[KEYCLOAK-18111] - Error when processing path without associated resource

2021-05-13 18:34:26 -03:00 · 2021-05-13 18:34:26 -03:00 · 9ebbc7673c
commit 9ebbc7673c
parent c49dbd66fa
3 changed files with 32 additions and 1 deletions
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/PolicyEnforcer.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/PolicyEnforcer.java
@ -287,7 +287,7 @@ public class PolicyEnforcer {
                                enforcementMode = pathConfig.getEnforcementMode();
                            } else {
                                for (PathConfig existingPath : paths.values()) {
-                                    if (existingPath.getId().equals(targetResource.getId()) 
+                                    if (targetResource.getId().equals(existingPath.getId())
                                            && existingPath.isStatic()
                                            && !PolicyEnforcerConfig.EnforcementMode.DISABLED.equals(existingPath.getEnforcementMode())) {
                                        return null;
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerTest.java
@ -621,6 +621,18 @@ public class PolicyEnforcerTest extends AbstractKeycloakTest {
        assertEquals(200, policyEnforcer.getPathMatcher().getPathCache().size());
        assertEquals(0, policyEnforcer.getPaths().size());
        ResourceRepresentation resource = clientResource.authorization().resources()
                .findByName("Root").get(0);
        clientResource.authorization().resources().resource(resource.getId()).remove();
        deployment = KeycloakDeploymentBuilder.build(getAdapterConfiguration("enforcer-lazyload-with-paths.json"));
        policyEnforcer = deployment.getPolicyEnforcer();
        AuthorizationContext context = policyEnforcer.enforce(createHttpFacade("/api/0", token));
        assertTrue(context.isGranted());
    }
    private void initAuthorizationSettings(ClientResource clientResource) {
--- a/testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/enforcer-lazyload-with-paths.json
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/enforcer-lazyload-with-paths.json
@ -0,0 +1,19 @@
 {
  "realm": "authz-test",
  "auth-server-url": "http://localhost:8180/auth",
  "ssl-required": "external",
  "resource": "resource-server-test",
  "credentials": {
    "secret": "secret"
  },
  "bearer-only": true,
  "policy-enforcer": {
    "lazy-load-paths": true,
    "paths": [
      {
        "path": "/disabled",
        "enforcement-mode": "DISABLED"
      }
    ]
  }
 }