From 371d5c11158123b37caa828f912fe3b79fad1e29 Mon Sep 17 00:00:00 2001 From: Pedro Igor Date: Wed, 10 Oct 2018 09:22:02 -0300 Subject: [PATCH] [KEYCLOAK-8449] - Option to automatically map HTTP verbs to scopes when configuring the policy enforcer --- .../enforcer-keycloak-enforcement-filter.adoc | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/authorization_services/topics/enforcer-keycloak-enforcement-filter.adoc b/authorization_services/topics/enforcer-keycloak-enforcement-filter.adoc index c17bad353a..e3de04f494 100644 --- a/authorization_services/topics/enforcer-keycloak-enforcement-filter.adoc +++ b/authorization_services/topics/enforcer-keycloak-enforcement-filter.adoc @@ -149,9 +149,19 @@ Specifies how policies are enforced. *** *claim-information-point* + Defines a set of one or more claims that must be resolved and pushed to the {project_name} server in order to make these claims available to policies. See <<_enforcer_claim_information_point, Claim Information Point>> for more details. ++ ** *lazy-load-paths* + -Specifies how the adapter should fetch the server for resources associated with paths in your application. If true, the policy +Specifies how the adapter should fetch the server for resources associated with paths in your application. If *true*, the policy enforcer is going to fetch resources on-demand accordingly with the path being requested. This configuration is specially useful when you don't want to fetch all resources from the server during deployment (in case you have provided no `paths`) or in case -you have defined only a sub set of `paths` and want to fetch others on-demand. \ No newline at end of file +you have defined only a sub set of `paths` and want to fetch others on-demand. ++ +** *http-method-as-scope* ++ +Specifies how scopes should be mapped to HTTP methods. If set to *true*, the policy enforcer will use the HTTP method from the current request to +check whether or not access should be granted. When enabled, make sure your resources in {project_name} are associated with scopes representing each HTTP method you are protecting. ++ +** *claim-information-point* ++ +Defines a set of one or more *global* claims that must be resolved and pushed to the {project_name} server in order to make these claims available to policies. See <<_enforcer_claim_information_point, Claim Information Point>> for more details. \ No newline at end of file