[KEYCLOAK-18111] - Error when processing path without associated resource

2021-05-13 18:34:26 -03:00 · 2021-05-13 18:34:26 -03:00 · 9ebbc7673c
commit 9ebbc7673c
parent c49dbd66fa
3 changed files with 32 additions and 1 deletions
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/PolicyEnforcer.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/PolicyEnforcer.java
@ -287,7 +287,7 @@ public class PolicyEnforcer {
                                enforcementMode = pathConfig.getEnforcementMode();
                            } else {
                                for (PathConfig existingPath : paths.values()) {
-                                    if (existingPath.getId().equals(targetResource.getId()) 
+                                    if (targetResource.getId().equals(existingPath.getId())
                                            && existingPath.isStatic()
                                            && !PolicyEnforcerConfig.EnforcementMode.DISABLED.equals(existingPath.getEnforcementMode())) {
                                        return null;
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerTest.java
@ -621,6 +621,18 @@ public class PolicyEnforcerTest extends AbstractKeycloakTest {

        assertEquals(200, policyEnforcer.getPathMatcher().getPathCache().size());
        assertEquals(0, policyEnforcer.getPaths().size());
+
+        ResourceRepresentation resource = clientResource.authorization().resources()
+                .findByName("Root").get(0);
+
+        clientResource.authorization().resources().resource(resource.getId()).remove();
+
+        deployment = KeycloakDeploymentBuilder.build(getAdapterConfiguration("enforcer-lazyload-with-paths.json"));
+        policyEnforcer = deployment.getPolicyEnforcer();
+
+        AuthorizationContext context = policyEnforcer.enforce(createHttpFacade("/api/0", token));
+
+        assertTrue(context.isGranted());
    }

    private void initAuthorizationSettings(ClientResource clientResource) {
--- a/testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/enforcer-lazyload-with-paths.json
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/enforcer-lazyload-with-paths.json
@ -0,0 +1,19 @@
+{
+  "realm": "authz-test",
+  "auth-server-url": "http://localhost:8180/auth",
+  "ssl-required": "external",
+  "resource": "resource-server-test",
+  "credentials": {
+    "secret": "secret"
+  },
+  "bearer-only": true,
+  "policy-enforcer": {
+    "lazy-load-paths": true,
+    "paths": [
+      {
+        "path": "/disabled",
+        "enforcement-mode": "DISABLED"
+      }
+    ]
+  }
+}