diff --git a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProvider.java b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProvider.java index 253d9b6cbb..ec84bbcac1 100644 --- a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProvider.java +++ b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProvider.java @@ -1,18 +1,23 @@ package org.keycloak.authorization.policy.provider.client; +import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.policy.evaluation.Evaluation; import org.keycloak.authorization.policy.evaluation.EvaluationContext; import org.keycloak.authorization.policy.provider.PolicyProvider; +import org.keycloak.models.ClientModel; +import org.keycloak.models.RealmModel; import static org.keycloak.authorization.policy.provider.client.ClientPolicyProviderFactory.getClients; public class ClientPolicyProvider implements PolicyProvider { private final Policy policy; + private final AuthorizationProvider authorization; - public ClientPolicyProvider(Policy policy) { + public ClientPolicyProvider(Policy policy, AuthorizationProvider authorization) { this.policy = policy; + this.authorization = authorization; } @Override @@ -22,7 +27,8 @@ public class ClientPolicyProvider implements PolicyProvider { if (clients.length > 0) { for (String client : clients) { - if (context.getAttributes().containsValue("kc.client.id", client)) { + ClientModel clientModel = getCurrentRealm().getClientById(client); + if (context.getAttributes().containsValue("kc.client.id", clientModel.getClientId())) { evaluation.grant(); return; } @@ -34,4 +40,8 @@ public class ClientPolicyProvider implements PolicyProvider { public void close() { } + + private RealmModel getCurrentRealm() { + return this.authorization.getKeycloakSession().getContext().getRealm(); + } } diff --git a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java index 9cf33487fe..e800a5bd50 100644 --- a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java +++ b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java @@ -32,7 +32,7 @@ public class ClientPolicyProviderFactory implements PolicyProviderFactory { @Override public PolicyProvider create(Policy policy, AuthorizationProvider authorization) { - return new ClientPolicyProvider(policy); + return new ClientPolicyProvider(policy, authorization); } @Override diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourcePermissionManagementTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourcePermissionManagementTest.java index 58f9a08c22..9ecbc3d992 100644 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourcePermissionManagementTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourcePermissionManagementTest.java @@ -392,7 +392,7 @@ public class ResourcePermissionManagementTest extends AbstractPhotozAdminTest { List clientIds = new ArrayList<>(); for (ClientModel client : allowedClients) { - clientIds.add(client.getClientId()); + clientIds.add(client.getId()); } String[] clients = clientIds.toArray(new String[clientIds.size()]);