fix: do not re-neable AuthorizationService if it is already enabled

The enable action needs the realm-wide "modify client" permission, which restricted admins with the fine-grained-authz feature do not have. This causes a "forbidden" exception when try try to save a client with Authorization already enabled, even if the "enable" action does nothing since it was already enabled. Fixes #22938 Signed-off-by: Vojtěch Boček <vbocek@gmail.com>
2025-12-17 04:24:48 -06:00 · 2024-03-22 09:58:33 +01:00
parent 302fa3db08
commit cd4543456e
1 changed files with 3 additions and 1 deletions
--- a/services/src/main/java/org/keycloak/authorization/admin/AuthorizationService.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/AuthorizationService.java
@@ -64,8 +64,10 @@ public class AuthorizationService {
    }

    public void enable(boolean newClient) {
+        if (!isEnabled()) {
            this.resourceServer = getResourceServerService().create(newClient);
        }
+    }

    public void disable() {
        if (isEnabled()) {