2016-07-29 15:42:53 +00:00
|
|
|
{
|
|
|
|
"allowRemoteResourceManagement": true,
|
|
|
|
"policyEnforcementMode": "ENFORCING",
|
|
|
|
"resources": [
|
|
|
|
{
|
|
|
|
"name": "Admin Resource",
|
|
|
|
"uri": "/protected/admin/*",
|
|
|
|
"type": "http://servlet-authz/protected/admin",
|
|
|
|
"scopes": [
|
|
|
|
{
|
|
|
|
"name": "urn:servlet-authz:protected:admin:access"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "Protected Resource",
|
|
|
|
"uri": "/*",
|
|
|
|
"type": "http://servlet-authz/protected/resource",
|
|
|
|
"scopes": [
|
|
|
|
{
|
|
|
|
"name": "urn:servlet-authz:protected:resource:access"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "Premium Resource",
|
|
|
|
"uri": "/protected/premium/*",
|
|
|
|
"scopes": [
|
|
|
|
{
|
|
|
|
"name": "urn:servlet-authz:protected:premium:access"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "Main Page",
|
|
|
|
"scopes": [
|
|
|
|
{
|
|
|
|
"name": "urn:servlet-authz:page:main:actionForAdmin"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "urn:servlet-authz:page:main:actionForUser"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "urn:servlet-authz:page:main:actionForPremiumUser"
|
|
|
|
}
|
|
|
|
]
|
2017-10-20 22:51:19 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "Resource A",
|
|
|
|
"uri": "/protected/scopes.jsp",
|
|
|
|
"scopes": [
|
|
|
|
{
|
|
|
|
"name": "read"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "write"
|
|
|
|
}
|
|
|
|
]
|
2018-04-06 13:50:55 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "Resource Protected With Claim",
|
|
|
|
"uri": "/protected/context/context.jsp"
|
2018-07-03 07:56:25 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "Multiple URL resource",
|
|
|
|
"uris": ["/keycloak-7269/sub-resource1/*", "/keycloak-7269/sub-resource2/{whatever-pattern}/page.jsp"]
|
2019-12-17 23:41:36 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "Resource Protected With Body Claim",
|
|
|
|
"uri": "/protected/filter/body"
|
2016-07-29 15:42:53 +00:00
|
|
|
}
|
|
|
|
],
|
|
|
|
"policies": [
|
|
|
|
{
|
|
|
|
"name": "Any Admin Policy",
|
|
|
|
"description": "Defines that adminsitrators can do something",
|
|
|
|
"type": "role",
|
|
|
|
"config": {
|
|
|
|
"roles": "[{\"id\":\"admin\"}]"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "Any User Policy",
|
|
|
|
"description": "Defines that any user can do something",
|
|
|
|
"type": "role",
|
|
|
|
"config": {
|
|
|
|
"roles": "[{\"id\":\"user\"}]"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "Only Premium User Policy",
|
|
|
|
"description": "Defines that only premium users can do something",
|
|
|
|
"type": "role",
|
|
|
|
"logic": "POSITIVE",
|
|
|
|
"config": {
|
|
|
|
"roles": "[{\"id\":\"user_premium\"}]"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "All Users Policy",
|
|
|
|
"description": "Defines that all users can do something",
|
|
|
|
"type": "aggregate",
|
|
|
|
"decisionStrategy": "AFFIRMATIVE",
|
|
|
|
"config": {
|
|
|
|
"applyPolicies": "[\"Any User Policy\",\"Any Admin Policy\",\"Only Premium User Policy\"]"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "Premium Resource Permission",
|
|
|
|
"description": "A policy that defines access to premium resources",
|
|
|
|
"type": "resource",
|
|
|
|
"decisionStrategy": "UNANIMOUS",
|
|
|
|
"config": {
|
|
|
|
"resources": "[\"Premium Resource\"]",
|
|
|
|
"applyPolicies": "[\"Only Premium User Policy\"]"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "Administrative Resource Permission",
|
|
|
|
"description": "A policy that defines access to administrative resources",
|
|
|
|
"type": "resource",
|
|
|
|
"decisionStrategy": "UNANIMOUS",
|
|
|
|
"config": {
|
|
|
|
"resources": "[\"Admin Resource\"]",
|
|
|
|
"applyPolicies": "[\"Any Admin Policy\"]"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "Protected Resource Permission",
|
|
|
|
"description": "A policy that defines access to any protected resource",
|
|
|
|
"type": "resource",
|
|
|
|
"decisionStrategy": "AFFIRMATIVE",
|
|
|
|
"config": {
|
|
|
|
"resources": "[\"Protected Resource\"]",
|
|
|
|
"applyPolicies": "[\"All Users Policy\"]"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "Action 1 on Main Page Resource Permission",
|
|
|
|
"description": "A policy that defines access to action 1 on the main page",
|
|
|
|
"type": "scope",
|
|
|
|
"decisionStrategy": "AFFIRMATIVE",
|
|
|
|
"config": {
|
|
|
|
"scopes": "[\"urn:servlet-authz:page:main:actionForAdmin\"]",
|
|
|
|
"applyPolicies": "[\"Any Admin Policy\"]"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "Action 2 on Main Page Resource Permission",
|
|
|
|
"description": "A policy that defines access to action 2 on the main page",
|
|
|
|
"type": "scope",
|
|
|
|
"decisionStrategy": "AFFIRMATIVE",
|
|
|
|
"config": {
|
|
|
|
"scopes": "[\"urn:servlet-authz:page:main:actionForUser\"]",
|
|
|
|
"applyPolicies": "[\"Any User Policy\"]"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "Action 3 on Main Page Resource Permission",
|
|
|
|
"description": "A policy that defines access to action 3 on the main page",
|
|
|
|
"type": "scope",
|
|
|
|
"decisionStrategy": "AFFIRMATIVE",
|
|
|
|
"config": {
|
|
|
|
"scopes": "[\"urn:servlet-authz:page:main:actionForPremiumUser\"]",
|
|
|
|
"applyPolicies": "[\"Only Premium User Policy\"]"
|
|
|
|
}
|
2017-10-20 22:51:19 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "Deny Policy",
|
2022-04-20 12:25:16 +00:00
|
|
|
"type": "script-scripts/always-deny-policy.js",
|
2017-10-20 22:51:19 +00:00
|
|
|
"logic": "POSITIVE",
|
2022-04-20 12:25:16 +00:00
|
|
|
"decisionStrategy": "UNANIMOUS"
|
2017-10-20 22:51:19 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "Resource A Read Permission",
|
|
|
|
"type": "scope",
|
|
|
|
"logic": "POSITIVE",
|
|
|
|
"decisionStrategy": "UNANIMOUS",
|
|
|
|
"config": {
|
|
|
|
"resources": "[\"Resource A\"]",
|
|
|
|
"scopes": "[\"read\"]",
|
|
|
|
"applyPolicies": "[\"Any User Policy\"]"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "Resource A Write Permission",
|
|
|
|
"type": "scope",
|
|
|
|
"logic": "POSITIVE",
|
|
|
|
"decisionStrategy": "UNANIMOUS",
|
|
|
|
"config": {
|
|
|
|
"resources": "[\"Resource A\"]",
|
|
|
|
"scopes": "[\"write\"]",
|
|
|
|
"applyPolicies": "[\"Deny Policy\"]"
|
|
|
|
}
|
2018-04-06 13:50:55 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "Resource Protected With Claim Permission",
|
|
|
|
"type": "resource",
|
|
|
|
"logic": "POSITIVE",
|
|
|
|
"decisionStrategy": "UNANIMOUS",
|
|
|
|
"config": {
|
|
|
|
"resources": "[\"Resource Protected With Claim\"]",
|
|
|
|
"applyPolicies": "[\"Request Claim Policy\"]"
|
|
|
|
}
|
|
|
|
},
|
2018-07-03 07:56:25 +00:00
|
|
|
{
|
|
|
|
"name": "Permission for multiple url resource",
|
|
|
|
"type": "resource",
|
|
|
|
"logic": "POSITIVE",
|
|
|
|
"decisionStrategy": "UNANIMOUS",
|
|
|
|
"config": {
|
|
|
|
"resources": "[\"Multiple URL resource\"]",
|
|
|
|
"applyPolicies": "[\"All Users Policy\"]"
|
|
|
|
}
|
|
|
|
},
|
2018-04-06 13:50:55 +00:00
|
|
|
{
|
|
|
|
"name": "Request Claim Policy",
|
|
|
|
"description": "A policy that grants access based on claims from an http request",
|
2022-04-20 12:25:16 +00:00
|
|
|
"type": "script-scripts/allow-value-from-request-claim.js",
|
2018-04-06 13:50:55 +00:00
|
|
|
"logic": "POSITIVE",
|
2022-04-20 12:25:16 +00:00
|
|
|
"decisionStrategy": "UNANIMOUS"
|
2019-12-17 23:41:36 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"name": "Resource Protected With Body Claim Permission",
|
|
|
|
"type": "resource",
|
|
|
|
"logic": "POSITIVE",
|
|
|
|
"decisionStrategy": "UNANIMOUS",
|
|
|
|
"config": {
|
|
|
|
"resources": "[\"Resource Protected With Body Claim\"]",
|
|
|
|
"applyPolicies": "[\"Any User Policy\"]"
|
|
|
|
}
|
2016-07-29 15:42:53 +00:00
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|