[keycloak-user] Authorization with javascript adapter
Hariprasad N
hariprasad.n at ramyamlab.com
Fri Jan 4 05:04:19 EST 2019
tokenParsed can help upto some extent, but in keycloak autorization we can
create different kind of policies like Role,Javascript, Client, Time, User,
Aggregated, Group. A policy is a condition if it evaluates to true access
allowed. If we implement this conditions at client side it requires lot of
efforts and
these conditions are hard coded, if i want to change the condition again i
need to do code change and deploy again. but in keycloak I can go to admin
console and change the rule, so whenever token is refreshed new condition
can be applied.
On Fri, Jan 4, 2019 at 2:53 PM Alex Chatziparaskewas <
alex.chatziparaskewas at trapezegroup.com> wrote:
> Hi Hari,
>
>
>
> So, have a look into the ‘tokenParsed’ attribute and let me know if it
> helped you (we might need the same at some point in time).
>
>
>
> Thanks & Regards,
>
> Alex
>
>
>
>
>
>
>
> No, it is not related to remember me.
>
> When i saw you question I thought you already working on javascript
> adapter and can help me.
>
>
>
> On Fri, Jan 4, 2019 at 2:35 PM Alex Chatziparaskewas <
> alex.chatziparaskewas at trapezegroup.com> wrote:
>
> Hi Hari,
>
>
>
> Nope, we are not using roles. Once a user is authenticated he is as well
> fully authorised. Anyhow, although we have not gone down that path yet,
> check the ‘tokenParsed’ attribute of the keycloak instance object (just log
> them for starters). It shows some information about access/resource roles
> associated with the current user.
>
>
>
> Question from my side: has this anything to do with my original question
> about updating the ‘remember me’ session?
>
> Thanks & Regards,
>
> Alex
>
>
>
>
>
>
>
> Hi *Alex Chatziparaskewas,*
>
>
>
> *Thanks for your reply.*
>
> *I am not asking about authentication part, in am asking about
> authorization part.*
>
> *For example i want to enable access for a URI(mypoject/test-resource) to
> users who have ROLE 'TEST' ,in the keycloak i can do that in Authorization
> tab*
>
> *of a myclient.*
>
>
>
> That means when a user is logged in he can access URI '
> *mypoject/test-resource*' only if he has ROLE 'TEST' other wise will be
> given error saying access denied.
>
>
>
> This settings working fine with backend applications like java
> webapps/springboot apps, but not working with javascript/Angular apps. If
> you know how to make it work or have sample project let me know.
>
>
>
>
>
> On Fri, Jan 4, 2019 at 12:18 PM Alex Chatziparaskewas <
> alex.chatziparaskewas at trapezegroup.com> wrote:
>
> Hi Hari,
>
>
>
> On the server side the resources are protected by a keycloak gatekeeper
> proxy instance, e.g. our server (at this time) is unaware of security
> aspects. On the client side the login process goes past keycloak’s login
> and registration pages, i.e. the javascript adapter initialises, attempts
> authentication (redirects to login page if unsuccessful) and then does a
> periodic updateToken.
>
>
>
> Thanks & Regards,
>
> Alex
>
>
>
>
>
>
>
> Hi *Alex Chatziparaskewas,*
>
>
>
> *i know you are using javascript adapter for authentication(for login),
> can we use javascript adapter for authorization also like resource
> protection.*
>
>
>
>
>
> --
>
> Thanks & Regards,
>
>
>
> Hari Prasad N
> Senior Software Engineer
> -------------------------------------------------
> Ramyam Intelligence Lab Pvt. Ltd.,
> Part of Arvato
> 3rd & 5th Floors, Mithra Towers, 10/4, Kasturba Road,
> Bangalore – 560001, Karnataka, India.
>
> Phone: +91 80 67269266
> Mobile: +91 7022156319
> E-Mail: *hariprasad.n**@ramyamlab.co <http://ramyamlab.co>m*
>
> *www.ramyamlab.com* <http://www.ramyamlab.com/>
>
>
>
>
> --
>
> Thanks & Regards,
>
>
>
> Hari Prasad N
> Senior Software Engineer
> -------------------------------------------------
> Ramyam Intelligence Lab Pvt. Ltd.,
> Part of Arvato
> 3rd & 5th Floors, Mithra Towers, 10/4, Kasturba Road,
> Bangalore – 560001, Karnataka, India.
>
> Phone: +91 80 67269266
> Mobile: +91 7022156319
> E-Mail: *hariprasad.n**@ramyamlab.co <http://ramyamlab.co>m*
>
> *www.ramyamlab.com* <http://www.ramyamlab.com/>
>
>
>
>
> --
>
> Thanks & Regards,
>
>
>
> Hari Prasad N
> Senior Software Engineer
> -------------------------------------------------
> Ramyam Intelligence Lab Pvt. Ltd.,
> Part of Arvato
> 3rd & 5th Floors, Mithra Towers, 10/4, Kasturba Road,
> Bangalore – 560001, Karnataka, India.
>
> Phone: +91 80 67269266
> Mobile: +91 7022156319
> E-Mail: *hariprasad.n**@ramyamlab.co <http://ramyamlab.co>m*
>
> *www.ramyamlab.com* <http://www.ramyamlab.com/>
>
--
Thanks & Regards,
Hari Prasad N
Senior Software Engineer
-------------------------------------------------
Ramyam Intelligence Lab Pvt. Ltd.,
Part of Arvato
3rd & 5th Floors, Mithra Towers, 10/4, Kasturba Road,
Bangalore – 560001, Karnataka, India.
Phone: +91 80 67269266
Mobile: +91 7022156319
E-Mail: *hariprasad.n at ramyamlab.co <http://ramyamlab.co>m*
*www.ramyamlab.com* <http://www.ramyamlab.com/>
More information about the keycloak-user
mailing list