Prosoft Git

keycloak-aplcache

[KEYCLOAK-5726] - Defaults to true in case no required scopes

10/20/2017 9:55:45 PM
Pedro Igor

Pedro Igor

Commit: 7dd7b6b

Tree: 9b7c99e

Parents: 711aa83

Changes

adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java 7(+4 -3)

adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java 12(+7 -5)

Details

adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java 7(+4 -3) 

diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java
index d3ef9cd..15aa1e1 100644
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java
@@ -188,6 +188,7 @@ public abstract class AbstractPolicyEnforcer {
     }
 
     private boolean hasResourceScopePermission(MethodConfig methodConfig, Permission permission) {
+        List<String> requiredScopes = methodConfig.getScopes();
         Set<String> allowedScopes = permission.getScopes();
 
         if (allowedScopes.isEmpty()) {
@@ -197,18 +198,18 @@ public abstract class AbstractPolicyEnforcer {
         PolicyEnforcerConfig.ScopeEnforcementMode enforcementMode = methodConfig.getScopesEnforcementMode();
 
         if (PolicyEnforcerConfig.ScopeEnforcementMode.ALL.equals(enforcementMode)) {
-            return allowedScopes.containsAll(methodConfig.getScopes());
+            return allowedScopes.containsAll(requiredScopes);
         }
 
         if (PolicyEnforcerConfig.ScopeEnforcementMode.ANY.equals(enforcementMode)) {
-            for (String requiredScope : methodConfig.getScopes()) {
+            for (String requiredScope : requiredScopes) {
                 if (allowedScopes.contains(requiredScope)) {
                     return true;
                 }
             }
         }
 
-        return false;
+        return requiredScopes.isEmpty();
     }
 
     protected AuthzClient getAuthzClient() {

adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java 12(+7 -5) 

diff --git a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java
index 496c311..390ea15 100755
--- a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java
+++ b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java
@@ -276,11 +276,13 @@ public final class KeycloakAdapterConfigService {
     }
 
     private void setJSONValues(ModelNode json, ModelNode values) {
-        for (Property prop : new ArrayList<>(values.asPropertyList())) {
-            String name = prop.getName();
-            ModelNode value = prop.getValue();
-            if (value.isDefined()) {
-                json.get(name).set(value);
+        synchronized (values) {
+            for (Property prop : new ArrayList<>(values.asPropertyList())) {
+                String name = prop.getName();
+                ModelNode value = prop.getValue();
+                if (value.isDefined()) {
+                    json.get(name).set(value);
+                }
             }
         }
     }

Bonobo Git Server (6.3.0.632) © 2015 Jakub Chodounský · Official Page · Github