Policy Enforcer consumes body if a Claim extracts value from Request body and results in an error in the Java application

Describe the bug

In our Spring Boot application we try to retrieve a value from the request body to evaluate it in our Javascript Policy. We are able to extract the value from the request body as explained in the documentation via: "claim-from-json-body-object": "{request.body['/a/b/c']}". After Keycloak evaluation succeeds we get a 400 Bad Request error in Spring Boot as the request body is null. The behavior was also described on Stack overflow a few months ago.

Version

18

Expected behavior

The Keycloak Policy Enforcer extracts the desired value from the request body, the evaluation succeeds and afterwards the body is still available for further processing to the Spring Boot application.

Actual behavior

The Policy Enforcer retrieves the request body and consumes it. Afterwards the body is no longer available in Spring Boot and the result is a 400 Bad Request error.

How to Reproduce?

1. add configuration to a Spring Boot application to retrieve values from a request body, e.g.: claimInformationPointConfig.claims[user.id]={request.body['/userId']}
2. create a Javascript Policy that retrieves the value
3. create an Endpoint in the Java Application that is secured by the Policy

Anything else?

The behavior was also described on Stack overflow a few months ago.