[keycloak-user] Policy-API - How to Set a User Policy

Pedro Igor Silva psilva at redhat.com
Wed Jul 18 08:20:29 EDT 2018


On Wed, Jul 18, 2018 at 5:43 AM, stefan.wachter <stefan.wachter at bosch-si.com
> wrote:

> Hi,
>
> how can one set a user policy, (i.e. a set of users) to a user managed
> resource? Looking at the class
> org.keycloak.representations.idm.authorization.UmaPermissionRepresentation
>
> I do not see a field that could be used for specifiying a set of user ids.
>

For users, the idea is that you would probably want to follow UMA flow. The
idea behind this endpoint is allow resource servers to define additional
permissions (in addition to users as provided by UMA flow) and still allow
users to revoke them.


>
>
> public class UmaPermissionRepresentationextends
> AbstractPolicyRepresentation {
>
>      private Stringid;
>      private Stringdescription;
>      private Set<String>roles;
>      private Set<String>groups;
>      private Set<String>clients;
>      private Stringcondition;
> ...
> }
>
> public class AbstractPolicyRepresentation {
>
>      private Stringid;
>      private Stringname;
>      private Stringdescription;
>      private Stringtype;
>      private Set<String>policies;
>      private Set<String>resources;
>      private Set<String>scopes;
>      private Logiclogic = Logic.POSITIVE;
>      private DecisionStrategydecisionStrategy =
> DecisionStrategy.UNANIMOUS;
>      private Stringowner;
> ...
>
> }
>
> BTW: Why does the derived UmaPermissionRepresentation class have an id
> and description field of its own? I think these fields are inherited
> from its base class AbstractPolicyRepresentation.
>

Good point. Need to refactor this.


>
> --
>
> Best regards,
>
> *Stefan Wachter
> INST-ICM/BSV-BS*
>
> Tel.  +49(711)811-58477
>
> *Be**QIK
> *
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user


More information about the keycloak-user mailing list