[keycloak-user] Help for using Keycloak in Spring Boot
Dmitry Telegin
demetrio at carretti.pro
Wed May 8 17:39:54 EDT 2019
Hello Ali,
It would be helpful if you could share your application.properties (scrubbing the secrets, if any) as well as authorization settings in Keycloak.
Please also mind that security constraints (role-based) and authorization are separate concepts, in the sense that they are configured and enforced differently.
Cheers,
Dmitry Telegin
Opensource IAM consultant
https://www.linkedin.com/in/d-telegin
On Tue, 2019-05-07 at 08:08 +0000, Ali Ahmadzadeh Asl wrote:
> Hi guys,
>
> Thank you Michal, Thank you Sebastien. As you know, in the application.properties file of this project there is a keycloak.securityConstraints which enforce visitors for having role "user", when I remove this securityConstraints and run the project, every requests redirects to "/accessDenied" page, though based on permissions defined in admin panel, url / is public.
>
> If I have to define at least one securityConstraints in application.properties (which in my opinion, is not a good constraint), how can I define it as a public patterns without any role constraint?
>
>
> ________________________________
> > From: Michal Hajas <mhajas at redhat.com>
> Sent: Tuesday, May 7, 2019 11:27 AM
> To: Sebastien Blanc
> Cc: Ali Ahmadzadeh Asl; keycloak-user at lists.jboss.org
> Subject: Re: [keycloak-user] Help for using Keycloak in Spring Boot
>
> Hi Ali,
>
> as far as I understand, you have to specify securityContrains (it is also in authz quickstart: https://github.com/keycloak/keycloak-quickstarts/blob/latest/app-authz-springboot/src/main/resources/application.properties#L10) so that Keycloak know about your resources. You can specify your permissions and policies afterward.
>
> Michal
>
> > > On Tue, May 7, 2019 at 7:24 AM Sebastien Blanc <sblanc at redhat.com<mailto:sblanc at redhat.com>> wrote:
> Hi Ali,
>
> Have you tried this quickstart that shows how tu use the authz service from KC https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-springboot
> Also make sure you enable the policy enforcer on the app side in the configuration , i.e :
> keycloak.policy-enforcer-config.on-deny-redirect-to=/accessDenied
>
> sebi
>
>
> > On Tue, May 7, 2019 at 7:07 AM Ali Ahmadzadeh Asl <ahmadzadehasl at outlook.com<mailto:ahmadzadehasl at outlook.com>> wrote:
>
> Hi Michal,
>
> I'm configured my server exactly like this tutorial, but I'm not defined any keycloak.securityConstraints in application.properties file, I want to define permissions and policies in Keycloak admin panel. Does this require any special setting? Do anybody have any sample or tutorial for this?
> ________________________________
> > > From: Michal Hajas <mhajas at redhat.com<mailto:mhajas at redhat.com>>
> Sent: Monday, May 6, 2019 12:09 PM
> To: Ali Ahmadzadeh Asl
> > Cc: keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
> Subject: Re: [keycloak-user] Help for using Keycloak in Spring Boot
>
> Hi Ali,
>
> it looks like you have wrongly configured Spring Boot Keycloak adapter. Make sure you configured everything which is shown here (especially the part with security constraints): https://www.keycloak.org/docs/latest/securing_apps/index.html#_spring_boot_adapter
>
> Michal
>
> > > On Sat, May 4, 2019 at 2:21 PM Ali Ahmadzadeh Asl <ahmadzadehasl at outlook.com<mailto:ahmadzadehasl at outlook.com><mailto:ahmadzadehasl at outlook.com<mailto:ahmadzadehasl at outlook.com>>> wrote:
> Hi
> First of all, excuse me for poor English.
>
> I am trying to use Keycloak in Spring Boot 2, I read many articles about this matter, such as follow link:
> https://www.keycloak.org/docs/2.5/securing_apps/topics/oidc/java/spring-boot-adapter.html
>
>
> There was an issue that i can't resolve it. Resource and policy and permissions defined in admin panel for client, does not any effect on my server. For example I defined a resource for URL pattern /rest/* and a policy for having ROLE_REST, also I defined a permission for mapping this resource and policy.
>
> But after running the server, I can use rest services without any limitation and authentication.
> Now the question is: How can I manage Spring Boot application security and permissions from Keycloak admin panel?
>
> Thank you
>
>
> _______________________________________________
> keycloak-user mailing list
> > > keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org><mailto:keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> _______________________________________________
> keycloak-user mailing list
> > keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list