[prev in list] [next in list] [prev in thread] [next in thread] 

List:       keycloak-user
Subject:    [keycloak-user] How to check permissions on lot of resources
From:       t.chambard () bee-buzziness ! com (Teddy CHAMBARD)
Date:       2017-12-19 17:50:33
Message-ID: 1a4a5599db2c4bf69934aa23bf53e77c () BBUZ-EXCH01 ! bbuzg ! net
[Download RAW message or body]

Hello,


I'm trying to protect resources with keycloak, but I wonder how to protect \
millions...

I created successfully resources with the Protection API (UMA 2.0), and also created \
necessary permsions and policies with the Admin REST API.


What I would like to do is simply get the list of resources I should be able to \
access.


To simplify my needs, here is a simple example :


Bob asks for resource1 and resource2 throught entitlement API

Regarding my policies and permissions Bob only have rights on resource 1 but not on \
resource2.


I was thinking making a POST request with the following payload :


{
    "permissions" : [
        {
            "resource_set_name" : "resource1"
        }, {
            "resource_set_name" : "resource2"
        }
    ]
}


would return a RPT with the list of permitted resources (resource1), but I got 403 \
forbidden without the list of granted resources.



So, I know I could run two separated requests to get my authorizations, but when I \
have thousands of resources to check, I can't run thousands http requests on \
entitlement API.


The question is how can I filter the data I retrieved from my database with keycloak \
in order to get only granted data ?



Keycloak is wonderful, and I would really continue to use it despite this trouble \
that I encounter.


Thank you very much by advance for your help.


[prev in list] [next in list] [prev in thread] [next in thread]