客户端策略的keycloak SPI?
keycloak SPI for client policy?
我正在尝试为客户端策略实施 SPI 以替换我在 js 中的策略。
我实现了 PolicyProvider 类似于 this and PolicyProviderFactory like this, then I copy my jar to standalone/deployments as explained in implementing an SPI
我在日志中看到已经部署了jar:
08:17:02,647 INFO [stdout] (MSC service thread 1-3) about to start org.keycloak.services.util.JsonConfigProvider$JsonScope@266abf6d
08:17:02,682 WARN [org.keycloak.services] (MSC service thread 1-3) KC-SERVICES0047: myEvListener (example.myProvider.EvListenerProviderFactory) is implementing the internal SPI eventsListener. This SPI is internal and may change without notice
08:17:02,692 WARN [org.keycloak.services] (MSC service thread 1-3) KC-SERVICES0047: myRolePolicy (example.myProvider.MyPolicyProviderFactory) is implementing the internal SPI policy. This SPI is internal and may change without notice
08:17:02,814 INFO [org.jboss.as.server] (DeploymentScanner-threads - 2) WFLYSRV0010: Deployed "myPolicyProvider.jar" (runtime-name : "myPolicyProvider.jar")
现在我找不到使用 SPI
实际创建客户端策略的方法
在服务器信息中,我可以看到我的策略(my-role-policy 和 my-js-policy)列在策略提供者中:
如果有人能指出正确的方向,我将不胜感激。
要创建政策,需要向以下机构发出 POST 请求:
http://${host}:${port}/auth/realms/${realm}/clients/${clientId}/authz/resource-server/policy/${policyId}
其中 policyId 在 PolicyProviderFactory
中指定
public String getId() {
return "myId";
}
你的 post 的正文应该是 json
{
"decisionStrategy": "AFFIRMATIVE",
"logic": "POSITIVE",
"name": "policyName",
.... // other fields required in your policy implementation
}
一个 curl 请求示例:
curl --request POST \
--url http://${host}:${port}/auth/admin/realms/${realm}/clients/${clientId}/authz/resource-server/policy/${policyId} \
--header 'authorization: Bearer ${token}' \
--header 'content-type: application/json' \
--data '{"decisionStrategy": "AFFIRMATIVE","logic": "POSITIVE","name": "is-admin","role": "admin"}'
我正在尝试为客户端策略实施 SPI 以替换我在 js 中的策略。
我实现了 PolicyProvider 类似于 this and PolicyProviderFactory like this, then I copy my jar to standalone/deployments as explained in implementing an SPI
我在日志中看到已经部署了jar:
08:17:02,647 INFO [stdout] (MSC service thread 1-3) about to start org.keycloak.services.util.JsonConfigProvider$JsonScope@266abf6d
08:17:02,682 WARN [org.keycloak.services] (MSC service thread 1-3) KC-SERVICES0047: myEvListener (example.myProvider.EvListenerProviderFactory) is implementing the internal SPI eventsListener. This SPI is internal and may change without notice
08:17:02,692 WARN [org.keycloak.services] (MSC service thread 1-3) KC-SERVICES0047: myRolePolicy (example.myProvider.MyPolicyProviderFactory) is implementing the internal SPI policy. This SPI is internal and may change without notice
08:17:02,814 INFO [org.jboss.as.server] (DeploymentScanner-threads - 2) WFLYSRV0010: Deployed "myPolicyProvider.jar" (runtime-name : "myPolicyProvider.jar")
现在我找不到使用 SPI
在服务器信息中,我可以看到我的策略(my-role-policy 和 my-js-policy)列在策略提供者中:
如果有人能指出正确的方向,我将不胜感激。
要创建政策,需要向以下机构发出 POST 请求:
http://${host}:${port}/auth/realms/${realm}/clients/${clientId}/authz/resource-server/policy/${policyId}
其中 policyId 在 PolicyProviderFactory
public String getId() {
return "myId";
}
你的 post 的正文应该是 json
{
"decisionStrategy": "AFFIRMATIVE",
"logic": "POSITIVE",
"name": "policyName",
.... // other fields required in your policy implementation
}
一个 curl 请求示例:
curl --request POST \
--url http://${host}:${port}/auth/admin/realms/${realm}/clients/${clientId}/authz/resource-server/policy/${policyId} \
--header 'authorization: Bearer ${token}' \
--header 'content-type: application/json' \
--data '{"decisionStrategy": "AFFIRMATIVE","logic": "POSITIVE","name": "is-admin","role": "admin"}'