[keycloak-user] TImePolicy in Authorization Policy Evaluation
Pedro Igor Silva
psilva at redhat.com
Thu Mar 15 07:35:34 EDT 2018
Thanks. Created https://issues.jboss.org/browse/KEYCLOAK-6853.
On Thu, Mar 15, 2018 at 4:08 AM, Kousuke TANIGUCHI <
kousuke.taniguchi at gmail.com> wrote:
> Hi, All
>
>
> I was experimenting with authorization and policy.
> I feel that TimePolicy does not work well with *Contextual Information /
> Date*.
>
>
>
> ## Case 1.
>
> TimePolicy : hour 12 - 14
>
> Evaluate at 13:30:00
> Result : PERMIT
>
> ## Case 2.
>
> TimePolicy : hour 12 - 14
> * Contextual Information *
> Add Date/Time (MM/dd/yyyy hh:mm:ss) : 02/14/2018 09:30:00
>
> Evaluate at 13:35:00
> Result : PERMIT
>
> ## Case 3.
>
> TimePolicy : hour 10 - 12
>
> Evaluate at 13:40:00
> Result : DENY
>
> ## Case 4.
>
> TimePolicy : hour 10 - 12
> * Contextual Information *
> Add Date/Time (MM/dd/yyyy hh:mm:ss) : 02/14/2018 09:30:00
>
> Evaluate at 13:40:00
> Result : DENY
>
>
> In TimePolicyProvider.java, actualTime = new Date ();
> but it should be checked whether evaluation.getContext
> ().getAttribute("kc.time.date _time") is provided
>
> Regards.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list