libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

[KEYCLOAK-9474] - Public endpoints are returning 403 with body when enforcement mode is disabled

Browse source
This commit is contained in:
Pedro Igor 2019-01-31 14:30:08 -02:00
parent 366ee083ac
commit 4d5dff1d64
2 changed files with 22 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AuthenticatedActionsHandler.java
View file

@ -159,11 +159,9 @@ public class AuthenticatedActionsHandler {
if (session != null) { if (session != null) {
session.setAuthorizationContext(authorizationContext); session.setAuthorizationContext(authorizationContext);
return authorizationContext.isGranted();
} }
return true; return authorizationContext.isGranted();
} catch (Exception e) { } catch (Exception e) {
throw new RuntimeException("Failed to enforce policy decisions.", e); throw new RuntimeException("Failed to enforce policy decisions.", e);
} }

21
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerTest.java
View file

@ -211,6 +211,27 @@ public class PolicyEnforcerTest extends AbstractKeycloakTest {
assertEquals(403, response.getStatus()); assertEquals(403, response.getStatus());
} }
@Test
public void testPublicEndpointNoBearerAbortRequest() {
KeycloakDeployment deployment = KeycloakDeploymentBuilder.build(getAdapterConfiguration("enforcer-bearer-only.json"));
OIDCHttpFacade httpFacade = createHttpFacade("/api/public");
AuthenticatedActionsHandler handler = new AuthenticatedActionsHandler(deployment, httpFacade);
assertTrue(handler.handledRequest());
oauth.realm(REALM_NAME);
oauth.clientId("public-client-test");
oauth.doLogin("marta", "password");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, null);
String token = response.getAccessToken();
httpFacade = createHttpFacade("/api/resourcea", token);
handler = new AuthenticatedActionsHandler(deployment, httpFacade);
assertFalse(handler.handledRequest());
}
@Test @Test
public void testMappedPathEnforcementModeDisabled() { public void testMappedPathEnforcementModeDisabled() {
KeycloakDeployment deployment = KeycloakDeploymentBuilder.build(getAdapterConfiguration("enforcer-disabled-enforce-mode-path.json")); KeycloakDeployment deployment = KeycloakDeploymentBuilder.build(getAdapterConfiguration("enforcer-disabled-enforce-mode-path.json"));