Keycloak
/
hello-world-authz-service.json
30 строк · 1.3 Кб
1{
2"resources": [
3{
4"name": "Default Resource",
5"uri": "/*",
6"type": "urn:hello-world-authz-service:resources:default"
7}
8],
9"policies": [
10{
11"name": "Only From Realm Policy",
12"description": "A policy that grants access only for users within this realm",
13"type": "js",
14"config": {
15"applyPolicies": "[]",
16"code": "var context = $evaluation.getContext();\n\n// using attributes from the evaluation context to obtain the realm\nvar contextAttributes = context.getAttributes();\nvar realmName = contextAttributes.getValue('kc.realm.name').asString(0);\n\n// using attributes from the identity to obtain the issuer\nvar identity = context.getIdentity();\nvar identityAttributes = identity.getAttributes();\nvar issuer = identityAttributes.getValue('iss').asString(0);\n\n// only users from the realm have access granted \nif (issuer.endsWith(realmName)) {\n $evaluation.grant();\n}"
17}
18},
19{
20"name": "Default Permission",
21"description": "A permission that applies to the default resource type",
22"type": "resource",
23"config": {
24"defaultResourceType": "urn:hello-world-authz-service:resources:default",
25"default": "true",
26"applyPolicies": "[\"Only From Realm Policy\"]"
27}
28}
29]
30}