keycloak-uncached
Changes
authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProvider.java 14(+12 -2)
Details
diff --git a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProvider.java b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProvider.java
index 253d9b6..ec84bbc 100644
--- a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProvider.java
+++ b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProvider.java
@@ -1,18 +1,23 @@
package org.keycloak.authorization.policy.provider.client;
+import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.policy.evaluation.Evaluation;
import org.keycloak.authorization.policy.evaluation.EvaluationContext;
import org.keycloak.authorization.policy.provider.PolicyProvider;
+import org.keycloak.models.ClientModel;
+import org.keycloak.models.RealmModel;
import static org.keycloak.authorization.policy.provider.client.ClientPolicyProviderFactory.getClients;
public class ClientPolicyProvider implements PolicyProvider {
private final Policy policy;
+ private final AuthorizationProvider authorization;
- public ClientPolicyProvider(Policy policy) {
+ public ClientPolicyProvider(Policy policy, AuthorizationProvider authorization) {
this.policy = policy;
+ this.authorization = authorization;
}
@Override
@@ -22,7 +27,8 @@ public class ClientPolicyProvider implements PolicyProvider {
if (clients.length > 0) {
for (String client : clients) {
- if (context.getAttributes().containsValue("kc.client.id", client)) {
+ ClientModel clientModel = getCurrentRealm().getClientById(client);
+ if (context.getAttributes().containsValue("kc.client.id", clientModel.getClientId())) {
evaluation.grant();
return;
}
@@ -34,4 +40,8 @@ public class ClientPolicyProvider implements PolicyProvider {
public void close() {
}
+
+ private RealmModel getCurrentRealm() {
+ return this.authorization.getKeycloakSession().getContext().getRealm();
+ }
}
diff --git a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java
index 9cf3348..e800a5b 100644
--- a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java
+++ b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java
@@ -32,7 +32,7 @@ public class ClientPolicyProviderFactory implements PolicyProviderFactory {
@Override
public PolicyProvider create(Policy policy, AuthorizationProvider authorization) {
- return new ClientPolicyProvider(policy);
+ return new ClientPolicyProvider(policy, authorization);
}
@Override
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourcePermissionManagementTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourcePermissionManagementTest.java
index 58f9a08..9ecbc3d 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourcePermissionManagementTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourcePermissionManagementTest.java
@@ -392,7 +392,7 @@ public class ResourcePermissionManagementTest extends AbstractPhotozAdminTest {
List<String> clientIds = new ArrayList<>();
for (ClientModel client : allowedClients) {
- clientIds.add(client.getClientId());
+ clientIds.add(client.getId());
}
String[] clients = clientIds.toArray(new String[clientIds.size()]);