mirror of
https://github.com/keycloak/keycloak.git
synced 2025-12-16 20:15:46 -06:00
Apply a heuristic to look up by the role by ID or name
Closes #36919 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
This commit is contained in:
Alexander Schwartz
committed by
Pedro Igor
Pedro Igor
parent
242516624c
commit
a3c175ffc0
@@ -42,6 +42,7 @@ import java.util.HashSet;
|
||||
import java.util.LinkedHashSet;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.regex.Pattern;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
/**
|
||||
@@ -210,6 +211,8 @@ public class RolePolicyProviderFactory implements PolicyProviderFactory<RolePoli
|
||||
return Collections.emptySet();
|
||||
}
|
||||
|
||||
public static final Pattern UUID_PATTERN = Pattern.compile("[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}");
|
||||
|
||||
private RoleModel getRole(RolePolicyRepresentation.RoleDefinition definition, RealmModel realm) {
|
||||
String roleName = definition.getId();
|
||||
String clientId = null;
|
||||
@@ -223,10 +226,13 @@ public class RolePolicyProviderFactory implements PolicyProviderFactory<RolePoli
|
||||
RoleModel role;
|
||||
|
||||
if (clientId == null) {
|
||||
role = realm.getRole(roleName);
|
||||
// if the role name looks like a UUID, it is likely that it is a role ID. Then do this look-up first to avoid hitting the database twice
|
||||
// TODO: In a future version of the auth feature, make this more strict to avoid the double lookup and any ambiguity
|
||||
boolean looksLikeAUuid = UUID_PATTERN.matcher(roleName).matches();
|
||||
role = looksLikeAUuid ? realm.getRoleById(roleName) : realm.getRole(roleName);
|
||||
|
||||
if (role == null) {
|
||||
role = realm.getRoleById(roleName);
|
||||
role = !looksLikeAUuid ? realm.getRoleById(roleName) : realm.getRole(roleName);;
|
||||
}
|
||||
} else {
|
||||
ClientModel client = realm.getClientByClientId(clientId);
|
||||
|
||||
Reference in New Issue
Block a user