[keycloak-user] Failed to evaluate permissions with javascript
Corentin Dupont
corentin.dupont at gmail.com
Wed Jul 4 08:38:42 EDT 2018
Hi again,
I use a small javascript policy:
var context = $evaluation.getContext();
var permission = $evaluation.getPermission();
var identity = context.getIdentity();
if (identity.id == permission.getResource().getOwner()) {
$evaluation.grant();
}
But this gets me an error:
Unexpected error while evaluating permissions: java.lang.RuntimeException:
Failed to evaluate permissions
at
org.keycloak.authorization.permission.evaluator.IterablePermissionEvaluator$1.onError(IterablePermissionEvaluator.java:66)
at
org.keycloak.authorization.permission.evaluator.IterablePermissionEvaluator.evaluate(IterablePermissionEvaluator.java:54)
at
org.keycloak.authorization.permission.evaluator.IterablePermissionEvaluator.evaluate(IterablePermissionEvaluator.java:63)
at
org.keycloak.authorization.authorization.AuthorizationTokenService.evaluatePermissions(AuthorizationTokenService.java:208)
...
Caused by: org.keycloak.scripting.ScriptExecutionException: Could not
execute script 'Resource owner' problem was: TypeError: null has no such
function "getOwner" in <eval> at line number 4
at
org.keycloak.scripting.AbstractEvaluatableScriptAdapter.evalUnchecked(AbstractEvaluatableScriptAdapter.java:64)
at
org.keycloak.scripting.AbstractEvaluatableScriptAdapter.eval(AbstractEvaluatableScriptAdapter.java:30)
I noticed this happens only with scope-based policies, so maybe it's the
same problem than before?
More information about the keycloak-user
mailing list