KEYCLOAK-4018 Use clientId and not the client name

2016-12-09 19:33:27 +01:00 · 2016-12-09 19:33:27 +01:00 · 35c4a379ad
commit 35c4a379ad
parent 5d070cbf22
3 changed files with 14 additions and 4 deletions
--- a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProvider.java
+++ b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProvider.java
@ -1,18 +1,23 @@
 package org.keycloak.authorization.policy.provider.client;

+import org.keycloak.authorization.AuthorizationProvider;
 import org.keycloak.authorization.model.Policy;
 import org.keycloak.authorization.policy.evaluation.Evaluation;
 import org.keycloak.authorization.policy.evaluation.EvaluationContext;
 import org.keycloak.authorization.policy.provider.PolicyProvider;
+import org.keycloak.models.ClientModel;
+import org.keycloak.models.RealmModel;

 import static org.keycloak.authorization.policy.provider.client.ClientPolicyProviderFactory.getClients;

 public class ClientPolicyProvider implements PolicyProvider {

    private final Policy policy;
+    private final AuthorizationProvider authorization;

-    public ClientPolicyProvider(Policy policy) {
+    public ClientPolicyProvider(Policy policy, AuthorizationProvider authorization) {
        this.policy = policy;
+        this.authorization = authorization;
    }

    @Override
@ -22,7 +27,8 @@ public class ClientPolicyProvider implements PolicyProvider {

        if (clients.length > 0) {
            for (String client : clients) {
-                if (context.getAttributes().containsValue("kc.client.id", client)) {
+                ClientModel clientModel = getCurrentRealm().getClientById(client);
+                if (context.getAttributes().containsValue("kc.client.id", clientModel.getClientId())) {
                    evaluation.grant();
                    return;
                }
@ -34,4 +40,8 @@ public class ClientPolicyProvider implements PolicyProvider {
    public void close() {

    }
+
+    private RealmModel getCurrentRealm() {
+        return this.authorization.getKeycloakSession().getContext().getRealm();
+    }
 }
--- a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java
+++ b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java
@ -32,7 +32,7 @@ public class ClientPolicyProviderFactory implements PolicyProviderFactory {

    @Override
    public PolicyProvider create(Policy policy, AuthorizationProvider authorization) {
-        return new ClientPolicyProvider(policy);
+        return new ClientPolicyProvider(policy, authorization);
    }

    @Override
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourcePermissionManagementTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourcePermissionManagementTest.java
@ -392,7 +392,7 @@ public class ResourcePermissionManagementTest extends AbstractPhotozAdminTest {

            List<String> clientIds = new ArrayList<>();
            for (ClientModel client : allowedClients) {
-                clientIds.add(client.getClientId());
+                clientIds.add(client.getId());
            }

            String[] clients = clientIds.toArray(new String[clientIds.size()]);