From 12c3aa83dd091ba4f4ff08323e58e0c7642197e1 Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Tue, 19 May 2015 11:40:17 +0200
Subject: [PATCH] Updated admin events

---
 .../models/utils/RepresentationToModel.java   |   2 +
 .../resources/admin/AdminEventBuilder.java    | 164 ++++--------------
 .../ClientAttributeCertificateResource.java   |  11 +-
 .../resources/admin/ClientResource.java       |  41 ++---
 .../resources/admin/ClientsResource.java      |   2 +-
 .../admin/IdentityProviderResource.java       |  11 +-
 .../admin/IdentityProvidersResource.java      |   6 +-
 .../admin/ProtocolMappersResource.java        |   8 +-
 .../resources/admin/RealmAdminResource.java   |   8 +-
 .../resources/admin/RoleByIdResource.java     |  18 +-
 .../admin/RoleContainerResource.java          |  39 ++---
 .../resources/admin/RoleResource.java         |   6 +-
 .../admin/ScopeMappedClientResource.java      |   6 +-
 .../resources/admin/ScopeMappedResource.java  |   9 +-
 .../admin/UserClientRoleMappingsResource.java |  12 +-
 .../admin/UserFederationResource.java         |   8 +-
 .../resources/admin/UsersResource.java        |  35 ++--
 17 files changed, 140 insertions(+), 246 deletions(-)

diff --git a/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java b/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
index 578ecc9483..9f84087138 100755
--- a/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
+++ b/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
@@ -67,6 +67,8 @@ public class RepresentationToModel {
         if (rep.isEventsEnabled() != null) newRealm.setEventsEnabled(rep.isEventsEnabled());
         if (rep.getEventsExpiration() != null) newRealm.setEventsExpiration(rep.getEventsExpiration());
         if (rep.getEventsListeners() != null) newRealm.setEventsListeners(new HashSet<>(rep.getEventsListeners()));
+        if (rep.isAdminEventsEnabled() != null) newRealm.setAdminEventsEnabled(rep.isAdminEventsEnabled());
+        if (rep.isAdminEventsDetailsEnabled() != null) newRealm.setAdminEventsDetailsEnabled(rep.isAdminEventsDetailsEnabled());
 
         if (rep.getNotBefore() != null) newRealm.setNotBefore(rep.getNotBefore());
 
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AdminEventBuilder.java b/services/src/main/java/org/keycloak/services/resources/admin/AdminEventBuilder.java
index a0c15f334c..b9d2036557 100644
--- a/services/src/main/java/org/keycloak/services/resources/admin/AdminEventBuilder.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/AdminEventBuilder.java
@@ -25,6 +25,8 @@ import org.keycloak.representations.idm.IdentityProviderRepresentation;
 import org.keycloak.util.JsonSerialization;
 import org.keycloak.util.Time;
 
+import javax.ws.rs.core.UriInfo;
+
 public class AdminEventBuilder {
     
     private static final Logger log = Logger.getLogger(AdminEventBuilder.class);
@@ -92,18 +94,6 @@ public class AdminEventBuilder {
         return this;
     }
 
-    public AdminEventBuilder authRealm(String realmId) {
-        AuthDetails authDetails = adminEvent.getAuthDetails();
-        if(authDetails == null) {
-            authDetails =  new AuthDetails();
-            authDetails.setRealmId(realmId);
-        } else {
-            authDetails.setRealmId(realmId);
-        }
-        adminEvent.setAuthDetails(authDetails);
-        return this;
-    }
-
     public AdminEventBuilder authClient(ClientModel client) {
         AuthDetails authDetails = adminEvent.getAuthDetails();
         if(authDetails == null) {
@@ -116,18 +106,6 @@ public class AdminEventBuilder {
         return this;
     }
 
-    public AdminEventBuilder authClient(String clientId) {
-        AuthDetails authDetails = adminEvent.getAuthDetails();
-        if(authDetails == null) {
-            authDetails =  new AuthDetails();
-            authDetails.setClientId(clientId);
-        } else {
-            authDetails.setClientId(clientId);
-        }
-        adminEvent.setAuthDetails(authDetails);
-        return this;
-    }
-
     public AdminEventBuilder authUser(UserModel user) {
         AuthDetails authDetails = adminEvent.getAuthDetails();
         if(authDetails == null) {
@@ -140,18 +118,6 @@ public class AdminEventBuilder {
         return this;
     }
 
-    public AdminEventBuilder authUser(String userId) {
-        AuthDetails authDetails = adminEvent.getAuthDetails();
-        if(authDetails == null) {
-            authDetails =  new AuthDetails();
-            authDetails.setUserId(userId);
-        } else {
-            authDetails.setUserId(userId);
-        }
-        adminEvent.setAuthDetails(authDetails);
-        return this;
-    }
-
     public AdminEventBuilder authIpAddress(String ipAddress) {
         AuthDetails authDetails = adminEvent.getAuthDetails();
         if(authDetails == null) {
@@ -163,59 +129,45 @@ public class AdminEventBuilder {
         adminEvent.setAuthDetails(authDetails);
         return this;
     }
-    
-    public AdminEventBuilder resourcePath(String resourcePath) {
-        adminEvent.setResourcePath(resourcePath);
+
+    public AdminEventBuilder resourcePath(UriInfo uriInfo) {
+        String path = getResourcePath(uriInfo);
+        adminEvent.setResourcePath(path);
         return this;
     }
-    
-    public AdminEventBuilder resourcePath(String resourcePath, boolean segment) {
-        if(segment) {
-            int index = resourcePath.lastIndexOf('/');
-            int subIndex = resourcePath.lastIndexOf('/', index - 1);
-            adminEvent.setResourcePath(resourcePath.substring(subIndex));
-        } else {
-            adminEvent.setResourcePath(resourcePath.substring(resourcePath.lastIndexOf('/')));
+
+    public AdminEventBuilder resourcePath(UriInfo uriInfo, String id) {
+        StringBuilder sb = new StringBuilder();
+        sb.append(getResourcePath(uriInfo));
+        sb.append("/");
+        sb.append(id);
+        adminEvent.setResourcePath(sb.toString());
+        return this;
+    }
+
+    private String getResourcePath(UriInfo uriInfo) {
+        String path = uriInfo.getPath();
+
+        StringBuilder sb = new StringBuilder();
+        sb.append("/realms/");
+        sb.append(realm.getName());
+        sb.append("/");
+        String realmRelative = sb.toString();
+
+        path = path.substring(path.indexOf(realmRelative) + realmRelative.length());
+
+        if (path.contains("clients-by-id")) {
+            path = path.replaceAll("clients-by-id", "clients");
+        } else if (path.contains("roles-by-id")) {
+            path = path.replaceAll("roles-by-id", "roles");
+        } else if (path.contains("role-mappings/realm")) {
+            path = path.replaceFirst("role-mappings/realm", "role-mappings");
+        } else if (path.contains("role-mappings/clients")) {
+            path = path.replaceFirst("role-mappings/clients", "role-mappings");
         }
-        return this;
+
+        return path;
     }
-    
-    public AdminEventBuilder resourcePath(Object model) {
-        StringBuilder sb = new StringBuilder();
-        sb.append(getResourcePath(model));
-        adminEvent.setResourcePath(sb.toString());
-        return this;
-    }
-    
-    public AdminEventBuilder resourcePath(Object model, String resourcePath) {
-        StringBuilder sb = new StringBuilder();
-        sb.append(getResourcePath(model));
-        sb.append(resourcePath.substring(resourcePath.lastIndexOf('/')));
-        adminEvent.setResourcePath(sb.toString());
-        return this;
-    }
-    
-    public AdminEventBuilder resourcePath(Object model, String resourcePath, boolean segment) {
-        StringBuilder sb = new StringBuilder();
-        sb.append(getResourcePath(model));
-        int index = resourcePath.lastIndexOf('/');
-        int subIndex = resourcePath.lastIndexOf('/', index - 1);
-        sb.append(resourcePath.substring(subIndex));
-        adminEvent.setResourcePath(sb.toString());
-        return this;
-    }
-    
-    public AdminEventBuilder resourcePath(Object model, Object subModel, String resourcePath) {
-        StringBuilder sb = new StringBuilder();
-        sb.append(getResourcePath(model));
-        int index = resourcePath.lastIndexOf('/');
-        int subIndex = resourcePath.lastIndexOf('/', index - 1);
-        sb.append(resourcePath.substring(subIndex, index+1));
-        sb.append(getResourcePath(subModel));
-        adminEvent.setResourcePath(sb.toString());
-        return this;
-    }
-    
 
     public void error(String error) {
         adminEvent.setOperationType(OperationType.valueOf(adminEvent.getOperationType().name() + "_ERROR"));
@@ -268,47 +220,5 @@ public class AdminEventBuilder {
             }
         }
     }
-    
-    private String getResourcePath(Object model) {
 
-        StringBuilder sb = new StringBuilder();
-
-        if (model instanceof RealmModel) {
-            RealmModel realm = (RealmModel) model;
-            sb.append("realms/" + realm.getId());
-        } else if (model instanceof ClientModel) {
-            ClientModel client = (ClientModel) model;
-            sb.append("clients/" + client.getId());
-        } else if (model instanceof UserModel) {
-            UserModel user = (UserModel) model;
-            sb.append("users/" + user.getId());
-
-        } else if (model instanceof IdentityProviderModel) {
-            IdentityProviderModel provider = (IdentityProviderModel) model;
-            sb.append("identity-Providers/" + provider.getProviderId());
-        } else if (model instanceof IdentityProviderRepresentation) {
-            IdentityProviderRepresentation provider = (IdentityProviderRepresentation) model;
-            sb.append("identity-Providers/" + provider.getProviderId());
-        } else if (model instanceof IdentityProviderMapperModel) {
-            IdentityProviderMapperModel provider = (IdentityProviderMapperModel) model;
-            sb.append("identity-Provider-Mappers/" + provider.getId());
-        } else if (model instanceof IdentityProviderFactory) {
-            IdentityProviderFactory provider = (IdentityProviderFactory) model;
-            sb.append("identity-Provider-Factory/" + provider.getId());
-
-        } else if (model instanceof ProtocolMapperModel) {
-            ProtocolMapperModel mapper = (ProtocolMapperModel) model;
-            sb.append("protocol-Mappers/" + mapper.getId());
-
-        } else if (model instanceof UserFederationProviderModel) {
-            UserFederationProviderModel provider = (UserFederationProviderModel) model;
-            sb.append("user-Federation-Providers/" + provider.getId());
-        
-        } else if (model instanceof RoleModel) {
-            RoleModel role = (RoleModel) model;
-            sb.append("roles/" + role.getId());
-        }
-
-        return sb.toString();
-    }
 }
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java
index 3b91e3ec8f..c43f6d9575 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java
@@ -138,9 +138,8 @@ public class ClientAttributeCertificateResource {
         info.setCertificate(client.getAttribute(certificateAttribute));
         info.setPrivateKey(client.getAttribute(privateAttribute));
         
-        adminEvent.operation(OperationType.ACTION)
-        .resourcePath(client, session.getContext().getUri().getPath()).representation(info).success();
-        
+        adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).representation(info).success();
+
         return info;
     }
 
@@ -198,7 +197,7 @@ public class ClientAttributeCertificateResource {
             info.setCertificate(certPem);
         }
         
-        adminEvent.operation(OperationType.ACTION).resourcePath(client, uriInfo.getPath()).representation(info).success();
+        adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).representation(info).success();
         return info;
     }
 
@@ -324,10 +323,6 @@ public class ClientAttributeCertificateResource {
             stream.flush();
             stream.close();
             byte[] rtn = stream.toByteArray();
-            
-            adminEvent.operation(OperationType.ACTION)
-            .resourcePath(client, session.getContext().getUri().getPath()).success();
-            
             return rtn;
         } catch (Exception e) {
             throw new RuntimeException(e);
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java
index d9ab8dcd32..2a9bcfcaf4 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java
@@ -102,7 +102,7 @@ public class ClientResource {
 
         try {
             RepresentationToModel.updateClient(rep, client);
-            adminEvent.operation(OperationType.UPDATE).resourcePath(client).representation(rep).success();
+            adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
             return Response.noContent().build();
         } catch (ModelDuplicateException e) {
             return ErrorResponse.exists("Client " + rep.getClientId() + " already exists");
@@ -149,8 +149,6 @@ public class ClientResource {
 
         ClientManager clientManager = new ClientManager(new RealmManager(session));
         Object rep = clientManager.toInstallationRepresentation(realm, client, getKeycloakApplication().getBaseUri(uriInfo));
-        
-        adminEvent.operation(OperationType.ACTION).resourcePath(client, uriInfo.getPath(), true).success();
 
         // TODO Temporary solution to pretty-print
         return JsonSerialization.mapper.writerWithDefaultPrettyPrinter().writeValueAsString(rep);
@@ -170,9 +168,6 @@ public class ClientResource {
         auth.requireView();
 
         ClientManager clientManager = new ClientManager(new RealmManager(session));
-
-        adminEvent.operation(OperationType.ACTION).resourcePath(client, uriInfo.getPath(), true).success();
-
         return clientManager.toJBossSubsystemConfig(realm, client, getKeycloakApplication().getBaseUri(uriInfo));
     }
 
@@ -185,7 +180,7 @@ public class ClientResource {
     public void deleteClient() {
         auth.requireManage();
         new ClientManager(new RealmManager(session)).removeClient(realm, client);
-        adminEvent.operation(OperationType.DELETE).resourcePath(client).success();
+        adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
     }
 
 
@@ -204,7 +199,7 @@ public class ClientResource {
         logger.debug("regenerateSecret");
         UserCredentialModel cred = KeycloakModelUtils.generateSecret(client);
         CredentialRepresentation rep = ModelToRepresentation.toRepresentation(cred);
-        adminEvent.operation(OperationType.ACTION).resourcePath(client, uriInfo.getPath()).representation(rep).success();
+        adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).representation(rep).success();
         return rep;
     }
 
@@ -238,7 +233,7 @@ public class ClientResource {
 
     @Path("roles")
     public RoleContainerResource getRoleContainerResource() {
-        return new RoleContainerResource(realm, auth, client, adminEvent);
+        return new RoleContainerResource(uriInfo, realm, auth, client, adminEvent);
     }
 
     /**
@@ -271,7 +266,7 @@ public class ClientResource {
         auth.requireManage();
 
         client.setWebOrigins(allowedOrigins);
-        adminEvent.operation(OperationType.UPDATE).resourcePath(client, uriInfo.getPath()).representation(client).success();
+        adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(client).success();
     }
 
     /**
@@ -290,7 +285,7 @@ public class ClientResource {
         for (String origin : allowedOrigins) {
             client.removeWebOrigin(origin);
         }
-        adminEvent.operation(OperationType.DELETE).resourcePath(client, uriInfo.getPath()).success();
+        adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
     }
 
     /**
@@ -301,8 +296,8 @@ public class ClientResource {
     @POST
     public GlobalRequestResult pushRevocation() {
         auth.requireManage();
-        adminEvent.operation(OperationType.ACTION).resourcePath(client, uriInfo.getPath()).success();
-        return new ResourceAdminManager(session).pushClientRevocationPolicy(uriInfo.getRequestUri(), realm, client);
+        adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success();
+        return new ResourceAdminManager(session).pushClientRevocationPolicy(uriInfo.getRequestUri(), realm, client);
     
     }
     
@@ -355,9 +350,9 @@ public class ClientResource {
     @POST
     public GlobalRequestResult logoutAll() {
         auth.requireManage();
-        adminEvent.operation(OperationType.ACTION).resourcePath(client, uriInfo.getPath()).success();
+        adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success();
         return new ResourceAdminManager(session).logoutClient(uriInfo.getRequestUri(), realm, client);
-
+
     }
 
     /**
@@ -372,9 +367,9 @@ public class ClientResource {
         if (user == null) {
             throw new NotFoundException("User not found");
         }
-        adminEvent.operation(OperationType.ACTION).resourcePath(client, uriInfo.getPath(), true).success();
-        new ResourceAdminManager(session).logoutUserFromClient(uriInfo.getRequestUri(), realm, client, user);
-
+        adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success();
+        new ResourceAdminManager(session).logoutUserFromClient(uriInfo.getRequestUri(), realm, client, user);
+
     }
 
     /**
@@ -394,7 +389,7 @@ public class ClientResource {
         }
         if (logger.isDebugEnabled()) logger.debug("Register node: " + node);
         client.registerNode(node, Time.currentTime());
-        adminEvent.operation(OperationType.ACTION).resourcePath(client, uriInfo.getPath()).success();
+        adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success();
     }
 
     /**
@@ -414,7 +409,7 @@ public class ClientResource {
             throw new NotFoundException("Client does not have a node " + node);
         }
         client.unregisterNode(node);
-        adminEvent.operation(OperationType.DELETE).resourcePath(client, uriInfo.getPath(), true).success();
+        adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
     }
 
     /**
@@ -427,10 +422,10 @@ public class ClientResource {
     @NoCache
     public GlobalRequestResult testNodesAvailable() {
         auth.requireManage();
-        logger.debug("Test availability of cluster nodes");
-        adminEvent.operation(OperationType.ACTION).resourcePath(client, uriInfo.getPath()).success();
+        logger.debug("Test availability of cluster nodes");
+        adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success();
         return new ResourceAdminManager(session).testNodesAvailability(uriInfo.getRequestUri(), realm, client);
-
+
     }
 
 }
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java
index 51c509f74a..c899fdfe7b 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java
@@ -94,7 +94,7 @@ public class ClientsResource {
         try {
             ClientModel clientModel = RepresentationToModel.createClient(session, realm, rep, true);
             
-            adminEvent.operation(OperationType.CREATE).resourcePath(clientModel).representation(rep).success();
+            adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, clientModel.getId()).representation(rep).success();
             
             return Response.created(uriInfo.getAbsolutePathBuilder().path(getClientPath(clientModel)).build()).build();
         } catch (ModelDuplicateException e) {
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java
index 9b058a50d6..c97e9afbfa 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java
@@ -86,7 +86,7 @@ public class IdentityProviderResource {
 
         this.realm.removeIdentityProviderByAlias(this.identityProviderModel.getAlias());
         
-        adminEvent.operation(OperationType.DELETE).resourcePath(identityProviderModel).success();
+        adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
         
         return Response.noContent().build();
     }
@@ -112,7 +112,7 @@ public class IdentityProviderResource {
                 updateUsersAfterProviderAliasChange(this.session.users().getUsers(this.realm), oldProviderId, newProviderId);
             }
             
-            adminEvent.operation(OperationType.UPDATE).resourcePath(providerRep).representation(providerRep).success();
+            adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(providerRep).success();
             
             return Response.noContent().build();
         } catch (ModelDuplicateException e) {
@@ -169,7 +169,6 @@ public class IdentityProviderResource {
         try {
             this.auth.requireView();
             IdentityProviderFactory factory = getIdentityProviderFactory();
-            adminEvent.operation(OperationType.ACTION).resourcePath(identityProviderModel, uriInfo.getPath()).success();
             return factory.create(identityProviderModel).export(uriInfo, realm, format);
         } catch (Exception e) {
             return ErrorResponse.error("Could not export public broker configuration for identity provider [" + identityProviderModel.getProviderId() + "].", Response.Status.NOT_FOUND);
@@ -232,7 +231,7 @@ public class IdentityProviderResource {
         IdentityProviderMapperModel model = RepresentationToModel.toModel(mapper);
         model = realm.addIdentityProviderMapper(model);
         
-        adminEvent.operation(OperationType.CREATE).resourcePath(model, uriInfo.getPath())
+        adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, model.getId())
             .representation(mapper).success();
         
         return Response.created(uriInfo.getAbsolutePathBuilder().path(model.getId()).build()).build();
@@ -260,7 +259,7 @@ public class IdentityProviderResource {
         if (model == null) throw new NotFoundException("Model not found");
         model = RepresentationToModel.toModel(rep);
         realm.updateIdentityProviderMapper(model);
-        adminEvent.operation(OperationType.UPDATE).resourcePath(model).representation(rep).success();
+        adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
 
     }
 
@@ -272,7 +271,7 @@ public class IdentityProviderResource {
         IdentityProviderMapperModel model = realm.getIdentityProviderMapperById(id);
         if (model == null) throw new NotFoundException("Model not found");
         realm.removeIdentityProviderMapper(model);
-        adminEvent.operation(OperationType.DELETE).resourcePath(model).success();
+        adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
 
     }
 
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java
index 3617631245..9b5bebba02 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java
@@ -82,9 +82,6 @@ public class IdentityProvidersResource {
         InputStream inputStream = file.getBody(InputStream.class, null);
         IdentityProviderFactory providerFactory = getProviderFactorytById(providerId);
         Map<String, String> config = providerFactory.parseConfig(inputStream);
-        
-        adminEvent.operation(OperationType.CREATE).resourcePath(providerFactory, uriInfo.getPath()).representation(config).success();
-
         return config;
     }
 
@@ -102,7 +99,6 @@ public class IdentityProvidersResource {
             IdentityProviderFactory providerFactory = getProviderFactorytById(providerId);
             Map<String, String> config;
             config = providerFactory.parseConfig(inputStream);
-            adminEvent.operation(OperationType.CREATE).resourcePath(providerFactory, uriInfo.getPath()).representation(config).success();
             return config;
         } finally {
             try {
@@ -137,7 +133,7 @@ public class IdentityProvidersResource {
             IdentityProviderModel identityProvider = RepresentationToModel.toModel(representation);
             this.realm.addIdentityProvider(identityProvider);
 
-            adminEvent.operation(OperationType.CREATE).resourcePath(identityProvider)
+            adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, identityProvider.getInternalId())
                     .representation(representation).success();
             
             return Response.created(uriInfo.getAbsolutePathBuilder().path(representation.getProviderId()).build()).build();
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ProtocolMappersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ProtocolMappersResource.java
index 1f59b68e59..da5800641e 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ProtocolMappersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ProtocolMappersResource.java
@@ -89,7 +89,7 @@ public class ProtocolMappersResource {
         auth.requireManage();
         ProtocolMapperModel model = RepresentationToModel.toModel(rep);
         model = client.addProtocolMapper(model);
-        adminEvent.operation(OperationType.CREATE).resourcePath(model).representation(rep).success();
+        adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, model.getId()).representation(rep).success();
         return Response.created(uriInfo.getAbsolutePathBuilder().path(model.getId()).build()).build();
     }
     /**
@@ -107,7 +107,7 @@ public class ProtocolMappersResource {
             model = RepresentationToModel.toModel(rep);
             model = client.addProtocolMapper(model);
         }
-        adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo.getPath(), false).representation(reps).success();
+        adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(reps).success();
     }
 
     @GET
@@ -144,7 +144,7 @@ public class ProtocolMappersResource {
         if (model == null) throw new NotFoundException("Model not found");
         model = RepresentationToModel.toModel(rep);
         client.updateProtocolMapper(model);
-        adminEvent.operation(OperationType.UPDATE).resourcePath(model).representation(rep).success();
+        adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
     }
 
     @DELETE
@@ -155,7 +155,7 @@ public class ProtocolMappersResource {
         ProtocolMapperModel model = client.getProtocolMapperById(id);
         if (model == null) throw new NotFoundException("Model not found");
         client.removeProtocolMapper(model);
-        adminEvent.operation(OperationType.DELETE).resourcePath(model).success();
+        adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
 
     }
 
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
index 9f2a12fc81..c2a4730bee 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
@@ -132,7 +132,7 @@ public class RealmAdminResource {
      */
     @Path("roles")
     public RoleContainerResource getRoleContainerResource() {
-        return new RoleContainerResource(realm, auth, realm, adminEvent);
+        return new RoleContainerResource(uriInfo, realm, auth, realm, adminEvent);
     }
 
     /**
@@ -263,7 +263,7 @@ public class RealmAdminResource {
     @POST
     public GlobalRequestResult pushRevocation() {
         auth.requireManage();
-        adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo.getPath(), false).success();
+        adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success();
         return new ResourceAdminManager(session).pushRealmRevocationPolicy(uriInfo.getRequestUri(), realm);
     }
 
@@ -276,7 +276,7 @@ public class RealmAdminResource {
     @POST
     public GlobalRequestResult logoutAll() {
         session.sessions().removeUserSessions(realm);
-        adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo.getPath(), false).success();
+        adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success();
         return new ResourceAdminManager(session).logoutAll(uriInfo.getRequestUri(), realm);
     }
 
@@ -292,7 +292,7 @@ public class RealmAdminResource {
         UserSessionModel userSession = session.sessions().getUserSession(realm, sessionId);
         if (userSession == null) throw new NotFoundException("Sesssion not found");
         AuthenticationManager.backchannelLogout(session, realm, userSession, uriInfo, connection, headers, true);
-        adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo.getPath(), true).success();
+        adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
 
     }
 
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java
index 4ca16676a6..2f912f5198 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java
@@ -39,7 +39,10 @@ public class RoleByIdResource extends RoleResource {
     private AdminEventBuilder adminEvent;
 
     @Context
-    protected KeycloakSession session;
+    private KeycloakSession session;
+
+    @Context
+    private UriInfo uriInfo;
 
     public RoleByIdResource(RealmModel realm, RealmAuth auth, AdminEventBuilder adminEvent) {
         super(realm);
@@ -95,7 +98,7 @@ public class RoleByIdResource extends RoleResource {
         RoleModel role = getRoleModel(id);
         auth.requireManage();
         deleteRole(role);
-        adminEvent.operation(OperationType.DELETE).resourcePath(role).success();
+        adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
     }
 
     /**
@@ -111,7 +114,7 @@ public class RoleByIdResource extends RoleResource {
         RoleModel role = getRoleModel(id);
         auth.requireManage();
         updateRole(rep, role);
-        adminEvent.operation(OperationType.UPDATE).resourcePath(role).representation(rep).success();
+        adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
     }
 
     /**
@@ -126,11 +129,7 @@ public class RoleByIdResource extends RoleResource {
     public void addComposites(final @PathParam("role-id") String id, List<RoleRepresentation> roles) {
         RoleModel role = getRoleModel(id);
         auth.requireManage();
-        addComposites(roles, role);
-        
-        adminEvent.operation(OperationType.ACTION)
-            .resourcePath(role, session.getContext().getUri().getPath()).representation(roles).success();
-        
+        addComposites(adminEvent, uriInfo, roles, role);
     }
 
     /**
@@ -227,8 +226,7 @@ public class RoleByIdResource extends RoleResource {
         auth.requireManage();
         deleteComposites(roles, role);
         
-        adminEvent.operation(OperationType.DELETE)
-            .resourcePath(role, session.getContext().getUri().getPath()).representation(roles).success();
+        adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).representation(roles).success();
     }
 
 }
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java
index de2e3b425f..111942d458 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java
@@ -39,9 +39,11 @@ public class RoleContainerResource extends RoleResource {
     private final RealmAuth auth;
     protected RoleContainerModel roleContainer;
     private AdminEventBuilder adminEvent;
+    private UriInfo uriInfo;
 
-    public RoleContainerResource(RealmModel realm, RealmAuth auth, RoleContainerModel roleContainer, AdminEventBuilder adminEvent) {
+    public RoleContainerResource(UriInfo uriInfo, RealmModel realm, RealmAuth auth, RoleContainerModel roleContainer, AdminEventBuilder adminEvent) {
         super(realm);
+        this.uriInfo = uriInfo;
         this.realm = realm;
         this.auth = auth;
         this.roleContainer = roleContainer;
@@ -56,7 +58,7 @@ public class RoleContainerResource extends RoleResource {
     @GET
     @NoCache
     @Produces(MediaType.APPLICATION_JSON)
-    public List<RoleRepresentation> getRoles(@Context final UriInfo uriInfo) {
+    public List<RoleRepresentation> getRoles() {
         auth.requireAny();
 
         Set<RoleModel> roleModels = roleContainer.getRoles();
@@ -70,20 +72,19 @@ public class RoleContainerResource extends RoleResource {
     /**
      * Create a new role for this realm or client
      *
-     * @param uriInfo
      * @param rep
      * @return
      */
     @POST
     @Consumes(MediaType.APPLICATION_JSON)
-    public Response createRole(final @Context UriInfo uriInfo, final RoleRepresentation rep) {
+    public Response createRole(final RoleRepresentation rep) {
         auth.requireManage();
 
         try {
             RoleModel role = roleContainer.addRole(rep.getName());
             role.setDescription(rep.getDescription());
 
-            adminEvent.operation(OperationType.CREATE).resourcePath(role).representation(rep).success();
+            adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, role.getId()).representation(rep).success();
 
             return Response.created(uriInfo.getAbsolutePathBuilder().path(role.getName()).build()).build();
         } catch (ModelDuplicateException e) {
@@ -101,7 +102,7 @@ public class RoleContainerResource extends RoleResource {
     @GET
     @NoCache
     @Produces(MediaType.APPLICATION_JSON)
-    public RoleRepresentation getRole(@Context final UriInfo uriInfo, final @PathParam("role-name") String roleName) {
+    public RoleRepresentation getRole(final @PathParam("role-name") String roleName) {
         auth.requireView();
 
         RoleModel roleModel = roleContainer.getRole(roleName);
@@ -120,17 +121,17 @@ public class RoleContainerResource extends RoleResource {
     @Path("{role-name}")
     @DELETE
     @NoCache
-    public void deleteRole(@Context final UriInfo uriInfo, final @PathParam("role-name") String roleName) {
+    public void deleteRole(final @PathParam("role-name") String roleName) {
         auth.requireManage();
 
-        RoleRepresentation rep = getRole(uriInfo, roleName);
+        RoleRepresentation rep = getRole(roleName);
         RoleModel role = roleContainer.getRole(roleName);
         if (role == null) {
             throw new NotFoundException("Could not find role: " + roleName);
         }
         deleteRole(role);
 
-        adminEvent.operation(OperationType.DELETE).resourcePath(role).success();
+        adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
 
     }
 
@@ -144,7 +145,7 @@ public class RoleContainerResource extends RoleResource {
     @Path("{role-name}")
     @PUT
     @Consumes(MediaType.APPLICATION_JSON)
-    public Response updateRole(@Context final UriInfo uriInfo, final @PathParam("role-name") String roleName, final RoleRepresentation rep) {
+    public Response updateRole(final @PathParam("role-name") String roleName, final RoleRepresentation rep) {
         auth.requireManage();
 
         RoleModel role = roleContainer.getRole(roleName);
@@ -154,7 +155,7 @@ public class RoleContainerResource extends RoleResource {
         try {
             updateRole(rep, role);
 
-            adminEvent.operation(OperationType.UPDATE).resourcePath(role).representation(rep).success();
+            adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
 
             return Response.noContent().build();
         } catch (ModelDuplicateException e) {
@@ -171,16 +172,14 @@ public class RoleContainerResource extends RoleResource {
     @Path("{role-name}/composites")
     @POST
     @Consumes(MediaType.APPLICATION_JSON)
-    public void addComposites(@Context final UriInfo uriInfo, final @PathParam("role-name") String roleName, List<RoleRepresentation> roles) {
+    public void addComposites(final @PathParam("role-name") String roleName, List<RoleRepresentation> roles) {
         auth.requireManage();
 
         RoleModel role = roleContainer.getRole(roleName);
         if (role == null) {
             throw new NotFoundException("Could not find role: " + roleName);
         }
-        addComposites(roles, role);
-        adminEvent.operation(OperationType.ACTION).resourcePath(role, uriInfo.getPath()).representation(roles).success();
-
+        addComposites(adminEvent, uriInfo, roles, role);
     }
 
     /**
@@ -193,7 +192,7 @@ public class RoleContainerResource extends RoleResource {
     @GET
     @NoCache
     @Produces(MediaType.APPLICATION_JSON)
-    public Set<RoleRepresentation> getRoleComposites(@Context final UriInfo uriInfo, final @PathParam("role-name") String roleName) {
+    public Set<RoleRepresentation> getRoleComposites(final @PathParam("role-name") String roleName) {
         auth.requireManage();
 
         RoleModel role = roleContainer.getRole(roleName);
@@ -213,7 +212,7 @@ public class RoleContainerResource extends RoleResource {
     @GET
     @NoCache
     @Produces(MediaType.APPLICATION_JSON)
-    public Set<RoleRepresentation> getRealmRoleComposites(@Context final UriInfo uriInfo, final @PathParam("role-name") String roleName) {
+    public Set<RoleRepresentation> getRealmRoleComposites(final @PathParam("role-name") String roleName) {
         auth.requireManage();
 
         RoleModel role = roleContainer.getRole(roleName);
@@ -234,7 +233,7 @@ public class RoleContainerResource extends RoleResource {
     @GET
     @NoCache
     @Produces(MediaType.APPLICATION_JSON)
-    public Set<RoleRepresentation> getClientRoleComposites(@Context final UriInfo uriInfo, 
+    public Set<RoleRepresentation> getClientRoleComposites(
                                                            final @PathParam("role-name") String roleName,
                                                            final @PathParam("clientId") String clientId) {
         auth.requireManage();
@@ -290,7 +289,7 @@ public class RoleContainerResource extends RoleResource {
     @Path("{role-name}/composites")
     @DELETE
     @Consumes(MediaType.APPLICATION_JSON)
-    public void deleteComposites(@Context final UriInfo uriInfo, 
+    public void deleteComposites(
                                    final @PathParam("role-name") String roleName,
                                    List<RoleRepresentation> roles) {
         auth.requireManage();
@@ -300,7 +299,7 @@ public class RoleContainerResource extends RoleResource {
             throw new NotFoundException("Could not find role: " + roleName);
         }
         deleteComposites(roles, role);
-        adminEvent.operation(OperationType.DELETE).resourcePath(role, uriInfo.getPath()).success();
+        adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
     }
 
 }
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RoleResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RoleResource.java
index 8196528ccb..ee6c73a1ba 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/RoleResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RoleResource.java
@@ -1,12 +1,14 @@
 package org.keycloak.services.resources.admin;
 
 import org.jboss.resteasy.spi.NotFoundException;
+import org.keycloak.events.admin.OperationType;
 import org.keycloak.models.ClientModel;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RoleModel;
 import org.keycloak.models.utils.ModelToRepresentation;
 import org.keycloak.representations.idm.RoleRepresentation;
 
+import javax.ws.rs.core.UriInfo;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
@@ -38,13 +40,15 @@ public abstract class RoleResource {
         role.setDescription(rep.getDescription());
     }
 
-    protected void addComposites(List<RoleRepresentation> roles, RoleModel role) {
+    protected void addComposites(AdminEventBuilder adminEvent, UriInfo uriInfo, List<RoleRepresentation> roles, RoleModel role) {
         for (RoleRepresentation rep : roles) {
             RoleModel composite = realm.getRoleById(rep.getId());
             if (composite == null) {
                 throw new NotFoundException("Could not find composite role: " + rep.getName());
             }
             role.addCompositeRole(composite);
+
+            adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, rep.getId()).representation(roles).success();
         }
     }
 
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedClientResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedClientResource.java
index 7f195c59f2..6a5c6a488c 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedClientResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedClientResource.java
@@ -110,7 +110,7 @@ public class ScopeMappedClientResource {
                 throw new NotFoundException("Role not found");
             }
             client.addScopeMapping(roleModel);
-            adminEvent.operation(OperationType.CREATE).resourcePath(client, "/roles").representation(roles).success();
+            adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), roleModel.getId()).representation(roles).success();
         }
     }
 
@@ -129,7 +129,7 @@ public class ScopeMappedClientResource {
             for (RoleModel roleModel : roleModels) {
                 client.deleteScopeMapping(roleModel);
             }
-
+            adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).representation(roles).success();
         } else {
             for (RoleRepresentation role : roles) {
                 RoleModel roleModel = scopedClient.getRole(role.getName());
@@ -137,8 +137,8 @@ public class ScopeMappedClientResource {
                     throw new NotFoundException("Role not found");
                 }
                 client.deleteScopeMapping(roleModel);
+                adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri(), roleModel.getId()).representation(roles).success();
             }
         }
-        adminEvent.operation(OperationType.DELETE).resourcePath(client, "/roles").representation(roles).success();
     }
 }
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java
index 97b5e3b8e9..587114d19d 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java
@@ -181,9 +181,8 @@ public class ScopeMappedResource {
                 throw new NotFoundException("Role not found");
             }
             client.addScopeMapping(roleModel);
+            adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), role.getId()).representation(roles).success();
         }
-        adminEvent.operation(OperationType.CREATE).resourcePath(client, "/roles").representation(roles).success();
-
     }
 
     /**
@@ -202,17 +201,17 @@ public class ScopeMappedResource {
             for (RoleModel roleModel : roleModels) {
                 client.deleteScopeMapping(roleModel);
             }
-
-        } else {
+            adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).representation(roles).success();
+       } else {
             for (RoleRepresentation role : roles) {
                 RoleModel roleModel = realm.getRoleById(role.getId());
                 if (roleModel == null) {
                     throw new NotFoundException("Client not found");
                 }
                 client.deleteScopeMapping(roleModel);
+                adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri(), roleModel.getId()).representation(roles).success();
             }
         }
-        adminEvent.operation(OperationType.DELETE).resourcePath(client, "/roles").representation(roles).success();
 
     }
 
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UserClientRoleMappingsResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UserClientRoleMappingsResource.java
index 9bd8160e57..34aafb7a72 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UserClientRoleMappingsResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UserClientRoleMappingsResource.java
@@ -39,12 +39,10 @@ public class UserClientRoleMappingsResource {
     protected UserModel user;
     protected ClientModel client;
     protected AdminEventBuilder adminEvent;
-    
-    @Context
-    protected KeycloakSession session;
-    
+    private UriInfo uriInfo;
 
-    public UserClientRoleMappingsResource(RealmModel realm, RealmAuth auth, UserModel user, ClientModel client, AdminEventBuilder adminEvent) {
+    public UserClientRoleMappingsResource(UriInfo uriInfo, RealmModel realm, RealmAuth auth, UserModel user, ClientModel client, AdminEventBuilder adminEvent) {
+        this.uriInfo = uriInfo;
         this.realm = realm;
         this.auth = auth;
         this.user = user;
@@ -138,7 +136,7 @@ public class UserClientRoleMappingsResource {
             }
             user.grantRole(roleModel);
         }
-        adminEvent.operation(OperationType.CREATE).resourcePath(client, user, "/roles/").representation(roles).success();
+        adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(roles).success();
 
     }
 
@@ -171,6 +169,6 @@ public class UserClientRoleMappingsResource {
                 user.deleteRoleMapping(roleModel);
             }
         }
-        adminEvent.operation(OperationType.DELETE).resourcePath(client, user, "/roles/").representation(roles).success();
+        adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).representation(roles).success();
     }
 }
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UserFederationResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UserFederationResource.java
index 7bc54a95fd..427f95f16f 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UserFederationResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UserFederationResource.java
@@ -131,7 +131,7 @@ public class UserFederationResource {
         new UsersSyncManager().refreshPeriodicSyncForProvider(session.getKeycloakSessionFactory(), session.getProvider(TimerProvider.class), model, realm.getId());
         checkKerberosCredential(model);
         
-        adminEvent.operation(OperationType.CREATE).resourcePath(model).representation(rep).success();
+        adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(rep).success();
 
         return Response.created(uriInfo.getAbsolutePathBuilder().path(model.getId()).build()).build();
     }
@@ -157,7 +157,7 @@ public class UserFederationResource {
         new UsersSyncManager().refreshPeriodicSyncForProvider(session.getKeycloakSessionFactory(), session.getProvider(TimerProvider.class), model, realm.getId());
         checkKerberosCredential(model);
         
-        adminEvent.operation(OperationType.UPDATE).resourcePath(model).representation(rep).success();
+        adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
 
     }
 
@@ -195,7 +195,7 @@ public class UserFederationResource {
         realm.removeUserFederationProvider(model);
         new UsersSyncManager().removePeriodicSyncForProvider(session.getProvider(TimerProvider.class), model);
         
-        adminEvent.operation(OperationType.DELETE).resourcePath(model).success();
+        adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
 
     }
 
@@ -239,7 +239,7 @@ public class UserFederationResource {
                 } else if ("triggerChangedUsersSync".equals(action)) {
                     syncManager.syncChangedUsers(session.getKeycloakSessionFactory(), realm.getId(), model);
                 }
-                adminEvent.operation(OperationType.ACTION).resourcePath(model, "/sync").success();
+                adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success();
                 return Response.noContent().build();
             }
         }
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
index c84b635e7a..fa6b901928 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
@@ -97,7 +97,7 @@ public class UsersResource {
     public UsersResource(RealmModel realm, RealmAuth auth, TokenManager tokenManager, AdminEventBuilder adminEvent) {
         this.auth = auth;
         this.realm = realm;
-        this.adminEvent = adminEvent;
+        this.adminEvent = adminEvent;
 
         auth.init(RealmAuth.Resource.USER);
     }
@@ -121,7 +121,7 @@ public class UsersResource {
                 throw new NotFoundException("User not found");
             }
             updateUserFromRep(user, rep);
-            adminEvent.operation(OperationType.UPDATE).resourcePath(user).representation(rep).success();
+            adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
 
             if (session.getTransaction().isActive()) {
                 session.getTransaction().commit();
@@ -158,7 +158,7 @@ public class UsersResource {
             UserModel user = session.users().addUser(realm, rep.getUsername());
             updateUserFromRep(user, rep);
             
-            adminEvent.operation(OperationType.CREATE).resourcePath(user).representation(rep).success();
+            adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, user.getId()).representation(rep).success();
             
             if (session.getTransaction().isActive()) {
                 session.getTransaction().commit();
@@ -312,7 +312,7 @@ public class UsersResource {
 
         FederatedIdentityModel socialLink = new FederatedIdentityModel(provider, rep.getUserId(), rep.getUserName());
         session.users().addFederatedIdentity(realm, user, socialLink);
-        adminEvent.operation(OperationType.CREATE).resourcePath(user, uriInfo.getPath(), true).representation(rep).success();
+        adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(rep).success();
         return Response.noContent().build();
     }
 
@@ -328,7 +328,7 @@ public class UsersResource {
         if (!session.users().removeFederatedIdentity(realm, user, provider)) {
             throw new NotFoundException("Link not found");
         }
-        adminEvent.operation(OperationType.DELETE).resourcePath(user, uriInfo.getPath(), true).success();
+        adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
     }
 
     /**
@@ -382,7 +382,7 @@ public class UsersResource {
         } else {
             throw new NotFoundException("Consent not found for user " + username + " and client " + clientId);
         }
-        adminEvent.operation(OperationType.ACTION).resourcePath(user, client, uriInfo.getPath()).success();
+        adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success();
     }
 
     /**
@@ -404,7 +404,7 @@ public class UsersResource {
         for (UserSessionModel userSession : userSessions) {
             AuthenticationManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers, true);
         }
-        adminEvent.operation(OperationType.ACTION).resourcePath(user, uriInfo.getPath()).success();
+        adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success();
     }
 
     /**
@@ -426,7 +426,7 @@ public class UsersResource {
 
         boolean removed = new UserManager(session).removeUser(realm, user);
         if (removed) {
-            adminEvent.operation(OperationType.DELETE).resourcePath(user).success();
+            adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
             return Response.noContent().build();
         } else {
             return ErrorResponse.error("User couldn't be deleted", Response.Status.BAD_REQUEST);
@@ -638,10 +638,8 @@ public class UsersResource {
                 throw new NotFoundException("Role not found");
             }
             user.grantRole(roleModel);
+            adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, role.getId()).representation(roles).success();
         }
-        
-        adminEvent.operation(OperationType.CREATE).resourcePath(user, realm, uriInfo.getPath()).representation(roles).success();
-
     }
 
     /**
@@ -667,7 +665,7 @@ public class UsersResource {
             for (RoleModel roleModel : roleModels) {
                 user.deleteRoleMapping(roleModel);
             }
-
+            adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(roles).success();
         } else {
             for (RoleRepresentation role : roles) {
                 RoleModel roleModel = realm.getRole(role.getName());
@@ -675,10 +673,11 @@ public class UsersResource {
                     throw new NotFoundException("Role not found");
                 }
                 user.deleteRoleMapping(roleModel);
+
+                adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo, role.getId()).representation(roles).success();
             }
         }
         
-        adminEvent.operation(OperationType.DELETE).resourcePath(user, realm, uriInfo.getPath()).representation(roles).success();
     }
 
     @Path("{username}/role-mappings/clients/{clientId}")
@@ -693,7 +692,7 @@ public class UsersResource {
         if (client == null) {
             throw new NotFoundException("Client not found");
         }
-        return new UserClientRoleMappingsResource(realm, auth, user, client, adminEvent);
+        return new UserClientRoleMappingsResource(uriInfo, realm, auth, user, client, adminEvent);
 
     }
     @Path("{username}/role-mappings/clients-by-id/{id}")
@@ -709,7 +708,7 @@ public class UsersResource {
             throw new NotFoundException("Client not found");
         }
         
-        return new UserClientRoleMappingsResource(realm, auth, user, client, adminEvent);
+        return new UserClientRoleMappingsResource(uriInfo, realm, auth, user, client, adminEvent);
 
     }
     /**
@@ -743,7 +742,7 @@ public class UsersResource {
         }
         if (pass.isTemporary()) user.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
         
-        adminEvent.operation(OperationType.ACTION).resourcePath(user, uriInfo.getPath()).success();
+        adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success();
     }
 
     /**
@@ -763,7 +762,7 @@ public class UsersResource {
         }
 
         user.setTotp(false);
-        adminEvent.operation(OperationType.ACTION).resourcePath(user, uriInfo.getPath()).success();
+        adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success();
     }
 
     /**
@@ -840,7 +839,7 @@ public class UsersResource {
 
             //audit.user(user).detail(Details.EMAIL, user.getEmail()).detail(Details.CODE_ID, accessCode.getCodeId()).success();
 
-            adminEvent.operation(OperationType.ACTION).resourcePath(user, uriInfo.getPath()).success();
+            adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success();
 
             return Response.ok().build();
         } catch (EmailException e) {