Here is a scratch [1]. But I'm not fully convinced about the changes you
are proposing. Maybe what is missing is an example of how this will be used
in practice.
Isn't that the same thing as configuring a path like this?
```
{
"path" : "/someUri/*",
"methods" : [
{
"method": "GET",
"scopes" : ["view"]
},
{
"method": "DELETE",
"scopes" : ["delete"]
}
]
},
```
[1]
https://github.com/pedroigor/keycloak/tree/KEYCLOAK-11300
On Mon, Nov 11, 2019 at 1:44 PM Pedro Igor Silva <psilva(a)redhat.com> wrote:
OK. I'm going to write something and give to you ...
On Mon, Nov 11, 2019 at 1:41 PM Sushil Singh <sushil.singh(a)guavus.com>
wrote:
> @Pedro Igor Silva <psilva(a)redhat.com>
>
> Can you suggest pseudo flow what you are trying to say
>
> It will be good for me to understand how it can be achieved using
> AuthorizationContext .
>
> Get Outlook for Android <
https://aka.ms/ghei36>
> ------------------------------
> *From:* Pedro Igor Silva <psilva(a)redhat.com>
> *Sent:* Monday, November 11, 2019 10:05:06 PM
> *To:* keycloak-dev <keycloak-dev(a)lists.jboss.org>; Sushil Singh <
> sushil.singh(a)guavus.com>
> *Subject:* Custom Policy Enforcer
>
> Hi,
>
> We have started some discussions about a custom policy enforcer at
>
https://github.com/keycloak/keycloak/pull/6448.
>
> For those interested in how to programmatically enforce permissions,
> please look at that PR and discussions that should start to happen here.
>
> @Sushil Singh <sushil.singh(a)guavus.com>, If the idea is to expose the PE
> functionality so that you can programmatically get the same behavior to
> when requests are processed, I think we can still make it through the
> `AuthorizationContex` interface.
>
> In fact, the code won't change much from what you did so we basically
> encapsulate the call to the actual policy enforcer.
>
> Regards.
> Pedro Igor
>