Checking realm role directly

2017-04-26 15:39:37 -03:00 · 2017-04-26 15:39:37 -03:00 · 4e43518b2a
commit 4e43518b2a
parent b78cc63f0d
1 changed files with 1 additions and 1 deletions
--- a/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java
+++ b/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java
@ -97,7 +97,7 @@ public class AuthorizationTokenService {
        KeycloakEvaluationContext evaluationContext = new KeycloakEvaluationContext(this.authorization.getKeycloakSession());
        KeycloakIdentity identity = (KeycloakIdentity) evaluationContext.getIdentity();

-        if (!identity.hasRole("uma_authorization")) {
+        if (!identity.hasRealmRole("uma_authorization")) {
            throw new ErrorResponseException(OAuthErrorException.INVALID_SCOPE, "Requires uma_authorization scope.", Status.FORBIDDEN);
        }