[keycloak-user] default permissions

Emilien Bondu dev.ebondu at gmail.com
Fri Nov 10 12:40:40 EST 2017


Great,

I would be pleased to see this feature as an official one. Of course some specificities due to my business use case will may not be relevant for the community but lets discuss them. I will create an issue and publish the code ASAP (next week hopefully, but as new features will not be accepted until 4.0...).

Emilien

> Le 10 nov. 2017 à 15:02, Pedro Igor Silva <psilva at redhat.com> a écrit :
> 
> I'm glad to take a look on it and see how it could fit in our adapters. Could you create a JIRA and give some link to your code so we can discuss from there ?
> 
> Thanks.
> 
> On Fri, Nov 10, 2017 at 10:51 AM, Emilien Bondu <dev.ebondu at gmail.com <mailto:dev.ebondu at gmail.com>> wrote:
> To achieve this, I implemented a KeycloakAnonymousActionsFilter filter to handle requests, associated to an AnonymousActionsHandler (extending the official AuthenticatedActionsHandler) and an AnonymousPolicyEnforcer (extending the official AbstractPolicyEnforcer). Do you think this code should be added to the official spring-adapter ?
> 
> 
>> Le 10 nov. 2017 à 12:12, Pedro Igor Silva <psilva at redhat.com <mailto:psilva at redhat.com>> a écrit :
>> 
>> @Emilien Bondu, I was looking that thread again and now I'm wondering if you end up with something you can share. 
>> 
>> On Fri, Nov 10, 2017 at 9:07 AM, Emilien Bondu <dev.ebondu at gmail.com <mailto:dev.ebondu at gmail.com>> wrote:
>> Hi,
>> 
>> Maybe you should have a look here :
>> 
>> http://lists.jboss.org/pipermail/keycloak-user/2017-March/009830.html <http://lists.jboss.org/pipermail/keycloak-user/2017-March/009830.html>
>> 
>> 
>>> Le 10 nov. 2017 à 11:33, Pedro Igor Silva <psilva at redhat.com <mailto:psilva at redhat.com>> a écrit :
>>> 
>>> Hi,
>>> 
>>> I think you could probably change your application and remove the
>>> resources/paths you want to make public from the list of resources
>>> protected by the adapter.
>>> 
>>> On Thu, Nov 9, 2017 at 2:06 PM, Corentin Dupont <corentin.dupont at gmail.com <mailto:corentin.dupont at gmail.com>>
>>> wrote:
>>> 
>>>> Another question: how to apply default authorizations?
>>>> 
>>>> I want to protect my API with authorization in Keycloak. However some
>>>> resources should be open to the public, accessible without any bearer
>>>> token.
>>>> My idea was:
>>>> - create an "unregistered_user" composite role, containing some basic roles
>>>> - create a "guest" user, with the unregistered_user role
>>>> - on the API server, if there is no token in the request I will get the
>>>> roles of the guest user and user them. If there is a token, I'll use that
>>>> user permissions.
>>>> What do you think of that process?
>>>> 
>>>> Thanks
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>>>> 
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>> 
>> 
> 
> 



More information about the keycloak-user mailing list