libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

KEYCLOAK-2522 master realm admin can't use client registration api

Browse source
This commit is contained in:
Stian Thorgersen 2016-02-25 09:54:34 +01:00
parent 14ea988b24
commit 2fce06ffca
2 changed files with 37 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
services/src/main/java/org/keycloak/services/clientregistration/ClientRegistrationAuth.java
View file

@ -17,7 +17,9 @@
package org.keycloak.services.clientregistration; package org.keycloak.services.clientregistration;
import com.sun.xml.bind.v2.runtime.reflect.opt.Const;
import org.jboss.resteasy.spi.UnauthorizedException; import org.jboss.resteasy.spi.UnauthorizedException;
import org.keycloak.Config;
import org.keycloak.common.util.Time; import org.keycloak.common.util.Time;
import org.keycloak.events.Errors; import org.keycloak.events.Errors;
import org.keycloak.events.EventBuilder; import org.keycloak.events.EventBuilder;
@ -28,6 +30,7 @@ import org.keycloak.util.TokenUtil;
import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.UriInfo; import javax.ws.rs.core.UriInfo;
import java.util.LinkedList;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
@ -39,6 +42,7 @@ public class ClientRegistrationAuth {
private KeycloakSession session; private KeycloakSession session;
private EventBuilder event; private EventBuilder event;
private RealmModel realm;
private JsonWebToken jwt; private JsonWebToken jwt;
private ClientInitialAccessModel initialAccessModel; private ClientInitialAccessModel initialAccessModel;
@ -50,7 +54,7 @@ public class ClientRegistrationAuth {
} }
private void init() { private void init() {
RealmModel realm = session.getContext().getRealm(); realm = session.getContext().getRealm();
UriInfo uri = session.getContext().getUri(); UriInfo uri = session.getContext().getUri();
String authorizationHeader = session.getContext().getRequestHeaders().getRequestHeaders().getFirst(HttpHeaders.AUTHORIZATION); String authorizationHeader = session.getContext().getRequestHeaders().getRequestHeaders().getFirst(HttpHeaders.AUTHORIZATION);
@ -174,18 +178,25 @@ public class ClientRegistrationAuth {
return false; return false;
} }
Map<String, List<String>> realmManagement = resourceAccess.get(Constants.REALM_MANAGEMENT_CLIENT_ID); List<String> roles = null;
if (realmManagement == null) {
return false; Map<String, List<String>> map;
if (realm.getName().equals(Config.getAdminRealm())) {
map = resourceAccess.get(realm.getMasterAdminClient().getClientId());
} else {
map = resourceAccess.get(Constants.REALM_MANAGEMENT_CLIENT_ID);
} }
List<String> resources = realmManagement.get("roles"); if (map != null) {
if (resources == null) { roles = map.get("roles");
}
if (roles == null) {
return false; return false;
} }
for (String r : role) { for (String r : role) {
if (resources.contains(r)) { if (roles.contains(r)) {
return true; return true;
} }
} }

19
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java
View file

@ -19,8 +19,10 @@ package org.keycloak.testsuite.client;
import org.junit.Test; import org.junit.Test;
import org.keycloak.client.registration.Auth; import org.keycloak.client.registration.Auth;
import org.keycloak.client.registration.ClientRegistration;
import org.keycloak.client.registration.ClientRegistrationException; import org.keycloak.client.registration.ClientRegistrationException;
import org.keycloak.client.registration.HttpErrorException; import org.keycloak.client.registration.HttpErrorException;
import org.keycloak.models.Constants;
import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.ClientRepresentation;
import javax.ws.rs.NotFoundException; import javax.ws.rs.NotFoundException;
@ -56,6 +58,23 @@ public class ClientRegistrationTest extends AbstractClientRegistrationTest {
registerClient(); registerClient();
} }
@Test
public void registerClientInMasterRealm() throws ClientRegistrationException {
ClientRegistration masterReg = ClientRegistration.create().url(suiteContext.getAuthServerInfo().getContextRoot() + "/auth", "master").build();
String token = oauthClient.getToken("master", Constants.ADMIN_CLI_CLIENT_ID, null, "admin", "admin").getToken();
masterReg.auth(Auth.token(token));
ClientRepresentation client = new ClientRepresentation();
client.setClientId(CLIENT_ID);
client.setSecret(CLIENT_SECRET);
ClientRepresentation createdClient = masterReg.create(client);
assertNotNull(createdClient);
adminClient.realm("master").clients().get(createdClient.getId()).remove();
}
@Test @Test
public void registerClientAsAdminWithCreateOnly() throws ClientRegistrationException { public void registerClientAsAdminWithCreateOnly() throws ClientRegistrationException {
authCreateClients(); authCreateClients();