diff --git a/authz/policy/common/pom.xml b/authz/policy/common/pom.xml
index ec7c0f5ddc4..eb1e18fbe74 100644
--- a/authz/policy/common/pom.xml
+++ b/authz/policy/common/pom.xml
@@ -51,6 +51,11 @@
keycloak-server-spi-private
provided
+
+ io.quarkus.resteasy.reactive
+ resteasy-reactive-common
+ provided
+
org.jboss.logging
jboss-logging
diff --git a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProviderFactory.java b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProviderFactory.java
index 2ebc91ee5a5..8b9e3c1c965 100644
--- a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProviderFactory.java
+++ b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProviderFactory.java
@@ -22,6 +22,7 @@ import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.policy.provider.PolicyProvider;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
+import org.keycloak.authorization.policy.provider.util.PolicyValidationException;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
@@ -150,7 +151,7 @@ public class RolePolicyProviderFactory implements PolicyProviderFactory roles) {
Set updatedRoles = new HashSet<>();
-
+ Set processedRoles = new HashSet<>();
if (roles != null) {
RealmModel realm = authorization.getRealm();
for (RolePolicyRepresentation.RoleDefinition definition : roles) {
@@ -159,8 +160,10 @@ public class RolePolicyProviderFactory implements PolicyProviderFactory config = new HashMap(policy.getConfig());
@@ -143,11 +160,20 @@ public class TimePolicyProviderFactory implements PolicyProviderFactory