Consider devops request as authorized if no subjects are expected

Signed-off-by: Yannic Klem <Yannic.Klem@bosch.io>
eclipse-ditto · Feb 15, 2022 · e0c5589 · e0c5589
1 parent bdf7fb6
commit e0c5589
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/.../ditto/gateway/service/endpoints/directives/auth/DevOpsOAuth2AuthenticationDirective.java b/.../ditto/gateway/service/endpoints/directives/auth/DevOpsOAuth2AuthenticationDirective.java
@@ -129,7 +129,7 @@ private Route handleAuthenticationTry(final Try<AuthenticationResult> authentica
             } else {
                 final List<String> authorizationSubjectIds =
                         authenticationResult.getAuthorizationContext().getAuthorizationSubjectIds();
-                final boolean isAuthorized = authorizationSubjectIds.stream().anyMatch(expectedSubjects::contains);
+                final boolean isAuthorized = expectedSubjects.isEmpty() || authorizationSubjectIds.stream().anyMatch(expectedSubjects::contains);
                 if (isAuthorized) {
                     LOGGER.info("DevOps Oauth authentication was successful.");
                     return inner;