{ "allowRemoteResourceManagement": true, "policyEnforcementMode": "ENFORCING", "resources": [ { "name": "Admin Resource", "uri": "/protected/admin/*", "type": "http://servlet-authz/protected/admin", "scopes": [ { "name": "urn:servlet-authz:protected:admin:access" } ] }, { "name": "Protected Resource", "uri": "/*", "type": "http://servlet-authz/protected/resource", "scopes": [ { "name": "urn:servlet-authz:protected:resource:access" } ] }, { "name": "Premium Resource", "uri": "/protected/premium/*", "scopes": [ { "name": "urn:servlet-authz:protected:premium:access" } ] }, { "name": "Main Page", "scopes": [ { "name": "urn:servlet-authz:page:main:actionForAdmin" }, { "name": "urn:servlet-authz:page:main:actionForUser" }, { "name": "urn:servlet-authz:page:main:actionForPremiumUser" } ] }, { "name": "Resource A", "uri": "/protected/scopes.jsp", "scopes": [ { "name": "read" }, { "name": "write" } ] }, { "name": "Resource Protected With Claim", "uri": "/protected/context/context.jsp" }, { "name": "Multiple URL resource", "uris": ["/keycloak-7269/sub-resource1/*", "/keycloak-7269/sub-resource2/{whatever-pattern}/page.jsp"] } ], "policies": [ { "name": "Any Admin Policy", "description": "Defines that adminsitrators can do something", "type": "role", "config": { "roles": "[{\"id\":\"admin\"}]" } }, { "name": "Any User Policy", "description": "Defines that any user can do something", "type": "role", "config": { "roles": "[{\"id\":\"user\"}]" } }, { "name": "Only Premium User Policy", "description": "Defines that only premium users can do something", "type": "role", "logic": "POSITIVE", "config": { "roles": "[{\"id\":\"user_premium\"}]" } }, { "name": "All Users Policy", "description": "Defines that all users can do something", "type": "aggregate", "decisionStrategy": "AFFIRMATIVE", "config": { "applyPolicies": "[\"Any User Policy\",\"Any Admin Policy\",\"Only Premium User Policy\"]" } }, { "name": "Premium Resource Permission", "description": "A policy that defines access to premium resources", "type": "resource", "decisionStrategy": "UNANIMOUS", "config": { "resources": "[\"Premium Resource\"]", "applyPolicies": "[\"Only Premium User Policy\"]" } }, { "name": "Administrative Resource Permission", "description": "A policy that defines access to administrative resources", "type": "resource", "decisionStrategy": "UNANIMOUS", "config": { "resources": "[\"Admin Resource\"]", "applyPolicies": "[\"Any Admin Policy\"]" } }, { "name": "Protected Resource Permission", "description": "A policy that defines access to any protected resource", "type": "resource", "decisionStrategy": "AFFIRMATIVE", "config": { "resources": "[\"Protected Resource\"]", "applyPolicies": "[\"All Users Policy\"]" } }, { "name": "Action 1 on Main Page Resource Permission", "description": "A policy that defines access to action 1 on the main page", "type": "scope", "decisionStrategy": "AFFIRMATIVE", "config": { "scopes": "[\"urn:servlet-authz:page:main:actionForAdmin\"]", "applyPolicies": "[\"Any Admin Policy\"]" } }, { "name": "Action 2 on Main Page Resource Permission", "description": "A policy that defines access to action 2 on the main page", "type": "scope", "decisionStrategy": "AFFIRMATIVE", "config": { "scopes": "[\"urn:servlet-authz:page:main:actionForUser\"]", "applyPolicies": "[\"Any User Policy\"]" } }, { "name": "Action 3 on Main Page Resource Permission", "description": "A policy that defines access to action 3 on the main page", "type": "scope", "decisionStrategy": "AFFIRMATIVE", "config": { "scopes": "[\"urn:servlet-authz:page:main:actionForPremiumUser\"]", "applyPolicies": "[\"Only Premium User Policy\"]" } }, { "name": "Deny Policy", "type": "js", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "code": "// by default, grants any permission associated with this policy\n$evaluation.deny();" } }, { "name": "Resource A Read Permission", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "resources": "[\"Resource A\"]", "scopes": "[\"read\"]", "applyPolicies": "[\"Any User Policy\"]" } }, { "name": "Resource A Write Permission", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "resources": "[\"Resource A\"]", "scopes": "[\"write\"]", "applyPolicies": "[\"Deny Policy\"]" } }, { "name": "Resource Protected With Claim Permission", "type": "resource", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "resources": "[\"Resource Protected With Claim\"]", "applyPolicies": "[\"Request Claim Policy\"]" } }, { "name": "Permission for multiple url resource", "type": "resource", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "resources": "[\"Multiple URL resource\"]", "applyPolicies": "[\"All Users Policy\"]" } }, { "name": "Request Claim Policy", "description": "A policy that grants access based on claims from an http request", "type": "js", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "code": "var context = $evaluation.getContext();\nvar attributes = context.getAttributes();\nvar claim = attributes.getValue('request-claim');\n\nif (claim && claim.asString(0) == 'expected-value') {\n $evaluation.grant();\n}" } } ] }