org.keycloak.authorization

Class AuthorizationProvider

java.lang.Object

org.keycloak.authorization.AuthorizationProvider

All Implemented Interfaces:

Provider

public final class AuthorizationProvider
extends Object
implements Provider

The main contract here is the creation of PermissionEvaluator instances. Usually an application has a single AuthorizationProvider instance and threads servicing client requests obtain authorization.core.permission.evaluator.PermissionEvaluator from the evaluators() method.

The internal state of a AuthorizationProvider is immutable. This internal state includes all of the metadata used during the evaluation of policies.

Once created, PermissionEvaluator instances can be obtained from the evaluators() method:

     List permissionsToEvaluate = getPermissions(); // the permissions to evaluate
     EvaluationContext evaluationContext = createEvaluationContext(); // the context with runtime environment information
     PermissionEvaluator evaluator = authorization.evaluators().from(permissionsToEvaluate, context);

     evaluator.evaluate(new Decision() {

         public void onDecision(Evaluation evaluation) {
              // do something on grant
         }

     });
 

Author:

Pedro Igor

Constructor Summary

Constructors

Constructor and Description
AuthorizationProvider(KeycloakSession session, RealmModel realm, StoreFactory storeFactory)
AuthorizationProvider(KeycloakSession session, RealmModel realm, StoreFactory storeFactory, Executor scheduller)

Method Summary

Modifier and Type	Method and Description
void	close()
Evaluators	evaluators() Returns a Evaluators instance from where PolicyEvaluator instances can be obtained.
KeycloakSession	getKeycloakSession()
List<PolicyProviderFactory>	getProviderFactories() Returns the registered PolicyProviderFactory.
<F extends PolicyProviderFactory> F	getProviderFactory(String type) Returns a PolicyProviderFactory given a type.
RealmModel	getRealm()
StoreFactory	getStoreFactory() Returns a StoreFactory.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthorizationProvider

public AuthorizationProvider(KeycloakSession session,
                             RealmModel realm,
                             StoreFactory storeFactory,
                             Executor scheduller)

AuthorizationProvider

public AuthorizationProvider(KeycloakSession session,
                             RealmModel realm,
                             StoreFactory storeFactory)

Method Detail

evaluators

public Evaluators evaluators()

Returns a Evaluators instance from where PolicyEvaluator instances can be obtained.

Returns:

a Evaluators instance

getStoreFactory

public StoreFactory getStoreFactory()

Returns a StoreFactory.

Returns:

the StoreFactory

getProviderFactories

public List<PolicyProviderFactory> getProviderFactories()

Returns the registered PolicyProviderFactory.

Returns:

a List containing all registered PolicyProviderFactory

getProviderFactory

public <F extends PolicyProviderFactory> F getProviderFactory(String type)

Returns a PolicyProviderFactory given a type.

Type Parameters:

F - the expected type of the provider

Parameters:

type - the type of the policy provider

Returns:

a PolicyProviderFactory with the given type

getKeycloakSession

public KeycloakSession getKeycloakSession()

getRealm

public RealmModel getRealm()

close

public void close()

Specified by:

close in interface Provider