Ignoring the application of policy to public url patterns that are part of default resources in the Spring Boot setup or the Keycloak console

Omshukla · June 8, 2023, 4:45am

Hello, I am using application.properties to configure the Keycloak adapter for KeycloakDeployment. I am implementing Keycloak scope base policy enforcement in my Spring boot application. For public urls, I wish to turn off policy enforcement.
If you have any advice on how I may configure public urls to be excluded from tests, please let me know.

Here is my application.properties config

keycloak.securityConstraints[0].securityCollections[0].name = user operation
keycloak.securityConstraints[0].authRoles[0] = Mobile-user
keycloak.securityConstraints[0].authRoles[1] = Customer-support
keycloak.securityConstraints[0].securityCollections[0].patterns[0] = /users
keycloak.securityConstraints[0].securityCollections[0].patterns[1] = /users/*

keycloak.securityConstraints[1].securityCollections[0].name = system operation
keycloak.securityConstraints[1].authRoles[0] = System-user
keycloak.securityConstraints[1].securityCollections[0].patterns[0] = /tenants
keycloak.securityConstraints[1].securityCollections[0].patterns[1] = /tenants/*

keycloak.securityConstraints[2].securityCollections[0].name = Default operation
keycloak.securityConstraints[2].authRoles[0] = *
keycloak.securityConstraints[2].securityCollections[0].patterns[0] = /users/signin

keycloak.policy-enforcer-config.paths[3].name=Default Resource
keycloak.policy-enforcer-config.paths[3].path=/users/signin

keycloak.policy-enforcer-config.paths[0].name=Tenant Resource
keycloak.policy-enforcer-config.paths[0].path=/tenants/*
keycloak.policy-enforcer-config.paths[0].methods[0].method=GET
keycloak.policy-enforcer-config.paths[0].methods[0].scopes[0]=GET
keycloak.policy-enforcer-config.paths[0].methods[1].method=PUT
keycloak.policy-enforcer-config.paths[0].methods[1].scopes[0]=PUT
keycloak.policy-enforcer-config.paths[0].methods[2].method=DELETE
keycloak.policy-enforcer-config.paths[0].methods[2].scopes[0]=DELETE

keycloak.policy-enforcer-config.paths[1].name=Add User Resource
keycloak.policy-enforcer-config.paths[1].path=/users
keycloak.policy-enforcer-config.paths[1].methods[0].method=POST
keycloak.policy-enforcer-config.paths[1].methods[0].scopes[0]=POST
keycloak.policy-enforcer-config.paths[1].methods[1].method=GET
keycloak.policy-enforcer-config.paths[1].methods[1].scopes[0]=GET

keycloak.policy-enforcer-config.paths[2].name=Mobile User Resource
keycloak.policy-enforcer-config.paths[2].path=/users/*
keycloak.policy-enforcer-config.paths[2].methods[0].method=GET
keycloak.policy-enforcer-config.paths[2].methods[0].scopes[0]=GET
keycloak.policy-enforcer-config.paths[2].methods[1].method=PUT
keycloak.policy-enforcer-config.paths[2].methods[1].scopes[0]=PUT
keycloak.policy-enforcer-config.paths[2].methods[2].method=DELETE
keycloak.policy-enforcer-config.paths[2].methods[2].scopes[0]=DELETE
keycloak.policy-enforcer-config.enforcement-mode=PERMISSIVE
keycloak.policy-enforcer-config.lazy-load-paths=true
keycloak.use-resource-role-mappings=true

Please suggest if i am missing something.

Topic		Replies	Views
Ignoring policy enforcement for url patterns not specified in Spring Boot configuration Securing applications adapter-java , authentication	4	3717	June 24, 2021
Error processing request Getting advice	0	1366	March 27, 2020
How to configure ClaimInformationPoint to call external REST API in SpringBoot application.properties file Securing applications	1	486	June 18, 2021
Setting Up Policy-Enforcer in Keycloak Securing applications	0	1432	May 26, 2020
Keycloak Policy Enforcement with Springboot App Getting advice authentication , oidc	0	470	May 17, 2022

Ignoring the application of policy to public url patterns that are part of default resources in the Spring Boot setup or the Keycloak console

Related Topics