libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

fixed RHSSO-935

Browse source
This commit is contained in:
Jen Malloy 2017-04-04 15:10:19 -04:00
parent 334d532517
commit 055c0aa497
1 changed files with 12 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
authorization_services/topics/policy/evaluation-api.adoc
View file

@ -39,13 +39,23 @@ public interface Evaluation {
void deny();
}
```
[NOTE]
For more information about the Evaluation API see the http://www.keycloak.org/docs/javadocs/index.html[JavaDocs].
When processing an authorization request, {{book.project.name}} creates an `Evaluation` instance before evaluating any policy. This instance is then passed to each policy to determine whether access is *GRANT* or *DENY*.
Policies determine this by invoking the `grant()` or `deny()` methods on an `Evaluation` instance. By default, the state of the `Evaluation` instance is denied, which means that your policies must explicitly invoke the `grant()` method to indicate to the policy evaluation engine that permission should be granted.
{% if book.community %}
For more information about the Evaluation API see the http://www.keycloak.org/docs/javadocs/index.html[JavaDocs].
{% endif %}
{% if book.product %}
For more information about the Evaluation API see the https://access.redhat.com/webassets/avalon/d/red-hat-single-sign-on/version-7.1/javadocs/[JavaDocs].
{% endif %}
==== The Evaluation Context
The evaluation context provides useful information to policies during their evaluation.