4:54 a.m.
Hi Guys,
I have a quick question regarding the functionality available within Keycloak policies.
We have a requirement were we need to track the number of calls to a particular resource.
If say the number of calls exceed 100 per day for a particular user/role then the ‘policy’
would reject any further access to that resource for that day.
Could this type of requirement be fulfilled through say either the JavaScript or Drools
based policies?
Many thanks
Plunkett
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of
Accelerite, a Persistent Systems business. It is intended only for the use of the
individual or entity to which it is addressed. If you are not the intended recipient, you
are not authorized to read, retain, copy, print, distribute or use this message. If you
have received this communication in error, please notify the sender and delete all copies
of this message. Accelerite, a Persistent Systems business does not accept any liability
for virus infected mails.
7:17 a.m.
It can't. You would need some kind of storage to keep state across
authorization requests. Policy providers are all stateless.
On Wed, Sep 20, 2017 at 6:54 AM, Plunkett McGurk <
plunkett_mcgurk(a)accelerite.com> wrote:
Hi Guys,
I have a quick question regarding the functionality available within
Keycloak policies.
We have a requirement were we need to track the number of calls to a
particular resource. If say the number of calls exceed 100 per day for a
particular user/role then the ‘policy’ would reject any further access to
that resource for that day.
Could this type of requirement be fulfilled through say either the
JavaScript or Drools based policies?
Many thanks
Plunkett
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is
the property of Accelerite, a Persistent Systems business. It is intended
only for the use of the individual or entity to which it is addressed. If
you are not the intended recipient, you are not authorized to read, retain,
copy, print, distribute or use this message. If you have received this
communication in error, please notify the sender and delete all copies of
this message. Accelerite, a Persistent Systems business does not accept any
liability for virus infected mails.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
11:21 a.m.
Have you looked at Redhat's Apiman? It is designed to to apply
resource-based policies in real-time.
On Wed, Sep 20, 2017 at 2:54 AM, Plunkett McGurk <
plunkett_mcgurk(a)accelerite.com> wrote:
Hi Guys,
I have a quick question regarding the functionality available within
Keycloak policies.
We have a requirement were we need to track the number of calls to a
particular resource. If say the number of calls exceed 100 per day for a
particular user/role then the ‘policy’ would reject any further access to
that resource for that day.
Could this type of requirement be fulfilled through say either the
JavaScript or Drools based policies?
Many thanks
Plunkett
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is
the property of Accelerite, a Persistent Systems business. It is intended
only for the use of the individual or entity to which it is addressed. If
you are not the intended recipient, you are not authorized to read, retain,
copy, print, distribute or use this message. If you have received this
communication in error, please notify the sender and delete all copies of
this message. Accelerite, a Persistent Systems business does not accept any
liability for virus infected mails.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2656
days inactive
2656
days old
2 comments
3 participants
participants (3)
-
Pedro Igor Silva -
Plunkett McGurk -
Stephen Henrie