[KEYCLOAK-5726] - Defaults to true in case no required scopes are defined

2017-10-20 21:55:45 -02:00 · 2017-10-20 21:55:45 -02:00 · 7dd7b6b984
commit 7dd7b6b984
parent 711aa83d31
2 changed files with 11 additions and 8 deletions
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java
@ -188,6 +188,7 @@ public abstract class AbstractPolicyEnforcer {
    }

    private boolean hasResourceScopePermission(MethodConfig methodConfig, Permission permission) {
+        List<String> requiredScopes = methodConfig.getScopes();
        Set<String> allowedScopes = permission.getScopes();

        if (allowedScopes.isEmpty()) {
@ -197,18 +198,18 @@ public abstract class AbstractPolicyEnforcer {
        PolicyEnforcerConfig.ScopeEnforcementMode enforcementMode = methodConfig.getScopesEnforcementMode();

        if (PolicyEnforcerConfig.ScopeEnforcementMode.ALL.equals(enforcementMode)) {
-            return allowedScopes.containsAll(methodConfig.getScopes());
+            return allowedScopes.containsAll(requiredScopes);
        }

        if (PolicyEnforcerConfig.ScopeEnforcementMode.ANY.equals(enforcementMode)) {
-            for (String requiredScope : methodConfig.getScopes()) {
+            for (String requiredScope : requiredScopes) {
                if (allowedScopes.contains(requiredScope)) {
                    return true;
                }
            }
        }

-        return false;
+        return requiredScopes.isEmpty();
    }

    protected AuthzClient getAuthzClient() {
--- a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java
+++ b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java
@ -276,6 +276,7 @@ public final class KeycloakAdapterConfigService {
    }

    private void setJSONValues(ModelNode json, ModelNode values) {
+        synchronized (values) {
            for (Property prop : new ArrayList<>(values.asPropertyList())) {
                String name = prop.getName();
                ModelNode value = prop.getValue();
@ -284,6 +285,7 @@ public final class KeycloakAdapterConfigService {
                }
            }
        }
+    }

    public boolean isSecureDeployment(DeploymentUnit deploymentUnit) {
        //log.info("********* CHECK KEYCLOAK DEPLOYMENT: deployments.size()" + deployments.size());