Package org.keycloak.authorization
Class AuthorizationProvider
java.lang.Object
org.keycloak.authorization.AuthorizationProvider
- All Implemented Interfaces:
Provider
The main contract here is the creation of PermissionEvaluator
instances. Usually
an application has a single AuthorizationProvider
instance and threads servicing client requests obtain PermissionEvaluator
from the evaluators()
method.
The internal state of a AuthorizationProvider
is immutable. This internal state includes all of the metadata
used during the evaluation of policies.
Once created, PermissionEvaluator
instances can be obtained from the evaluators()
method:
ListpermissionsToEvaluate = getPermissions(); // the permissions to evaluate EvaluationContext evaluationContext = createEvaluationContext(); // the context with runtime environment information PermissionEvaluator evaluator = authorization.evaluators().from(permissionsToEvaluate, context); evaluator.evaluate(new Decision() { public void onDecision(Evaluation evaluation) { // do something on grant } });
- Author:
- Pedro Igor
-
Constructor Summary
ConstructorDescriptionAuthorizationProvider
(KeycloakSession session, RealmModel realm, PolicyEvaluator policyEvaluator) -
Method Summary
Modifier and TypeMethodDescriptionvoid
close()
Returns aEvaluators
instance from wherePolicyEvaluator
instances can be obtained.No cache sits in front of this<P extends PolicyProvider>
PgetProvider
(String type) Returns aPolicyProviderFactory
given atype
.Returns the registeredPolicyProviderFactory
.getProviderFactory
(String type) Returns aPolicyProviderFactory
given atype
.getRealm()
Cache sits in front of this Returns aStoreFactory
.
-
Constructor Details
-
AuthorizationProvider
public AuthorizationProvider(KeycloakSession session, RealmModel realm, PolicyEvaluator policyEvaluator)
-
-
Method Details
-
evaluators
Returns aEvaluators
instance from wherePolicyEvaluator
instances can be obtained.- Returns:
- a
Evaluators
instance
-
getStoreFactory
Cache sits in front of this Returns aStoreFactory
.- Returns:
- the
StoreFactory
-
getLocalStoreFactory
No cache sits in front of this- Returns:
-
getProviderFactoriesStream
Returns the registeredPolicyProviderFactory
.- Returns:
- a
Stream
containing all registeredPolicyProviderFactory
-
getProviderFactory
Returns aPolicyProviderFactory
given atype
.- Parameters:
type
- the type of the policy provider- Returns:
- a
PolicyProviderFactory
with the giventype
-
getProvider
Returns aPolicyProviderFactory
given atype
.- Type Parameters:
P
- the expected type of the provider- Parameters:
type
- the type of the policy provider- Returns:
- a
PolicyProvider
with the giventype
-
getKeycloakSession
-
getRealm
-
getPolicyEvaluator
-
close
public void close()
-