Hey guys.
I just have a pretty straight forward question, i’m trying to apply permissions to a particular resource using aggregated policies. I created an aggregated policy using a role policy and a group policy, i just want that the users who has a specific role and belongs to a specific group to have access to the resource. I tested the permission with the evaluator and works fine, it denies the user that doesn’t belong to the group even tho it has the role. The issue comes when i send a request to a Spring app and try to authorize the resource with the adapter, there it seems to ignore the group policy and allow all the users to access the resource even tho they don’t belong to the group.
P.D.: If i only use role policies it works perfectly with Spring adapter.
Any help?
Thanks.
application.yml
keycloak:
realm: master
resource: test
auth-server-url: http://localhost:8080/auth
principal-attribute: preferred-username
credentials:
secret: 608b76dd-34f9-4d50-a818-926fdef2c901
policy-enforcer-config:
enforcement-mode: ENFORCING
security-constraints:
- auth-roles:
- "*"
security-collections:
- patterns:
- "/*"