[keycloak-user] default permissions

Corentin Dupont corentin.dupont at gmail.com
Mon Nov 13 07:32:45 EST 2017


Done: https://issues.jboss.org/browse/KEYCLOAK-5839


On Mon, Nov 13, 2017 at 12:42 PM, Pedro Igor Silva <psilva at redhat.com>
wrote:

> I see. We don't have anything like that, sorry. But a option to statically
> DISABLE policy enforcement for a specific path in keycloak.json
> (policy-enforcer settings).
>
> Also, in order to achieve what you want you probably need to ignore bearer
> token authentication for these paths you want to make public (although they
> are intercepted by the adapter).
>
> Could you fill a JIRA describing your use case and requirements ?
>
>
> On Sun, Nov 12, 2017 at 6:50 PM, Corentin Dupont <
> corentin.dupont at gmail.com> wrote:
>
>> Hi Pedro,
>> I don't really have public/private paths in the API.
>> Some resources under those paths can be either public or private, however.
>> For instance, a URL would be like that:
>>
>> www.example.com/api/v1/cities/rome/houses
>>
>> I would like that some cities be accessible by everybody without token,
>> while some others will be private and require auth token and specific roles
>> to be accessed.
>>
>> Thanks!
>>
>>
>> On Fri, Nov 10, 2017 at 11:33 AM, Pedro Igor Silva <psilva at redhat.com>
>> wrote:
>>
>>> Hi,
>>>
>>> I think you could probably change your application and remove the
>>> resources/paths you want to make public from the list of resources
>>> protected by the adapter.
>>>
>>> On Thu, Nov 9, 2017 at 2:06 PM, Corentin Dupont <
>>> corentin.dupont at gmail.com> wrote:
>>>
>>>> Another question: how to apply default authorizations?
>>>>
>>>> I want to protect my API with authorization in Keycloak. However some
>>>> resources should be open to the public, accessible without any bearer
>>>> token.
>>>> My idea was:
>>>> - create an "unregistered_user" composite role, containing some basic
>>>> roles
>>>> - create a "guest" user, with the unregistered_user role
>>>> - on the API server, if there is no token in the request I will get the
>>>> roles of the guest user and user them. If there is a token, I'll use
>>>> that
>>>> user permissions.
>>>> What do you think of that process?
>>>>
>>>> Thanks
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>>
>>
>


More information about the keycloak-user mailing list