Prosoft Git

keycloak-developers

[KEYCLOAK-9474] - Public endpoints are returning 403 with

1/31/2019 2:30:08 PM
Pedro Igor

Pedro Igor

Commit: 4d5dff1

Tree: 5bfdb8d

Parents: 366ee08

Changes

adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AuthenticatedActionsHandler.java 4(+1 -3)

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerTest.java 21(+21 -0)

Details

adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AuthenticatedActionsHandler.java 4(+1 -3) 

diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AuthenticatedActionsHandler.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AuthenticatedActionsHandler.java
index 137f6d3..342cefc 100755
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AuthenticatedActionsHandler.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AuthenticatedActionsHandler.java
@@ -159,11 +159,9 @@ public class AuthenticatedActionsHandler {
 
             if (session != null) {
                 session.setAuthorizationContext(authorizationContext);
-
-                return authorizationContext.isGranted();
             }
 
-            return true;
+            return authorizationContext.isGranted();
         } catch (Exception e) {
             throw new RuntimeException("Failed to enforce policy decisions.", e);
         }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerTest.java 21(+21 -0) 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerTest.java
index a4fae18..160113d 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerTest.java
@@ -212,6 +212,27 @@ public class PolicyEnforcerTest extends AbstractKeycloakTest {
     }
 
     @Test
+    public void testPublicEndpointNoBearerAbortRequest() {
+        KeycloakDeployment deployment = KeycloakDeploymentBuilder.build(getAdapterConfiguration("enforcer-bearer-only.json"));
+        OIDCHttpFacade httpFacade = createHttpFacade("/api/public");
+        AuthenticatedActionsHandler handler = new AuthenticatedActionsHandler(deployment, httpFacade);
+
+        assertTrue(handler.handledRequest());
+
+        oauth.realm(REALM_NAME);
+        oauth.clientId("public-client-test");
+        oauth.doLogin("marta", "password");
+
+        String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
+        OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, null);
+        String token = response.getAccessToken();
+        httpFacade = createHttpFacade("/api/resourcea", token);
+        handler = new AuthenticatedActionsHandler(deployment, httpFacade);
+
+        assertFalse(handler.handledRequest());
+    }
+
+    @Test
     public void testMappedPathEnforcementModeDisabled() {
         KeycloakDeployment deployment = KeycloakDeploymentBuilder.build(getAdapterConfiguration("enforcer-disabled-enforce-mode-path.json"));
         PolicyEnforcer policyEnforcer = deployment.getPolicyEnforcer();

Bonobo Git Server (6.3.0.632) © 2015 Jakub Chodounský · Official Page · Github