[keycloak-user] How to implement access to resources based on resource roles
Alfonso Alba García
alfonso at alfonsoalba.com
Thu Apr 18 07:09:53 EDT 2019
Hi Pedro,
Thanks a lot for your answer. I will have a look at the three things you
are suggesting: groups, resource types and pushing claims.
At the moment I'm having a deeper look at the Policy Enforcer
documentation. I consider that I read that part of the documentation and
did not get it right. As you suggest, pushing claims can simplify my
policies. I had a look at the app-authz-rest-employee[1] and
app-authz-rest-springboot[2] examples. I already have some ideas about
it after going through them. I will post an update after trying a little
more.
Just one last question: in the first post I asked if using one client
per organisation would be a good idea or not. Has anybody some advice
about this? I don't know if I'm using the client to do something it's
not supposed to do.
Thanks again,
Alfonso
--------
[1]
https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-rest-employee
[2]
https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-rest-springboot
Alfonso Alba García wrote:
> Hi Pedro,
>
> Thanks a lot for your answer. I will have a look at the three things you
> are suggesting: groups, resource types and pushing claims.
>
> At the moment I'm having a deeper look at the Policy Enforcer
> documentation. I consider that I read that part of the documentation and
> did not get it right. As you suggest, pushing claims can simplify my
> policies. I had a look at the app-authz-rest-employee[1] and
> app-authz-rest-springboot[2] examples. I already have some ideas about
> it after going through them. I will post an update after trying a little
> more.
>
> Just one last question: in the first post I asked if using one client
> per organisation would be a good idea or not. Has anybody some advice
> about this? I don't know if I'm using the client to do something it's
> not supposed to do.
>
> Thanks again,
>
> Alfonso
>
> --------
> [1]
> https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-rest-employee
>
> [2]
> https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-rest-springboot
>
More information about the keycloak-user
mailing list