[keycloak-dev] [authz] REST and Java API need work
Pedro Igor Silva
psilva at redhat.com
Mon Mar 27 07:01:42 EDT 2017
On Sun, Mar 26, 2017 at 12:06 PM, Bill Burke <bburke at redhat.com> wrote:
> Authorization component of Keycloak is really cool and has a strong core
> base of functionality. I think it needs another iteration though
> especially around the RESET interface and Java API.
> The REST interface is just too complex for anybody to use. I'll give
> some examples:
> * To create a permission, you must create a PolicyRepresentation.
> Policy and Permission are overloaded and its unclear how to use the REST
> API to create concepts that exist in the admin console.
* To apply resources and scopes to a permission definition, you have to
> store a stringified JSON array into a regular JSON map.
> * In java api, Policy and Permission are also overloaded. In data model
> policy and permission are also overloaded. This makes it really unclear
> how to create a permission vs. just a plain policy.
> * Create a PermissionDefinitionRepresentation and pull core config
> optiosn (scopes, applied policies, resources) into actual fields rather
> than in a generic config map.
As we already discussed in a previous thread, policy management via REST
API is a TODO and we have a JIRA for this. Will work on it this week.
> * Leverage the ComponentModel API to store non-core configuration, i.e.
> policy type specific information. It supports multi-valued hash maps
> and also has utilities in admin console for rendering this configuration
+1. Yeah, I really missed this capability. I will review this part of the
code and check how component model works.
> * Create a PermissionDefinition interface in storage API
I'm not willing to change model now .... But we can change the API to start
What do you say ?
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
More information about the keycloak-dev