diff --git a/docs/documentation/authorization_services/topics.adoc b/docs/documentation/authorization_services/topics.adoc index 1c6806087be..6e71c4ece4d 100644 --- a/docs/documentation/authorization_services/topics.adoc +++ b/docs/documentation/authorization_services/topics.adoc @@ -12,8 +12,6 @@ include::topics/resource-server-create-client.adoc[leveloffset=+2] include::topics/resource-server-enable-authorization.adoc[leveloffset=+2] -include::topics/resource-server-default-config.adoc[leveloffset=+2] - include::topics/resource-server-import-config.adoc[leveloffset=+2] include::topics/resource-overview.adoc[leveloffset=+1] diff --git a/docs/documentation/authorization_services/topics/resource-create.adoc b/docs/documentation/authorization_services/topics/resource-create.adoc index 3c1e34a1c7c..248356a5580 100644 --- a/docs/documentation/authorization_services/topics/resource-create.adoc +++ b/docs/documentation/authorization_services/topics/resource-create.adoc @@ -19,7 +19,6 @@ A human-readable and unique string describing this resource. * *Type* + A string uniquely identifying the type of a set of one or more resources. The type is a _string_ used to group different resource instances. -For example, the default type for the default resource that is automatically created is `urn:resource-server-name:resources:default` [[_resource_create_uri]] * *URIS* diff --git a/docs/documentation/authorization_services/topics/resource-server-default-config.adoc b/docs/documentation/authorization_services/topics/resource-server-default-config.adoc deleted file mode 100644 index fa3ee671444..00000000000 --- a/docs/documentation/authorization_services/topics/resource-server-default-config.adoc +++ /dev/null @@ -1,52 +0,0 @@ -[[_resource_server_default_config]] -= Default Configuration - -When you create a resource server, {project_name} creates a default configuration for your newly created resource server. - -The default configuration consists of: - -* A default protected resource representing all resources in your application. -* A policy that always grants access to the resources protected by this policy. -* A permission that governs access to all resources based on the default policy. - -The default protected resource is referred to as the *default resource* and you can view it if you navigate to the *Resources* tab. - -.Default resource -image:images/resource-server/default-resource.png[alt="Default resource"] - -This resource defines a `Type`, namely `urn:my-resource-server:resources:default` and a `URI` `/*`. Here, the `URI` field defines a -wildcard pattern that indicates to {project_name} that this resource represents all the paths in your application. In other words, -when enabling <<_enforcer_overview, policy enforcement>> for your application, all the permissions associated with the resource -will be examined before granting access. - -The `Type` mentioned previously defines a value that can be used to create <<_permission_typed_resource, typed resource permissions>> that must be applied -to the default resource or any other resource you create using the same type. - -The default policy is referred to as the *only from realm policy* and you can view it if you navigate to the *Policies* tab. - -.Default policy -image:images/resource-server/default-policy.png[alt="Default policy"] - -This policy is a <<_policy_js, JavaScript-based policy>> defining a condition that always grants access to the resources protected by this policy. If you click this policy you can see that it defines a rule as follows: - -```js -// by default, grants any permission associated with this policy -$evaluation.grant(); -``` - -Lastly, the default permission is referred to as the *default permission* and you can view it if you navigate to the *Permissions* tab. - -.Default Permission -image:images/resource-server/default-permission.png[alt="Default Permission"] - -This permission is a <<_permission_create_resource, resource-based permission>>, defining a set of one or more policies that are applied to all resources with a given type. - -== Changing the default configuration - -You can change the default configuration by removing the default resource, policy, or permission definitions and creating your own. - -The default resource is created with a **URI** that maps to any resource or path in your application using a **/*** pattern. Before creating your own resources, permissions and policies, make -sure the default configuration doesn't conflict with your own settings. - -[NOTE] -The default configuration defines a resource that maps to all paths in your application. If you are about to write permissions to your own resources, be sure to remove the *Default Resource* or change its ```URIS``` fields to more specific paths in your application. Otherwise, the policy associated with the default resource (which by default always grants access) will allow {project_name} to grant access to any protected resource.