From de973de80014f4dcaaaf021b9c7182834bb6d5d9 Mon Sep 17 00:00:00 2001 From: BrunoSampaioDTx Date: Tue, 29 Oct 2024 16:24:31 +0000 Subject: [PATCH] Use the response_permissions_limit value, if provided, to set the maximum number of results when retrieving resources by URI Signed-off-by: BrunoSampaioDTx --- .../authorization/AuthorizationTokenService.java | 16 ++++++++-------- .../oidc/grants/PermissionGrantType.java | 8 ++++---- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java b/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java index b56bbb0339..08482ab57a 100644 --- a/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java +++ b/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java @@ -810,7 +810,7 @@ public class AuthorizationTokenService { return clientConnection; } - public void addPermissions(List permissionList, String permissionResourceFormat, boolean matchingUri) { + public void addPermissions(List permissionList, String permissionResourceFormat, boolean matchingUri, Integer maxResults) { if (permissionResourceFormat == null) { permissionResourceFormat = "id"; } @@ -820,7 +820,7 @@ public class AuthorizationTokenService { addPermissionsById(permissionList); break; case "uri": - addPermissionsByUri(permissionList, matchingUri); + addPermissionsByUri(permissionList, matchingUri, maxResults); break; } @@ -840,7 +840,7 @@ public class AuthorizationTokenService { } } - private void addPermissionsByUri(List permissionList, boolean matchingUri) { + private void addPermissionsByUri(List permissionList, boolean matchingUri, Integer maxResults) { StoreFactory storeFactory = authorization.getStoreFactory(); for (String permission : permissionList) { @@ -856,7 +856,7 @@ public class AuthorizationTokenService { throw invalidResourceException; } - List resources = getResourceListByUri(uri, storeFactory, matchingUri); + List resources = getResourceListByUri(uri, storeFactory, matchingUri, maxResults); if (resources == null || resources.isEmpty()) { CorsErrorResponseException invalidResourceException = new CorsErrorResponseException(getCors(), @@ -876,7 +876,7 @@ public class AuthorizationTokenService { return; } - List resources = getResourceListByUri(uri, storeFactory, matchingUri); + List resources = getResourceListByUri(uri, storeFactory, matchingUri, maxResults); if (resources == null || resources.isEmpty()) { CorsErrorResponseException invalidResourceException = new CorsErrorResponseException(getCors(), @@ -890,13 +890,13 @@ public class AuthorizationTokenService { } } - private List getResourceListByUri(String uri, StoreFactory storeFactory, boolean matchingUri) { + private List getResourceListByUri(String uri, StoreFactory storeFactory, boolean matchingUri, Integer maxResults) { Map search = new EnumMap<>(Resource.FilterOption.class); search.put(Resource.FilterOption.URI, new String[] { uri }); ResourceServer resourceServer = storeFactory.getResourceServerStore() .findByClient(getRealm().getClientByClientId(getAudience())); - List resources = storeFactory.getResourceStore().find(resourceServer, search, -1, - Constants.DEFAULT_MAX_RESULTS); + + List resources = storeFactory.getResourceStore().find(resourceServer, search, -1, maxResults); if (!matchingUri || !resources.isEmpty()) { return resources; diff --git a/services/src/main/java/org/keycloak/protocol/oidc/grants/PermissionGrantType.java b/services/src/main/java/org/keycloak/protocol/oidc/grants/PermissionGrantType.java index 667e2d9c26..8a18f70cea 100644 --- a/services/src/main/java/org/keycloak/protocol/oidc/grants/PermissionGrantType.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/grants/PermissionGrantType.java @@ -158,12 +158,14 @@ public class PermissionGrantType extends OAuth2GrantTypeBase { // permissions have a format like RESOURCE#SCOPE1,SCOPE2 List permissions = formParams.get("permission"); + String responsePermissionsLimit = formParams.getFirst("response_permissions_limit"); + Integer maxResults = responsePermissionsLimit != null ? Integer.parseInt(responsePermissionsLimit) : null; if (permissions != null) { event.detail(Details.PERMISSION, String.join("|", permissions)); String permissionResourceFormat = formParams.getFirst("permission_resource_format"); boolean permissionResourceMatchingUri = Boolean.parseBoolean(formParams.getFirst("permission_resource_matching_uri")); - authorizationRequest.addPermissions(permissions, permissionResourceFormat, permissionResourceMatchingUri); + authorizationRequest.addPermissions(permissions, permissionResourceFormat, permissionResourceMatchingUri, maxResults); } AuthorizationRequest.Metadata metadata = new AuthorizationRequest.Metadata(); @@ -174,10 +176,8 @@ public class PermissionGrantType extends OAuth2GrantTypeBase { metadata.setIncludeResourceName(Boolean.parseBoolean(responseIncludeResourceName)); } - String responsePermissionsLimit = formParams.getFirst("response_permissions_limit"); - if (responsePermissionsLimit != null) { - metadata.setLimit(Integer.parseInt(responsePermissionsLimit)); + metadata.setLimit(maxResults); } metadata.setResponseMode(formParams.getFirst("response_mode"));