I am using Java and Spring boot, based on “Authz REST Spring boot quickstarter” : keycloak-quickstarts/app-authz-rest-springboot at latest · keycloak/keycloak-quickstarts · GitHub
Suppose Alice has :
- GET, POST, DELETE, PUT permissions on the resource “/group/1”
- GET permission on the resource “/group/1/posts/1”
- GET, DELETE permissions on the resource “/group/1/posts/2”
Alice performs a GET request to a protected URI “/group/1”.
As a result, the application retrieves the first 10 posts and return them with the permissions related to the accessed resource “/group/1” in the access token.
However, I also want to fetch the permissions for each post (so that I know if I can display a “modify” and/or “delete” button for a given post).
The only way I found to do it is to request each resource “/group/1/posts/{i}” one by one after performing the initial request, but this is redundant.
Is there a way to request the resource “/group/1” and get permissions for both “/group/1” and some sub-resources “/group/1/posts/1”,"/group/1/posts/2", … ?