libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

[KEYCLOAK-5726] - Defaults to true in case no required scopes are defined

Browse source
This commit is contained in:
Pedro Igor 2017-10-20 21:55:45 -02:00
parent 711aa83d31
commit 7dd7b6b984
2 changed files with 11 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java
View file

@ -188,6 +188,7 @@ public abstract class AbstractPolicyEnforcer {
} }
private boolean hasResourceScopePermission(MethodConfig methodConfig, Permission permission) { private boolean hasResourceScopePermission(MethodConfig methodConfig, Permission permission) {
List<String> requiredScopes = methodConfig.getScopes();
Set<String> allowedScopes = permission.getScopes(); Set<String> allowedScopes = permission.getScopes();
if (allowedScopes.isEmpty()) { if (allowedScopes.isEmpty()) {
@ -197,18 +198,18 @@ public abstract class AbstractPolicyEnforcer {
PolicyEnforcerConfig.ScopeEnforcementMode enforcementMode = methodConfig.getScopesEnforcementMode(); PolicyEnforcerConfig.ScopeEnforcementMode enforcementMode = methodConfig.getScopesEnforcementMode();
if (PolicyEnforcerConfig.ScopeEnforcementMode.ALL.equals(enforcementMode)) { if (PolicyEnforcerConfig.ScopeEnforcementMode.ALL.equals(enforcementMode)) {
return allowedScopes.containsAll(methodConfig.getScopes()); return allowedScopes.containsAll(requiredScopes);
} }
if (PolicyEnforcerConfig.ScopeEnforcementMode.ANY.equals(enforcementMode)) { if (PolicyEnforcerConfig.ScopeEnforcementMode.ANY.equals(enforcementMode)) {
for (String requiredScope : methodConfig.getScopes()) { for (String requiredScope : requiredScopes) {
if (allowedScopes.contains(requiredScope)) { if (allowedScopes.contains(requiredScope)) {
return true; return true;
} }
} }
} }
return false; return requiredScopes.isEmpty();
} }
protected AuthzClient getAuthzClient() { protected AuthzClient getAuthzClient() {

12
adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java
View file

@ -276,11 +276,13 @@ public final class KeycloakAdapterConfigService {
} }
private void setJSONValues(ModelNode json, ModelNode values) { private void setJSONValues(ModelNode json, ModelNode values) {
for (Property prop : new ArrayList<>(values.asPropertyList())) { synchronized (values) {
String name = prop.getName(); for (Property prop : new ArrayList<>(values.asPropertyList())) {
ModelNode value = prop.getValue(); String name = prop.getName();
if (value.isDefined()) { ModelNode value = prop.getValue();
json.get(name).set(value); if (value.isDefined()) {
json.get(name).set(value);
}
} }
} }
} }