KEYCLOAK-6058 Partial import should ignore built-in clients

2017-12-21 11:48:52 +01:00 · 2017-12-21 11:48:52 +01:00 · 23d0afbfd8
commit 23d0afbfd8
parent e3995c0154
2 changed files with 45 additions and 1 deletions
--- a/services/src/main/java/org/keycloak/partialimport/ClientsPartialImport.java
+++ b/services/src/main/java/org/keycloak/partialimport/ClientsPartialImport.java
@ -17,7 +17,9 @@

 package org.keycloak.partialimport;

+import org.jboss.logging.Logger;
 import org.keycloak.models.ClientModel;
+import org.keycloak.models.Constants;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.utils.KeycloakModelUtils;
@ -26,7 +28,11 @@ import org.keycloak.representations.idm.ClientRepresentation;
 import org.keycloak.representations.idm.PartialImportRepresentation;
 import org.keycloak.representations.idm.ProtocolMapperRepresentation;

+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;

 /**
 * PartialImport handler for Clients.
@ -35,9 +41,28 @@ import java.util.List;
 */
 public class ClientsPartialImport extends AbstractPartialImport<ClientRepresentation> {

+    private static Set<String> INTERNAL_CLIENTS = Collections.unmodifiableSet(new HashSet(Constants.defaultClients));
+
+    private static Logger logger = Logger.getLogger(ClientsPartialImport.class);
+
    @Override
    public List<ClientRepresentation> getRepList(PartialImportRepresentation partialImportRep) {
-        return partialImportRep.getClients();
+        List<ClientRepresentation> clients = partialImportRep.getClients();
+        if (clients == null || clients.size() == 0) {
+            return clients;
+        }
+
+        // filter out internal clients
+        List<ClientRepresentation> ret = new ArrayList();
+
+        for (ClientRepresentation c: clients) {
+            if (!isInternalClient(c.getClientId())) {
+                ret.add(c);
+            } else {
+                logger.debugv("Internal client {0} will not be processed", c.getClientId());
+            }
+        }
+        return ret;
    }

    @Override
@ -85,4 +110,10 @@ public class ClientsPartialImport extends AbstractPartialImport<ClientRepresenta
        RepresentationToModel.createClient(session, realm, clientRep, true);
    }

+    public static boolean isInternalClient(String clientId) {
+        if (clientId != null && clientId.endsWith("-realm")) {
+            return true;
+        }
+        return INTERNAL_CLIENTS.contains(clientId);
+    }
 }
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/partialimport/PartialImportTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/partialimport/PartialImportTest.java
@ -645,4 +645,17 @@ public class PartialImportTest extends AbstractAuthTest {
                
        doImport();
    }
+
+    // KEYCLOAK-6058
+    @Test
+    public void testOverwriteExistingInternalClient() {
+        setOverwrite();
+        ClientRepresentation client = adminClient.realm(MASTER).clients().findByClientId("security-admin-console").get(0);
+        ClientRepresentation client2 = adminClient.realm(MASTER).clients().findByClientId("master-realm").get(0);
+        piRep.setClients(Arrays.asList(client, client2));
+
+        PartialImportResults result = doImport();
+        Assert.assertEquals(0, result.getOverwritten());
+    }
+
 }