oscerd commented on code in PR #23958:
URL: https://github.com/apache/camel/pull/23958#discussion_r3396297686
##########
components/camel-keycloak/src/main/java/org/apache/camel/component/keycloak/security/KeycloakSecurityProcessor.java:
##########
@@ -59,11 +59,23 @@ protected void beforeProcess(Exchange exchange) throws
Exception {
throw new CamelAuthorizationException("Access token not found
in exchange", exchange);
}
- if (!policy.getRequiredRolesAsList().isEmpty()) {
+ boolean rolesRequired = !policy.getRequiredRolesAsList().isEmpty();
+ boolean permissionsRequired =
!policy.getRequiredPermissionsAsList().isEmpty();
+
+ // Always authenticate the token when one is present - signature,
issuer and expiry for local
Review Comment:
Good catch, thanks — reworded the comment (force-pushed). The token *is*
always authenticated before the route runs:
`validateRoles()`/`validatePermissions()` already verify it
(signature/issuer/expiry for local JWT, or active state/issuer for
introspection) when roles or permissions are required, and the new
`authenticateToken()` call covers the case where neither is configured. The
comment now describes that overall flow instead of implying the `if`-block
itself always authenticates.
I also rebased onto `main` to pick up `10003522d3f` (jbang doc-generation
fix), which clears the unrelated "uncommitted changes" CI failure.
_Claude Code on behalf of Andrea Cosentino_
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
