[keycloak-user] R: Keycloak Share a resource with other User
Nicola Messina
nikmess at hotmail.it
Tue Sep 17 04:40:11 EDT 2019
Hi Pedro,
tanks for the answer, sorry, but i dont understand how, my code is :
String resourceId="3707be30-6e85-4d48-92c9-afaf0750eaec";
String DestinatarioId="4308881b-5754-44e4-a8c6-dbd13bbbc4a6";
String scopeId="3497b93d-ae42-42ee-b825-f1da667902b4";
String Soggetto = keycloak_helper.getKeycloakSecurityContext(request).getToken().getSubject();
PermissionTicketRepresentation ticket = new PermissionTicketRepresentation();
ticket.setOwner(Soggetto);
ticket.setOwnerName("alice");
ticket.setResource(resourceId);
ticket.setResourceName("Foto-Vacci");
ticket.setRequester(DestinatarioId);
ticket.setRequesterName("bob");
ticket.setScope(scopeId);
ticket.setScopeName("foto:view");
ticket.setGranted(true);
keycloak_helper.getAuthzClient(request).protection().permission().create(ticket);
The request is made from the owner of the resource "alice" and this request is made from the Java backend, like the photoz example.
Can you help me understand what is wrong?
King Regards
________________________________
Da: Pedro Igor Silva <psilva at redhat.com>
Inviato: lunedì 16 settembre 2019 23:14
A: Nicola <nikmess at hotmail.it>
Cc: keycloak-user <keycloak-user at lists.jboss.org>
Oggetto: Re: [keycloak-user] Keycloak Share a resource with other User
Hi,
Basically, only the owner can create tickets for his/her resources. You need to access the API using a bearer token where the owner of the resource is the subject.
Regards.
Pedro Igor
On Mon, Sep 16, 2019 at 3:21 PM Nicola <nikmess at hotmail.it<mailto:nikmess at hotmail.it>> wrote:
Hi, i'm new to keycloak, i'm watching the *photoz uma example*, in this
example a user can *create *a resource and then *share *with other user, i'm
interested to this feature.
Checking in the JavaDOC i've found that from a PermissionResource i can
create a *PermissionTicketRepresentation*, where i can set the resource, the
scope, the owner and the requester of the resource, i've tried this, but i
get
/{"error":"not_authorised","error_description":"permissions for
[3707be30-6e85-4d48-92c9-afaf0750eaec] can be only created by the owner"}/
so, how can i do this via code?
kind regards
--
Sent from: http://keycloak-user.88327.x6.nabble.com/
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list