diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/ClientAdapter.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/ClientAdapter.java index ae7faecd87..6bcbc16f83 100755 --- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/ClientAdapter.java +++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/ClientAdapter.java @@ -463,31 +463,6 @@ public class ClientAdapter implements ClientModel, CachedObject { updated.setBaseUrl(url); } - @Override - @Deprecated - public Stream getDefaultRolesStream() { - if (isUpdated()) return updated.getDefaultRolesStream(); - return getRealm().getDefaultRole().getCompositesStream().filter(this::isClientRole).map(RoleModel::getName); - } - - private boolean isClientRole(RoleModel role) { - return role.isClientRole() && Objects.equals(role.getContainerId(), this.getId()); - } - - @Override - @Deprecated - public void addDefaultRole(String name) { - getDelegateForUpdate(); - updated.addDefaultRole(name); - } - - @Override - @Deprecated - public void removeDefaultRoles(String... defaultRoles) { - getDelegateForUpdate(); - updated.removeDefaultRoles(defaultRoles); - } - @Override public boolean isBearerOnly() { if (isUpdated()) return updated.isBearerOnly(); diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmAdapter.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmAdapter.java index 4337ef9115..fbe92eae5d 100755 --- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmAdapter.java +++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmAdapter.java @@ -747,32 +747,6 @@ public class RealmAdapter implements CachedRealmModel { } - @Override - @Deprecated - public Stream getDefaultRolesStream() { - if (isUpdated()) return updated.getDefaultRolesStream(); - return getDefaultRole().getCompositesStream().filter(this::isRealmRole).map(RoleModel::getName); - } - - private boolean isRealmRole(RoleModel role) { - return ! role.isClientRole(); - } - - @Override - @Deprecated - public void addDefaultRole(String name) { - getDelegateForUpdate(); - updated.addDefaultRole(name); - } - - @Override - @Deprecated - public void removeDefaultRoles(String... defaultRoles) { - getDelegateForUpdate(); - updated.removeDefaultRoles(defaultRoles); - - } - @Override public void addToDefaultRoles(RoleModel role) { getDelegateForUpdate(); diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/ClientAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/ClientAdapter.java index 5469dada44..d422c73b23 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/ClientAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/ClientAdapter.java @@ -655,38 +655,6 @@ public class ClientAdapter implements ClientModel, JpaModel { return RoleUtils.hasRole(getRolesStream(), role); } - @Override - @Deprecated - public Stream getDefaultRolesStream() { - return realm.getDefaultRole().getCompositesStream().filter(this::isClientRole).map(RoleModel::getName); - } - - private boolean isClientRole(RoleModel role) { - return role.isClientRole() && Objects.equals(role.getContainerId(), this.getId()); - } - - @Override - @Deprecated - public void addDefaultRole(String name) { - realm.getDefaultRole().addCompositeRole(getOrAddRoleId(name)); - } - - private RoleModel getOrAddRoleId(String name) { - RoleModel role = getRole(name); - if (role == null) { - role = addRole(name); - } - return role; - } - - @Override - @Deprecated - public void removeDefaultRoles(String... defaultRoles) { - for (String defaultRole : defaultRoles) { - realm.getDefaultRole().removeCompositeRole(getRole(defaultRole)); - } - } - @Override public int getNodeReRegistrationTimeout() { return entity.getNodeReRegistrationTimeout(); diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java index 2ffc935bb9..2680759dea 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java @@ -688,38 +688,6 @@ public class RealmAdapter implements LegacyRealmModel, JpaModel { return realm.getRequiredCredentials().stream().map(this::toRequiredCredentialModel); } - @Override - @Deprecated - public Stream getDefaultRolesStream() { - return getDefaultRole().getCompositesStream().filter(this::isRealmRole).map(RoleModel::getName); - } - - private boolean isRealmRole(RoleModel role) { - return ! role.isClientRole(); - } - - @Override - @Deprecated - public void addDefaultRole(String name) { - getDefaultRole().addCompositeRole(getOrAddRoleId(name)); - } - - private RoleModel getOrAddRoleId(String name) { - RoleModel role = getRole(name); - if (role == null) { - role = addRole(name); - } - return role; - } - - @Override - @Deprecated - public void removeDefaultRoles(String... defaultRoles) { - for (String defaultRole : defaultRoles) { - getDefaultRole().removeCompositeRole(getRole(defaultRole)); - } - } - @Override public Stream getDefaultGroupsStream() { return realm.getDefaultGroupIds().stream().map(this::getGroupById); diff --git a/model/legacy-private/src/main/java/org/keycloak/storage/client/UnsupportedOperationsClientStorageAdapter.java b/model/legacy-private/src/main/java/org/keycloak/storage/client/UnsupportedOperationsClientStorageAdapter.java index 80d86a0445..b20e9c243f 100644 --- a/model/legacy-private/src/main/java/org/keycloak/storage/client/UnsupportedOperationsClientStorageAdapter.java +++ b/model/legacy-private/src/main/java/org/keycloak/storage/client/UnsupportedOperationsClientStorageAdapter.java @@ -64,27 +64,4 @@ public abstract class UnsupportedOperationsClientStorageAdapter implements Clien return Stream.empty(); } - @Override - public final Stream getDefaultRolesStream() { - return Stream.empty(); - } - - @Override - public final void addDefaultRole(String name) { - throw new ModelException("Unsupported operation"); - - } - - @Override - public final void updateDefaultRoles(String... defaultRoles) { - throw new ModelException("Unsupported operation"); - - } - - @Override - public final void removeDefaultRoles(String... defaultRoles) { - throw new ModelException("Unsupported operation"); - } - - } diff --git a/model/map/src/main/java/org/keycloak/models/map/client/MapClientAdapter.java b/model/map/src/main/java/org/keycloak/models/map/client/MapClientAdapter.java index ef762a1f59..9b156bd957 100644 --- a/model/map/src/main/java/org/keycloak/models/map/client/MapClientAdapter.java +++ b/model/map/src/main/java/org/keycloak/models/map/client/MapClientAdapter.java @@ -482,40 +482,6 @@ public abstract class MapClientAdapter extends AbstractClientModel (Objects.equals(r, role) || r.hasRole(role))); } - /*************** Default roles ****************/ - - @Override - @Deprecated - public Stream getDefaultRolesStream() { - return realm.getDefaultRole().getCompositesStream().filter(this::isClientRole).map(RoleModel::getName); - } - - private boolean isClientRole(RoleModel role) { - return role.isClientRole() && Objects.equals(role.getContainerId(), this.getId()); - } - - @Override - @Deprecated - public void addDefaultRole(String name) { - realm.getDefaultRole().addCompositeRole(getOrAddRoleId(name)); - } - - private RoleModel getOrAddRoleId(String name) { - RoleModel role = getRole(name); - if (role == null) { - role = addRole(name); - } - return role; - } - - @Override - @Deprecated - public void removeDefaultRoles(String... defaultRoles) { - for (String defaultRole : defaultRoles) { - realm.getDefaultRole().removeCompositeRole(getRole(defaultRole)); - } - } - /*************** Protocol mappers ****************/ private String safeGetProtocol() { diff --git a/model/map/src/main/java/org/keycloak/models/map/realm/MapRealmAdapter.java b/model/map/src/main/java/org/keycloak/models/map/realm/MapRealmAdapter.java index d6a8f6085a..c792ce47aa 100644 --- a/model/map/src/main/java/org/keycloak/models/map/realm/MapRealmAdapter.java +++ b/model/map/src/main/java/org/keycloak/models/map/realm/MapRealmAdapter.java @@ -1554,38 +1554,6 @@ public class MapRealmAdapter extends AbstractRealmModel implemen return session.roles().searchForRolesStream(this, search, first, max); } - @Override - @Deprecated - public Stream getDefaultRolesStream() { - return getDefaultRole().getCompositesStream().filter(this::isRealmRole).map(RoleModel::getName); - } - - private boolean isRealmRole(RoleModel role) { - return ! role.isClientRole(); - } - - @Override - @Deprecated - public void addDefaultRole(String name) { - getDefaultRole().addCompositeRole(getOrAddRoleId(name)); - } - - private RoleModel getOrAddRoleId(String name) { - RoleModel role = getRole(name); - if (role == null) { - role = addRole(name); - } - return role; - } - - @Override - @Deprecated - public void removeDefaultRoles(String... defaultRoles) { - for (String defaultRole : defaultRoles) { - getDefaultRole().removeCompositeRole(getRole(defaultRole)); - } - } - @Override public boolean isBruteForceProtected() { return getAttribute(BRUTE_FORCE_PROTECTED, false); diff --git a/server-spi-private/src/main/java/org/keycloak/models/delegate/ClientModelLazyDelegate.java b/server-spi-private/src/main/java/org/keycloak/models/delegate/ClientModelLazyDelegate.java index a07a7fa5d0..2ffa10b097 100644 --- a/server-spi-private/src/main/java/org/keycloak/models/delegate/ClientModelLazyDelegate.java +++ b/server-spi-private/src/main/java/org/keycloak/models/delegate/ClientModelLazyDelegate.java @@ -589,26 +589,6 @@ public class ClientModelLazyDelegate implements ClientModel { return getDelegate().searchForRolesStream(search, first, max); } - @Override - public Stream getDefaultRolesStream() { - return getDelegate().getDefaultRolesStream(); - } - - @Override - public void addDefaultRole(String name) { - getDelegate().addDefaultRole(name); - } - - @Override - public void updateDefaultRoles(String... defaultRoles) { - getDelegate().updateDefaultRoles(defaultRoles); - } - - @Override - public void removeDefaultRoles(String... defaultRoles) { - getDelegate().removeDefaultRoles(defaultRoles); - } - @Override public Stream getProtocolMappersStream() { return getDelegate().getProtocolMappersStream(); diff --git a/server-spi-private/src/test/java/org/keycloak/broker/provider/util/IdentityBrokerStateTestHelpers.java b/server-spi-private/src/test/java/org/keycloak/broker/provider/util/IdentityBrokerStateTestHelpers.java index 13d45100e8..96db5c8fb2 100644 --- a/server-spi-private/src/test/java/org/keycloak/broker/provider/util/IdentityBrokerStateTestHelpers.java +++ b/server-spi-private/src/test/java/org/keycloak/broker/provider/util/IdentityBrokerStateTestHelpers.java @@ -67,21 +67,6 @@ public class IdentityBrokerStateTestHelpers { return null; } - @Override - public Stream getDefaultRolesStream() { - return null; - } - - @Override - public void addDefaultRole(String name) { - - } - - @Override - public void removeDefaultRoles(String... defaultRoles) { - - } - @Override public String getClientId() { return clientId; @@ -553,21 +538,6 @@ public class IdentityBrokerStateTestHelpers { return null; } - @Override - public Stream getDefaultRolesStream() { - return null; - } - - @Override - public void addDefaultRole(String name) { - - } - - @Override - public void removeDefaultRoles(String... defaultRoles) { - - } - @Override public String getName() { return null; diff --git a/server-spi/src/main/java/org/keycloak/models/RoleContainerModel.java b/server-spi/src/main/java/org/keycloak/models/RoleContainerModel.java index ac0d286a25..a0dda0b4d4 100755 --- a/server-spi/src/main/java/org/keycloak/models/RoleContainerModel.java +++ b/server-spi/src/main/java/org/keycloak/models/RoleContainerModel.java @@ -73,62 +73,4 @@ public interface RoleContainerModel { */ Stream searchForRolesStream(String search, Integer first, Integer max); - /** - * @deprecated Default roles are now managed by {@link org.keycloak.models.RealmModel#getDefaultRole()}. This method will be removed. - * @return List of default roles names or empty list if there are none. Never returns {@code null}. - */ - @Deprecated - default List getDefaultRoles() { - Stream defaultRolesStream = getDefaultRolesStream(); - if (defaultRolesStream != null) { - return defaultRolesStream.collect(Collectors.toList()); - } else { - return Collections.emptyList(); - } - } - - /** - * @deprecated Default roles are now managed by {@link org.keycloak.models.RealmModel#getDefaultRole()}. This method will be removed. - * @return Stream of default roles names or empty stream if there are none. Never returns {@code null}. - */ - @Deprecated - Stream getDefaultRolesStream(); - - /** - * @deprecated Default roles are now managed by {@link org.keycloak.models.RealmModel#getDefaultRole()}. This method will be removed. - */ - @Deprecated - void addDefaultRole(String name); - - /** - * @deprecated Default roles are now managed by {@link org.keycloak.models.RealmModel#getDefaultRole()}. This method will be removed. - */ - @Deprecated - default void updateDefaultRoles(String... defaultRoles) { - List defaultRolesArray = Arrays.asList(defaultRoles); - Collection entities = getDefaultRolesStream().collect(Collectors.toList()); - Set already = new HashSet<>(); - ArrayList remove = new ArrayList<>(); - for (String rel : entities) { - if (! defaultRolesArray.contains(rel)) { - remove.add(rel); - } else { - already.add(rel); - } - } - removeDefaultRoles(remove.toArray(new String[] {})); - - for (String roleName : defaultRoles) { - if (!already.contains(roleName)) { - addDefaultRole(roleName); - } - } - } - - /** - * @deprecated Default roles are now managed by {@link org.keycloak.models.RealmModel#getDefaultRole()}. This method will be removed. - */ - @Deprecated - void removeDefaultRoles(String... defaultRoles); - } diff --git a/services/src/main/java/org/keycloak/services/clientregistration/AbstractClientRegistrationProvider.java b/services/src/main/java/org/keycloak/services/clientregistration/AbstractClientRegistrationProvider.java index cfb7f2e20a..c9b0af1fb3 100755 --- a/services/src/main/java/org/keycloak/services/clientregistration/AbstractClientRegistrationProvider.java +++ b/services/src/main/java/org/keycloak/services/clientregistration/AbstractClientRegistrationProvider.java @@ -17,6 +17,14 @@ package org.keycloak.services.clientregistration; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.HashSet; +import java.util.List; +import java.util.Objects; +import java.util.Set; +import java.util.stream.Collectors; import java.util.stream.Stream; import org.keycloak.events.EventBuilder; import org.keycloak.events.EventType; @@ -26,6 +34,7 @@ import org.keycloak.models.ClientRegistrationAccessTokenConstants; import org.keycloak.models.KeycloakSession; import org.keycloak.models.ModelDuplicateException; import org.keycloak.models.RealmModel; +import org.keycloak.models.RoleModel; import org.keycloak.models.utils.ModelToRepresentation; import org.keycloak.models.utils.RepresentationToModel; import org.keycloak.representations.idm.ClientRepresentation; @@ -69,7 +78,7 @@ public abstract class AbstractClientRegistrationProvider implements ClientRegist if (client.getDefaultRoles() != null) { for (String name : client.getDefaultRoles()) { - clientModel.addDefaultRole(name); + addDefaultRole(clientModel, name); } } @@ -99,7 +108,7 @@ public abstract class AbstractClientRegistrationProvider implements ClientRegist client.setDirectAccessGrantsEnabled(false); - Stream defaultRolesNames = clientModel.getDefaultRolesStream(); + Stream defaultRolesNames = getDefaultRolesStream(clientModel); if (defaultRolesNames != null) { client.setDefaultRoles(defaultRolesNames.toArray(String[]::new)); } @@ -128,7 +137,7 @@ public abstract class AbstractClientRegistrationProvider implements ClientRegist rep.setRegistrationAccessToken(registrationAccessToken); } - Stream defaultRolesNames = client.getDefaultRolesStream(); + Stream defaultRolesNames = getDefaultRolesStream(client); if (defaultRolesNames != null) { rep.setDefaultRoles(defaultRolesNames.toArray(String[]::new)); } @@ -154,14 +163,14 @@ public abstract class AbstractClientRegistrationProvider implements ClientRegist RepresentationToModel.updateClientProtocolMappers(rep, client); if (rep.getDefaultRoles() != null) { - client.updateDefaultRoles(rep.getDefaultRoles()); + updateDefaultRoles(client, rep.getDefaultRoles()); } rep = ModelToRepresentation.toRepresentation(client, session); rep.setSecret(client.getSecret()); - Stream defaultRolesNames = client.getDefaultRolesStream(); + Stream defaultRolesNames = getDefaultRolesStream(client); if (defaultRolesNames != null) { rep.setDefaultRoles(defaultRolesNames.toArray(String[]::new)); } @@ -239,4 +248,50 @@ public abstract class AbstractClientRegistrationProvider implements ClientRegist public void close() { } + /* =========== default roles =========== */ + + private void addDefaultRole(ClientModel client, String name) { + client.getRealm().getDefaultRole().addCompositeRole(getOrAddRoleId(client, name)); + } + + private RoleModel getOrAddRoleId(ClientModel client, String name) { + RoleModel role = client.getRole(name); + if (role == null) { + role = client.addRole(name); + } + return role; + } + + private Stream getDefaultRolesStream(ClientModel client) { + return client.getRealm().getDefaultRole().getCompositesStream() + .filter(role -> role.isClientRole() && Objects.equals(role.getContainerId(), client.getId())) + .map(RoleModel::getName); + } + + private void updateDefaultRoles(ClientModel client, String... defaultRoles) { + List defaultRolesArray = Arrays.asList(String.valueOf(defaultRoles)); + Collection entities = getDefaultRolesStream(client).collect(Collectors.toList()); + Set already = new HashSet<>(); + ArrayList remove = new ArrayList<>(); + for (String rel : entities) { + if (! defaultRolesArray.contains(rel)) { + remove.add(rel); + } else { + already.add(rel); + } + } + removeDefaultRoles(client, remove.toArray(new String[] {})); + + for (String roleName : defaultRoles) { + if (!already.contains(roleName)) { + addDefaultRole(client, roleName); + } + } + } + + private void removeDefaultRoles(ClientModel client, String... defaultRoles) { + for (String defaultRole : defaultRoles) { + client.getRealm().getDefaultRole().removeCompositeRole(client.getRole(defaultRole)); + } + } }