diff --git a/admin-ui/src/main/resources/META-INF/resources/admin/partials/menu.html b/admin-ui/src/main/resources/META-INF/resources/admin/partials/menu.html
index 8593ba0fe7..29ef5b9a6e 100755
--- a/admin-ui/src/main/resources/META-INF/resources/admin/partials/menu.html
+++ b/admin-ui/src/main/resources/META-INF/resources/admin/partials/menu.html
@@ -11,7 +11,7 @@
Icon: user{{auth.user.displayName}}
diff --git a/core/src/main/java/org/keycloak/jaxrs/JaxrsOAuthClient.java b/core/src/main/java/org/keycloak/jaxrs/JaxrsOAuthClient.java
index c4b4f7b69f..2d02b2d984 100755
--- a/core/src/main/java/org/keycloak/jaxrs/JaxrsOAuthClient.java
+++ b/core/src/main/java/org/keycloak/jaxrs/JaxrsOAuthClient.java
@@ -46,7 +46,7 @@ public class JaxrsOAuthClient extends AbstractOAuthClient {
public String getStateCookiePath(UriInfo uriInfo) {
if (stateCookiePath != null) return stateCookiePath;
- return uriInfo.getBaseUri().getPath();
+ return uriInfo.getBaseUri().getRawPath();
}
public String getBearerToken(UriInfo uriInfo, HttpHeaders headers) throws BadRequestException, InternalServerErrorException {
diff --git a/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java b/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java
index bf53fc8841..3fe1453b12 100755
--- a/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java
+++ b/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java
@@ -62,6 +62,12 @@ public class ApplianceBootstrap {
adminUser.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
adminConsole.grantRole(adminUser, adminRole);
+
+ manager.enableAccountManagement(realm);
+ ApplicationModel accountApp = realm.getApplicationNameMap().get(Constants.ACCOUNT_APPLICATION);
+ for (String r : accountApp.getDefaultRoles()) {
+ accountApp.grantRole(adminUser, accountApp.getRole(r));
+ }
}
}
diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
index a3434b36be..b111ab5d43 100755
--- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
@@ -55,20 +55,20 @@ public class AuthenticationManager {
public NewCookie createLoginCookie(RealmModel realm, UserModel user, UriInfo uriInfo) {
String cookieName = KEYCLOAK_IDENTITY_COOKIE;
URI uri = RealmsResource.realmBaseUrl(uriInfo).build(realm.getId());
- String cookiePath = uri.getPath();
+ String cookiePath = uri.getRawPath();
return createLoginCookie(realm, user, null, cookieName, cookiePath);
}
public NewCookie createSaasIdentityCookie(RealmModel realm, UserModel user, UriInfo uriInfo) {
String cookieName = SaasService.SAAS_IDENTITY_COOKIE;
URI uri = SaasService.saasCookiePath(uriInfo).build();
- String cookiePath = uri.getPath();
+ String cookiePath = uri.getRawPath();
return createLoginCookie(realm, user, null, cookieName, cookiePath);
}
public NewCookie createAccountIdentityCookie(RealmModel realm, UserModel user, UserModel client, URI uri) {
String cookieName = AccountService.ACCOUNT_IDENTITY_COOKIE;
- String cookiePath = uri.getPath();
+ String cookiePath = uri.getRawPath();
return createLoginCookie(realm, user, client, cookieName, cookiePath);
}
@@ -101,19 +101,19 @@ public class AuthenticationManager {
public void expireIdentityCookie(RealmModel realm, UriInfo uriInfo) {
URI uri = RealmsResource.realmBaseUrl(uriInfo).build(realm.getId());
logger.debug("Expiring identity cookie");
- String path = uri.getPath();
+ String path = uri.getRawPath();
String cookieName = KEYCLOAK_IDENTITY_COOKIE;
expireCookie(cookieName, path);
}
public void expireSaasIdentityCookie(UriInfo uriInfo) {
URI uri = SaasService.saasCookiePath(uriInfo).build();
- String cookiePath = uri.getPath();
+ String cookiePath = uri.getRawPath();
expireCookie(SaasService.SAAS_IDENTITY_COOKIE, cookiePath);
}
public void expireAccountIdentityCookie(URI uri) {
- String cookiePath = uri.getPath();
+ String cookiePath = uri.getRawPath();
expireCookie(AccountService.ACCOUNT_IDENTITY_COOKIE, cookiePath);
}
diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
index 08b6b3d544..9f7ca11996 100755
--- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@@ -137,7 +137,7 @@ public class RealmManager {
}
}
- private void enableAccountManagement(RealmModel realm) {
+ public void enableAccountManagement(RealmModel realm) {
ApplicationModel application = realm.getApplicationNameMap().get(Constants.ACCOUNT_APPLICATION);
if (application == null) {
application = realm.addApplication(Constants.ACCOUNT_APPLICATION);
@@ -156,7 +156,7 @@ public class RealmManager {
application.setEnabled(true);
}
- private void disableAccountManagement(RealmModel realm) {
+ public void disableAccountManagement(RealmModel realm) {
ApplicationModel application = realm.getApplicationNameMap().get(Constants.ACCOUNT_APPLICATION);
if (application != null) {
application.setEnabled(false); // TODO Should we delete the application instead?
diff --git a/services/src/main/java/org/keycloak/services/resources/AccountService.java b/services/src/main/java/org/keycloak/services/resources/AccountService.java
index a9fb6de4f2..02e1e57a04 100755
--- a/services/src/main/java/org/keycloak/services/resources/AccountService.java
+++ b/services/src/main/java/org/keycloak/services/resources/AccountService.java
@@ -336,7 +336,7 @@ public class AccountService {
NewCookie cookie = authManager.createAccountIdentityCookie(realm, accessCode.getUser(), client, Urls.accountBase(uriInfo.getBaseUri()).build(realm.getId()));
return Response.status(302).cookie(cookie).location(redirectUri).build();
} finally {
- authManager.expireCookie(AbstractOAuthClient.OAUTH_TOKEN_REQUEST_STATE, uriInfo.getAbsolutePath().getPath());
+ authManager.expireCookie(AbstractOAuthClient.OAUTH_TOKEN_REQUEST_STATE, uriInfo.getAbsolutePath().getRawPath());
}
}
@@ -364,7 +364,7 @@ public class AccountService {
path = (path != null ? path : "") + "?referrer=" + referrer;
}
- oauth.setStateCookiePath(accountUri.getPath());
+ oauth.setStateCookiePath(accountUri.getRawPath());
return oauth.redirect(uriInfo, accountUri.toString(), path);
}
diff --git a/services/src/main/java/org/keycloak/services/resources/SaasService.java b/services/src/main/java/org/keycloak/services/resources/SaasService.java
index ae37f6fe55..a11b06e222 100755
--- a/services/src/main/java/org/keycloak/services/resources/SaasService.java
+++ b/services/src/main/java/org/keycloak/services/resources/SaasService.java
@@ -215,7 +215,7 @@ public class SaasService {
oauth.setClientId(Constants.ADMIN_CONSOLE_APPLICATION);
URI redirectUri = uriInfo.getBaseUriBuilder().path(SaasService.class).path(SaasService.class, "loginRedirect").build();
logger.debug("redirectUri: {0}", redirectUri.toString());
- oauth.setStateCookiePath(redirectUri.getPath());
+ oauth.setStateCookiePath(redirectUri.getRawPath());
return oauth.redirect(uriInfo, redirectUri.toString(), path);
}