So how to retrieve the resource associated with this request?
For instance I want to delete a sensor named MySensorsXXX:
curl -X POST
http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token -H
"Authorization: Bearer $USERTOKEN" -d
"grant_type=urn:ietf:params:oauth:grant-type:uma-ticket&audience=api-server&permission=MySensorsXXX#sensors:delete"
I have a scope-based policy, where I check if you are owner.
On Wed, Jul 4, 2018 at 3:07 PM, Pedro Igor Silva <psilva(a)redhat.com> wrote:
This is because the permission is not for the resource (it does not
exist)
but for scopes. So resource is null.
On Wed, Jul 4, 2018 at 9:38 AM, Corentin Dupont <corentin.dupont(a)gmail.com
> wrote:
> Hi again,
> I use a small javascript policy:
>
> var context = $evaluation.getContext();
> var permission = $evaluation.getPermission();
> var identity = context.getIdentity();
> if (identity.id == permission.getResource().getOwner()) {
> $evaluation.grant();
> }
>
>
> But this gets me an error:
>
> Unexpected error while evaluating permissions: java.lang.RuntimeException:
> Failed to evaluate permissions
> at
> org.keycloak.authorization.permission.evaluator.IterablePerm
> issionEvaluator$1.onError(IterablePermissionEvaluator.java:66)
> at
> org.keycloak.authorization.permission.evaluator.IterablePerm
> issionEvaluator.evaluate(IterablePermissionEvaluator.java:54)
> at
> org.keycloak.authorization.permission.evaluator.IterablePerm
> issionEvaluator.evaluate(IterablePermissionEvaluator.java:63)
> at
> org.keycloak.authorization.authorization.AuthorizationTokenS
> ervice.evaluatePermissions(AuthorizationTokenService.java:208)
> ...
> Caused by: org.keycloak.scripting.ScriptExecutionException: Could not
> execute script 'Resource owner' problem was: TypeError: null has no such
> function "getOwner" in <eval> at line number 4
> at
> org.keycloak.scripting.AbstractEvaluatableScriptAdapter.
> evalUnchecked(AbstractEvaluatableScriptAdapter.java:64)
> at
> org.keycloak.scripting.AbstractEvaluatableScriptAdapter.
> eval(AbstractEvaluatableScriptAdapter.java:30)
>
>
> I noticed this happens only with scope-based policies, so maybe it's the
> same problem than before?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>