Merge pull request #342 from pedroigor/KEYCLOAK-6529
[KEYCLOAK-6529] - Resource Attributes
This commit is contained in:
Matthew Helmke
GitHub
commit
e81b3a2f0b
4 changed files with 12 additions and 3 deletions
Binary file not shown.
|
Before Width: | Height: | Size: 72 KiB After Width: | Height: | Size: 97 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 66 KiB After Width: | Height: | Size: 95 KiB |
|
|
@ -3,10 +3,10 @@
|
||||||
|
|
||||||
When writing rule-based policies using JavaScript or JBoss Drools, {project_name} provides an Evaluation API that provides useful information to help determine whether a permission should be granted.
|
When writing rule-based policies using JavaScript or JBoss Drools, {project_name} provides an Evaluation API that provides useful information to help determine whether a permission should be granted.
|
||||||
|
|
||||||
This API consists of a few interfaces that provides you access to information such as:
|
This API consists of a few interfaces that provide you access to information, such as
|
||||||
|
|
||||||
* The permission being requested
|
* The permission being evaluated, representing both the resource and scopes being requested.
|
||||||
* The identity that is requesting the permission, from which you can obtain claims/attributes
|
* The attributes associated with the resource being requested
|
||||||
* Runtime environment and any other attribute associated with the execution context
|
* Runtime environment and any other attribute associated with the execution context
|
||||||
* Information about users such as group membership and roles
|
* Information about users such as group membership and roles
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -31,11 +31,20 @@ is usually the relative path used to serve these resources.
|
||||||
+
|
+
|
||||||
One or more scopes to associate with the resource.
|
One or more scopes to associate with the resource.
|
||||||
|
|
||||||
|
== Resource Attributes
|
||||||
|
|
||||||
|
Resources may have attributes associated with them. These attributes can be used to provide additional information about
|
||||||
|
a resource and to provide additional information to policies when evaluating permissions associated with a resource.
|
||||||
|
|
||||||
|
Each attribute is a key and value pair where the value can be a set of one or many strings. Multiple values can be defined for an attribute by separating each value with a comma.
|
||||||
|
|
||||||
|
|
||||||
== Typed Resources
|
== Typed Resources
|
||||||
|
|
||||||
The type field of a resource can be used to group different resources together, so they can be protected using a common set of permissions.
|
The type field of a resource can be used to group different resources together, so they can be protected using a common set of permissions.
|
||||||
|
|
||||||
== Resource Owners
|
== Resource Owners
|
||||||
|
|
||||||
Resources also have an owner. By default, resources are owned by the resource server.
|
Resources also have an owner. By default, resources are owned by the resource server.
|
||||||
|
|
||||||
However, resources can also be associated with users, so you can create permissions based on the resource owner. For example, only the resource owner is allowed to delete or update a given resource.
|
However, resources can also be associated with users, so you can create permissions based on the resource owner. For example, only the resource owner is allowed to delete or update a given resource.
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue