keycloak-scim/docs/documentation/authorization_services/topics/enforcer-overview.adoc

[[_enforcer_overview]]
= Policy enforcers

Policy Enforcement Point (PEP) is a design pattern and as such you can implement it in different ways. {project_name} provides all the necessary means
to implement PEPs for different platforms, environments, and programming languages. {project_name} Authorization Services presents a RESTful API,
and leverages OAuth2 authorization capabilities for fine-grained authorization using a centralized authorization server.

image:images/pep-pattern-diagram.png[alt="PEP overview"]

A PEP is responsible for enforcing access decisions from the {project_name} server where these decisions are taken by evaluating the policies
associated with a protected resource. It acts as a filter or interceptor in your application in order to check whether or not a particular request
to a protected resource can be fulfilled based on the permissions granted by these decisions.

{project_name} provides built-in support for enabling the *{project_name} Policy Enforcer* to Java applications with built-in support to secure JakartaEE-compliant frameworks and web containers.
If you are using Maven, you should configure the following dependency to your project:

```xml
<dependency>
    <groupId>org.keycloak</groupId>
    <artifactId>keycloak-policy-enforcer</artifactId>
    <version>${keycloak.version}</version>
</dependency>
```

When you enable the policy enforcer all requests sent to your application are intercepted and access to protected resources will be granted
depending on the permissions granted by {project_name} to the identity making the request.

Policy enforcement is strongly linked to your application's paths and the <<_resource_overview, resources>> you created for a resource server using the {project_name} Administration Console. By default,
when you create a resource server, {project_name} creates a <<_resource_server_default_config, default configuration>> for your resource server so you can enable policy enforcement quickly.
[RHSSO-599] - Replacing link with fake 2016-11-29 15:30:53 +00:00			`[[_enforcer_overview]]`
KEYCLOAK-16923-FIX Revising Authorization Services Guide for Red Hat Standards (#1358) 2022-04-18 14:10:57 +00:00			`= Policy enforcers`
Servlet security quickstart 2016-06-03 23:49:26 +00:00
Convert documentation to AsciiDoctor 2017-08-28 12:50:14 +00:00			`Policy Enforcement Point (PEP) is a design pattern and as such you can implement it in different ways. {project_name} provides all the necessary means`
			`to implement PEPs for different platforms, environments, and programming languages. {project_name} Authorization Services presents a RESTful API,`
[KEYCLOAK-3546] - A lot of fixes and improvements to docs from srehorn. 2016-09-09 03:53:39 +00:00			`and leverages OAuth2 authorization capabilities for fine-grained authorization using a centralized authorization server.`
Servlet security quickstart 2016-06-03 23:49:26 +00:00
KEYCLOAK-16923-FIX Revising Authorization Services Guide for Red Hat Standards (#1358) 2022-04-18 14:10:57 +00:00			`image:images/pep-pattern-diagram.png[alt="PEP overview"]`
[KEYCLOAK-4903] - Pushed Claims and improvements to PEP 2018-04-18 20:15:29 +00:00
			`A PEP is responsible for enforcing access decisions from the {project_name} server where these decisions are taken by evaluating the policies`
			`associated with a protected resource. It acts as a filter or interceptor in your application in order to check whether or not a particular request`
			`to a protected resource can be fulfilled based on the permissions granted by these decisions.`

Remove adapters from product documentation (#21177) Closes #21176 Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Co-authored-by: Stian Thorgersen <stianst@gmail.com> 2023-07-11 11:32:52 +00:00			`{project_name} provides built-in support for enabling the {project_name} Policy Enforcer to Java applications with built-in support to secure JakartaEE-compliant frameworks and web containers.`
			`If you are using Maven, you should configure the following dependency to your project:`

			```xml
			`<dependency>`
			`<groupId>org.keycloak</groupId>`
			`<artifactId>keycloak-policy-enforcer</artifactId>`
			`<version>${keycloak.version}</version>`
			`</dependency>`
[KEYCLOAK-4903] - Pushed Claims and improvements to PEP 2018-04-18 20:15:29 +00:00			```

Update enforcer-overview.adoc to add 'by' (#1797) * Update enforcer-overview.adoc missing 'by' * Update authorization_services/topics/enforcer-overview.adoc --------- Co-authored-by: Stian Thorgersen <stian@redhat.com> 2023-03-20 07:40:31 +00:00			`When you enable the policy enforcer all requests sent to your application are intercepted and access to protected resources will be granted`
[KEYCLOAK-4903] - Pushed Claims and improvements to PEP 2018-04-18 20:15:29 +00:00			`depending on the permissions granted by {project_name} to the identity making the request.`

			`Policy enforcement is strongly linked to your application's paths and the <<_resource_overview, resources>> you created for a resource server using the {project_name} Administration Console. By default,`
			`when you create a resource server, {project_name} creates a <<_resource_server_default_config, default configuration>> for your resource server so you can enable policy enforcement quickly.`