From 7d15db4d5ee473f2c4ca915a62fd92bb77798824 Mon Sep 17 00:00:00 2001 From: Pedro Igor Date: Thu, 23 Jun 2016 00:16:11 -0300 Subject: [PATCH] Fixes to getting started. --- .../hello-world/create-resource-server.adoc | 4 ++-- topics/getting-started/hello-world/deploy.adoc | 15 +++++++++++++-- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/topics/getting-started/hello-world/create-resource-server.adoc b/topics/getting-started/hello-world/create-resource-server.adoc index 7ab73beaf3..c2bd5ac481 100644 --- a/topics/getting-started/hello-world/create-resource-server.adoc +++ b/topics/getting-started/hello-world/create-resource-server.adoc @@ -13,8 +13,8 @@ Click on the `Save` button to create the client. This should bring you the `Clie .Client Details image:../../../images/getting-started/hello-world/enable-authz.png[alt="Client Details"] -In this page, click on the `Authorization Services Enabled` button. When you do that, a new `Authorization` tab will show up. -Click on this tab and you should see a page like that. +In this page, click on the `Authorization Services Enabled` switch and turn it `ON`. After that click on the `Save` button. +When you do that, a new `Authorization` tab will show up. Click on this tab and you should see a page like that. .Authorization Settings image:../../../images/getting-started/hello-world/authz-settings.png[alt="Authorization Settings"] diff --git a/topics/getting-started/hello-world/deploy.adoc b/topics/getting-started/hello-world/deploy.adoc index 93d375dd0e..b5e5dcf2b2 100644 --- a/topics/getting-started/hello-world/deploy.adoc +++ b/topics/getting-started/hello-world/deploy.adoc @@ -6,7 +6,7 @@ the server and see the results. === Generating the Adapter Configuration First, let's obtain the adapter configuration from the {{book.project.name}} Administration Console. Click on the `Clients` left menu item. In the client listing, -click on the *hello-world-authz-service* client application. This you bring you the `Client Details` page. +click on the *hello-world-authz-service* client application. This will bring you the `Client Details` page. .Client Details image:../../../images/getting-started/hello-world/enable-authz.png[alt="Client Details"] @@ -16,9 +16,20 @@ Click on the `Installation Tab`. In this tab select `Keycloak OIDC JSON` as the .Adapter Configuration image:../../../images/getting-started/hello-world/adapter-config.png[alt="Adapter Configuration"] -Now, go to the *${KEYCLOAK_DEMO_SERVER_DIR}/examples/authz/hello-world-authz-service/src/main/webapp*. There you'll find a *keycloak.json* file. Replace its contents with the adapter configuration +Now, go to the *${KEYCLOAK_DEMO_SERVER_DIR}/examples/authz/hello-world-authz-service/src/main/webapp/WEB-INF*. There you'll find a *keycloak.json* file. Replace its contents with the adapter configuration you just obtained from the {{book.project.name}} Administration Console. +By default, the policy enforcer responds with a `403` status code when the user lacks permissions to access protected resources on the resource server. However, you can also provide a +URL to where you want redirect your users to. For that, change the *keycloak.json* file you just updated and replace the `policy-enforcer` configuration with the following: + +```json +"policy-enforcer": { + "on-deny-redirect-to" : "/hello-world-authz-service/error.jsp" + } +``` + +That last configuration tells the policy enforcer to redirect users to a `/hello-world-authz-service/error.jsp` page in case they dom't have the necessary permissions to access a protected resource. + === Build and Deploy the Application For last, got to the *${KEYCLOAK_DEMO_SERVER_DIR}/examples/authz/hello-world-authz-service/* and execute the following command: