[keycloak-user] Java Adapter - Claim body removes content

Hi Guys, I was creating a small PEP for a third party service API using the keycloak authorization service. My idea was to check whether an user is allowed to perform certain operation based on some body parameters, but it turns out that the body claim left the body content unsusable for the proxy application. What do you think? Is this a bug or an expected behavior? For a better understanding, here you can find my configuration file and controller class. I am using keycloak-spring-boot-starter and keycloak-authz-client version 6.0.0 maven modules but I tried also with 6.0.1 and same results. keycloak.realm=spring-boot-quickstart keycloak.auth-server-url=http://example.local/keycloak/auth keycloak.ssl-required=external keycloak.resource=app keycloak.bearer-only=true keycloak.credentials.secret=c23a55c0-0c96-4e28-8922-c47f918c2102 keycloak.securityConstraints[0].authRoles[0]=user keycloak.securityConstraints[0].securityCollections[0].name=protected keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/version keycloak.securityConstraints[0].securityCollections[0].patterns[1]=/admin/* keycloak.securityConstraints[0].securityCollections[0].patterns[2]=/v1/* keycloak.securityConstraints[0].securityCollections[0].patterns[3]=/v2/* keycloak.policy-enforcer-config.enforcement-mode=ENFORCING keycloak.policy-enforcer-config.claimInformationPointConfig.claims[http.uri]={request.relativePath} keycloak.policy-enforcer-config.claimInformationPointConfig.claims[http.fiware-service]={request.header['service']} keycloak.policy-enforcer-config.claimInformationPointConfig.claims[http.fiware-servicepath]={request.header['servicepath']} keycloak.policy-enforcer-config.claimInformationPointConfig.claims[http.id]={request.body['/id']} @RestController public class ProxyController { @Value("${proxy.schema}") private Stringschema; @Value("${proxy.host}") private Stringhost; @Value("${proxy.port}") private int port; private RestTemplaterestTemplate; @Autowired public ProxyController() { restTemplate =new RestTemplate(); restTemplate.setRequestFactory(new HttpComponentsClientHttpRequestFactory()); restTemplate.setErrorHandler(new BlankResponseErrorHandler()); } @RequestMapping(value ="/login", produces ="application/json", method =POST) public ResponseEntity<Login> login(@RequestBody Login login) { return ResponseEntity.ok().body(login); } @RequestMapping(value ="/**", produces ="application/json", method = {GET,DELETE,HEAD,OPTIONS}) public ResponseEntity<String> proxyRequestWithoutBody(HttpMethod method, HttpServletRequest request)throws URISyntaxException { return restTemplate.exchange(buildUri(request), method,new HttpEntity<String>(copyHeaders(request)), String.class); } @RequestMapping(value ="/**", produces ="application/json", method = {POST,PUT,PATCH}) public ResponseEntity<String> proxyRequest(@RequestBody String body, HttpMethod method, HttpServletRequest request)throws URISyntaxException { return restTemplate.exchange(buildUri(request), method,new HttpEntity<>(body, copyHeaders(request)), String.class); } private URI buildUri(HttpServletRequest request)throws URISyntaxException { return new URI(schema,null,host,port, request.getRequestURI(), request.getQueryString(),null); } private HttpHeaders copyHeaders(HttpServletRequest request) { HttpHeaders httpHeaders =new HttpHeaders(); for (String headerName : Collections.list(request.getHeaderNames())) { if (!headerName.equals("host")) httpHeaders.add(headerName, request.getHeader(headerName)); } return httpHeaders; } } Thank you in advance, Best regards, Felipe -- Felipe Roca Blaya Software Engineer - HOP Ubiquitous S.L. www.hopu.eu <http://www.hopu.eu> C/Luis Buñuel 6 30562, Ceutí, Murcia. Spain - logo_hop <http://www.hopu.eu/> - face <https://www.facebook.com/hopubiquitous/> Twitter <https://twitter.com/HOPUbiquitous> google <https://plus.google.com/+HOPUbiquitousCeut%C3%AD?hl=es> vimeo <https://vimeo.com/hopu> linkedin <https://www.linkedin.com/company-beta/3810080/>