fix: do not re-neable AuthorizationService if it is already enabled

The enable action needs the realm-wide "modify client" permission, which restricted admins with the fine-grained-authz feature do not have. This causes a "forbidden" exception when try try to save a client with Authorization already enabled, even if the "enable" action does nothing since it was already enabled. Fixes #22938 Signed-off-by: Vojtěch Boček <vbocek@gmail.com>
2025-12-16 20:15:46 -06:00 · 2024-03-22 09:58:33 +01:00
parent 302fa3db08
commit cd4543456e
1 changed files with 3 additions and 1 deletions
--- a/services/src/main/java/org/keycloak/authorization/admin/AuthorizationService.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/AuthorizationService.java
@@ -64,7 +64,9 @@ public class AuthorizationService {
    }

    public void enable(boolean newClient) {
-        this.resourceServer = getResourceServerService().create(newClient);
+        if (!isEnabled()) {
+            this.resourceServer = getResourceServerService().create(newClient);
+        }
    }

    public void disable() {