Let's get down to business, what does it look like?
<security-constraint>
<web-resource-collection>
<web-resource-name>Customers</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
keycloak.js
loads of helpful callbacks for listening, core maintained.
var keycloak = Keycloak();
keycloak.init().success(function(authenticated) {
alert(authenticated ? 'authenticated' : 'not authenticated');
}).error(function() {
alert('failed to initialize');
});
Example: it practically is this simple.
keycloak.js
manages user's session, appends Auth
header to server requestsauthorization
, token
, userinfo
, end_session