mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2025-12-20 14:00:09 -06:00
Code Issues Packages Projects Releases Wiki Activity

fix: do not re-neable AuthorizationService if it is already enabled

Browse Source 
The enable action needs the realm-wide "modify client" permission,
which restricted admins with the fine-grained-authz feature do not have.

This causes a "forbidden" exception when try try to save a client
with Authorization already enabled, even if the "enable" action
does nothing since it was already enabled.

Fixes #22938

Signed-off-by: Vojtěch Boček <vbocek@gmail.com>
This commit is contained in:
Vojtěch Boček
2024-03-22 09:58:33 +01:00
committed by Pedro Igor
parent 302fa3db08
commit cd4543456e
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
services/src/main/java/org/keycloak/authorization/admin/AuthorizationService.java
View File

@@ -64,8 +64,10 @@ public class AuthorizationService {
} }
public void enable(boolean newClient) { public void enable(boolean newClient) {
if (!isEnabled()) {
this.resourceServer = getResourceServerService().create(newClient); this.resourceServer = getResourceServerService().create(newClient);
} }
}
public void disable() { public void disable() {
if (isEnabled()) { if (isEnabled()) {