30 lines
1.3 KiB
JSON
30 lines
1.3 KiB
JSON
|
{
|
||
|
|
"resources": [
|
||
|
|
{
|
||
|
|
"name": "Default Resource",
|
||
|
|
"uri": "/*",
|
||
|
|
"type": "urn:hello-world-authz-service:resources:default"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"policies": [
|
||
|
|
{
|
||
|
|
"name": "Only From Realm Policy",
|
||
|
|
"description": "A policy that grants access only for users within this realm",
|
||
|
|
"type": "js",
|
||
|
|
"config": {
|
||
|
|
"applyPolicies": "[]",
|
||
|
|
"code": "var context = $evaluation.getContext();\n\n// using attributes from the evaluation context to obtain the realm\nvar contextAttributes = context.getAttributes();\nvar realmName = contextAttributes.getValue('kc.realm.name').asString(0);\n\n// using attributes from the identity to obtain the issuer\nvar identity = context.getIdentity();\nvar identityAttributes = identity.getAttributes();\nvar issuer = identityAttributes.getValue('iss').asString(0);\n\n// only users from the realm have access granted \nif (issuer.endsWith(realmName)) {\n $evaluation.grant();\n}"
|
||
|
|
}
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"name": "Default Permission",
|
||
|
|
"description": "A permission that applies to the default resource type",
|
||
|
|
"type": "resource",
|
||
|
|
"config": {
|
||
|
|
"defaultResourceType": "urn:hello-world-authz-service:resources:default",
|
||
|
|
"default": "true",
|
||
|
|
"applyPolicies": "[\"Only From Realm Policy\"]"
|
||
|
|
}
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|