Merge pull request #4690 from pedroigor/KEYCLOAK-5824

[KEYCLOAK-5824] - Keycloak throws "Error while evaluating permissions" exception often
This commit is contained in:
Pedro Igor 2017-11-14 18:35:56 -02:00 committed by GitHub
commit eebf0b0499
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 5 additions and 10 deletions

View file

@ -32,21 +32,16 @@ public class TimePolicyProvider implements PolicyProvider {
static String DEFAULT_DATE_PATTERN = "yyyy-MM-dd hh:mm:ss"; static String DEFAULT_DATE_PATTERN = "yyyy-MM-dd hh:mm:ss";
private final SimpleDateFormat dateFormat;
public TimePolicyProvider() {
this.dateFormat = new SimpleDateFormat(DEFAULT_DATE_PATTERN);
}
@Override @Override
public void evaluate(Evaluation evaluation) { public void evaluate(Evaluation evaluation) {
Policy policy = evaluation.getPolicy(); Policy policy = evaluation.getPolicy();
SimpleDateFormat dateFormat = new SimpleDateFormat(DEFAULT_DATE_PATTERN);
Date actualDate = new Date(); Date actualDate = new Date();
try { try {
String notBefore = policy.getConfig().get("nbf"); String notBefore = policy.getConfig().get("nbf");
if (notBefore != null && !"".equals(notBefore)) { if (notBefore != null && !"".equals(notBefore)) {
if (actualDate.before(this.dateFormat.parse(format(notBefore)))) { if (actualDate.before(dateFormat.parse(format(notBefore)))) {
evaluation.deny(); evaluation.deny();
return; return;
} }
@ -54,7 +49,7 @@ public class TimePolicyProvider implements PolicyProvider {
String notOnOrAfter = policy.getConfig().get("noa"); String notOnOrAfter = policy.getConfig().get("noa");
if (notOnOrAfter != null && !"".equals(notOnOrAfter)) { if (notOnOrAfter != null && !"".equals(notOnOrAfter)) {
if (actualDate.after(this.dateFormat.parse(format(notOnOrAfter)))) { if (actualDate.after(dateFormat.parse(format(notOnOrAfter)))) {
evaluation.deny(); evaluation.deny();
return; return;
} }

View file

@ -125,7 +125,7 @@ public class AuthorizationTokenService {
.exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS).build(); .exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS).build();
} }
} catch (Exception cause) { } catch (Exception cause) {
logger.error(cause); logger.error("Failed to evaluate permissions", cause);
throw new ErrorResponseException(OAuthErrorException.SERVER_ERROR, "Error while evaluating permissions.", Status.INTERNAL_SERVER_ERROR); throw new ErrorResponseException(OAuthErrorException.SERVER_ERROR, "Error while evaluating permissions.", Status.INTERNAL_SERVER_ERROR);
} }

View file

@ -170,7 +170,7 @@ public class EntitlementService {
return Cors.add(request, Response.ok().entity(new EntitlementResponse(createRequestingPartyToken(entitlements, identity.getAccessToken(), resourceServer)))).allowedOrigins(identity.getAccessToken()).allowedMethods("GET").exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS).build(); return Cors.add(request, Response.ok().entity(new EntitlementResponse(createRequestingPartyToken(entitlements, identity.getAccessToken(), resourceServer)))).allowedOrigins(identity.getAccessToken()).allowedMethods("GET").exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS).build();
} }
} catch (Exception cause) { } catch (Exception cause) {
logger.error(cause); logger.error("Failed to evaluate permissions", cause);
throw new ErrorResponseException(OAuthErrorException.SERVER_ERROR, "Error while evaluating permissions.", Status.INTERNAL_SERVER_ERROR); throw new ErrorResponseException(OAuthErrorException.SERVER_ERROR, "Error while evaluating permissions.", Status.INTERNAL_SERVER_ERROR);
} }