Hi to all.
I’m using Keycloak 9.0.2.
I have a lot of resources, let call them r1,r2,r3… and a lot of roles.
For each role I’ve a policy P1,P2,P3.
To avoid the creation of multiple permission, i want to create some permissions:
{
name: perm1
resources : r1,r2,r3,r4,r5
policy : p1
},
{
name: perm2
resources : r1
policy : p2
}
Via web GUI
It’s not possible to create those permissions.
Via Java Code
It is possible and it works:
Set<String> names = new HashSet<>();
names.addAll(Arrays.asList(resourcesName));
permission = new ScopePermissionRepresentation();
permission.setName(permissionName);
permission.setDescription(description);
permission.setResources(names);
permission.setPolicies(policyNames);
permission.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
permission.setScopes(scopesName);
Response response = permissionResource.create(permission);
PROBLEM 1:
In the web GUI, if I open perm1 and I add a new policy for instance, when I save the permission only the showed reseource is saved, all the other resources are lost.
PROBLEM 2:
I cannot delete a resource if it’s in a multi-resource-permission : i got an error:
ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-276) Uncaught server error: java.lang.NullPointerException
at org.keycloak.authorization.admin.ResourceSetService.getPermissions(ResourceSetService.java:275)
at sun.reflect.GeneratedMethodAccessor1065.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:138)
at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:517)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:406)
It’s really difficult to manage theese permission.
Does the new Keycloak versions resolve these problem?
Am I concectually wrong on permission-usage?