diff --git a/docs/src/main/asciidoc/security-keycloak-authorization.adoc b/docs/src/main/asciidoc/security-keycloak-authorization.adoc index b681266eb8f52..1359042b9e3cb 100644 --- a/docs/src/main/asciidoc/security-keycloak-authorization.adoc +++ b/docs/src/main/asciidoc/security-keycloak-authorization.adoc @@ -346,6 +346,12 @@ In the default configuration, Keycloak is responsible for managing the roles and To configure the protected routes using the `@RolesAllowed` annotation or the `application.properties` file, check the link:security-openid-connect[Using OpenID Connect Adapter to Protect JAX-RS Applications] guide. For more details, check the link:security[Security guide]. +== Configuration Reference + +The configuration is based on the official https://www.keycloak.org/docs/latest/authorization_services/index.html#_enforcer_filter[Keycloak Policy Enforcer Configuration]. If you are looking for more details about the different configuration options, please take a look at this documentation, + +include::{generated-dir}/config/quarkus-keycloak-keycloak-policy-enforcer-config.adoc[opts=optional] + == References * https://www.keycloak.org/documentation.html[Keycloak Documentation] diff --git a/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerAuthorizer.java b/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerAuthorizer.java index 86b6f48d5b80b..9019c1188627a 100644 --- a/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerAuthorizer.java +++ b/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerAuthorizer.java @@ -147,8 +147,7 @@ private PolicyEnforcerConfig getPolicyEnforcerConfig(KeycloakPolicyEnforcerConfi PolicyEnforcerConfig enforcerConfig = new PolicyEnforcerConfig(); enforcerConfig.setLazyLoadPaths(config.policyEnforcer.lazyLoadPaths); - enforcerConfig.setEnforcementMode( - PolicyEnforcerConfig.EnforcementMode.valueOf(config.policyEnforcer.enforcementMode)); + enforcerConfig.setEnforcementMode(config.policyEnforcer.enforcementMode); enforcerConfig.setHttpMethodAsScope(config.policyEnforcer.httpMethodAsScope); KeycloakPolicyEnforcerConfig.KeycloakConfigPolicyEnforcer.PathCacheConfig pathCache = config.policyEnforcer.pathCache; diff --git a/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerConfig.java b/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerConfig.java index 1c16ed8890a64..1cf9028aaddf2 100644 --- a/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerConfig.java +++ b/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerConfig.java @@ -40,8 +40,8 @@ public static class KeycloakConfigPolicyEnforcer { /** * Specifies how policies are enforced. */ - @ConfigItem(defaultValue = "ENFORCING") - public String enforcementMode; + @ConfigItem(defaultValue = "enforcing") + public PolicyEnforcerConfig.EnforcementMode enforcementMode; /** * Specifies the paths to protect.