diff --git a/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java b/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java index d02b8270f7..52d6a38e83 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java @@ -74,8 +74,15 @@ public class ResourceServerService { public void create() { this.auth.requireManage(); + + UserModel serviceAccount = this.session.users().getServiceAccount(client); + + if (serviceAccount == null) { + throw new RuntimeException("Client does not have a service account."); + } + this.resourceServer = this.authorization.getStoreFactory().getResourceServerStore().create(this.client.getId()); - createDefaultRoles(); + createDefaultRoles(serviceAccount); createDefaultPermission(createDefaultResource(), createDefaultPolicy()); } @@ -215,15 +222,13 @@ public class ResourceServerService { return defaultResource; } - private void createDefaultRoles() { + private void createDefaultRoles(UserModel serviceAccount) { RoleModel umaProtectionRole = client.getRole(Constants.AUTHZ_UMA_PROTECTION); if (umaProtectionRole == null) { umaProtectionRole = client.addRole(Constants.AUTHZ_UMA_PROTECTION); } - UserModel serviceAccount = this.session.users().getServiceAccount(client); - if (!serviceAccount.hasRole(umaProtectionRole)) { serviceAccount.grantRole(umaProtectionRole); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java index c97a8f5578..7c1139c4a2 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java @@ -154,8 +154,12 @@ public class ClientResource { } public void updateClientFromRep(ClientRepresentation rep, ClientModel client, KeycloakSession session) throws ModelDuplicateException { - if (TRUE.equals(rep.isServiceAccountsEnabled()) && !client.isServiceAccountsEnabled()) { - new ClientManager(new RealmManager(session)).enableServiceAccount(client); + if (TRUE.equals(rep.isServiceAccountsEnabled())) { + UserModel serviceAccount = this.session.users().getServiceAccount(client); + + if (serviceAccount == null) { + new ClientManager(new RealmManager(session)).enableServiceAccount(client); + } } if (!rep.getClientId().equals(client.getClientId())) { diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java index 2cd6d47530..77e0d6bbae 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java @@ -16,20 +16,26 @@ */ package org.keycloak.services.resources.admin; +import static java.lang.Boolean.TRUE; + import org.jboss.logging.Logger; import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.ResteasyProviderFactory; +import org.keycloak.authorization.admin.AuthorizationService; +import org.keycloak.common.Profile; import org.keycloak.events.admin.OperationType; import org.keycloak.events.admin.ResourceType; import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.ModelDuplicateException; import org.keycloak.models.RealmModel; +import org.keycloak.models.UserModel; import org.keycloak.models.utils.ModelToRepresentation; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.services.ErrorResponse; import org.keycloak.services.ErrorResponseException; import org.keycloak.services.managers.ClientManager; +import org.keycloak.services.managers.RealmManager; import org.keycloak.services.validation.ClientValidator; import org.keycloak.services.validation.PairwiseClientValidator; import org.keycloak.services.validation.ValidationMessages; @@ -93,7 +99,17 @@ public class ClientsResource { boolean view = auth.hasView(); for (ClientModel clientModel : clientModels) { if (view) { - rep.add(ModelToRepresentation.toRepresentation(clientModel)); + ClientRepresentation representation = ModelToRepresentation.toRepresentation(clientModel); + + if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) { + AuthorizationService authorizationService = getAuthorizationService(clientModel); + + if (authorizationService.isEnabled()) { + representation.setAuthorizationServicesEnabled(true); + } + } + + rep.add(representation); } else { ClientRepresentation client = new ClientRepresentation(); client.setId(clientModel.getId()); @@ -111,6 +127,10 @@ public class ClientsResource { return rep; } + private AuthorizationService getAuthorizationService(ClientModel clientModel) { + return new AuthorizationService(session, clientModel, auth); + } + /** * Create a new client * @@ -138,6 +158,20 @@ public class ClientsResource { try { ClientModel clientModel = ClientManager.createClient(session, realm, rep, true); + if (TRUE.equals(rep.isServiceAccountsEnabled())) { + UserModel serviceAccount = session.users().getServiceAccount(clientModel); + + if (serviceAccount == null) { + new ClientManager(new RealmManager(session)).enableServiceAccount(clientModel); + } + } + + if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) { + if (TRUE.equals(rep.getAuthorizationServicesEnabled())) { + getAuthorizationService(clientModel).enable(); + } + } + adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, clientModel.getId()).representation(rep).success(); return Response.created(uriInfo.getAbsolutePathBuilder().path(clientModel.getId()).build()).build();