Package org.keycloak.authorization
Class AuthorizationProvider
- java.lang.Object
-
- org.keycloak.authorization.AuthorizationProvider
-
- All Implemented Interfaces:
Provider
public final class AuthorizationProvider extends Object implements Provider
The main contract here is the creation of
PermissionEvaluator
instances. Usually an application has a singleAuthorizationProvider
instance and threads servicing client requests obtainPermissionEvaluator
from theevaluators()
method.The internal state of a
AuthorizationProvider
is immutable. This internal state includes all of the metadata used during the evaluation of policies.Once created,
PermissionEvaluator
instances can be obtained from theevaluators()
method:List
permissionsToEvaluate = getPermissions(); // the permissions to evaluate EvaluationContext evaluationContext = createEvaluationContext(); // the context with runtime environment information PermissionEvaluator evaluator = authorization.evaluators().from(permissionsToEvaluate, context); evaluator.evaluate(new Decision() { public void onDecision(Evaluation evaluation) { // do something on grant } }); - Author:
- Pedro Igor
-
-
Constructor Summary
Constructors Constructor Description AuthorizationProvider(KeycloakSession session, RealmModel realm, PolicyEvaluator policyEvaluator)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
close()
Evaluators
evaluators()
Returns aEvaluators
instance from wherePolicyEvaluator
instances can be obtained.KeycloakSession
getKeycloakSession()
StoreFactory
getLocalStoreFactory()
No cache sits in front of thisPolicyEvaluator
getPolicyEvaluator()
<P extends PolicyProvider>
PgetProvider(String type)
Returns aPolicyProviderFactory
given atype
.Stream<PolicyProviderFactory>
getProviderFactoriesStream()
Returns the registeredPolicyProviderFactory
.PolicyProviderFactory
getProviderFactory(String type)
Returns aPolicyProviderFactory
given atype
.RealmModel
getRealm()
StoreFactory
getStoreFactory()
Cache sits in front of this Returns aStoreFactory
.
-
-
-
Constructor Detail
-
AuthorizationProvider
public AuthorizationProvider(KeycloakSession session, RealmModel realm, PolicyEvaluator policyEvaluator)
-
-
Method Detail
-
evaluators
public Evaluators evaluators()
Returns aEvaluators
instance from wherePolicyEvaluator
instances can be obtained.- Returns:
- a
Evaluators
instance
-
getStoreFactory
public StoreFactory getStoreFactory()
Cache sits in front of this Returns aStoreFactory
.- Returns:
- the
StoreFactory
-
getLocalStoreFactory
public StoreFactory getLocalStoreFactory()
No cache sits in front of this- Returns:
-
getProviderFactoriesStream
public Stream<PolicyProviderFactory> getProviderFactoriesStream()
Returns the registeredPolicyProviderFactory
.- Returns:
- a
Stream
containing all registeredPolicyProviderFactory
-
getProviderFactory
public PolicyProviderFactory getProviderFactory(String type)
Returns aPolicyProviderFactory
given atype
.- Parameters:
type
- the type of the policy provider- Returns:
- a
PolicyProviderFactory
with the giventype
-
getProvider
public <P extends PolicyProvider> P getProvider(String type)
Returns aPolicyProviderFactory
given atype
.- Type Parameters:
P
- the expected type of the provider- Parameters:
type
- the type of the policy provider- Returns:
- a
PolicyProvider
with the giventype
-
getKeycloakSession
public KeycloakSession getKeycloakSession()
-
getRealm
public RealmModel getRealm()
-
getPolicyEvaluator
public PolicyEvaluator getPolicyEvaluator()
-
-