[keycloak-user] Restrict access to admin console by checking if header exists

Mark de Jng mail at markdejong.org
Tue Feb 5 05:55:33 EST 2019


I want to restrict the access to admin console by checking if the `CF-Connecting-IP` does not exist for a specific path.

I’ve checked this documentation: http://undertow.io/undertow-docs/undertow-docs-2.0.0/#predicates-attributes-and-handlers

And I’ve come this far, but undertow complains that my expression is not valid:

<expression-filtermodule="io.undertow.core" name="restrict-admin-console-access" expression="path-prefix(/auth/admin/console) and not exists(%{i, CF-Connecting-IP})" />

Any clue?



More information about the keycloak-user mailing list