From c967361cc7d3ef25ccd78f4e5d2f235313a05ce4 Mon Sep 17 00:00:00 2001 From: pedroigor Date: Wed, 4 Apr 2018 08:47:04 -0300 Subject: [PATCH] [KEYCLOAK-7029] - Configuration of cache policies for cached resources/path --- .../enforcer-keycloak-enforcement-filter.adoc | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/authorization_services/topics/enforcer-keycloak-enforcement-filter.adoc b/authorization_services/topics/enforcer-keycloak-enforcement-filter.adoc index a0382babec..dc09ee5b51 100644 --- a/authorization_services/topics/enforcer-keycloak-enforcement-filter.adoc +++ b/authorization_services/topics/enforcer-keycloak-enforcement-filter.adoc @@ -88,12 +88,27 @@ Requests are allowed even when there is no policy associated with a given resour + *** *DISABLED* + -Completely disables the evaluation of policies and allows access to any resource. +Completely disables the evaluation of policies and allows access to any resource. When `enforcement-mode` is `DISABLED` +applications are still able to obtain all permissions granted by {project_name} through the <<_enforcer_authorization_context, Authorization Context>> + ** *on-deny-redirect-to* + Defines a URL where a client request is redirected when an "access denied" message is obtained from the server. By default, the adapter responds with a 403 HTTP status code. + +** *path-cache* ++ +Defines how the policy enforcer should track associations between paths in your application and resources defined in {project_name}. The cache is needed to avoid +unnecessary requests to a {project_name} server by caching associations between paths and protected resources. ++ +*** *lifespan* ++ +Defines the time in milliseconds when the entry should be expired. If not provided, default value is *3000*. A value +less than or equal to 0 can be set to completely disable the cache. ++ +*** *max-entries* ++ +Defines the limit of entries that should be kept in the cache. If not provided, default value is *1000*. ++ ** *paths* + Specifies the paths to protect. This configuration is optional. If not defined, the policy enforcer will discover all paths by fetching the resources you defined to your application in {project_name}, where these resources are defined with a `URI` representing some path in your application.