apupier commented on code in PR #23958:
URL: https://github.com/apache/camel/pull/23958#discussion_r3396127183
##########
components/camel-keycloak/src/main/java/org/apache/camel/component/keycloak/security/KeycloakSecurityProcessor.java:
##########
@@ -59,11 +59,23 @@ protected void beforeProcess(Exchange exchange) throws
Exception {
throw new CamelAuthorizationException("Access token not found
in exchange", exchange);
}
- if (!policy.getRequiredRolesAsList().isEmpty()) {
+ boolean rolesRequired = !policy.getRequiredRolesAsList().isEmpty();
+ boolean permissionsRequired =
!policy.getRequiredPermissionsAsList().isEmpty();
+
+ // Always authenticate the token when one is present - signature,
issuer and expiry for local
Review Comment:
this comment seems to not correspond to what the code is doing.
The token is not always authenticated, it is only if roles and permission
are not required
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
