From 316431c4d1afd64dad4e131baaf8ae549e73fb23 Mon Sep 17 00:00:00 2001 From: Stian Thorgersen Date: Wed, 30 Apr 2014 09:42:36 +0100 Subject: [PATCH] Ensure role name unique within realm/app --- .../java/org/keycloak/models/Constants.java | 2 - .../models/jpa/ApplicationAdapter.java | 2 - .../org/keycloak/models/jpa/RealmAdapter.java | 2 - .../jpa/entities/ApplicationRoleEntity.java | 18 +++++- .../models/jpa/entities/ClientEntity.java | 2 +- .../models/jpa/entities/RealmRoleEntity.java | 15 +++++ .../models/jpa/entities/RoleEntity.java | 16 ++--- .../keycloak/models/mongo/api/MongoIndex.java | 2 - .../models/mongo/impl/MongoStoreImpl.java | 8 +-- .../keycloak/adapters/ApplicationAdapter.java | 5 -- .../mongo/keycloak/adapters/RealmAdapter.java | 7 --- .../keycloak/entities/ApplicationEntity.java | 2 +- .../keycloak/entities/OAuthClientEntity.java | 2 +- .../mongo/keycloak/entities/RoleEntity.java | 15 +++++ .../mongo/keycloak/entities/UserEntity.java | 8 +-- .../org/keycloak/model/test/AdapterTest.java | 60 +++++++++++++++++++ .../resources/admin/RoleByIdResource.java | 2 +- .../admin/RoleContainerResource.java | 40 +++++++------ 18 files changed, 145 insertions(+), 63 deletions(-) diff --git a/model/api/src/main/java/org/keycloak/models/Constants.java b/model/api/src/main/java/org/keycloak/models/Constants.java index 545f56c41f..fd90be94af 100755 --- a/model/api/src/main/java/org/keycloak/models/Constants.java +++ b/model/api/src/main/java/org/keycloak/models/Constants.java @@ -7,8 +7,6 @@ package org.keycloak.models; public interface Constants { String ADMIN_CONSOLE_APPLICATION = "admin-console"; - String INTERNAL_ROLE = "KEYCLOAK_"; - String ACCOUNT_MANAGEMENT_APP = "account"; String INSTALLED_APP_URN = "urn:ietf:wg:oauth:2.0:oob"; diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java index fcb9bf78f1..113fd0c64a 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java @@ -99,8 +99,6 @@ public class ApplicationAdapter extends ClientAdapter implements ApplicationMode @Override public RoleModel addRole(String name) { - RoleModel role = getRole(name); - if (role != null) return role; ApplicationRoleEntity roleEntity = new ApplicationRoleEntity(); roleEntity.setName(name); roleEntity.setApplication(applicationEntity); diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java index d76524dede..a7c32cafb3 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java @@ -949,8 +949,6 @@ public class RealmAdapter implements RealmModel { @Override public RoleModel addRole(String name) { - RoleModel role = getRole(name); - if (role != null) return role; RealmRoleEntity entity = new RealmRoleEntity(); entity.setName(name); entity.setRealm(realm); diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationRoleEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationRoleEntity.java index 71343f7eda..79361ffec4 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationRoleEntity.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationRoleEntity.java @@ -1,10 +1,15 @@ package org.keycloak.models.jpa.entities; import javax.persistence.Entity; +import javax.persistence.Inheritance; +import javax.persistence.InheritanceType; +import javax.persistence.JoinColumn; import javax.persistence.JoinTable; import javax.persistence.ManyToOne; import javax.persistence.NamedQueries; import javax.persistence.NamedQuery; +import javax.persistence.Table; +import javax.persistence.UniqueConstraint; /** * @author Bill Burke @@ -15,10 +20,21 @@ import javax.persistence.NamedQuery; }) @Entity public class ApplicationRoleEntity extends RoleEntity { + + private String name; + @ManyToOne - @JoinTable(name = "ApplicationRole") + @JoinColumn(name = "application") private ApplicationEntity application; + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + public ApplicationEntity getApplication() { return application; } diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ClientEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ClientEntity.java index 07295532b8..cd23f5f2ad 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ClientEntity.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ClientEntity.java @@ -25,7 +25,7 @@ import java.util.Set; * @version $Revision: 1 $ */ @Entity -@Inheritance(strategy = InheritanceType.TABLE_PER_CLASS) +@Inheritance(strategy = InheritanceType.SINGLE_TABLE) @Table(uniqueConstraints = {@UniqueConstraint(columnNames = {"realm", "name"})}) public abstract class ClientEntity { @Id diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmRoleEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmRoleEntity.java index 6acccbda3d..19ea0da90b 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmRoleEntity.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmRoleEntity.java @@ -1,9 +1,12 @@ package org.keycloak.models.jpa.entities; import javax.persistence.Entity; +import javax.persistence.JoinColumn; import javax.persistence.ManyToOne; import javax.persistence.NamedQueries; import javax.persistence.NamedQuery; +import javax.persistence.Table; +import javax.persistence.UniqueConstraint; /** * @author Bill Burke @@ -14,9 +17,21 @@ import javax.persistence.NamedQuery; }) @Entity public class RealmRoleEntity extends RoleEntity { + + private String name; + @ManyToOne + @JoinColumn(name = "realm") private RealmEntity realm; + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + public RealmEntity getRealm() { return realm; } diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RoleEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RoleEntity.java index 1bebe56d10..6101caea2d 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RoleEntity.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RoleEntity.java @@ -9,6 +9,8 @@ import javax.persistence.InheritanceType; import javax.persistence.JoinColumn; import javax.persistence.JoinTable; import javax.persistence.ManyToMany; +import javax.persistence.Table; +import javax.persistence.UniqueConstraint; import java.util.ArrayList; import java.util.Collection; @@ -20,19 +22,21 @@ import org.hibernate.annotations.GenericGenerator; */ @Entity @Inheritance(strategy = InheritanceType.SINGLE_TABLE) +@Table(uniqueConstraints = { + @UniqueConstraint(columnNames = { "name", "application" }), + @UniqueConstraint(columnNames = { "name", "realm" }) +}) public abstract class RoleEntity { @Id @GenericGenerator(name="keycloak_generator", strategy="org.keycloak.models.jpa.utils.JpaIdGenerator") @GeneratedValue(generator = "keycloak_generator") private String id; - private String name; private String description; @ManyToMany(fetch = FetchType.LAZY, cascade = {}) @JoinTable(name = "CompositeRole", joinColumns = @JoinColumn(name = "composite"), inverseJoinColumns = @JoinColumn(name = "role")) private Collection compositeRoles = new ArrayList(); - public String getId() { return id; } @@ -41,13 +45,9 @@ public abstract class RoleEntity { this.id = id; } - public String getName() { - return name; - } + public abstract String getName(); - public void setName(String name) { - this.name = name; - } + public abstract void setName(String name); public String getDescription() { return description; diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/api/MongoIndex.java b/model/mongo/src/main/java/org/keycloak/models/mongo/api/MongoIndex.java index ed44b2b91b..705f71bf0f 100644 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/api/MongoIndex.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/api/MongoIndex.java @@ -19,8 +19,6 @@ public @interface MongoIndex { String[] fields(); - String name() default ""; - boolean unique() default false; boolean sparse() default false; diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/impl/MongoStoreImpl.java b/model/mongo/src/main/java/org/keycloak/models/mongo/impl/MongoStoreImpl.java index 445f77796c..e7468adfd3 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/impl/MongoStoreImpl.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/impl/MongoStoreImpl.java @@ -142,17 +142,11 @@ public class MongoStoreImpl implements MongoStore { for (String f : index.fields()) { fields.put(f, 1); } - String name = index.name(); - if (name.length() == 0) { - name = null; - } + boolean unique = index.unique(); boolean sparse = index.sparse(); BasicDBObject options = new BasicDBObject(); - if (name != null) { - options.put("name", name); - } if (unique) { options.put("unique", unique); } diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java index c954a4d9b7..83694320fa 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java @@ -113,11 +113,6 @@ public class ApplicationAdapter extends ClientAdapter impleme @Override public RoleAdapter addRole(String name) { - RoleAdapter existing = getRole(name); - if (existing != null) { - return existing; - } - RoleEntity roleEntity = new RoleEntity(); roleEntity.setName(name); roleEntity.setApplicationId(getId()); diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java index ff6c3922e4..10793bd69a 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java @@ -525,13 +525,6 @@ public class RealmAdapter extends AbstractMongoAdapter implements R @Override public RoleModel addRole(String name) { - RoleAdapter role = getRole(name); - if (role != null) { - // Compatibility with JPA model - return role; - // throw new IllegalArgumentException("Role " + name + " already exists"); - } - RoleEntity roleEntity = new RoleEntity(); roleEntity.setName(name); roleEntity.setRealmId(getId()); diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/ApplicationEntity.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/ApplicationEntity.java index c98842e91b..5f9efb6655 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/ApplicationEntity.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/ApplicationEntity.java @@ -14,7 +14,7 @@ import org.keycloak.models.mongo.api.context.MongoStoreInvocationContext; * @author Marek Posolda */ @MongoCollection(collectionName = "applications") -@MongoIndex(name = "name-within-realm", fields = { "realmId", "name" }, unique = true) +@MongoIndex(fields = { "realmId", "name" }, unique = true) public class ApplicationEntity extends ClientEntity { private boolean surrogateAuthRequired; diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/OAuthClientEntity.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/OAuthClientEntity.java index 0ca8045c3b..1cd96708f4 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/OAuthClientEntity.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/OAuthClientEntity.java @@ -9,7 +9,7 @@ import java.util.List; * @author Marek Posolda */ @MongoCollection(collectionName = "oauthClients") -@MongoIndex(name = "name-within-realm", fields = { "realmId", "name" }, unique = true) +@MongoIndex(fields = { "realmId", "name" }, unique = true) public class OAuthClientEntity extends ClientEntity { } diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/RoleEntity.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/RoleEntity.java index ee8b72fae6..43fc068d4f 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/RoleEntity.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/RoleEntity.java @@ -7,6 +7,7 @@ import org.keycloak.models.mongo.api.AbstractMongoIdentifiableEntity; import org.keycloak.models.mongo.api.MongoCollection; import org.keycloak.models.mongo.api.MongoEntity; import org.keycloak.models.mongo.api.MongoField; +import org.keycloak.models.mongo.api.MongoIndex; import org.keycloak.models.mongo.api.MongoStore; import org.keycloak.models.mongo.api.context.MongoStoreInvocationContext; @@ -16,6 +17,7 @@ import java.util.List; * @author Marek Posolda */ @MongoCollection(collectionName = "roles") +@MongoIndex(fields = "nameIndex", unique = true) public class RoleEntity extends AbstractMongoIdentifiableEntity implements MongoEntity { private static final Logger logger = Logger.getLogger(RoleEntity.class); @@ -28,6 +30,19 @@ public class RoleEntity extends AbstractMongoIdentifiableEntity implements Mongo private String realmId; private String applicationId; + @MongoField + // TODO This is required as Mongo doesn't support sparse indexes with compound keys (see https://jira.mongodb.org/browse/SERVER-2193) + public String getNameIndex() { + if (realmId != null) { + return realmId + "//" + name; + } else { + return applicationId + "//" + name; + } + } + + public void setNameIndex(String ignored) { + } + @MongoField public String getName() { return name; diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/UserEntity.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/UserEntity.java index 752d2e926e..bd5338c7ed 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/UserEntity.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/UserEntity.java @@ -17,8 +17,8 @@ import java.util.Map; */ @MongoCollection(collectionName = "users") @MongoIndexes({ - @MongoIndex(name = "loginName-within-realm", fields = { "realmId", "loginName" }, unique = true), - @MongoIndex(name = "email-within-realm", fields = { "emailRealm" }, unique = true, sparse = true), + @MongoIndex(fields = { "realmId", "loginName" }, unique = true), + @MongoIndex(fields = { "emailIndex" }, unique = true, sparse = true), }) public class UserEntity extends AbstractMongoIdentifiableEntity implements MongoEntity { @@ -84,11 +84,11 @@ public class UserEntity extends AbstractMongoIdentifiableEntity implements Mongo @MongoField // TODO This is required as Mongo doesn't support sparse indexes with compound keys (see https://jira.mongodb.org/browse/SERVER-2193) - public String getEmailRealm() { + public String getEmailIndex() { return email != null ? realmId + "//" + email : null; } - public void setEmailRealm(String emailRealm) { + public void setEmailIndex(String ignored) { } @MongoField diff --git a/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java b/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java index 45ba227ae3..7fcbadbc0e 100755 --- a/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java +++ b/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java @@ -649,4 +649,64 @@ public class AdapterTest extends AbstractModelTest { resetSession(); } + @Test + public void testAppRoleCollisions() throws Exception { + realmManager.createRealm("JUGGLER1").addRole("role1"); + realmManager.getRealmByName("JUGGLER1").addApplication("app1").addRole("role1"); + realmManager.getRealmByName("JUGGLER1").addApplication("app2").addRole("role1"); + + commit(); + + // Try to add role with same name + try { + realmManager.getRealmByName("JUGGLER1").getApplicationByName("app1").addRole("role1"); + commit(); + Assert.fail("Expected exception"); + } catch (ModelDuplicateException e) { + } + commit(true); + + // Ty to rename role to duplicate name + realmManager.getRealmByName("JUGGLER1").getApplicationByName("app1").addRole("role2"); + commit(); + try { + realmManager.getRealmByName("JUGGLER1").getApplicationByName("app1").getRole("role2").setName("role1"); + commit(); + Assert.fail("Expected exception"); + } catch (ModelDuplicateException e) { + } + + resetSession(); + } + + @Test + public void testRealmRoleCollisions() throws Exception { + realmManager.createRealm("JUGGLER1").addRole("role1"); + realmManager.getRealmByName("JUGGLER1").addApplication("app1").addRole("role1"); + realmManager.getRealmByName("JUGGLER1").addApplication("app2").addRole("role1"); + + commit(); + + // Try to add role with same name + try { + realmManager.getRealmByName("JUGGLER1").addRole("role1"); + commit(); + Assert.fail("Expected exception"); + } catch (ModelDuplicateException e) { + } + commit(true); + + // Ty to rename role to duplicate name + realmManager.getRealmByName("JUGGLER1").addRole("role2"); + commit(); + try { + realmManager.getRealmByName("JUGGLER1").getRole("role2").setName("role1"); + commit(); + Assert.fail("Expected exception"); + } catch (ModelDuplicateException e) { + } + + resetSession(); + } + } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java index b4ec35a50f..a0f1da8f79 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java @@ -52,7 +52,7 @@ public class RoleByIdResource extends RoleResource { protected RoleModel getRoleModel(String id) { RoleModel roleModel = realm.getRoleById(id); - if (roleModel == null || roleModel.getName().startsWith(Constants.INTERNAL_ROLE)) { + if (roleModel == null) { throw new NotFoundException("Could not find role with id: " + id); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java index 55f4f4c807..e33d74f95c 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java @@ -3,6 +3,7 @@ package org.keycloak.services.resources.admin; import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.NotFoundException; import org.keycloak.models.Constants; +import org.keycloak.models.ModelDuplicateException; import org.keycloak.models.RealmModel; import org.keycloak.models.RoleContainerModel; import org.keycloak.models.RoleModel; @@ -50,9 +51,7 @@ public class RoleContainerResource extends RoleResource { Set roleModels = roleContainer.getRoles(); List roles = new ArrayList(); for (RoleModel roleModel : roleModels) { - if (!roleModel.getName().startsWith(Constants.INTERNAL_ROLE)) { - roles.add(ModelToRepresentation.toRepresentation(roleModel)); - } + roles.add(ModelToRepresentation.toRepresentation(roleModel)); } return roles; } @@ -62,15 +61,13 @@ public class RoleContainerResource extends RoleResource { public Response createRole(final @Context UriInfo uriInfo, final RoleRepresentation rep) { auth.requireManage(); - if (roleContainer.getRole(rep.getName()) != null || rep.getName().startsWith(Constants.INTERNAL_ROLE)) { + try { + RoleModel role = roleContainer.addRole(rep.getName()); + role.setDescription(rep.getDescription()); + return Response.created(uriInfo.getAbsolutePathBuilder().path(role.getName()).build()).build(); + } catch (ModelDuplicateException e) { return Flows.errors().exists("Role with name " + rep.getName() + " already exists"); } - RoleModel role = roleContainer.addRole(rep.getName()); - if (role == null) { - throw new NotFoundException("Role not found"); - } - role.setDescription(rep.getDescription()); - return Response.created(uriInfo.getAbsolutePathBuilder().path(role.getName()).build()).build(); } @Path("{role-name}") @@ -81,7 +78,7 @@ public class RoleContainerResource extends RoleResource { auth.requireView(); RoleModel roleModel = roleContainer.getRole(roleName); - if (roleModel == null || roleModel.getName().startsWith(Constants.INTERNAL_ROLE)) { + if (roleModel == null) { throw new NotFoundException("Could not find role: " + roleName); } return getRole(roleModel); @@ -103,14 +100,19 @@ public class RoleContainerResource extends RoleResource { @Path("{role-name}") @PUT @Consumes("application/json") - public void updateRole(final @PathParam("role-name") String roleName, final RoleRepresentation rep) { + public Response updateRole(final @PathParam("role-name") String roleName, final RoleRepresentation rep) { auth.requireManage(); RoleModel role = roleContainer.getRole(roleName); - if (role == null || role.getName().startsWith(Constants.INTERNAL_ROLE)) { + if (role == null) { throw new NotFoundException("Could not find role: " + roleName); } - updateRole(rep, role); + try { + updateRole(rep, role); + return Response.noContent().build(); + } catch (ModelDuplicateException e) { + return Flows.errors().exists("Role with name " + rep.getName() + " already exists"); + } } @Path("{role-name}/composites") @@ -120,7 +122,7 @@ public class RoleContainerResource extends RoleResource { auth.requireManage(); RoleModel role = roleContainer.getRole(roleName); - if (role == null || role.getName().startsWith(Constants.INTERNAL_ROLE)) { + if (role == null) { throw new NotFoundException("Could not find role: " + roleName); } addComposites(roles, role); @@ -134,7 +136,7 @@ public class RoleContainerResource extends RoleResource { auth.requireManage(); RoleModel role = roleContainer.getRole(roleName); - if (role == null || role.getName().startsWith(Constants.INTERNAL_ROLE)) { + if (role == null) { throw new NotFoundException("Could not find role: " + roleName); } return getRoleComposites(role); @@ -148,7 +150,7 @@ public class RoleContainerResource extends RoleResource { auth.requireManage(); RoleModel role = roleContainer.getRole(roleName); - if (role == null || role.getName().startsWith(Constants.INTERNAL_ROLE)) { + if (role == null) { throw new NotFoundException("Could not find role: " + roleName); } return getRealmRoleComposites(role); @@ -163,7 +165,7 @@ public class RoleContainerResource extends RoleResource { auth.requireManage(); RoleModel role = roleContainer.getRole(roleName); - if (role == null || role.getName().startsWith(Constants.INTERNAL_ROLE)) { + if (role == null) { throw new NotFoundException("Could not find role: " + roleName); } return getApplicationRoleComposites(appName, role); @@ -177,7 +179,7 @@ public class RoleContainerResource extends RoleResource { auth.requireManage(); RoleModel role = roleContainer.getRole(roleName); - if (role == null || role.getName().startsWith(Constants.INTERNAL_ROLE)) { + if (role == null) { throw new NotFoundException("Could not find role: " + roleName); } deleteComposites(roles, role);