[keycloak-dev] Can't get results from IterablePermissionEvaluator
Perot Francis
francis.perot at elca.ch
Wed Jul 17 08:51:18 EDT 2019
In fact, DefaultPolicyEvaluator.evaluate(...) directly calls onComplete(Result), so main code of AbstractDecisionCollector is quite not used in this process and the call to decision.onComplete() in IterablePermissionEvaluator won't do anything.
So the code seems ok even if it is a strange behavior here.
Francis
-----Original Message-----
From: keycloak-dev-bounces at lists.jboss.org <keycloak-dev-bounces at lists.jboss.org> On Behalf Of Perot Francis
Sent: mercredi, 17 juillet 2019 08:42
To: keycloak-dev at lists.jboss.org
Subject: [keycloak-dev] Can't get results from IterablePermissionEvaluator
Hi,
While debugging my Keycloak SPI, I think I found a bug.
When calling IterablePermissionEvaluator.evaluate(...), I can see that permissions and policyEvaluator are used to update a decision with different results (field Map<ResourcePermission, Result> results in AbstractDecisionCollector) then a call to decision.onComplete() should validate found results.
In fact, decision.onComplete() is a method from AbstractDecisionCollector which calls onComplete(Collection<Result> permissions) but this one is empty in AbstractDecisionCollector and is not overridden in DecisionPermissionCollector which is the actual instanciated class in IterablePermissionEvaluator.
Finally, when calling decision.results() in IterablePermissionEvaluator.evaluate(...), the result will always be empty.
I think that AbstractDecisionCollector (or DecisionPermissionCollector) should be defined with :
protected void onComplete(Collection<Result> permissions) {
permissions.forEach(this::onComplete);
}
Or maybe I missed something ?
Thanks,
Francis
_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list