libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

KEYCLOAK-2809 NPE when removing role, which is in scope of some ClientTemplate

Browse source
This commit is contained in:
mposolda 2016-04-13 11:47:54 +02:00
parent d1a3ff8707
commit 3c3bbdbbdb
4 changed files with 81 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ClientTemplatesResource.java
View file

@ -36,7 +36,7 @@ import java.util.List;
public interface ClientTemplatesResource { public interface ClientTemplatesResource {
@Path("{id}") @Path("{id}")
public ClientTemplatesResource get(@PathParam("id") String id); public ClientTemplateResource get(@PathParam("id") String id);
@POST @POST
@Consumes(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON)

5
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmCacheSession.java vendored
View file

@ -220,6 +220,11 @@ public class RealmCacheSession implements CacheRealmProvider {
group.invalidate(); group.invalidate();
continue; continue;
} }
ClientTemplateAdapter clientTemplate = managedClientTemplates.get(id);
if (clientTemplate != null) {
clientTemplate.invalidate();
continue;
}
} }

6
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/stream/HasRolePredicate.java vendored
View file

@ -1,6 +1,7 @@
package org.keycloak.models.cache.infinispan.stream; package org.keycloak.models.cache.infinispan.stream;
import org.keycloak.models.cache.infinispan.entities.CachedClient; import org.keycloak.models.cache.infinispan.entities.CachedClient;
import org.keycloak.models.cache.infinispan.entities.CachedClientTemplate;
import org.keycloak.models.cache.infinispan.entities.CachedGroup; import org.keycloak.models.cache.infinispan.entities.CachedGroup;
import org.keycloak.models.cache.infinispan.entities.CachedRole; import org.keycloak.models.cache.infinispan.entities.CachedRole;
import org.keycloak.models.cache.infinispan.entities.Revisioned; import org.keycloak.models.cache.infinispan.entities.Revisioned;
@ -46,6 +47,11 @@ public class HasRolePredicate implements Predicate<Map.Entry<String, Revisioned>
CachedClient cachedClient = (CachedClient)value; CachedClient cachedClient = (CachedClient)value;
if (cachedClient.getScope().contains(role)) return true; if (cachedClient.getScope().contains(role)) return true;
}
if (value instanceof CachedClientTemplate) {
CachedClientTemplate cachedClientTemplate = (CachedClientTemplate)value;
if (cachedClientTemplate.getScope().contains(role)) return true;
} }
return false; return false;
} }

69
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientTemplateTest.java Normal file
View file

@ -0,0 +1,69 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.admin.client;
import java.util.Collections;
import java.util.List;
import javax.ws.rs.core.Response;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.representations.idm.ClientTemplateRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.testsuite.admin.ApiUtil;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class ClientTemplateTest extends AbstractClientTest {
// KEYCLOAK-2809
@Test
public void testRemove() {
// Add realm role
RoleRepresentation roleRep = new RoleRepresentation();
roleRep.setName("foo-role");
testRealmResource().roles().create(roleRep);
roleRep = testRealmResource().roles().get("foo-role").toRepresentation();
// Add client template
ClientTemplateRepresentation templateRep = new ClientTemplateRepresentation();
templateRep.setName("bar-template");
templateRep.setFullScopeAllowed(false);
Response resp = testRealmResource().clientTemplates().create(templateRep);
resp.close();
String clientTemplateId = ApiUtil.getCreatedId(resp);
// Add realm role to scopes of clientTemplate
testRealmResource().clientTemplates().get(clientTemplateId).getScopeMappings().realmLevel().add(Collections.singletonList(roleRep));
List<RoleRepresentation> roleReps = testRealmResource().clientTemplates().get(clientTemplateId).getScopeMappings().realmLevel().listAll();
Assert.assertEquals(1, roleReps.size());
Assert.assertEquals("foo-role", roleReps.get(0).getName());
// Remove realm role
testRealmResource().roles().deleteRole("foo-role");
// Get scope mappings
roleReps = testRealmResource().clientTemplates().get(clientTemplateId).getScopeMappings().realmLevel().listAll();
Assert.assertEquals(0, roleReps.size());
}
}