libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions
keycloak-scim/topics/resource-server/default-config.adoc
Jen Malloy 08a5c03778 General cleanup and edits of the documentation
2016-11-15 16:34:20 -05:00

45 lines
No EOL
2.4 KiB
Text
Executable file
Raw Blame History

== Default Configuration
When you create a resource server, {{book.project.name}} creates a default configuration for your newly created resource server.
The default configuration consists of:
* A default protected resource representing all resources in your application.
* A policy that always grants access to the resources protected by this policy.
* A permission that governs access to all resources based on the default policy.
The default protected resource is referred to as the *default resource* and you can view it if you navigate to the *Resources* tab.
.Default Resource
image:../../images/resource-server/default-resource.png[alt="Default Resource"]
This resource defines a `Type`, namely `urn:my-resource-server:resources:default` and a `URI` `/*`. Here, the `URI` field defines a
wildcard pattern that indicates to {{book.project.name}} that this resource represents all the paths in your application. In other words,
when enabling link:../enforcer/overview.html[policy enforcement] for your application, all the permissions associated with the resource
will be examined before granting access.
The `Type` mentioned previously defines a value that can be used to create link:../permission/typed-resource-permission.adoc[typed resource permissions] that must be applied
to the default resource or any other resource you create using the same type.
The default policy is referred to as the *only from realm policy* and you can view it if you navigate to the *Policies* tab.
.Default Policy
image:../../images/resource-server/default-policy.png[alt="Default Policy"]
This policy is a link:../policy/js-policy.html[JavaScript-based policy] defining a condition that always grants access to the resources protected by this policy. If you click this policy you can see that it defines a rule as follows:
```js
// by default, grants any permission associated with this policy
$evaluation.grant();
```
Lastly, the default permission is referred to as the *default permission* and you can view it if you navigate to the *Permissions* tab.
.Default Permission
image:../../images/resource-server/default-permission.png[alt="Default Permission"]
This permission is a link:../permission/overview.html[resource-based permission], defining a set of one or more policies that are applied to all resources with a given type.
== Changing the Default Configuration
You can change the default configuration by removing the default resource, policy, or permission definitions and creating your own.
Reference in a new issue View git blame Copy permalink