Handle ResourceMapperError in AsertoAuthorizationManager.check

aserto-dev · Aug 5, 2024 · 1a2055a · 1a2055a
1 parent 9b090c5
commit 1a2055a
Showing 1 changed file with 11 additions and 2 deletions.
diff --git a/src/main/java/com/aserto/authorizer/AsertoAuthorizationManager.java b/src/main/java/com/aserto/authorizer/AsertoAuthorizationManager.java
@@ -5,6 +5,7 @@
 import com.aserto.authorizer.mapper.identity.InvalidIdentity;
 import com.aserto.authorizer.mapper.policy.PolicyMapper;
 import com.aserto.authorizer.mapper.resource.ResourceMapper;
+import com.aserto.authorizer.mapper.resource.ResourceMapperError;
 import com.aserto.authorizer.v2.Decision;
 import com.aserto.model.IdentityCtx;
 import com.aserto.model.PolicyCtx;
@@ -110,8 +111,16 @@ public AuthorizationDecision check(HttpServletRequest httpRequest, IdentityMappe
         String policyPath = policyMapper.policyPath(httpRequest);
         log.debug("Policy path is [{}], policy name is [{}], policy label is [{}] and decision is [{}]", policyPath, policyName, policyLabel , authorizerDecision);
         PolicyCtx policyCtx = new PolicyCtx(policyName, policyLabel, policyPath, new String[]{ authorizerDecision });
-        Map<String, Value> resourceCtx = resourceMapper.getResource(httpRequest);
-        log.debug("Resource context: [{}]", toResourceContextString(resourceCtx));
+
+        Map<String, Value> resourceCtx;
+
+        try {
+            resourceCtx = resourceMapper.getResource(httpRequest);
+            log.debug("Resource context: [{}]", toResourceContextString(resourceCtx));
+        } catch (ResourceMapperError e) {
+            log.error("Resource mapper error [{}]. Authorization denies.", e.getMessage());
+            return new AuthorizationDecision(false);
+        }
 
         boolean isAllowed = false;
         try {