org.keycloak.authorization.AuthorizationProvider

All Implemented Interfaces:: Provider

public final class AuthorizationProvider extends Object implements Provider

The main contract here is the creation of PermissionEvaluator instances. Usually an application has a single AuthorizationProvider instance and threads servicing client requests obtain PermissionEvaluator from the evaluators() method.

The internal state of a AuthorizationProvider is immutable. This internal state includes all of the metadata used during the evaluation of policies.

Once created, PermissionEvaluator instances can be obtained from the evaluators() method:

     List permissionsToEvaluate = getPermissions(); // the permissions to evaluate
     EvaluationContext evaluationContext = createEvaluationContext(); // the context with runtime environment information
     PermissionEvaluator evaluator = authorization.evaluators().from(permissionsToEvaluate, context);

     evaluator.evaluate(new Decision() {

         public void onDecision(Evaluation evaluation) {
              // do something on grant
         }

     });

Author:: Pedro Igor

Constructor Summary

Constructors

Constructor

Description

AuthorizationProvider(KeycloakSession session, RealmModel realm, PolicyEvaluator policyEvaluator)
Method Summary

Modifier and Type

Method

Description

void

close()

Evaluators

evaluators()

Returns a Evaluators instance from where PolicyEvaluator instances can be obtained.

KeycloakSession

getKeycloakSession()

StoreFactory

getLocalStoreFactory()

No cache sits in front of this

PolicyEvaluator

getPolicyEvaluator(ResourceServer resourceServer)

<P extends PolicyProvider> P

getProvider(String type)

Returns a PolicyProviderFactory given a type.

Stream<PolicyProviderFactory>

getProviderFactoriesStream()

Returns the registered PolicyProviderFactory.

PolicyProviderFactory

getProviderFactory(String type)

Returns a PolicyProviderFactory given a type.

RealmModel

getRealm()

StoreFactory

getStoreFactory()

Cache sits in front of this Returns a StoreFactory.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- AuthorizationProvider
  
  public AuthorizationProvider(KeycloakSession session, RealmModel realm, PolicyEvaluator policyEvaluator)
Method Details
- evaluators
  
  public Evaluators evaluators()
  
  Returns a Evaluators instance from where PolicyEvaluator instances can be obtained.
  
  Returns:
  
  a Evaluators instance
- getStoreFactory
  
  public StoreFactory getStoreFactory()
  
  Cache sits in front of this Returns a StoreFactory.
  
  Returns:
  
  the StoreFactory
- getLocalStoreFactory
  
  public StoreFactory getLocalStoreFactory()
  
  No cache sits in front of this
  
  Returns:
- getProviderFactoriesStream
  
  public Stream<PolicyProviderFactory> getProviderFactoriesStream()
  
  Returns the registered PolicyProviderFactory.
  
  Returns:
  
  a Stream containing all registered PolicyProviderFactory
- getProviderFactory
  
  public PolicyProviderFactory getProviderFactory(String type)
  
  Returns a PolicyProviderFactory given a type.
  
  Parameters:
  
  type - the type of the policy provider
  
  Returns:
  
  a PolicyProviderFactory with the given type
- getProvider
  
  public <P extends PolicyProvider> P getProvider(String type)
  
  Returns a PolicyProviderFactory given a type.
  
  Type Parameters:
  
  P - the expected type of the provider
  
  Parameters:
  
  type - the type of the policy provider
  
  Returns:
  
  a PolicyProvider with the given type
- getKeycloakSession
  
  public KeycloakSession getKeycloakSession()
- getRealm
  
  public RealmModel getRealm()
- getPolicyEvaluator
  
  public PolicyEvaluator getPolicyEvaluator(ResourceServer resourceServer)
- close
  
  public void close()
  
  Specified by:
  
  close in interface Provider

Class AuthorizationProvider

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Details

AuthorizationProvider

Method Details

evaluators

getStoreFactory

getLocalStoreFactory

getProviderFactoriesStream

getProviderFactory

getProvider

getKeycloakSession

getRealm

getPolicyEvaluator

close