From 307e16391cafad7b17e949ec7a65152eb747e0a8 Mon Sep 17 00:00:00 2001 From: Pedro Igor Date: Thu, 4 Feb 2021 11:43:44 -0300 Subject: [PATCH] [KEYCLOAK-14947] - Removing unnecessary code --- .../IdentityProviderPermissions.java | 84 +++++++++---------- 1 file changed, 40 insertions(+), 44 deletions(-) diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/IdentityProviderPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/IdentityProviderPermissions.java index db1a96a951..8ad6fc10c1 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/IdentityProviderPermissions.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/IdentityProviderPermissions.java @@ -147,51 +147,47 @@ class IdentityProviderPermissions implements IdentityProviderPermissionManageme @Override public boolean canExchangeTo(ClientModel authorizedClient, IdentityProviderModel to) { - - if (!authorizedClient.equals(to)) { - ResourceServer server = root.initializeRealmResourceServer(); - if (server == null) { - logger.debug("No resource server set up for target idp"); - return false; - } - - Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(to), server.getId()); - if (resource == null) { - logger.debug("No resource object set up for target idp"); - return false; - } - - Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getExchangeToPermissionName(to), server.getId()); - if (policy == null) { - logger.debug("No permission object set up for target idp"); - return false; - } - - Set associatedPolicies = policy.getAssociatedPolicies(); - // if no policies attached to permission then just do default behavior - if (associatedPolicies == null || associatedPolicies.isEmpty()) { - logger.debug("No policies set up for permission on target idp"); - return false; - } - - Scope scope = exchangeToScope(server); - if (scope == null) { - logger.debug(TOKEN_EXCHANGE + " not initialized"); - return false; - } - ClientModelIdentity identity = new ClientModelIdentity(session, authorizedClient); - EvaluationContext context = new DefaultEvaluationContext(identity, session) { - @Override - public Map> getBaseAttributes() { - Map> attributes = super.getBaseAttributes(); - attributes.put("kc.client.id", Arrays.asList(authorizedClient.getClientId())); - return attributes; - } - - }; - return root.evaluatePermission(resource, server, context, scope); + ResourceServer server = root.initializeRealmResourceServer(); + if (server == null) { + logger.debug("No resource server set up for target idp"); + return false; } - return true; + + Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(to), server.getId()); + if (resource == null) { + logger.debug("No resource object set up for target idp"); + return false; + } + + Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getExchangeToPermissionName(to), server.getId()); + if (policy == null) { + logger.debug("No permission object set up for target idp"); + return false; + } + + Set associatedPolicies = policy.getAssociatedPolicies(); + // if no policies attached to permission then just do default behavior + if (associatedPolicies == null || associatedPolicies.isEmpty()) { + logger.debug("No policies set up for permission on target idp"); + return false; + } + + Scope scope = exchangeToScope(server); + if (scope == null) { + logger.debug(TOKEN_EXCHANGE + " not initialized"); + return false; + } + ClientModelIdentity identity = new ClientModelIdentity(session, authorizedClient); + EvaluationContext context = new DefaultEvaluationContext(identity, session) { + @Override + public Map> getBaseAttributes() { + Map> attributes = super.getBaseAttributes(); + attributes.put("kc.client.id", Arrays.asList(authorizedClient.getClientId())); + return attributes; + } + + }; + return root.evaluatePermission(resource, server, context, scope); } @Override