commit
ed5758fc6e
2 changed files with 15 additions and 4 deletions
|
@ -13,8 +13,8 @@ Click on the `Save` button to create the client. This should bring you the `Clie
|
|||
.Client Details
|
||||
image:../../../images/getting-started/hello-world/enable-authz.png[alt="Client Details"]
|
||||
|
||||
In this page, click on the `Authorization Services Enabled` button. When you do that, a new `Authorization` tab will show up.
|
||||
Click on this tab and you should see a page like that.
|
||||
In this page, click on the `Authorization Services Enabled` switch and turn it `ON`. After that click on the `Save` button.
|
||||
When you do that, a new `Authorization` tab will show up. Click on this tab and you should see a page like that.
|
||||
|
||||
.Authorization Settings
|
||||
image:../../../images/getting-started/hello-world/authz-settings.png[alt="Authorization Settings"]
|
||||
|
|
|
@ -6,7 +6,7 @@ the server and see the results.
|
|||
=== Generating the Adapter Configuration
|
||||
|
||||
First, let's obtain the adapter configuration from the {{book.project.name}} Administration Console. Click on the `Clients` left menu item. In the client listing,
|
||||
click on the *hello-world-authz-service* client application. This you bring you the `Client Details` page.
|
||||
click on the *hello-world-authz-service* client application. This will bring you the `Client Details` page.
|
||||
|
||||
.Client Details
|
||||
image:../../../images/getting-started/hello-world/enable-authz.png[alt="Client Details"]
|
||||
|
@ -16,9 +16,20 @@ Click on the `Installation Tab`. In this tab select `Keycloak OIDC JSON` as the
|
|||
.Adapter Configuration
|
||||
image:../../../images/getting-started/hello-world/adapter-config.png[alt="Adapter Configuration"]
|
||||
|
||||
Now, go to the *${KEYCLOAK_DEMO_SERVER_DIR}/examples/authz/hello-world-authz-service/src/main/webapp*. There you'll find a *keycloak.json* file. Replace its contents with the adapter configuration
|
||||
Now, go to the *${KEYCLOAK_DEMO_SERVER_DIR}/examples/authz/hello-world-authz-service/src/main/webapp/WEB-INF*. There you'll find a *keycloak.json* file. Replace its contents with the adapter configuration
|
||||
you just obtained from the {{book.project.name}} Administration Console.
|
||||
|
||||
By default, the policy enforcer responds with a `403` status code when the user lacks permissions to access protected resources on the resource server. However, you can also provide a
|
||||
URL to where you want redirect your users to. For that, change the *keycloak.json* file you just updated and replace the `policy-enforcer` configuration with the following:
|
||||
|
||||
```json
|
||||
"policy-enforcer": {
|
||||
"on-deny-redirect-to" : "/hello-world-authz-service/error.jsp"
|
||||
}
|
||||
```
|
||||
|
||||
That last configuration tells the policy enforcer to redirect users to a `/hello-world-authz-service/error.jsp` page in case they dom't have the necessary permissions to access a protected resource.
|
||||
|
||||
=== Build and Deploy the Application
|
||||
|
||||
For last, got to the *${KEYCLOAK_DEMO_SERVER_DIR}/examples/authz/hello-world-authz-service/* and execute the following command:
|
||||
|
|
Loading…
Reference in a new issue