Package org.keycloak.authorization.policy.provider

Interface PartialEvaluationPolicyProvider

All Known Implementing Classes:

GroupPolicyProvider, RolePolicyProvider, UserPolicyProvider

public interface PartialEvaluationPolicyProvider

PolicyProvider types can implement this interface if they support to partially evaluate the permissions that should apply to a given subject, a UserModel, when calculating the realm resources they have access in the context of the Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ feature.

Method Summary

Modifier and Type	Method	Description
boolean	evaluate(KeycloakSession session, Policy policy, UserModel subject)	Evaluate if the given policy grants access to the given subject.
Stream<Policy>	getPermissions(KeycloakSession session, ResourceType resourceType, UserModel subject)	Returns a list of Policy instances representing the permissions that apply to a given subject when partially evaluating the realm resources that can be accessed.
boolean	supports(Policy policy)	If partial evaluation is supported for the given policy.

Method Details

getPermissions

Stream<Policy> getPermissions(KeycloakSession session,
 ResourceType resourceType,
 UserModel subject)

Returns a list of Policy instances representing the permissions that apply to a given subject when partially evaluating the realm resources that can be accessed.

Parameters:

session - the session

resourceType - the type of the resource

subject - the subject

Returns:

the permissions that apply to the given subject

supports

boolean supports(Policy policy)

If partial evaluation is supported for the given policy.

Parameters:

policy - the policy

Returns:

true if supported. Otherwise, returns false

evaluate

boolean evaluate(KeycloakSession session,
 Policy policy,
 UserModel subject)

Evaluate if the given policy grants access to the given subject.

Parameters:

session - the session

policy - the policy

subject - the subject

Returns:

true if access is granted. Otherwise, returns false