Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AuthzClient getPermissions() deserializes to List<LinkedHashSet> and not List<Permission> (previously #16520 ) #28236

Closed
1 of 2 tasks
clezag opened this issue Mar 27, 2024 · 2 comments
Closed
1 of 2 tasks

AuthzClient getPermissions() deserializes to List<LinkedHashSet> and not List<Permission> (previously #16520 ) #28236

clezag opened this issue Mar 27, 2024 · 2 comments
Labels
area/authorization-services Indicates an issue on Authorization area help wanted kind/bug Categorizes a PR related to a bug priority/normal status/auto-bump status/auto-expire team/core-iam

Comments

@clezag
Copy link
Contributor

clezag commented Mar 27, 2024
edited

Before reporting an issue

  • I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

authorization-services

Describe the bug

This bug as previously reported in #16520, but erroneously closed as fixed.
I've opened this issue because I did not get any feedback on my comments or PR in the closed issue.

Using the Java AuthzClient,
List<Permission> permissions = authorizationResource.getPermissions(authorizationRequest);
returns a List<LinkedHashMap> instead of a List<Permission>

The actual runtime type of the returned list differs from the documented compile time type.
This causes a runtime Exception as soon as you use the individual objects in the list, because they don't match the compiled type.

This behavior is documented by a preexisting test. Note inexplicably casting the returned object to a Map before using it. Permission does not implement the Map interface, the two types are completely incompatible. This code should not work:

keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/RegexPolicyTest.java

Line 293 in 343479d

Assert.assertTrue(((Map)permissions.get(0)).get("rsname").equals("service"));

I have an open PR on the old issue (#27813) that should fix this

Version

24.0

Regression

  • The issue is a regression

Expected behavior

The returned List<Permission> is a java.util.List containing Permission objects

Actual behavior

The returned list is a List contains LinkedHashMap objects

How to Reproduce?

AuthorizationResource authorizationResource = authClient.authorization(token);

AuthorizationRequest authorizationRequest = new AuthorizationRequest();
authorizationRequest.setAudience(audience);
authorizationRequest.setScope("read");
AuthorizationRequest.Metadata metadata = new AuthorizationRequest.Metadata();
metadata.setResponseMode("permissions");
authorizationRequest.setMetadata(metadata);

List<Permission> permissions = authorizationResource.getPermissions(authorizationRequest);
permissions.get(0).getResourceName();

Will lead to exception because the type of permissions.get(0) is not Permission and thus the method call getResourceName is not possible

Alternatively, applying this change to an existing test will also make it fail

Anything else?

No response
@clezag clezag added kind/bug Categorizes a PR related to a bug status/triage labels Mar 27, 2024
@keycloak-github-bot keycloak-github-bot bot added area/authorization-services Indicates an issue on Authorization area team/core-iam labels Mar 27, 2024
@keycloak-github-bot
Copy link

Due to the amount of issues reported by the community we are not able to prioritise resolving this issue at the moment.

If you are affected by this issue, upvote it by adding a 👍 to the description. We would also welcome a contribution to fix the issue.

@clezag
Copy link
Contributor Author

clezag commented Apr 2, 2024

Closed by #27813

@clezag clezag closed this as completed Apr 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/authorization-services Indicates an issue on Authorization area help wanted kind/bug Categorizes a PR related to a bug priority/normal status/auto-bump status/auto-expire team/core-iam
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sguilhen @clezag