Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-8930

Claims Request Body is not readable

    XMLWordPrintable

Details

    Description

      We do use the Policy Enforcer and want to forward parameters to a CIP via the 'parameters' feature. The initial paramaters are received as as JSON in the request body:

      "policy-enforcer": {
         .....
        "parameters": {
           "AAA": "{request.body['/aaa']}",
          "BBB": "{request.body['/bbb']}",
          "CCC": "{request.body['/bbb']}"
        }
      }
      

      AAA BBB and CCC are alwas empty despite a correct request. This is due to
      the org.keycloak.adapters.authorization.util.RequestPlaceHolderResolver which tries to see if there is anything to read in line 110:

         if (body == null || body.available() == 0) {
            return Collections.emptyList();
          }
      

      Due to coyote/catalina InputBuffer which always returns 0 despite being readable it will always return the empty collection. If hooked with a debugger and returning something else than 0 everything works as expected.

      We do use JBoss EAP 6.4 and apache-tomcat-7.0.32 both do use catalina and thus are affected by this issue.

      A workaround could be just reading one byte:

        if (body == null || (body.markSupported()) ? body.read() < 0 : body.available() == 0) {
            return Collections.emptyList();
          }
      

      a few lines later the stream gets reseted anyways:

            if (body.markSupported()) {
                      body.mark(0);
                  }
      

      Anyways wouldn't it be more straight forward to read the stream completly at the beginning and skip these validation steps at all?

      Attachments

        Activity

          People

            Unassigned Unassigned
            ataraxus6sic6 Anton G. (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: