Keycloak
/
servlet-authz-app-authz-service.json
234 строки · 6.5 Кб
1{
2"allowRemoteResourceManagement": true,
3"policyEnforcementMode": "ENFORCING",
4"resources": [
5{
6"name": "Admin Resource",
7"uri": "/protected/admin/*",
8"type": "http://servlet-authz/protected/admin",
9"scopes": [
10{
11"name": "urn:servlet-authz:protected:admin:access"
12}
13]
14},
15{
16"name": "Protected Resource",
17"uri": "/*",
18"type": "http://servlet-authz/protected/resource",
19"scopes": [
20{
21"name": "urn:servlet-authz:protected:resource:access"
22}
23]
24},
25{
26"name": "Premium Resource",
27"uri": "/protected/premium/*",
28"scopes": [
29{
30"name": "urn:servlet-authz:protected:premium:access"
31}
32]
33},
34{
35"name": "Main Page",
36"scopes": [
37{
38"name": "urn:servlet-authz:page:main:actionForAdmin"
39},
40{
41"name": "urn:servlet-authz:page:main:actionForUser"
42},
43{
44"name": "urn:servlet-authz:page:main:actionForPremiumUser"
45}
46]
47},
48{
49"name": "Resource A",
50"uri": "/protected/scopes.jsp",
51"scopes": [
52{
53"name": "read"
54},
55{
56"name": "write"
57}
58]
59},
60{
61"name": "Resource Protected With Claim",
62"uri": "/protected/context/context.jsp"
63},
64{
65"name": "Multiple URL resource",
66"uris": ["/keycloak-7269/sub-resource1/*", "/keycloak-7269/sub-resource2/{whatever-pattern}/page.jsp"]
67},
68{
69"name": "Resource Protected With Body Claim",
70"uri": "/protected/filter/body"
71}
72],
73"policies": [
74{
75"name": "Any Admin Policy",
76"description": "Defines that adminsitrators can do something",
77"type": "role",
78"config": {
79"roles": "[{\"id\":\"admin\"}]"
80}
81},
82{
83"name": "Any User Policy",
84"description": "Defines that any user can do something",
85"type": "role",
86"config": {
87"roles": "[{\"id\":\"user\"}]"
88}
89},
90{
91"name": "Only Premium User Policy",
92"description": "Defines that only premium users can do something",
93"type": "role",
94"logic": "POSITIVE",
95"config": {
96"roles": "[{\"id\":\"user_premium\"}]"
97}
98},
99{
100"name": "All Users Policy",
101"description": "Defines that all users can do something",
102"type": "aggregate",
103"decisionStrategy": "AFFIRMATIVE",
104"config": {
105"applyPolicies": "[\"Any User Policy\",\"Any Admin Policy\",\"Only Premium User Policy\"]"
106}
107},
108{
109"name": "Premium Resource Permission",
110"description": "A policy that defines access to premium resources",
111"type": "resource",
112"decisionStrategy": "UNANIMOUS",
113"config": {
114"resources": "[\"Premium Resource\"]",
115"applyPolicies": "[\"Only Premium User Policy\"]"
116}
117},
118{
119"name": "Administrative Resource Permission",
120"description": "A policy that defines access to administrative resources",
121"type": "resource",
122"decisionStrategy": "UNANIMOUS",
123"config": {
124"resources": "[\"Admin Resource\"]",
125"applyPolicies": "[\"Any Admin Policy\"]"
126}
127},
128{
129"name": "Protected Resource Permission",
130"description": "A policy that defines access to any protected resource",
131"type": "resource",
132"decisionStrategy": "AFFIRMATIVE",
133"config": {
134"resources": "[\"Protected Resource\"]",
135"applyPolicies": "[\"All Users Policy\"]"
136}
137},
138{
139"name": "Action 1 on Main Page Resource Permission",
140"description": "A policy that defines access to action 1 on the main page",
141"type": "scope",
142"decisionStrategy": "AFFIRMATIVE",
143"config": {
144"scopes": "[\"urn:servlet-authz:page:main:actionForAdmin\"]",
145"applyPolicies": "[\"Any Admin Policy\"]"
146}
147},
148{
149"name": "Action 2 on Main Page Resource Permission",
150"description": "A policy that defines access to action 2 on the main page",
151"type": "scope",
152"decisionStrategy": "AFFIRMATIVE",
153"config": {
154"scopes": "[\"urn:servlet-authz:page:main:actionForUser\"]",
155"applyPolicies": "[\"Any User Policy\"]"
156}
157},
158{
159"name": "Action 3 on Main Page Resource Permission",
160"description": "A policy that defines access to action 3 on the main page",
161"type": "scope",
162"decisionStrategy": "AFFIRMATIVE",
163"config": {
164"scopes": "[\"urn:servlet-authz:page:main:actionForPremiumUser\"]",
165"applyPolicies": "[\"Only Premium User Policy\"]"
166}
167},
168{
169"name": "Deny Policy",
170"type": "script-scripts/always-deny-policy.js",
171"logic": "POSITIVE",
172"decisionStrategy": "UNANIMOUS"
173},
174{
175"name": "Resource A Read Permission",
176"type": "scope",
177"logic": "POSITIVE",
178"decisionStrategy": "UNANIMOUS",
179"config": {
180"resources": "[\"Resource A\"]",
181"scopes": "[\"read\"]",
182"applyPolicies": "[\"Any User Policy\"]"
183}
184},
185{
186"name": "Resource A Write Permission",
187"type": "scope",
188"logic": "POSITIVE",
189"decisionStrategy": "UNANIMOUS",
190"config": {
191"resources": "[\"Resource A\"]",
192"scopes": "[\"write\"]",
193"applyPolicies": "[\"Deny Policy\"]"
194}
195},
196{
197"name": "Resource Protected With Claim Permission",
198"type": "resource",
199"logic": "POSITIVE",
200"decisionStrategy": "UNANIMOUS",
201"config": {
202"resources": "[\"Resource Protected With Claim\"]",
203"applyPolicies": "[\"Request Claim Policy\"]"
204}
205},
206{
207"name": "Permission for multiple url resource",
208"type": "resource",
209"logic": "POSITIVE",
210"decisionStrategy": "UNANIMOUS",
211"config": {
212"resources": "[\"Multiple URL resource\"]",
213"applyPolicies": "[\"All Users Policy\"]"
214}
215},
216{
217"name": "Request Claim Policy",
218"description": "A policy that grants access based on claims from an http request",
219"type": "script-scripts/allow-value-from-request-claim.js",
220"logic": "POSITIVE",
221"decisionStrategy": "UNANIMOUS"
222},
223{
224"name": "Resource Protected With Body Claim Permission",
225"type": "resource",
226"logic": "POSITIVE",
227"decisionStrategy": "UNANIMOUS",
228"config": {
229"resources": "[\"Resource Protected With Body Claim\"]",
230"applyPolicies": "[\"Any User Policy\"]"
231}
232}
233]
234}