⁠Chapter 11. Authorization

Authorization is the act of specifying access rights and enforce them consistently when accessing protected resources. PicketLink offers a rich and extensible authorization API that allows for significant customization of the authorization process, while also providing sensible default authorization rules/policies and checks for developers that wish to get up and running quickly.

In conjunction with Identity Management, PicketLink provides an end-to-end authorization where you can easily specify access rights and also enforce them to your POJO, EJB or RESTFul endpoints, for example. This chapter will endeavour to describe the authorization API and the authorization process, becoming a good place to gain a general overall understanding of authorization in PicketLink. It is very important that you have some background about how Authentication and Identity Management works in PicketLink. For more detalis, check their respective chapters.