keycloak-aplcache
Changes
adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java 2(+1 -1)
adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/BearerTokenPolicyEnforcer.java 2(+1 -1)
Details
diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java
index bbbf573..9377b0b 100644
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java
@@ -110,7 +110,7 @@ public abstract class AbstractPolicyEnforcer {
protected boolean isAuthorized(PathConfig actualPathConfig, Set<String> requiredScopes, AccessToken accessToken, OIDCHttpFacade httpFacade) {
Request request = httpFacade.getRequest();
PolicyEnforcerConfig enforcerConfig = getEnforcerConfig();
- String accessDeniedPath = enforcerConfig.getAccessDeniedPath();
+ String accessDeniedPath = enforcerConfig.getOnDenyRedirectTo();
if (accessDeniedPath != null) {
if (request.getURI().contains(accessDeniedPath)) {
diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/BearerTokenPolicyEnforcer.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/BearerTokenPolicyEnforcer.java
index 91e23cf..f8f88d4 100644
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/BearerTokenPolicyEnforcer.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/BearerTokenPolicyEnforcer.java
@@ -41,7 +41,7 @@ public class BearerTokenPolicyEnforcer extends AbstractPolicyEnforcer {
@Override
protected boolean challenge(PathConfig pathConfig, Set<String> requiredScopes, OIDCHttpFacade facade) {
- if (getEnforcerConfig().getUmaProtocolConfig() != null) {
+ if (getEnforcerConfig().getUserManagedAccess() != null) {
challengeUmaAuthentication(pathConfig, requiredScopes, facade);
} else {
challengeEntitlementAuthentication(facade);
diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/KeycloakAdapterPolicyEnforcer.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/KeycloakAdapterPolicyEnforcer.java
index 518c054..a12fc84 100644
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/KeycloakAdapterPolicyEnforcer.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/KeycloakAdapterPolicyEnforcer.java
@@ -88,7 +88,7 @@ public class KeycloakAdapterPolicyEnforcer extends AbstractPolicyEnforcer {
@Override
protected boolean challenge(PathConfig pathConfig, Set<String> requiredScopes, OIDCHttpFacade facade) {
- String accessDeniedPath = getEnforcerConfig().getAccessDeniedPath();
+ String accessDeniedPath = getEnforcerConfig().getOnDenyRedirectTo();
HttpFacade.Response response = facade.getResponse();
if (accessDeniedPath != null) {
@@ -107,7 +107,7 @@ public class KeycloakAdapterPolicyEnforcer extends AbstractPolicyEnforcer {
AuthzClient authzClient = getAuthzClient();
KeycloakDeployment deployment = getPolicyEnforcer().getDeployment();
- if (getEnforcerConfig().getUmaProtocolConfig() != null) {
+ if (getEnforcerConfig().getUserManagedAccess() != null) {
LOGGER.debug("Obtaining authorization for authenticated user.");
PermissionRequest permissionRequest = new PermissionRequest();
diff --git a/core/src/main/java/org/keycloak/representations/adapters/config/PolicyEnforcerConfig.java b/core/src/main/java/org/keycloak/representations/adapters/config/PolicyEnforcerConfig.java
index 9cf710a..0c3faf8 100644
--- a/core/src/main/java/org/keycloak/representations/adapters/config/PolicyEnforcerConfig.java
+++ b/core/src/main/java/org/keycloak/representations/adapters/config/PolicyEnforcerConfig.java
@@ -39,11 +39,11 @@ public class PolicyEnforcerConfig {
@JsonProperty("user-managed-access")
@JsonInclude(JsonInclude.Include.NON_NULL)
- private UmaProtocolConfig umaProtocolConfig;
+ private UmaProtocolConfig userManagedAccess;
@JsonProperty("entitlement")
@JsonInclude(JsonInclude.Include.NON_NULL)
- private EntitlementProtocolConfig entitlementProtocolConfig;
+ private EntitlementProtocolConfig entitlement;
@JsonProperty("paths")
@JsonInclude(JsonInclude.Include.NON_EMPTY)
@@ -55,7 +55,7 @@ public class PolicyEnforcerConfig {
@JsonProperty("on-deny-redirect-to")
@JsonInclude(JsonInclude.Include.NON_NULL)
- private String accessDeniedPath;
+ private String onDenyRedirectTo;
public Boolean isCreateResources() {
return this.createResources;
@@ -73,12 +73,12 @@ public class PolicyEnforcerConfig {
this.enforcementMode = enforcementMode;
}
- public UmaProtocolConfig getUmaProtocolConfig() {
- return this.umaProtocolConfig;
+ public UmaProtocolConfig getUserManagedAccess() {
+ return this.userManagedAccess;
}
- public EntitlementProtocolConfig getEntitlementProtocolConfig() {
- return this.entitlementProtocolConfig;
+ public EntitlementProtocolConfig getEntitlement() {
+ return this.entitlement;
}
public Boolean isOnlineIntrospection() {
@@ -97,10 +97,22 @@ public class PolicyEnforcerConfig {
this.paths = paths;
}
- public String getAccessDeniedPath() {
- return accessDeniedPath;
+ public String getOnDenyRedirectTo() {
+ return onDenyRedirectTo;
}
+ public void setUserManagedAccess(UmaProtocolConfig userManagedAccess) {
+ this.userManagedAccess = userManagedAccess;
+ }
+
+ public void setEntitlement(EntitlementProtocolConfig entitlement) {
+ this.entitlement = entitlement;
+ }
+
+ public void setOnDenyRedirectTo(String onDenyRedirectTo) {
+ this.onDenyRedirectTo = onDenyRedirectTo;
+ }
+
public static class PathConfig {
private String name;