Merge pull request keycloak#4690 from pedroigor/KEYCLOAK-5824

[KEYCLOAK-5824] - Keycloak throws "Error while evaluating permissions" exception often
abryson-redhat · Nov 14, 2017 · eebf0b0 · eebf0b0
2 parents 63a01b1 + b0ccce3
commit eebf0b0
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 10 deletions.
diff --git a/...mon/src/main/java/org/keycloak/authorization/policy/provider/time/TimePolicyProvider.java b/...mon/src/main/java/org/keycloak/authorization/policy/provider/time/TimePolicyProvider.java
@@ -32,29 +32,24 @@ public class TimePolicyProvider implements PolicyProvider {
 
     static String DEFAULT_DATE_PATTERN = "yyyy-MM-dd hh:mm:ss";
 
-    private final SimpleDateFormat dateFormat;
-
-    public TimePolicyProvider() {
-        this.dateFormat = new SimpleDateFormat(DEFAULT_DATE_PATTERN);
-    }
-
     @Override
     public void evaluate(Evaluation evaluation) {
         Policy policy = evaluation.getPolicy();
+        SimpleDateFormat dateFormat = new SimpleDateFormat(DEFAULT_DATE_PATTERN);
         Date actualDate = new Date();
 
         try {
             String notBefore = policy.getConfig().get("nbf");
             if (notBefore != null && !"".equals(notBefore)) {
-                if (actualDate.before(this.dateFormat.parse(format(notBefore)))) {
+                if (actualDate.before(dateFormat.parse(format(notBefore)))) {
                     evaluation.deny();
                     return;
                 }
             }
 
             String notOnOrAfter = policy.getConfig().get("noa");
             if (notOnOrAfter != null && !"".equals(notOnOrAfter)) {
-                if (actualDate.after(this.dateFormat.parse(format(notOnOrAfter)))) {
+                if (actualDate.after(dateFormat.parse(format(notOnOrAfter)))) {
                     evaluation.deny();
                     return;
                 }

diff --git a/...ces/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java b/...ces/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java
@@ -125,7 +125,7 @@ public Response authorize(AuthorizationRequest authorizationRequest) {
                         .exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS).build();
             }
         } catch (Exception cause) {
-            logger.error(cause);
+            logger.error("Failed to evaluate permissions", cause);
             throw new ErrorResponseException(OAuthErrorException.SERVER_ERROR, "Error while evaluating permissions.", Status.INTERNAL_SERVER_ERROR);
         }
 

diff --git a/services/src/main/java/org/keycloak/authorization/entitlement/EntitlementService.java b/services/src/main/java/org/keycloak/authorization/entitlement/EntitlementService.java
@@ -170,7 +170,7 @@ private Response evaluate(AuthorizationRequestMetadata metadata, List<ResourcePe
                 return Cors.add(request, Response.ok().entity(new EntitlementResponse(createRequestingPartyToken(entitlements, identity.getAccessToken(), resourceServer)))).allowedOrigins(identity.getAccessToken()).allowedMethods("GET").exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS).build();
             }
         } catch (Exception cause) {
-            logger.error(cause);
+            logger.error("Failed to evaluate permissions", cause);
             throw new ErrorResponseException(OAuthErrorException.SERVER_ERROR, "Error while evaluating permissions.", Status.INTERNAL_SERVER_ERROR);
         }