keycloak-scim/topics/resource-server/default-config.adoc

== Default Configuration

When you create a resource server, {{book.project.name}} creates a default configuration to your newly created resource server.

The default configuration consists of:

* A default protected resource representing all resources in your application.
* A policy that grants access only for users within the same _realm_ as the resource server.
* A permission that governs access to all resources based on the default policy.

The default protected resource is called *Default Resource* and you can see it if you click on the `Resources` tab.

.Default Resource
image:../../images/resource-server/default-resource.png[alt="Default Resource"]

This resource defines a `Type` `urn:my-resource-server:resources:default` and an `URI` `/*`. Here, the `URI` field defines a
wildcard pattern that tells {{book.project.name}} that this resource represents all the paths in your application. In other words,
when enabling link:../enforcer/overview.html[Policy Enforcement] to your application, all the permissions associated with the resource
will be checked before granting access.

The `Type` aforementioned defines a value that can be used to create link:../permission/typed-resource-permission.adoc[Typed Resource Permissions] that must be applied
to the default resource or any other resource you create using the same type.

The default policy is called *Only From Realm Policy* and you can see it if you click on the `Policies` tab.

.Default Policy
image:../../images/resource-server/default-policy.png[alt="Default Policy"]

This policy is a link:../policy/js-policy.html[JavaScript-Based Policy] defining a condition that always grant access to the resources protected by this policy. If you click on this policy you'll see that it defines a rule as follows:

```js
// by default, grants any permission associated with this policy
$evaluation.grant();
```

For last, the default permission is called *Default Permission* and you can see it if you click on the `Permissions` tab.

.Default Permission
image:../../images/resource-server/default-permission.png[alt="Default Permission"]

This permission is a link:../permission/overview.html[Resource-Based Permission], defining that a set of one or more policies should
 be applied to all resources with a given type.

== Post-Configuration Instructions

You are not forced to keep the default configuration if you don't want to. You can remove the default resource, policy and permission any time you want.
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00			`== Default Configuration`

			`When you create a resource server, {{book.project.name}} creates a default configuration to your newly created resource server.`

			`The default configuration consists of:`

			`* A default protected resource representing all resources in your application.`
			`* A policy that grants access only for users within the same _realm_ as the resource server.`
			`* A permission that governs access to all resources based on the default policy.`

			The default protected resource is called Default Resource and you can see it if you click on the `Resources` tab.

			`.Default Resource`
			`image:../../images/resource-server/default-resource.png[alt="Default Resource"]`

			This resource defines a `Type` `urn:my-resource-server:resources:default` and an `URI` `/*`. Here, the `URI` field defines a
			`wildcard pattern that tells {{book.project.name}} that this resource represents all the paths in your application. In other words,`
			`when enabling link:../enforcer/overview.html[Policy Enforcement] to your application, all the permissions associated with the resource`
			`will be checked before granting access.`

Fixes based on Stian feedback. 2016-07-26 21:34:49 +00:00			The `Type` aforementioned defines a value that can be used to create link:../permission/typed-resource-permission.adoc[Typed Resource Permissions] that must be applied
			`to the default resource or any other resource you create using the same type.`

Updating docs with latest changes. 2016-06-16 17:08:04 +00:00			The default policy is called Only From Realm Policy and you can see it if you click on the `Policies` tab.

			`.Default Policy`
			`image:../../images/resource-server/default-policy.png[alt="Default Policy"]`

Fixes based on Stian feedback. 2016-07-26 21:34:49 +00:00			`This policy is a link:../policy/js-policy.html[JavaScript-Based Policy] defining a condition that always grant access to the resources protected by this policy. If you click on this policy you'll see that it defines a rule as follows:`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00
			```js
Fixes based on Stian feedback. 2016-07-26 21:34:49 +00:00			`// by default, grants any permission associated with this policy`
			`$evaluation.grant();`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00			```

			For last, the default permission is called Default Permission and you can see it if you click on the `Permissions` tab.

			`.Default Permission`
			`image:../../images/resource-server/default-permission.png[alt="Default Permission"]`

			`This permission is a link:../permission/overview.html[Resource-Based Permission], defining that a set of one or more policies should`
			`be applied to all resources with a given type.`

			`== Post-Configuration Instructions`

			`You are not forced to keep the default configuration if you don't want to. You can remove the default resource, policy and permission any time you want.`