont at gmail.com <mailto:corentin.dupont at gmail.com>>
>> wrote:
>> 
>>> Another question: how to apply default authorizations?
>>> 
>>> I want to protect my API with authorization in Keycloak. However some
>>> resources should be open to the public, accessible without any bearer
>>> token.
>>> My idea was:
>>> - create an "unregistered_user" composite role, containing some basic roles
>>> - create a "guest" user, with the unregistered_user role
>>> - on the API server, if there is no token in the request I will get the
>>> roles of the guest user and user them. If there is a token, I'll use that
>>> user permissions.
>>> What do you think of that process?
>>> 
>>> Thanks
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>>> 
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-user <https://lists.jboss.org/mailman/listinfo/keycloak-user>
> 
> 



More information about the keycloak-user mailing list