Merge pull request #4690 from pedroigor/KEYCLOAK-5824

[KEYCLOAK-5824] - Keycloak throws "Error while evaluating permissions" exception often
2017-11-14 18:35:56 -02:00 · 2017-11-14 18:35:56 -02:00 · eebf0b0499
commit eebf0b0499
parent 63a01b1e1f b0ccce397a
3 changed files with 5 additions and 10 deletions
--- a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/time/TimePolicyProvider.java
+++ b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/time/TimePolicyProvider.java
@ -32,21 +32,16 @@ public class TimePolicyProvider implements PolicyProvider {

    static String DEFAULT_DATE_PATTERN = "yyyy-MM-dd hh:mm:ss";

-    private final SimpleDateFormat dateFormat;
-
-    public TimePolicyProvider() {
-        this.dateFormat = new SimpleDateFormat(DEFAULT_DATE_PATTERN);
-    }
-
    @Override
    public void evaluate(Evaluation evaluation) {
        Policy policy = evaluation.getPolicy();
+        SimpleDateFormat dateFormat = new SimpleDateFormat(DEFAULT_DATE_PATTERN);
        Date actualDate = new Date();

        try {
            String notBefore = policy.getConfig().get("nbf");
            if (notBefore != null && !"".equals(notBefore)) {
-                if (actualDate.before(this.dateFormat.parse(format(notBefore)))) {
+                if (actualDate.before(dateFormat.parse(format(notBefore)))) {
                    evaluation.deny();
                    return;
                }
@ -54,7 +49,7 @@ public class TimePolicyProvider implements PolicyProvider {

            String notOnOrAfter = policy.getConfig().get("noa");
            if (notOnOrAfter != null && !"".equals(notOnOrAfter)) {
-                if (actualDate.after(this.dateFormat.parse(format(notOnOrAfter)))) {
+                if (actualDate.after(dateFormat.parse(format(notOnOrAfter)))) {
                    evaluation.deny();
                    return;
                }
--- a/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java
+++ b/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java
@ -125,7 +125,7 @@ public class AuthorizationTokenService {
                        .exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS).build();
            }
        } catch (Exception cause) {
-            logger.error(cause);
+            logger.error("Failed to evaluate permissions", cause);
            throw new ErrorResponseException(OAuthErrorException.SERVER_ERROR, "Error while evaluating permissions.", Status.INTERNAL_SERVER_ERROR);
        }

--- a/services/src/main/java/org/keycloak/authorization/entitlement/EntitlementService.java
+++ b/services/src/main/java/org/keycloak/authorization/entitlement/EntitlementService.java
@ -170,7 +170,7 @@ public class EntitlementService {
                return Cors.add(request, Response.ok().entity(new EntitlementResponse(createRequestingPartyToken(entitlements, identity.getAccessToken(), resourceServer)))).allowedOrigins(identity.getAccessToken()).allowedMethods("GET").exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS).build();
            }
        } catch (Exception cause) {
-            logger.error(cause);
+            logger.error("Failed to evaluate permissions", cause);
            throw new ErrorResponseException(OAuthErrorException.SERVER_ERROR, "Error while evaluating permissions.", Status.INTERNAL_SERVER_ERROR);
        }