[keycloak-dev] Can't get results from IterablePermissionEvaluator

Wednesday, 17 July 2019

Hi,

While debugging my Keycloak SPI, I think I found a bug.
When calling IterablePermissionEvaluator.evaluate(...), I can see that permissions and
policyEvaluator are used to update a decision with different results (field
Map<ResourcePermission, Result> results in AbstractDecisionCollector) then a call to
decision.onComplete() should validate found results.
In fact, decision.onComplete() is a method from AbstractDecisionCollector which calls
onComplete(Collection<Result> permissions) but this one is empty in
AbstractDecisionCollector and is not overridden in DecisionPermissionCollector which is
the actual instanciated class in IterablePermissionEvaluator.
Finally, when calling decision.results() in IterablePermissionEvaluator.evaluate(...), the
result will always be empty.

I think that AbstractDecisionCollector (or DecisionPermissionCollector) should be defined
with :
    protected void onComplete(Collection<Result> permissions) {
        permissions.forEach(this::onComplete);
    }

Or maybe I missed something ?

Thanks,
Francis

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[keycloak-dev] Can't get results from IterablePermissionEvaluator