Merge pull request #356 from pedroigor/KEYCLOAK-7029

[KEYCLOAK-7029] - Configuration of cache policies for cached resource…

authorization_services/topics/enforcer-keycloak-enforcement-filter.adoc

@@ -88,12 +88,27 @@ Requests are allowed even when there is no policy associated with a given resour
 +
 *** *DISABLED*
 +
-Completely disables the evaluation of policies and allows access to any resource.
+Completely disables the evaluation of policies and allows access to any resource. When `enforcement-mode` is `DISABLED`
+applications are still able to obtain all permissions granted by {project_name} through the <<_enforcer_authorization_context, Authorization Context>>
 +
 ** *on-deny-redirect-to*
 +
 Defines a URL where a client request is redirected when an "access denied" message is obtained from the server. By default, the adapter responds with a 403 HTTP status code.
 +
+** *path-cache*
++
+Defines how the policy enforcer should track associations between paths in your application and resources defined in {project_name}. The cache is needed to avoid
+unnecessary requests to a {project_name} server by caching associations between paths and protected resources.
++
+*** *lifespan*
++
+Defines the time in milliseconds when the entry should be expired. If not provided, default value is *3000*. A value
+less than or equal to 0 can be set to completely disable the cache.
++
+*** *max-entries*
++
+Defines the limit of entries that should be kept in the cache. If not provided, default value is *1000*.
++
 ** *paths*
 +
 Specifies the paths to protect. This configuration is optional. If not defined, the policy enforcer will discover all paths by fetching the resources you defined to your application in {project_name}, where these resources are defined with a `URI` representing some path in your application.