From 7dd7b6b98406d5ff3dc97e61a34cb93c8d2d2f32 Mon Sep 17 00:00:00 2001
From: Pedro Igor <pigor.craveiro@gmail.com>
Date: Fri, 20 Oct 2017 21:55:45 -0200
Subject: [PATCH] [KEYCLOAK-5726] - Defaults to true in case no required scopes
 are defined

---
 .../authorization/AbstractPolicyEnforcer.java        |  7 ++++---
 .../extension/KeycloakAdapterConfigService.java      | 12 +++++++-----
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java
index d3ef9cd905..15aa1e142a 100644
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java
@@ -188,6 +188,7 @@ public abstract class AbstractPolicyEnforcer {
     }
 
     private boolean hasResourceScopePermission(MethodConfig methodConfig, Permission permission) {
+        List<String> requiredScopes = methodConfig.getScopes();
         Set<String> allowedScopes = permission.getScopes();
 
         if (allowedScopes.isEmpty()) {
@@ -197,18 +198,18 @@ public abstract class AbstractPolicyEnforcer {
         PolicyEnforcerConfig.ScopeEnforcementMode enforcementMode = methodConfig.getScopesEnforcementMode();
 
         if (PolicyEnforcerConfig.ScopeEnforcementMode.ALL.equals(enforcementMode)) {
-            return allowedScopes.containsAll(methodConfig.getScopes());
+            return allowedScopes.containsAll(requiredScopes);
         }
 
         if (PolicyEnforcerConfig.ScopeEnforcementMode.ANY.equals(enforcementMode)) {
-            for (String requiredScope : methodConfig.getScopes()) {
+            for (String requiredScope : requiredScopes) {
                 if (allowedScopes.contains(requiredScope)) {
                     return true;
                 }
             }
         }
 
-        return false;
+        return requiredScopes.isEmpty();
     }
 
     protected AuthzClient getAuthzClient() {
diff --git a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java
index 496c311982..390ea1560e 100755
--- a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java
+++ b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java
@@ -276,11 +276,13 @@ public final class KeycloakAdapterConfigService {
     }
 
     private void setJSONValues(ModelNode json, ModelNode values) {
-        for (Property prop : new ArrayList<>(values.asPropertyList())) {
-            String name = prop.getName();
-            ModelNode value = prop.getValue();
-            if (value.isDefined()) {
-                json.get(name).set(value);
+        synchronized (values) {
+            for (Property prop : new ArrayList<>(values.asPropertyList())) {
+                String name = prop.getName();
+                ModelNode value = prop.getValue();
+                if (value.isDefined()) {
+                    json.get(name).set(value);
+                }
             }
         }
     }