libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

NPE when caching policies based on scopes without a resource

Browse source 
Closes #11180
This commit is contained in:
Pedro Igor 2022-04-07 19:01:17 -03:00
parent a521bcfe92
commit 834a276767
2 changed files with 26 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheSession.java vendored
View file

@ -1055,7 +1055,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
for (Scope scope : scopes) {
String cacheKey = getPolicyByResourceScope(scope.getId(), resource.getId(), resourceServerId);
String cacheKey = getPolicyByResourceScope(scope.getId(), resource == null ? null : resource.getId(), resourceServerId);
result.addAll(cacheQuery(cacheKey, PolicyScopeListQuery.class, () -> getPolicyStoreDelegate().findByScopes(resourceServer, resource, Collections.singletonList(scope)), (revision, resources) -> new PolicyScopeListQuery(revision, cacheKey, scope.getId(), resources.stream().map(Policy::getId).collect(Collectors.toSet()), resourceServerId), resourceServer));
}

25
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ResourceManagementTest.java
View file

@ -24,6 +24,7 @@ import org.keycloak.admin.client.resource.ResourcesResource;
import org.keycloak.authorization.client.util.HttpResponseException;
import org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import javax.ws.rs.NotFoundException;
@ -85,6 +86,30 @@ public class ResourceManagementTest extends AbstractAuthorizationTest {
assertTrue(resource.permissions().isEmpty());
}
@Test
public void testQueryAssociatedPermissions() {
ResourceRepresentation newResource = new ResourceRepresentation();
newResource.setName("test");
newResource.setDisplayName("display");
newResource.setType("some-type");
newResource.addScope("GET");
newResource = doCreateResource(newResource);
ResourceResource resource = getClientResource().authorization().resources().resource(newResource.getId());
ScopePermissionRepresentation permission = new ScopePermissionRepresentation();
permission.setName(newResource.getName());
permission.addResource(newResource.getName());
permission.addScope("GET");
getClientResource().authorization().permissions().scope().create(permission);
assertFalse(resource.permissions().isEmpty());
}
@Test
public void failCreateWithSameName() {
ResourceRepresentation newResource = createResource();