libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

KEYCLOAK-7269 Resource is now configurable with multiple URIS instead of one

Browse source
This commit is contained in:
mhajas 2018-07-16 10:25:03 +02:00 committed by Pedro Igor
parent 12847e293c
commit e3535add38
4 changed files with 8 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
authorization_services/topics/enforcer-keycloak-enforcement-filter.adoc
View file

@ -57,7 +57,7 @@ Here is a description of each configuration option:
* *policy-enforcer*
+
Specifies the configuration options that define how policies are actually enforced and optionally the paths you want to protect. If not specified, the policy enforcer queries the server
for all resources associated with the resource server being protected. In this case, you need to ensure the resources are properly configured with a <<_resource_create_uri, URI>> property that matches the paths you want to protect.
for all resources associated with the resource server being protected. In this case, you need to ensure the resources are properly configured with a <<_resource_create_uri, URIS>> property that matches the paths you want to protect.
+
** *user-managed-access*
+
@ -101,11 +101,11 @@ Defines the limit of entries that should be kept in the cache. If not provided,
+
** *paths*
+
Specifies the paths to protect. This configuration is optional. If not defined, the policy enforcer will discover all paths by fetching the resources you defined to your application in {project_name}, where these resources are defined with a `URI` representing some path in your application.
Specifies the paths to protect. This configuration is optional. If not defined, the policy enforcer will discover all paths by fetching the resources you defined to your application in {project_name}, where these resources are defined with `URIS` representing some paths in your application.
+
*** *name*
+
The name of a resource on the server that is to be associated with a given path. When used in conjunction with a *path*, the policy enforcer ignores the resource's *URI* property and uses the path you provided instead.
The name of a resource on the server that is to be associated with a given path. When used in conjunction with a *path*, the policy enforcer ignores the resource's *URIS* property and uses the path you provided instead.
*** *path*
+
(required) A URI relative to the application's context path. If this option is specified, the policy enforcer queries the server for a resource with a *URI* with the same value.

6
authorization_services/topics/resource-create.adoc
View file

@ -22,10 +22,10 @@ A string uniquely identifying the type of a set of one or more resources. The ty
For example, the default type for the default resource that is automatically created is `urn:resource-server-name:resources:default`
[[_resource_create_uri]]
* *URI*
* *URIS*
+
A URI that provides the location/address for the resource. For HTTP resources, the URI
is usually the relative path used to serve these resources.
URIS that provides the locations/addresses for the resource. For HTTP resources, the URIS
are usually the relative paths used to serve these resources.
+
* *Scopes*
+

2
authorization_services/topics/resource-server-default-config.adoc
View file

@ -49,4 +49,4 @@ The default resource is created with an **URI** that maps to any resource or pat
sure the default configuration doesn't conflict with your own settings.
[NOTE]
The default configuration defines a resource that maps to all paths in your application. If you are about to write permissions to your own resources, be sure to remove the *Default Resource* or change its ```URI``` field to a more specific path in your application. Otherwise, the policy associated with the default resource (which by default always grants access) will allow {project_name} to grant access to any protected resource.
The default configuration defines a resource that maps to all paths in your application. If you are about to write permissions to your own resources, be sure to remove the *Default Resource* or change its ```URIS``` fields to a more specific paths in your application. Otherwise, the policy associated with the default resource (which by default always grants access) will allow {project_name} to grant access to any protected resource.

2
authorization_services/topics/resource-view.adoc
View file

@ -9,7 +9,7 @@ image:{project_images}/resource/view.png[alt="Resources"]
The resource list provides information about the protected resources, such as:
* Type
* URI
* URIS
* Owner
* Associated scopes, if any
* Associated permissions