客户端策略的keycloak SPI?

时间:2019-03-05 09:10:52

标签: java keycloak

我正在尝试为客户策略实施SPI,以替换js中的策略。

我实现了类似于thisPolicyProvider和类似于thisPolicyProviderFactory,然后按照{{中的解释]将jar复制到standalone/deployments 3}}

我在日志中看到jar已部署:

08:17:02,647 INFO  [stdout] (MSC service thread 1-3) about to start org.keycloak.services.util.JsonConfigProvider$JsonScope@266abf6d                                                                             
08:17:02,682 WARN  [org.keycloak.services] (MSC service thread 1-3) KC-SERVICES0047: myEvListener (example.myProvider.EvListenerProviderFactory) is implementing the internal SPI eventsListener. This SPI is internal and may change without notice                                                                                                                                                                               
08:17:02,692 WARN  [org.keycloak.services] (MSC service thread 1-3) KC-SERVICES0047: myRolePolicy (example.myProvider.MyPolicyProviderFactory) is implementing the internal SPI policy. This SPI is internal and may change without notice                                                                                                                                                                                         
08:17:02,814 INFO  [org.jboss.as.server] (DeploymentScanner-threads - 2) WFLYSRV0010: Deployed "myPolicyProvider.jar" (runtime-name : "myPolicyProvider.jar")

现在我找不到使用SPI

实际创建客户策略的方法

create policy

在服务器信息中,我可以看到策略提供程序中列出了我的策略(my-role-policymy-js-policy):

myPolicies

如果有人能指出我正确的方向,我将不胜感激。

1 个答案:

答案 0 :(得分:1)

要创建策略,需要发出POST请求:

http://${host}:${port}/auth/realms/${realm}/clients/${clientId}/authz/resource-server/policy/${policyId}

policyId中指定了PolicyProviderFactory 

public String getId() {
    return "myId";
}

您的帖子正文应为json 

{
    "decisionStrategy": "AFFIRMATIVE",
    "logic": "POSITIVE",
    "name": "policyName",
    .... // other fields required in your policy implementation
}

卷曲请求示例:

curl --request POST \
  --url http://${host}:${port}/auth/admin/realms/${realm}/clients/${clientId}/authz/resource-server/policy/${policyId} \
  --header 'authorization: Bearer ${token}' \
  --header 'content-type: application/json' \
  --data '{"decisionStrategy": "AFFIRMATIVE","logic": "POSITIVE","name": "is-admin","role": "admin"}'
相关问题
最新问题