[keycloak-user] Keycloak fine grained permissions with Spring Boot / Spring Security
David Marsh
dmarsh26 at outlook.com
Thu May 9 03:45:17 EDT 2019
I would like to use permissions or scopes or similar to allow fine grained access to REST resource.
Ideally I would like to do something like:
@PreAuthorize("hasPermission('Brands', 'brands:write')")
ResponseEntity<Brand> getBrand(@PathVariable("brandCode") String brandCode);
where 'Brands' is a keycloak client authorization resource with scopes 'brands:write, brands:read'.
The only annotation that seems to work is @Secured with a role, I do not with to do RBAC.
@Secured({"ROLE_STAFF"})
I have looked at the PolicyEnforcer, it is unclear to me exactly how it is supposed to be used.
I can write code of the form:
KeycloakSecurityContext keycloakSecurityContext = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName());
AuthorizationContext authzContext = keycloakSecurityContext.getAuthorizationContext();
if (authzContext.hasScopePermission("brands:write")) {
// This works....
}
How can I tie the AuthorizationContext from PolicyEnforcing to the standard Spring security annotations ?
thanks
David
More information about the keycloak-user
mailing list