1 Reply Latest reply on Dec 26, 2016 9:50 AM by Ranganathan Kaliyur Mannar

    Custom Authorizer does not work

    Ranganathan Kaliyur Mannar Newbie


      I use one of the PL quickstarts - picketlink-authentication-jsf - and then add a custom authorizer. As the authentication in this example does not use any IDM, I want to do the same for authorization.


      My config is like this:

      SecurityConfigurationBuilder builder = event.getBuilder();


      And then, my custom path authorize method is a trivial one:

      if(((User)(identity.getAccount())).getLoginName().contains("admin")) {
        return true;
      return false;


      No matter which user I logon to (jsmith or another user named admin1), I get a forbidden to the admin page. I have added a sysout and can see that, the authorize method returns true (and my admin.xhtml is placed inside the admin folder).


      Please do provide me with some pointers, thanks.


      (note: there is a similar thread done last year, but doesn't answer my question: Authorization for URLs with Login Form )