Keycloak AuthZ Policy Enforcer Spring Boot Configuration

application.yml

server:
  port: 3000

spring:
  main.banner-mode: OFF
  datasource:
    type: com.zaxxer.hikari.HikariDataSource
    url: jdbc:postgresql://${DB_HOST}:${DB_PORT}/${DB_NAME}
    username: ${DB_USER}
    password: ${DB_PASS}
  jpa:
    hibernate.ddl-auto: update
    properties:
      org.hibernate:
        format_sql: true
        envers:
          default_schema: history
          audit_strategy: org.hibernate.envers.strategy.ValidityAuditStrategy
          revision_type_field_name: revision_type
          revision_field_name: revision_id
          modified_flag_suffix: _mod
          audit_table_suffix: _history
          audit_strategy_validity_store_revend_timestamp: true
          audit_strategy_validity_end_rev_field_name: revision_last
          audit_strategy_validity_revend_timestamp_field_name: revision_last_timestamp

keycloak:
  realm: ${AUTH_REALM}
  auth-server-url: ${AUTH_URL}
  ssl-required: external
  resource: ${AUTH_CLIENT}
  credentials.secret: ${AUTH_SECRET}
  use-resource-role-mappings: true
  policy-enforcer-config:
    enforcement-mode: ENFORCING
    http-method-as-scope: true
    lazy-load-paths: true
    paths:
      - name: Country Resource
        path: /location/country
        methods:
          - method: GET
            scopes:
              - View
      - name: Product Resource
        path: /inventory/product
        methods:
          - method: GET
            scopes:
              - View
      - name: Product Resource
        path: /inventory/product/code/{code}
        methods:
          - method: GET
            scopes:
              - View
      - name: Product Resource
        path: /inventory/product/{id}
        methods:
          - method: GET
            scopes:
              - View
          - method: PUT
            scopes:
              - Modify

# Turn off the logs
logging:
  level:
    root: INFO
    work.gavenda: DEBUG