[keycloak-user] Failed to evaluate permissions with javascript

[Pedro Igor Silva]

This is because the permission is not for the resource (it does not exist)
but for scopes. So resource is null.

On Wed, Jul 4, 2018 at 9:38 AM, Corentin Dupont <corentin.dupont at gmail.com>
wrote:

> Hi again,
> I use a small javascript policy:
>
> var context = $evaluation.getContext();
> var permission = $evaluation.getPermission();
> var identity = context.getIdentity();
> if (identity.id == permission.getResource().getOwner()) {
>     $evaluation.grant();
> }
>
>
> But this gets me an error:
>
> Unexpected error while evaluating permissions: java.lang.RuntimeException:
> Failed to evaluate permissions
>    at
> org.keycloak.authorization.permission.evaluator.
> IterablePermissionEvaluator$1.onError(IterablePermissionEvaluator.java:66)
>    at
> org.keycloak.authorization.permission.evaluator.
> IterablePermissionEvaluator.evaluate(IterablePermissionEvaluator.java:54)
>    at
> org.keycloak.authorization.permission.evaluator.
> IterablePermissionEvaluator.evaluate(IterablePermissionEvaluator.java:63)
>    at
> org.keycloak.authorization.authorization.AuthorizationTokenService.
> evaluatePermissions(AuthorizationTokenService.java:208)
> ...
> Caused by: org.keycloak.scripting.ScriptExecutionException: Could not
> execute script 'Resource owner' problem was: TypeError: null has no such
> function "getOwner" in <eval> at line number 4
>     at
> org.keycloak.scripting.AbstractEvaluatableScriptAdapter.evalUnchecked(
> AbstractEvaluatableScriptAdapter.java:64)
>     at
> org.keycloak.scripting.AbstractEvaluatableScriptAdapter.eval(
> AbstractEvaluatableScriptAdapter.java:30)
>
>
> I noticed this happens only with scope-based policies, so maybe it's the
> same problem than before?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>