CODEWITHSUNDEEP
javakeycloak
kronolynx
kronolynx

Reputation: 197

keycloak SPI for client policy?

I'm trying to implement an SPI for a client policy to replace the policies I have in js.

I implemented PolicyProvider similar to this and PolicyProviderFactory like this, then I copy my jar to standalone/deployments as explained in implementing an SPI

I can see in the log that the jar has been deployed:

08:17:02,647 INFO  [stdout] (MSC service thread 1-3) about to start org.keycloak.services.util.JsonConfigProvider$JsonScope@266abf6d                                                                             
08:17:02,682 WARN  [org.keycloak.services] (MSC service thread 1-3) KC-SERVICES0047: myEvListener (example.myProvider.EvListenerProviderFactory) is implementing the internal SPI eventsListener. This SPI is internal and may change without notice                                                                                                                                                                               
08:17:02,692 WARN  [org.keycloak.services] (MSC service thread 1-3) KC-SERVICES0047: myRolePolicy (example.myProvider.MyPolicyProviderFactory) is implementing the internal SPI policy. This SPI is internal and may change without notice                                                                                                                                                                                         
08:17:02,814 INFO  [org.jboss.as.server] (DeploymentScanner-threads - 2) WFLYSRV0010: Deployed "myPolicyProvider.jar" (runtime-name : "myPolicyProvider.jar")

Now I can't find a way to actually create a client policy using my SPI

create policy

In the server info I can see my policies (my-role-policy and my-js-policy) listed in policy providers:

myPolicies

I would appreciate if someone could point me in the right direction.

Upvotes: 2

Views: 1056

Answers (1)

kronolynx
kronolynx

Reputation: 197

In order to create a policy is required to make a POST request to:

http://${host}:${port}/auth/realms/${realm}/clients/${clientId}/authz/resource-server/policy/${policyId}

where policyId is specified in PolicyProviderFactory

public String getId() {
    return "myId";
}

the body of your post should be a json

{
    "decisionStrategy": "AFFIRMATIVE",
    "logic": "POSITIVE",
    "name": "policyName",
    .... // other fields required in your policy implementation
}

a curl request example:

curl --request POST \
  --url http://${host}:${port}/auth/admin/realms/${realm}/clients/${clientId}/authz/resource-server/policy/${policyId} \
  --header 'authorization: Bearer ${token}' \
  --header 'content-type: application/json' \
  --data '{"decisionStrategy": "AFFIRMATIVE","logic": "POSITIVE","name": "is-admin","role": "admin"}'

Upvotes: 2

Related Questions