[keycloak-user] default permissions

Pedro Igor Silva psilva at redhat.com
Mon Nov 13 06:42:35 EST 2017


I see. We don't have anything like that, sorry. But a option to statically
DISABLE policy enforcement for a specific path in keycloak.json
(policy-enforcer settings).

Also, in order to achieve what you want you probably need to ignore bearer
token authentication for these paths you want to make public (although they
are intercepted by the adapter).

Could you fill a JIRA describing your use case and requirements ?

On Sun, Nov 12, 2017 at 6:50 PM, Corentin Dupont <corentin.dupont at gmail.com>
wrote:

> Hi Pedro,
> I don't really have public/private paths in the API.
> Some resources under those paths can be either public or private, however.
> For instance, a URL would be like that:
>
> www.example.com/api/v1/cities/rome/houses
>
> I would like that some cities be accessible by everybody without token,
> while some others will be private and require auth token and specific roles
> to be accessed.
>
> Thanks!
>
>
> On Fri, Nov 10, 2017 at 11:33 AM, Pedro Igor Silva <psilva at redhat.com>
> wrote:
>
>> Hi,
>>
>> I think you could probably change your application and remove the
>> resources/paths you want to make public from the list of resources
>> protected by the adapter.
>>
>> On Thu, Nov 9, 2017 at 2:06 PM, Corentin Dupont <
>> corentin.dupont at gmail.com> wrote:
>>
>>> Another question: how to apply default authorizations?
>>>
>>> I want to protect my API with authorization in Keycloak. However some
>>> resources should be open to the public, accessible without any bearer
>>> token.
>>> My idea was:
>>> - create an "unregistered_user" composite role, containing some basic
>>> roles
>>> - create a "guest" user, with the unregistered_user role
>>> - on the API server, if there is no token in the request I will get the
>>> roles of the guest user and user them. If there is a token, I'll use that
>>> user permissions.
>>> What do you think of that process?
>>>
>>> Thanks
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>


More information about the keycloak-user mailing list