Class PolicyEnforcer
- java.lang.Object
-
- org.keycloak.adapters.authorization.PolicyEnforcer
-
public class PolicyEnforcer extends Object
A Policy Enforcement Point (PEP) that requests and enforces authorization decisions from Keycloak.
- Author:
- Pedro Igor
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classPolicyEnforcer.Builder
-
Constructor Summary
Constructors Modifier Constructor Description protectedPolicyEnforcer(PolicyEnforcer.Builder builder)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static PolicyEnforcer.Builderbuilder()protected booleanchallenge(org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig pathConfig, org.keycloak.representations.adapters.config.PolicyEnforcerConfig.MethodConfig methodConfig, HttpRequest request, HttpResponse response)org.keycloak.AuthorizationContextenforce(HttpRequest request, HttpResponse response)Map<String,ClaimInformationPointProviderFactory>getClaimInformationPointProviderFactories()org.apache.http.client.HttpClientgetHttpClient()PathConfigMatchergetPathMatcher()Map<String,org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig>getPaths()protected voidhandleAccessDenied(HttpResponse response)protected booleanisAuthorized(org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig actualPathConfig, org.keycloak.representations.adapters.config.PolicyEnforcerConfig.MethodConfig methodConfig, org.keycloak.representations.AccessToken accessToken, HttpRequest request, Map<String,List<String>> claims)protected Map<String,List<String>>resolveClaims(org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig pathConfig, HttpRequest request)
-
-
-
Constructor Detail
-
PolicyEnforcer
protected PolicyEnforcer(PolicyEnforcer.Builder builder)
-
-
Method Detail
-
builder
public static PolicyEnforcer.Builder builder()
-
enforce
public org.keycloak.AuthorizationContext enforce(HttpRequest request, HttpResponse response)
-
getHttpClient
public org.apache.http.client.HttpClient getHttpClient()
-
getPaths
public Map<String,org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig> getPaths()
-
getClaimInformationPointProviderFactories
public Map<String,ClaimInformationPointProviderFactory> getClaimInformationPointProviderFactories()
-
getPathMatcher
public PathConfigMatcher getPathMatcher()
-
isAuthorized
protected boolean isAuthorized(org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig actualPathConfig, org.keycloak.representations.adapters.config.PolicyEnforcerConfig.MethodConfig methodConfig, org.keycloak.representations.AccessToken accessToken, HttpRequest request, Map<String,List<String>> claims)
-
resolveClaims
protected Map<String,List<String>> resolveClaims(org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig pathConfig, HttpRequest request)
-
challenge
protected boolean challenge(org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig pathConfig, org.keycloak.representations.adapters.config.PolicyEnforcerConfig.MethodConfig methodConfig, HttpRequest request, HttpResponse response)
-
handleAccessDenied
protected void handleAccessDenied(HttpResponse response)
-
-