[keycloak-dev] Can't get results from IterablePermissionEvaluator
Perot Francis
francis.perot at elca.ch
Wed Jul 17 02:41:39 EDT 2019
Hi,
While debugging my Keycloak SPI, I think I found a bug.
When calling IterablePermissionEvaluator.evaluate(...), I can see that permissions and policyEvaluator are used to update a decision with different results (field Map<ResourcePermission, Result> results in AbstractDecisionCollector) then a call to decision.onComplete() should validate found results.
In fact, decision.onComplete() is a method from AbstractDecisionCollector which calls onComplete(Collection<Result> permissions) but this one is empty in AbstractDecisionCollector and is not overridden in DecisionPermissionCollector which is the actual instanciated class in IterablePermissionEvaluator.
Finally, when calling decision.results() in IterablePermissionEvaluator.evaluate(...), the result will always be empty.
I think that AbstractDecisionCollector (or DecisionPermissionCollector) should be defined with :
protected void onComplete(Collection<Result> permissions) {
permissions.forEach(this::onComplete);
}
Or maybe I missed something ?
Thanks,
Francis
More information about the keycloak-dev
mailing list