This is on Keycloak 24
We have added in some Javascript policies and assigned the permissions, however in DEBUG we are seeing that it is failing to evaluate. This error occurs when trying to search for users, or opening the Client Scopes within a client. Run DevTools at the time shows a 400 Bad Request with a path of /admin/realms/SIDER/users?max=20
Going round in circles and not sure how to fix 
Below is the Javascript in question (I have *** client id and email addresses on here);
var context = $evaluation.getContext();
var identity = context.getIdentity();
var provider = $evaluation.getAuthorizationProvider();
var session = provider.getKeycloakSession();
print("session: " + session);
var uri = session.getContext().getUri().getRequestUri();
var path = java.nio.file.Paths.get(uri.getPath());
var userId = path.getName(path.getNameCount() - 2).toString();
var user = session.users().getUserById(userId, session.getContext().getRealm());
var bearer = session.getContext().getContextObject(javax.servlet.http.HttpServletRequest.class).getParameter('subject_token');
var subject = session.getContext().getContextObject(javax.servlet.http.HttpServletRequest.class).getParameter('requested_subject');
var clientId = session.getContext().getContextObject(javax.servlet.http.HttpServletRequest.class).getParameter('client_id');
var audience = session.getContext().getContextObject(javax.servlet.http.HttpServletRequest.class).getParameter('audience');
print("session: " + session.getContext().getContextObject(javax.servlet.http.HttpServletRequest.class).getParameterMap());
print("bearer: " + bearer);
print("clientId: " + clientId);
print("audience: " + audience);
print('subject: ' + subject);
print("identity: " + identity.getId());
print("attributes: " + identity.getAttributes().toMap());
print("caller dn: " + identity.getAttributes().getValue('LDAP_ENTRY_DN').asString(0));
print("userId: " + userId);
print("path: " + path);
print("user: " + user.getAttributes());
print("target dn: " + user.getAttributes().get('LDAP_ENTRY_DN').get(0));
//var target = user.getAttributes().get('LDAP_ENTRY_DN').get(0)
//if (target.endsWith('DC=***,DC=***,DC=***')) {
//}
var matched = false;
if(subject){
subject = subject.toLowerCase();
if(clientId === '***' && subject.toLowerCase().endsWith('@***')){
$evaluation.grant();
matched = true;
}
if(clientId === '***' && subject.toLowerCase().endsWith('@***')){
$evaluation.grant();
matched = true;
}
if(clientId === '***' && subject.toLowerCase().endsWith('@***')){
print('subject: ' + subject);
$evaluation.grant();
matched = true;
}
//
if(clientId === '***' && subject.endsWith('@***')){
$evaluation.grant();
matched = true;
}
if(clientId === '***' && subject.endsWith('@***')){
$evaluation.grant();
matched = true;
}
// try add tst ?
if(clientId === '***' && subject.toLowerCase().endsWith('@***')){
print('Matched ***');
$evaluation.grant();
matched = true;
}
if(clientId === '***' && subject.endsWith('@***')){
$evaluation.grant();
matched = true;
}
if(clientId === '***' && subject.endsWith('@***')){
$evaluation.grant();
matched = true;
}
if(clientId === '***' && subject.endsWith('@***')){
$evaluation.grant();
matched = true;
}
if(clientId === '***' && subject.endsWith('@***')){
$evaluation.grant();
matched = true;
}
if(clientId === '***' && subject.endsWith('***')){
$evaluation.grant();
matched = true;
}
if(clientId === '***' && subject.endsWith('@***')){
$evaluation.grant();
matched = true;
}
}
if(matched === false){
print('-------------------------------------');
print('Failed for subject: ' + subject);
print('clientId: ' + clientId);
print('-------------------------------------');
$evaluation.deny();
}
Below is from the debug;
2024-10-17 10:57:01,212 DEBUG [org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext] (executor-thread-212) Restarting handler chain for exception exception: com.fasterxml.jackson.databind.JsonMappingException: Failed to evaluate permissions
at com.fasterxml.jackson.databind.ser.DefaultSerializerProvider._wrapAsIOE(DefaultSerializerProvider.java:531)
at com.fasterxml.jackson.databind.ser.DefaultSerializerProvider._serialize(DefaultSerializerProvider.java:504)
at com.fasterxml.jackson.databind.ser.DefaultSerializerProvider.serializeValue(DefaultSerializerProvider.java:341)
at com.fasterxml.jackson.databind.ObjectWriter$Prefetch.serialize(ObjectWriter.java:1572)
at com.fasterxml.jackson.databind.ObjectWriter._writeValueAndClose(ObjectWriter.java:1273)
at com.fasterxml.jackson.databind.ObjectWriter.writeValue(ObjectWriter.java:1098)
at io.quarkus.resteasy.reactive.jackson.runtime.serialisers.FullyFeaturedServerJacksonMessageBodyWriter.writeResponse(FullyFeaturedServerJacksonMessageBodyWriter.java:79)
at org.jboss.resteasy.reactive.server.core.ServerSerialisers.invokeWriter(ServerSerialisers.java:216)
at org.jboss.resteasy.reactive.server.core.ServerSerialisers.invokeWriter(ServerSerialisers.java:184)
at org.jboss.resteasy.reactive.server.core.serialization.FixedEntityWriter.write(FixedEntityWriter.java:28)
at org.jboss.resteasy.reactive.server.handlers.ResponseWriterHandler.handle(ResponseWriterHandler.java:34)
at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:147)
at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1512)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: Failed to evaluate permissions
at org.keycloak.authorization.policy.evaluation.DecisionPermissionCollector.onError(DecisionPermissionCollector.java:182)
at org.keycloak.authorization.permission.evaluator.IterablePermissionEvaluator.evaluate(IterablePermissionEvaluator.java:71)
at org.keycloak.authorization.permission.evaluator.IterablePermissionEvaluator.evaluate(IterablePermissionEvaluator.java:87)
at org.keycloak.services.resources.admin.permissions.MgmtPermissions.evaluatePermission(MgmtPermissions.java:349)
at org.keycloak.services.resources.admin.permissions.MgmtPermissions.evaluatePermission(MgmtPermissions.java:333)
at org.keycloak.services.resources.admin.permissions.UserPermissions.hasPermission(UserPermissions.java:512)
at org.keycloak.services.resources.admin.permissions.UserPermissions.isImpersonatable(UserPermissions.java:405)
at org.keycloak.services.resources.admin.permissions.UserPermissions.canImpersonate(UserPermissions.java:364)
at org.keycloak.services.resources.admin.permissions.UserPermissions.canImpersonate(UserPermissions.java:368)
at org.keycloak.services.resources.admin.permissions.UserPermissions.getAccess(UserPermissions.java:440)
at org.keycloak.services.resources.admin.UsersResource.lambda$toRepresentation$2(UsersResource.java:472)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(Unknown Source)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(Unknown Source)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(Unknown Source)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(Unknown Source)
at java.base/java.util.stream.ReferencePipeline$15$1.accept(Unknown Source)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(Unknown Source)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(Unknown Source)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(Unknown Source)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(Unknown Source)
at java.base/java.util.Iterator.forEachRemaining(Unknown Source)
at java.base/java.util.Spliterators$IteratorSpliterator.forEachRemaining(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source)
at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(Unknown Source)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source)
at java.base/java.util.stream.ReferencePipeline.forEach(Unknown Source)
at org.keycloak.utils.ClosingStream.forEach(ClosingStream.java:128)
at java.base/java.util.stream.ReferencePipeline$7$1.accept(Unknown Source)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(Unknown Source)
at java.base/java.util.stream.Streams$StreamBuilderImpl.forEachRemaining(Unknown Source)
at java.base/java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Unknown Source)
at java.base/java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source)
at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(Unknown Source)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source)
at java.base/java.util.stream.ReferencePipeline.forEachOrdered(Unknown Source)
at com.fasterxml.jackson.datatype.jdk8.StreamSerializer.serialize(StreamSerializer.java:71)
at com.fasterxml.jackson.datatype.jdk8.StreamSerializer.serialize(StreamSerializer.java:15)
at com.fasterxml.jackson.databind.ser.DefaultSerializerProvider._serialize(DefaultSerializerProvider.java:502)
... 18 more
Caused by: java.lang.RuntimeException: Error evaluating JS Policy [SFTbetterauthenticator-uat-impersonate-access-policy].
at org.keycloak.authorization.policy.provider.js.JSPolicyProvider.evaluate(JSPolicyProvider.java:60)
at org.keycloak.authorization.policy.provider.permission.AbstractPermissionProvider.evaluate(AbstractPermissionProvider.java:62)
at org.keycloak.authorization.policy.provider.permission.ScopePolicyProvider.evaluate(ScopePolicyProvider.java:55)
at org.keycloak.authorization.policy.evaluation.DefaultPolicyEvaluator.lambda$createPolicyEvaluator$0(DefaultPolicyEvaluator.java:117)
at java.base/java.util.function.Consumer.lambda$andThen$0(Unknown Source)
at java.base/java.util.function.Consumer.lambda$andThen$0(Unknown Source)
at org.keycloak.models.cache.infinispan.authorization.StoreFactoryCacheSession$PolicyCache$1.accept(StoreFactoryCacheSession.java:966)
at org.keycloak.models.cache.infinispan.authorization.StoreFactoryCacheSession$PolicyCache$1.accept(StoreFactoryCacheSession.java:961)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(Unknown Source)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(Unknown Source)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(Unknown Source)
at java.base/java.util.Iterator.forEachRemaining(Unknown Source)
at java.base/java.util.Spliterators$IteratorSpliterator.forEachRemaining(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source)
at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(Unknown Source)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source)
at java.base/java.util.stream.ReferencePipeline.forEach(Unknown Source)
at org.keycloak.utils.ClosingStream.forEach(ClosingStream.java:128)
at org.keycloak.authorization.jpa.store.JPAPolicyStore.findByResource(JPAPolicyStore.java:223)
at org.keycloak.models.cache.infinispan.authorization.StoreFactoryCacheSession$PolicyCache.lambda$findByResource$4(StoreFactoryCacheSession.java:961)
at org.keycloak.models.cache.infinispan.authorization.StoreFactoryCacheSession$PolicyCache.cacheQuery(StoreFactoryCacheSession.java:1074)
at org.keycloak.models.cache.infinispan.authorization.StoreFactoryCacheSession$PolicyCache.cacheQuery(StoreFactoryCacheSession.java:1063)
at org.keycloak.models.cache.infinispan.authorization.StoreFactoryCacheSession$PolicyCache.findByResource(StoreFactoryCacheSession.java:959)
at org.keycloak.authorization.AuthorizationProvider$3.findByResource(AuthorizationProvider.java:408)
at org.keycloak.authorization.policy.evaluation.DefaultPolicyEvaluator.evaluate(DefaultPolicyEvaluator.java:71)
at org.keycloak.authorization.permission.evaluator.IterablePermissionEvaluator.evaluate(IterablePermissionEvaluator.java:66)
... 59 more
Caused by: java.lang.ClassCastException: Cannot cast java.lang.String to org.keycloak.models.RealmModel
at java.base/java.lang.Class.cast(Unknown Source)
at org.openjdk.nashorn.internal.scripts.Script$1$\^eval\_.:program(<eval>:9)
at org.openjdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:646)
at org.openjdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:513)
at org.openjdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:520)
at org.openjdk.nashorn.api.scripting.NashornScriptEngine.evalImpl(NashornScriptEngine.java:414)
at org.openjdk.nashorn.api.scripting.NashornScriptEngine$1.eval(NashornScriptEngine.java:507)
at org.keycloak.scripting.CompiledEvaluatableScriptAdapter.eval(CompiledEvaluatableScriptAdapter.java:45)
at org.keycloak.authorization.policy.provider.js.JSPolicyProvider.evaluate(JSPolicyProvider.java:56)
... 86 more
2024-10-17 10:57:01,213 DEBUG [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-212) Error response 400: com.fasterxml.jackson.databind.JsonMappingException: Failed to evaluate permissions
at com.fasterxml.jackson.databind.ser.DefaultSerializerProvider._wrapAsIOE(DefaultSerializerProvider.java:531)
at com.fasterxml.jackson.databind.ser.DefaultSerializerProvider._serialize(DefaultSerializerProvider.java:504)
at com.fasterxml.jackson.databind.ser.DefaultSerializerProvider.serializeValue(DefaultSerializerProvider.java:341)
at com.fasterxml.jackson.databind.ObjectWriter$Prefetch.serialize(ObjectWriter.java:1572)
at com.fasterxml.jackson.databind.ObjectWriter._writeValueAndClose(ObjectWriter.java:1273)
at com.fasterxml.jackson.databind.ObjectWriter.writeValue(ObjectWriter.java:1098)
at io.quarkus.resteasy.reactive.jackson.runtime.serialisers.FullyFeaturedServerJacksonMessageBodyWriter.writeResponse(FullyFeaturedServerJacksonMessageBodyWriter.java:79)
at org.jboss.resteasy.reactive.server.core.ServerSerialisers.invokeWriter(ServerSerialisers.java:216)
at org.jboss.resteasy.reactive.server.core.ServerSerialisers.invokeWriter(ServerSerialisers.java:184)
at org.jboss.resteasy.reactive.server.core.serialization.FixedEntityWriter.write(FixedEntityWriter.java:28)
at org.jboss.resteasy.reactive.server.handlers.ResponseWriterHandler.handle(ResponseWriterHandler.java:34)
at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:147)
at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1512)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: Failed to evaluate permissions
at org.keycloak.authorization.policy.evaluation.DecisionPermissionCollector.onError(DecisionPermissionCollector.java:182)
at org.keycloak.authorization.permission.evaluator.IterablePermissionEvaluator.evaluate(IterablePermissionEvaluator.java:71)
at org.keycloak.authorization.permission.evaluator.IterablePermissionEvaluator.evaluate(IterablePermissionEvaluator.java:87)
at org.keycloak.services.resources.admin.permissions.MgmtPermissions.evaluatePermission(MgmtPermissions.java:349)
at org.keycloak.services.resources.admin.permissions.MgmtPermissions.evaluatePermission(MgmtPermissions.java:333)
at org.keycloak.services.resources.admin.permissions.UserPermissions.hasPermission(UserPermissions.java:512)
at org.keycloak.services.resources.admin.permissions.UserPermissions.isImpersonatable(UserPermissions.java:405)
at org.keycloak.services.resources.admin.permissions.UserPermissions.canImpersonate(UserPermissions.java:364)
at org.keycloak.services.resources.admin.permissions.UserPermissions.canImpersonate(UserPermissions.java:368)
at org.keycloak.services.resources.admin.permissions.UserPermissions.getAccess(UserPermissions.java:440)
at org.keycloak.services.resources.admin.UsersResource.lambda$toRepresentation$2(UsersResource.java:472)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(Unknown Source)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(Unknown Source)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(Unknown Source)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(Unknown Source)
at java.base/java.util.stream.ReferencePipeline$15$1.accept(Unknown Source)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(Unknown Source)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(Unknown Source)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(Unknown Source)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(Unknown Source)
at java.base/java.util.Iterator.forEachRemaining(Unknown Source)
at java.base/java.util.Spliterators$IteratorSpliterator.forEachRemaining(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source)
at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(Unknown Source)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source)
at java.base/java.util.stream.ReferencePipeline.forEach(Unknown Source)
at org.keycloak.utils.ClosingStream.forEach(ClosingStream.java:128)
at java.base/java.util.stream.ReferencePipeline$7$1.accept(Unknown Source)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(Unknown Source)
at java.base/java.util.stream.Streams$StreamBuilderImpl.forEachRemaining(Unknown Source)
at java.base/java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Unknown Source)
at java.base/java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source)
at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(Unknown Source)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source)
at java.base/java.util.stream.ReferencePipeline.forEachOrdered(Unknown Source)
at com.fasterxml.jackson.datatype.jdk8.StreamSerializer.serialize(StreamSerializer.java:71)
at com.fasterxml.jackson.datatype.jdk8.StreamSerializer.serialize(StreamSerializer.java:15)
at com.fasterxml.jackson.databind.ser.DefaultSerializerProvider._serialize(DefaultSerializerProvider.java:502)
... 18 more
Caused by: java.lang.RuntimeException: Error evaluating JS Policy [SFTbetterauthenticator-uat-impersonate-access-policy].
at org.keycloak.authorization.policy.provider.js.JSPolicyProvider.evaluate(JSPolicyProvider.java:60)
at org.keycloak.authorization.policy.provider.permission.AbstractPermissionProvider.evaluate(AbstractPermissionProvider.java:62)
at org.keycloak.authorization.policy.provider.permission.ScopePolicyProvider.evaluate(ScopePolicyProvider.java:55)
at org.keycloak.authorization.policy.evaluation.DefaultPolicyEvaluator.lambda$createPolicyEvaluator$0(DefaultPolicyEvaluator.java:117)
at java.base/java.util.function.Consumer.lambda$andThen$0(Unknown Source)
at java.base/java.util.function.Consumer.lambda$andThen$0(Unknown Source)
at org.keycloak.models.cache.infinispan.authorization.StoreFactoryCacheSession$PolicyCache$1.accept(StoreFactoryCacheSession.java:966)
at org.keycloak.models.cache.infinispan.authorization.StoreFactoryCacheSession$PolicyCache$1.accept(StoreFactoryCacheSession.java:961)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(Unknown Source)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(Unknown Source)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(Unknown Source)
at java.base/java.util.Iterator.forEachRemaining(Unknown Source)
at java.base/java.util.Spliterators$IteratorSpliterator.forEachRemaining(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source)
at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(Unknown Source)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source)
at java.base/java.util.stream.ReferencePipeline.forEach(Unknown Source)
at org.keycloak.utils.ClosingStream.forEach(ClosingStream.java:128)
at org.keycloak.authorization.jpa.store.JPAPolicyStore.findByResource(JPAPolicyStore.java:223)
at org.keycloak.models.cache.infinispan.authorization.StoreFactoryCacheSession$PolicyCache.lambda$findByResource$4(StoreFactoryCacheSession.java:961)
at org.keycloak.models.cache.infinispan.authorization.StoreFactoryCacheSession$PolicyCache.cacheQuery(StoreFactoryCacheSession.java:1074)
at org.keycloak.models.cache.infinispan.authorization.StoreFactoryCacheSession$PolicyCache.cacheQuery(StoreFactoryCacheSession.java:1063)
at org.keycloak.models.cache.infinispan.authorization.StoreFactoryCacheSession$PolicyCache.findByResource(StoreFactoryCacheSession.java:959)
at org.keycloak.authorization.AuthorizationProvider$3.findByResource(AuthorizationProvider.java:408)
at org.keycloak.authorization.policy.evaluation.DefaultPolicyEvaluator.evaluate(DefaultPolicyEvaluator.java:71)
at org.keycloak.authorization.permission.evaluator.IterablePermissionEvaluator.evaluate(IterablePermissionEvaluator.java:66)
... 59 more
Caused by: java.lang.ClassCastException: Cannot cast java.lang.String to org.keycloak.models.RealmModel
at java.base/java.lang.Class.cast(Unknown Source)
at org.openjdk.nashorn.internal.scripts.Script$1$\^eval\_.:program(<eval>:9)
at org.openjdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:646)
at org.openjdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:513)
at org.openjdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:520)
at org.openjdk.nashorn.api.scripting.NashornScriptEngine.evalImpl(NashornScriptEngine.java:414)
at org.openjdk.nashorn.api.scripting.NashornScriptEngine$1.eval(NashornScriptEngine.java:507)
at org.keycloak.scripting.CompiledEvaluatableScriptAdapter.eval(CompiledEvaluatableScriptAdapter.java:45)
at org.keycloak.authorization.policy.provider.js.JSPolicyProvider.evaluate(JSPolicyProvider.java:56)
... 86 more