Merge pull request #342 from pedroigor/KEYCLOAK-6529
[KEYCLOAK-6529] - Resource Attributes
This commit is contained in:
commit
e81b3a2f0b
4 changed files with 12 additions and 3 deletions
Binary file not shown.
Before Width: | Height: | Size: 72 KiB After Width: | Height: | Size: 97 KiB |
Binary file not shown.
Before Width: | Height: | Size: 66 KiB After Width: | Height: | Size: 95 KiB |
|
@ -3,10 +3,10 @@
|
|||
|
||||
When writing rule-based policies using JavaScript or JBoss Drools, {project_name} provides an Evaluation API that provides useful information to help determine whether a permission should be granted.
|
||||
|
||||
This API consists of a few interfaces that provides you access to information such as:
|
||||
This API consists of a few interfaces that provide you access to information, such as
|
||||
|
||||
* The permission being requested
|
||||
* The identity that is requesting the permission, from which you can obtain claims/attributes
|
||||
* The permission being evaluated, representing both the resource and scopes being requested.
|
||||
* The attributes associated with the resource being requested
|
||||
* Runtime environment and any other attribute associated with the execution context
|
||||
* Information about users such as group membership and roles
|
||||
|
||||
|
|
|
@ -31,11 +31,20 @@ is usually the relative path used to serve these resources.
|
|||
+
|
||||
One or more scopes to associate with the resource.
|
||||
|
||||
== Resource Attributes
|
||||
|
||||
Resources may have attributes associated with them. These attributes can be used to provide additional information about
|
||||
a resource and to provide additional information to policies when evaluating permissions associated with a resource.
|
||||
|
||||
Each attribute is a key and value pair where the value can be a set of one or many strings. Multiple values can be defined for an attribute by separating each value with a comma.
|
||||
|
||||
|
||||
== Typed Resources
|
||||
|
||||
The type field of a resource can be used to group different resources together, so they can be protected using a common set of permissions.
|
||||
|
||||
== Resource Owners
|
||||
|
||||
Resources also have an owner. By default, resources are owned by the resource server.
|
||||
|
||||
However, resources can also be associated with users, so you can create permissions based on the resource owner. For example, only the resource owner is allowed to delete or update a given resource.
|
||||
|
|
Loading…
Reference in a new issue