客戶端策略的keycloak SPI？

Question

我正在嘗試為客戶端策略實現SPI以替換我在js的策略。

我實現PolicyProvider相似， 這和PolicyProviderFactory像這樣，那我我復制jar到standalone/deployments在解釋實現SPI

我可以在日志中看到 jar 已經部署：

08:17:02,647 INFO  [stdout] (MSC service thread 1-3) about to start org.keycloak.services.util.JsonConfigProvider$JsonScope@266abf6d                                                                             
08:17:02,682 WARN  [org.keycloak.services] (MSC service thread 1-3) KC-SERVICES0047: myEvListener (example.myProvider.EvListenerProviderFactory) is implementing the internal SPI eventsListener. This SPI is internal and may change without notice                                                                                                                                                                               
08:17:02,692 WARN  [org.keycloak.services] (MSC service thread 1-3) KC-SERVICES0047: myRolePolicy (example.myProvider.MyPolicyProviderFactory) is implementing the internal SPI policy. This SPI is internal and may change without notice                                                                                                                                                                                         
08:17:02,814 INFO  [org.jboss.as.server] (DeploymentScanner-threads - 2) WFLYSRV0010: Deployed "myPolicyProvider.jar" (runtime-name : "myPolicyProvider.jar")  

現在我找不到使用我的SPI創建客戶端策略的方法

在服務器信息中，我可以看到我的策略（ my-role-policy和my-js-policy ）在策略提供者中列出：

如果有人能指出我正確的方向，我將不勝感激。

Answer 1

為了創建一個策略，需要發出一個 POST 請求：

http://${host}:${port}/auth/realms/${realm}/clients/${clientId}/authz/resource-server/policy/${policyId}

其中policyId中指定PolicyProviderFactory

public String getId() {
    return "myId";
}

你的帖子的正文應該是一個 json

{
    "decisionStrategy": "AFFIRMATIVE",
    "logic": "POSITIVE",
    "name": "policyName",
    .... // other fields required in your policy implementation
}

curl 請求示例：

curl --request POST \
  --url http://${host}:${port}/auth/admin/realms/${realm}/clients/${clientId}/authz/resource-server/policy/${policyId} \
  --header 'authorization: Bearer ${token}' \
  --header 'content-type: application/json' \
  --data '{"decisionStrategy": "AFFIRMATIVE","logic": "POSITIVE","name": "is-admin","role": "admin"}'