Merge pull request #98 from jenmalloy/RHSSO-935

fixed RHSSO-935
This commit is contained in:
Jen Malloy 2017-04-04 15:11:13 -04:00 committed by GitHub
commit 1c4b8383f0

View file

@ -39,13 +39,23 @@ public interface Evaluation {
void deny(); void deny();
} }
``` ```
[NOTE]
For more information about the Evaluation API see the http://www.keycloak.org/docs/javadocs/index.html[JavaDocs].
When processing an authorization request, {{book.project.name}} creates an `Evaluation` instance before evaluating any policy. This instance is then passed to each policy to determine whether access is *GRANT* or *DENY*. When processing an authorization request, {{book.project.name}} creates an `Evaluation` instance before evaluating any policy. This instance is then passed to each policy to determine whether access is *GRANT* or *DENY*.
Policies determine this by invoking the `grant()` or `deny()` methods on an `Evaluation` instance. By default, the state of the `Evaluation` instance is denied, which means that your policies must explicitly invoke the `grant()` method to indicate to the policy evaluation engine that permission should be granted. Policies determine this by invoking the `grant()` or `deny()` methods on an `Evaluation` instance. By default, the state of the `Evaluation` instance is denied, which means that your policies must explicitly invoke the `grant()` method to indicate to the policy evaluation engine that permission should be granted.
{% if book.community %}
For more information about the Evaluation API see the http://www.keycloak.org/docs/javadocs/index.html[JavaDocs].
{% endif %}
{% if book.product %}
For more information about the Evaluation API see the https://access.redhat.com/webassets/avalon/d/red-hat-single-sign-on/version-7.1/javadocs/[JavaDocs].
{% endif %}
==== The Evaluation Context ==== The Evaluation Context
The evaluation context provides useful information to policies during their evaluation. The evaluation context provides useful information to policies during their evaluation.