From 228de428597d02a04deb1a45812369190ae77c65 Mon Sep 17 00:00:00 2001 From: Pedro Igor Date: Mon, 19 Apr 2021 16:50:40 -0300 Subject: [PATCH] [KEYCLOAK-17598] - Changing root path check when resolving resource by uri --- .../java/org/keycloak/common/util/PathMatcher.java | 8 +++++++- .../ResourceManagementWithAuthzClientTest.java | 14 ++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/common/src/main/java/org/keycloak/common/util/PathMatcher.java b/common/src/main/java/org/keycloak/common/util/PathMatcher.java index ce6213c342..94e87dd47e 100644 --- a/common/src/main/java/org/keycloak/common/util/PathMatcher.java +++ b/common/src/main/java/org/keycloak/common/util/PathMatcher.java @@ -140,7 +140,13 @@ public abstract class PathMatcher

{ } if (endsWithWildcard(expectedUri)) { - return targetUri.startsWith(expectedUri.substring(0, expectedUri.length() - 2)); + String rootPath = expectedUri.substring(0, expectedUri.length() - 1); + + if (targetUri.startsWith(rootPath)) { + return true; + } + + return targetUri.equals(rootPath.substring(0, rootPath.length() - 1)); } String suffix = "/*."; diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ResourceManagementWithAuthzClientTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ResourceManagementWithAuthzClientTest.java index 996bc0d04d..cc79800ab4 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ResourceManagementWithAuthzClientTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ResourceManagementWithAuthzClientTest.java @@ -61,6 +61,8 @@ public class ResourceManagementWithAuthzClientTest extends ResourceManagementTes doCreateResource(new ResourceRepresentation( "/rest/{version}/carts/{cartId}/cartactions/{actionId}", Collections.emptySet(), "/rest/{version}/carts/{cartId}/cartactions/{actionId}", null)); doCreateResource(new ResourceRepresentation("/rest/v1/carts/{cartId}/cartactions/123", Collections.emptySet(), "/rest/v1/carts/{cartId}/cartactions/123", null)); + doCreateResource(new ResourceRepresentation("Dummy Name", Collections.emptySet(), + new HashSet<>(Arrays.asList("/dummy/605dc7ff310256017a2ec84f", "/dummy/605dc7ff310256017a2ec84f/*")), null)); AuthzClient authzClient = getAuthzClient(); @@ -82,6 +84,12 @@ public class ResourceManagementWithAuthzClientTest extends ResourceManagementTes assertEquals(1, resources.size()); assertEquals("/resources/*", resources.get(0).getUri()); + resources = authzClient.protection().resource().findByMatchingUri("/resources/"); + + assertNotNull(resources); + assertEquals(1, resources.size()); + assertEquals("/resources/*", resources.get(0).getUri()); + resources = authzClient.protection().resource().findByMatchingUri("/resources-b/a"); assertNotNull(resources); @@ -159,6 +167,12 @@ public class ResourceManagementWithAuthzClientTest extends ResourceManagementTes assertNotNull(resources); assertEquals(1, resources.size()); assertEquals("/rest/{version}/carts/{cartId}/cartactions/{actionId}", resources.get(0).getUri()); + + resources = authzClient.protection().resource().findByMatchingUri("/dummy/605dc7ff310256017a2ec84f/nestedObject/605dc7fe310256017a2ec84c"); + + assertNotNull(resources); + assertEquals(1, resources.size()); + assertEquals("Dummy Name", resources.get(0).getName()); } @Test