Keycloak

Форк
0
/
servlet-authz-app-authz-service.json 
234 строки · 6.5 Кб
1
{
2
  "allowRemoteResourceManagement": true,
3
  "policyEnforcementMode": "ENFORCING",
4
  "resources": [
5
    {
6
      "name": "Admin Resource",
7
      "uri": "/protected/admin/*",
8
      "type": "http://servlet-authz/protected/admin",
9
      "scopes": [
10
        {
11
          "name": "urn:servlet-authz:protected:admin:access"
12
        }
13
      ]
14
    },
15
    {
16
      "name": "Protected Resource",
17
      "uri": "/*",
18
      "type": "http://servlet-authz/protected/resource",
19
      "scopes": [
20
        {
21
          "name": "urn:servlet-authz:protected:resource:access"
22
        }
23
      ]
24
    },
25
    {
26
      "name": "Premium Resource",
27
      "uri": "/protected/premium/*",
28
      "scopes": [
29
        {
30
          "name": "urn:servlet-authz:protected:premium:access"
31
        }
32
      ]
33
    },
34
    {
35
      "name": "Main Page",
36
      "scopes": [
37
        {
38
          "name": "urn:servlet-authz:page:main:actionForAdmin"
39
        },
40
        {
41
          "name": "urn:servlet-authz:page:main:actionForUser"
42
        },
43
        {
44
          "name": "urn:servlet-authz:page:main:actionForPremiumUser"
45
        }
46
      ]
47
    },
48
    {
49
      "name": "Resource A",
50
      "uri": "/protected/scopes.jsp",
51
      "scopes": [
52
        {
53
          "name": "read"
54
        },
55
        {
56
          "name": "write"
57
        }
58
      ]
59
    },
60
    {
61
      "name": "Resource Protected With Claim",
62
      "uri": "/protected/context/context.jsp"
63
    },
64
    {
65
      "name": "Multiple URL resource",
66
      "uris": ["/keycloak-7269/sub-resource1/*", "/keycloak-7269/sub-resource2/{whatever-pattern}/page.jsp"]
67
    },
68
    {
69
      "name": "Resource Protected With Body Claim",
70
      "uri": "/protected/filter/body"
71
    }
72
  ],
73
  "policies": [
74
    {
75
      "name": "Any Admin Policy",
76
      "description": "Defines that adminsitrators can do something",
77
      "type": "role",
78
      "config": {
79
        "roles": "[{\"id\":\"admin\"}]"
80
      }
81
    },
82
    {
83
      "name": "Any User Policy",
84
      "description": "Defines that any user can do something",
85
      "type": "role",
86
      "config": {
87
        "roles": "[{\"id\":\"user\"}]"
88
      }
89
    },
90
    {
91
      "name": "Only Premium User Policy",
92
      "description": "Defines that only premium users can do something",
93
      "type": "role",
94
      "logic": "POSITIVE",
95
      "config": {
96
        "roles": "[{\"id\":\"user_premium\"}]"
97
      }
98
    },
99
    {
100
      "name": "All Users Policy",
101
      "description": "Defines that all users can do something",
102
      "type": "aggregate",
103
      "decisionStrategy": "AFFIRMATIVE",
104
      "config": {
105
        "applyPolicies": "[\"Any User Policy\",\"Any Admin Policy\",\"Only Premium User Policy\"]"
106
      }
107
    },
108
    {
109
      "name": "Premium Resource Permission",
110
      "description": "A policy that defines access to premium resources",
111
      "type": "resource",
112
      "decisionStrategy": "UNANIMOUS",
113
      "config": {
114
        "resources": "[\"Premium Resource\"]",
115
        "applyPolicies": "[\"Only Premium User Policy\"]"
116
      }
117
    },
118
    {
119
      "name": "Administrative Resource Permission",
120
      "description": "A policy that defines access to administrative resources",
121
      "type": "resource",
122
      "decisionStrategy": "UNANIMOUS",
123
      "config": {
124
        "resources": "[\"Admin Resource\"]",
125
        "applyPolicies": "[\"Any Admin Policy\"]"
126
      }
127
    },
128
    {
129
      "name": "Protected Resource Permission",
130
      "description": "A policy that defines access to any protected resource",
131
      "type": "resource",
132
      "decisionStrategy": "AFFIRMATIVE",
133
      "config": {
134
        "resources": "[\"Protected Resource\"]",
135
        "applyPolicies": "[\"All Users Policy\"]"
136
      }
137
    },
138
    {
139
      "name": "Action 1 on Main Page Resource Permission",
140
      "description": "A policy that defines access to action 1 on the main page",
141
      "type": "scope",
142
      "decisionStrategy": "AFFIRMATIVE",
143
      "config": {
144
        "scopes": "[\"urn:servlet-authz:page:main:actionForAdmin\"]",
145
        "applyPolicies": "[\"Any Admin Policy\"]"
146
      }
147
    },
148
    {
149
      "name": "Action 2 on Main Page Resource Permission",
150
      "description": "A policy that defines access to action 2 on the main page",
151
      "type": "scope",
152
      "decisionStrategy": "AFFIRMATIVE",
153
      "config": {
154
        "scopes": "[\"urn:servlet-authz:page:main:actionForUser\"]",
155
        "applyPolicies": "[\"Any User Policy\"]"
156
      }
157
    },
158
    {
159
      "name": "Action 3 on Main Page Resource Permission",
160
      "description": "A policy that defines access to action 3 on the main page",
161
      "type": "scope",
162
      "decisionStrategy": "AFFIRMATIVE",
163
      "config": {
164
        "scopes": "[\"urn:servlet-authz:page:main:actionForPremiumUser\"]",
165
        "applyPolicies": "[\"Only Premium User Policy\"]"
166
      }
167
    },
168
    {
169
      "name": "Deny Policy",
170
      "type": "script-scripts/always-deny-policy.js",
171
      "logic": "POSITIVE",
172
      "decisionStrategy": "UNANIMOUS"
173
    },
174
    {
175
      "name": "Resource A Read Permission",
176
      "type": "scope",
177
      "logic": "POSITIVE",
178
      "decisionStrategy": "UNANIMOUS",
179
      "config": {
180
        "resources": "[\"Resource A\"]",
181
        "scopes": "[\"read\"]",
182
        "applyPolicies": "[\"Any User Policy\"]"
183
      }
184
    },
185
    {
186
      "name": "Resource A Write Permission",
187
      "type": "scope",
188
      "logic": "POSITIVE",
189
      "decisionStrategy": "UNANIMOUS",
190
      "config": {
191
        "resources": "[\"Resource A\"]",
192
        "scopes": "[\"write\"]",
193
        "applyPolicies": "[\"Deny Policy\"]"
194
      }
195
    },
196
    {
197
      "name": "Resource Protected With Claim Permission",
198
      "type": "resource",
199
      "logic": "POSITIVE",
200
      "decisionStrategy": "UNANIMOUS",
201
      "config": {
202
        "resources": "[\"Resource Protected With Claim\"]",
203
        "applyPolicies": "[\"Request Claim Policy\"]"
204
      }
205
    },
206
    {
207
      "name": "Permission for multiple url resource",
208
      "type": "resource",
209
      "logic": "POSITIVE",
210
      "decisionStrategy": "UNANIMOUS",
211
      "config": {
212
        "resources": "[\"Multiple URL resource\"]",
213
        "applyPolicies": "[\"All Users Policy\"]"
214
      }
215
    },
216
    {
217
      "name": "Request Claim Policy",
218
      "description": "A policy that grants access based on claims from an http request",
219
      "type": "script-scripts/allow-value-from-request-claim.js",
220
      "logic": "POSITIVE",
221
      "decisionStrategy": "UNANIMOUS"
222
    },
223
    {
224
      "name": "Resource Protected With Body Claim Permission",
225
      "type": "resource",
226
      "logic": "POSITIVE",
227
      "decisionStrategy": "UNANIMOUS",
228
      "config": {
229
        "resources": "[\"Resource Protected With Body Claim\"]",
230
        "applyPolicies": "[\"Any User Policy\"]"
231
      }
232
    }
233
  ]
234
}

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.