Policy Enforcement + Spring Security Group policy

Hey guys.

I just have a pretty straight forward question, i’m trying to apply permissions to a particular resource using aggregated policies. I created an aggregated policy using a role policy and a group policy, i just want that the users who has a specific role and belongs to a specific group to have access to the resource. I tested the permission with the evaluator and works fine, it denies the user that doesn’t belong to the group even tho it has the role. The issue comes when i send a request to a Spring app and try to authorize the resource with the adapter, there it seems to ignore the group policy and allow all the users to access the resource even tho they don’t belong to the group.

P.D.: If i only use role policies it works perfectly with Spring adapter.

Any help?



  realm: master
  resource: test
  auth-server-url: http://localhost:8080/auth
  principal-attribute: preferred-username
    secret: 608b76dd-34f9-4d50-a818-926fdef2c901
    enforcement-mode: ENFORCING
    - auth-roles:
        - "*"
        - patterns:
            - "/*"

Having the same issue. Any help on this please.