Updated permission not working
45 views
Skip to first unread message
Vivian Santos Silva
Feb 11, 2021, 3:34:00 PM2/11/21
to Keycloak User
Hello,
I have a client application accessed by users in two roles: app-user and app-admin. I have a policy associated with each role and I created a resource whose permission was associated with both policies, that is, both app-user and app-admin users could access the resource.
I then removed the app-user policy from the permission, in order to allow only admin users to access the resource, but now users with only the app-user role are still able to access it, no matter what I do. I already restarted my application, restarted the Keycloak server, and cleared all the caches, but the permission in its updated form still does not work as expected, although when I evaluate it in the admin console it works correctly.
Am I missing something? Is there something else that needs to be fixed when a permission is changed?
Thanks and regards,
Vivian.
Pedro Igor Craveiro e Silva
Feb 11, 2021, 4:21:10 PM2/11/21
to Vivian Santos Silva, Keycloak User
Hi Vivian,
Weird behavior. I would suspect some caching issue but considering you restarted the server, it might not be the case.
We do have tests in our testsuite covering a very similar scenario. So I'm clueless about what might be happening.
If you are able to export [1] your authorization settings I can take a look and figure out what is going on.
Regards.
Pedro Igor
--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/18bffb24-fae6-4560-b545-74fa77b04870n%40googlegroups.com.
Pedro Igor Craveiro e Silva
Feb 11, 2021, 4:21:49 PM2/11/21
to Vivian Santos Silva, Keycloak User
Btw, how are you enforcing access in your application? Using any of our adapters/policy enforcers?
Vivian Santos Silva
Feb 12, 2021, 12:15:26 PM2/12/21
to Pedro Igor Craveiro e Silva, Keycloak User
Hi Pedro,
Yes, it is a Spring Boot application, so I use the Spring Boot Java adapter. Please find attached the exported authorization settings. The problematic ones are the "User Self-Management Resource" and the "User Self-Management Permission". It is worth noting that there are other resources and policies that were added previously and work fine. All the URLs listed in the resource are also listed as protected paths in the application.properties config file.
Regards,
Vivian.
Reply all
Reply to author
Forward
0 new messages