org.keycloak.authorization

Class AuthorizationProvider

java.lang.Object

org.keycloak.authorization.AuthorizationProvider

All Implemented Interfaces:

Provider

public final class AuthorizationProvider
extends Object
implements Provider

The main contract here is the creation of PermissionEvaluator instances. Usually an application has a single AuthorizationProvider instance and threads servicing client requests obtain PermissionEvaluator from the evaluators() method.

The internal state of a AuthorizationProvider is immutable. This internal state includes all of the metadata used during the evaluation of policies.

Once created, PermissionEvaluator instances can be obtained from the evaluators() method:

     List permissionsToEvaluate = getPermissions(); // the permissions to evaluate
     EvaluationContext evaluationContext = createEvaluationContext(); // the context with runtime environment information
     PermissionEvaluator evaluator = authorization.evaluators().from(permissionsToEvaluate, context);

     evaluator.evaluate(new Decision() {

         public void onDecision(Evaluation evaluation) {
              // do something on grant
         }

     });
 

Author:

Pedro Igor

Constructor Summary

Constructors

Constructor and Description
AuthorizationProvider(KeycloakSession session, RealmModel realm, PolicyEvaluator policyEvaluator)

Method Summary

Modifier and Type	Method and Description
void	close()
Evaluators	evaluators() Returns a Evaluators instance from where PolicyEvaluator instances can be obtained.
KeycloakSession	getKeycloakSession()
StoreFactory	getLocalStoreFactory() No cache sits in front of this
PolicyEvaluator	getPolicyEvaluator()
<P extends PolicyProvider> P	getProvider(String type) Returns a PolicyProviderFactory given a type.
Stream<PolicyProviderFactory>	getProviderFactoriesStream() Returns the registered PolicyProviderFactory.
PolicyProviderFactory	getProviderFactory(String type) Returns a PolicyProviderFactory given a type.
RealmModel	getRealm()
StoreFactory	getStoreFactory() Cache sits in front of this Returns a StoreFactory.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthorizationProvider

public AuthorizationProvider(KeycloakSession session,
                             RealmModel realm,
                             PolicyEvaluator policyEvaluator)

Method Detail

evaluators

public Evaluators evaluators()

Returns a Evaluators instance from where PolicyEvaluator instances can be obtained.

Returns:

a Evaluators instance

getStoreFactory

public StoreFactory getStoreFactory()

Cache sits in front of this Returns a StoreFactory.

Returns:

the StoreFactory

getLocalStoreFactory

public StoreFactory getLocalStoreFactory()

No cache sits in front of this

Returns:

getProviderFactoriesStream

public Stream<PolicyProviderFactory> getProviderFactoriesStream()

Returns the registered PolicyProviderFactory.

Returns:

a Stream containing all registered PolicyProviderFactory

getProviderFactory

public PolicyProviderFactory getProviderFactory(String type)

Returns a PolicyProviderFactory given a type.

Type Parameters:

F - the expected type of the provider

Parameters:

type - the type of the policy provider

Returns:

a PolicyProviderFactory with the given type

getProvider

public <P extends PolicyProvider> P getProvider(String type)

Returns a PolicyProviderFactory given a type.

Type Parameters:

P - the expected type of the provider

Parameters:

type - the type of the policy provider

Returns:

a PolicyProvider with the given type

getKeycloakSession

public KeycloakSession getKeycloakSession()

getRealm

public RealmModel getRealm()

getPolicyEvaluator

public PolicyEvaluator getPolicyEvaluator()

close

public void close()

Specified by:

close in interface Provider