Details
-
Bug
-
Status: Closed
-
Minor
-
Resolution:
Out of Date
-
4.6.0.Final
-
NEW
-
NEW
Description
We do use the Policy Enforcer and want to forward parameters to a CIP via the 'parameters' feature. The initial paramaters are received as as JSON in the request body:
"policy-enforcer": { ..... "parameters": { "AAA": "{request.body['/aaa']}", "BBB": "{request.body['/bbb']}", "CCC": "{request.body['/bbb']}" } }
AAA BBB and CCC are alwas empty despite a correct request. This is due to
the org.keycloak.adapters.authorization.util.RequestPlaceHolderResolver which tries to see if there is anything to read in line 110:
if (body == null || body.available() == 0) { return Collections.emptyList(); }
Due to coyote/catalina InputBuffer which always returns 0 despite being readable it will always return the empty collection. If hooked with a debugger and returning something else than 0 everything works as expected.
We do use JBoss EAP 6.4 and apache-tomcat-7.0.32 both do use catalina and thus are affected by this issue.
A workaround could be just reading one byte:
if (body == null || (body.markSupported()) ? body.read() < 0 : body.available() == 0) { return Collections.emptyList(); }
a few lines later the stream gets reseted anyways:
if (body.markSupported()) {
body.mark(0);
}
Anyways wouldn't it be more straight forward to read the stream completly at the beginning and skip these validation steps at all?
