stackoom
  简体   繁体   中英

keycloak SPI for client policy?

 原文  2019-03-05 09:10:51       java/ keycloak

Question

I'm trying to implement an SPI for a client policy to replace the policies I have in js .

I implemented PolicyProvider similar to this and PolicyProviderFactory like this , then I copy my jar to standalone/deployments as explained in implementing an SPI

I can see in the log that the jar has been deployed:

08:17:02,647 INFO  [stdout] (MSC service thread 1-3) about to start org.keycloak.services.util.JsonConfigProvider$JsonScope@266abf6d                                                                             
08:17:02,682 WARN  [org.keycloak.services] (MSC service thread 1-3) KC-SERVICES0047: myEvListener (example.myProvider.EvListenerProviderFactory) is implementing the internal SPI eventsListener. This SPI is internal and may change without notice                                                                                                                                                                               
08:17:02,692 WARN  [org.keycloak.services] (MSC service thread 1-3) KC-SERVICES0047: myRolePolicy (example.myProvider.MyPolicyProviderFactory) is implementing the internal SPI policy. This SPI is internal and may change without notice                                                                                                                                                                                         
08:17:02,814 INFO  [org.jboss.as.server] (DeploymentScanner-threads - 2) WFLYSRV0010: Deployed "myPolicyProvider.jar" (runtime-name : "myPolicyProvider.jar")

Now I can't find a way to actually create a client policy using my SPI

创建策略

In the server info I can see my policies ( my-role-policy and my-js-policy ) listed in policy providers:

我的政策

I would appreciate if someone could point me in the right direction.

1 answers

solution1
 1 ACCPTED  2020-05-19 10:52:29

In order to create a policy is required to make a POST request to:

http://${host}:${port}/auth/realms/${realm}/clients/${clientId}/authz/resource-server/policy/${policyId}

where policyId is specified in PolicyProviderFactory

public String getId() {
    return "myId";
}

the body of your post should be a json

{
    "decisionStrategy": "AFFIRMATIVE",
    "logic": "POSITIVE",
    "name": "policyName",
    .... // other fields required in your policy implementation
}

a curl request example: 

curl --request POST \
  --url http://${host}:${port}/auth/admin/realms/${realm}/clients/${clientId}/authz/resource-server/policy/${policyId} \
  --header 'authorization: Bearer ${token}' \
  --header 'content-type: application/json' \
  --data '{"decisionStrategy": "AFFIRMATIVE","logic": "POSITIVE","name": "is-admin","role": "admin"}'

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question KeyCloak 7.0.0 throws NullPointerException if select "NO_CACHE" cache policy for User Storage SPI Implement custom SPI in Keycloak Keycloak Authenticator SPI example not working problem using a keycloak UserStorageProvider SPI UserStorage SPI in Keycloak with PostgreSQL driver Keycloak User Storage SPI Implementation Problem Implementing a custom Keycloak Authenticator SPI Keycloak-6.0.1 Custom Authenticator SPI Keycloak - Custom SPI does not appear in list Keycloak: Send AdminEvent from custom Endpoint (SPI)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM