Permissions, Policy and Scopes


I want to protect an endpoint, not every service related but only the HTTP verb GET related to this endpoint.

I thought the best way is to handle this problem with Permission, Policy and Scopes but I can’t associate the created scope (“view”) to the http verb.

I don’t use Spring and I think I have to edit my keycloak.json file in Java project.

my attempt:
“realm”: “demo”,
“auth-server-url”: “localhost:8080/auth/”,
“ssl-required”: “external”,
“resource”: “auth-gateway”,
“credentials”: {
“secret”: “caeb9492-6138-42ff-b819-69b25c09b993”
“use-resource-role-mappings”: true,
“confidential-port”: 0,
“policy-enforcer”: {
“enforcement-mode”: “PERMISSIVE”,
“user-managed-access”: {},
“paths”: [
“name”: “Srl Resource”,
“path”: “/rest/keyspace/nodes/srl”,
“methods”: [
“method”: “GET”,
“scopes”: [
“urn: auth-gateway: scopes: view”

Hi @Phoenix2994, we are on the same path trying to differentiate HTTP GET vs. POST

Were you able to get this working? Thanks.