From 841a0c4795062cb93b3ced921a8c3c5f6c5058b4 Mon Sep 17 00:00:00 2001
From: Pedro Igor <pigor.craveiro@gmail.com>
Date: Mon, 25 May 2020 10:21:51 -0300
Subject: [PATCH 1/2] [fixes #8469] - Configuration properties references for
 keycloak-authorization extension

---
 docs/src/main/asciidoc/security-keycloak-authorization.adoc | 6 ++++++
 .../pep/runtime/KeycloakPolicyEnforcerAuthorizer.java       | 3 +--
 .../keycloak/pep/runtime/KeycloakPolicyEnforcerConfig.java  | 2 +-
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/docs/src/main/asciidoc/security-keycloak-authorization.adoc b/docs/src/main/asciidoc/security-keycloak-authorization.adoc
index b681266eb8f52..1359042b9e3cb 100644
--- a/docs/src/main/asciidoc/security-keycloak-authorization.adoc
+++ b/docs/src/main/asciidoc/security-keycloak-authorization.adoc
@@ -346,6 +346,12 @@ In the default configuration, Keycloak is responsible for managing the roles and
 
 To configure the protected routes using the `@RolesAllowed` annotation or the `application.properties` file, check the link:security-openid-connect[Using OpenID Connect Adapter to Protect JAX-RS Applications] guide. For more details, check the link:security[Security guide].
 
+== Configuration Reference
+
+The configuration is based on the official https://www.keycloak.org/docs/latest/authorization_services/index.html#_enforcer_filter[Keycloak Policy Enforcer Configuration]. If you are looking for more details about the different configuration options, please take a look at this documentation,
+
+include::{generated-dir}/config/quarkus-keycloak-keycloak-policy-enforcer-config.adoc[opts=optional]
+
 == References
 
 * https://www.keycloak.org/documentation.html[Keycloak Documentation]
diff --git a/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerAuthorizer.java b/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerAuthorizer.java
index 86b6f48d5b80b..9019c1188627a 100644
--- a/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerAuthorizer.java
+++ b/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerAuthorizer.java
@@ -147,8 +147,7 @@ private PolicyEnforcerConfig getPolicyEnforcerConfig(KeycloakPolicyEnforcerConfi
             PolicyEnforcerConfig enforcerConfig = new PolicyEnforcerConfig();
 
             enforcerConfig.setLazyLoadPaths(config.policyEnforcer.lazyLoadPaths);
-            enforcerConfig.setEnforcementMode(
-                    PolicyEnforcerConfig.EnforcementMode.valueOf(config.policyEnforcer.enforcementMode));
+            enforcerConfig.setEnforcementMode(config.policyEnforcer.enforcementMode);
             enforcerConfig.setHttpMethodAsScope(config.policyEnforcer.httpMethodAsScope);
 
             KeycloakPolicyEnforcerConfig.KeycloakConfigPolicyEnforcer.PathCacheConfig pathCache = config.policyEnforcer.pathCache;
diff --git a/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerConfig.java b/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerConfig.java
index 1c16ed8890a64..b806466dbdeca 100644
--- a/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerConfig.java
+++ b/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerConfig.java
@@ -41,7 +41,7 @@ public static class KeycloakConfigPolicyEnforcer {
          * Specifies how policies are enforced.
          */
         @ConfigItem(defaultValue = "ENFORCING")
-        public String enforcementMode;
+        public PolicyEnforcerConfig.EnforcementMode enforcementMode;
 
         /**
          * Specifies the paths to protect.

From ff108c0e1d0fff37692d96c01d5b1353dfc04ae0 Mon Sep 17 00:00:00 2001
From: Guillaume Smet <guillaume.smet@gmail.com>
Date: Tue, 26 May 2020 11:05:41 +0200
Subject: [PATCH 2/2] Make the default value of enforcementMode lowercase

---
 .../keycloak/pep/runtime/KeycloakPolicyEnforcerConfig.java      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerConfig.java b/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerConfig.java
index b806466dbdeca..1cf9028aaddf2 100644
--- a/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerConfig.java
+++ b/extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerConfig.java
@@ -40,7 +40,7 @@ public static class KeycloakConfigPolicyEnforcer {
         /**
          * Specifies how policies are enforced.
          */
-        @ConfigItem(defaultValue = "ENFORCING")
+        @ConfigItem(defaultValue = "enforcing")
         public PolicyEnforcerConfig.EnforcementMode enforcementMode;
 
         /**