[KEYCLOAK-5726] - Defaults to true in case no required scopes are def…

…ined
keycloak · Oct 24, 2017 · 7dd7b6b · 7dd7b6b
1 parent 711aa83
commit 7dd7b6b
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 8 deletions.
diff --git a/...dapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java b/...dapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java
@@ -188,6 +188,7 @@ private boolean isDefaultAccessDeniedUri(Request request, PolicyEnforcerConfig e
     }
 
     private boolean hasResourceScopePermission(MethodConfig methodConfig, Permission permission) {
+        List<String> requiredScopes = methodConfig.getScopes();
         Set<String> allowedScopes = permission.getScopes();
 
         if (allowedScopes.isEmpty()) {
@@ -197,18 +198,18 @@ private boolean hasResourceScopePermission(MethodConfig methodConfig, Permission
         PolicyEnforcerConfig.ScopeEnforcementMode enforcementMode = methodConfig.getScopesEnforcementMode();
 
         if (PolicyEnforcerConfig.ScopeEnforcementMode.ALL.equals(enforcementMode)) {
-            return allowedScopes.containsAll(methodConfig.getScopes());
+            return allowedScopes.containsAll(requiredScopes);
         }
 
         if (PolicyEnforcerConfig.ScopeEnforcementMode.ANY.equals(enforcementMode)) {
-            for (String requiredScope : methodConfig.getScopes()) {
+            for (String requiredScope : requiredScopes) {
                 if (allowedScopes.contains(requiredScope)) {
                     return true;
                 }
             }
         }
 
-        return false;
+        return requiredScopes.isEmpty();
     }
 
     protected AuthzClient getAuthzClient() {

diff --git a/.../src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java b/.../src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java
@@ -276,11 +276,13 @@ public String getJSON(String deploymentName) {
     }
 
     private void setJSONValues(ModelNode json, ModelNode values) {
-        for (Property prop : new ArrayList<>(values.asPropertyList())) {
-            String name = prop.getName();
-            ModelNode value = prop.getValue();
-            if (value.isDefined()) {
-                json.get(name).set(value);
+        synchronized (values) {
+            for (Property prop : new ArrayList<>(values.asPropertyList())) {
+                String name = prop.getName();
+                ModelNode value = prop.getValue();
+                if (value.isDefined()) {
+                    json.get(name).set(value);
+                }
             }
         }
     }