Merge pull request #1065 from stianst/master

KEYCLOAK-1110 Fix role not removed from default roles when not deleted

integration/admin-client/src/main/java/org/keycloak/admin/client/resource/KeycloakAdminFactory.java

@@ -1,27 +0,0 @@
-package org.keycloak.admin.client.resource;
-
-import org.jboss.resteasy.client.jaxrs.ResteasyClient;
-import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
-import org.jboss.resteasy.client.jaxrs.ResteasyWebTarget;
-import org.keycloak.admin.client.Config;
-import org.keycloak.admin.client.token.TokenManager;
-
-/**
- * @author rodrigo.sasaki@icarros.com.br
- */
-public class KeycloakAdminFactory {
-
-    private KeycloakAdminFactory(){}
-
-    public static RealmResource getRealm(Config config, TokenManager tokenManager, String realmName){
-        ResteasyClient client = new ResteasyClientBuilder().build();
-        ResteasyWebTarget target = client.target(config.getServerUrl());
-
-        target.register(new BearerAuthFilter(tokenManager.getAccessTokenString()));
-
-        RealmsResource adminRoot = target.proxy(RealmsResource.class);
-
-        return adminRoot.realm(realmName);
-    }
-
-}

integration/admin-client/src/main/java/org/keycloak/admin/client/resource/RolesResource.java

@@ -3,6 +3,7 @@ package org.keycloak.admin.client.resource;
 import org.keycloak.representations.idm.RoleRepresentation;
 
 import javax.ws.rs.Consumes;
+import javax.ws.rs.DELETE;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
@@ -27,5 +28,8 @@ public interface RolesResource {
     @Path("{roleName}")
     public RoleResource get(@PathParam("roleName") String roleName);
 
+    @Path("{role-name}")
+    @DELETE
+    public void deleteRole(final @PathParam("role-name") String roleName);
 
 }

integration/admin-client/src/main/java/org/keycloak/admin/client/token/TokenManager.java

@@ -43,6 +43,7 @@ public class TokenManager {
         ResteasyWebTarget target = client.target(config.getServerUrl());
 
         Form form = new Form()
+                .param("grant_type", "password")
                 .param("username", config.getUsername())
                 .param("password", config.getPassword());
 
@@ -64,6 +65,7 @@ public class TokenManager {
         ResteasyWebTarget target = client.target(config.getServerUrl());
 
         Form form = new Form()
+                .param("grant_type", "refresh_token")
                 .param("username", config.getUsername())
                 .param("password", config.getPassword());
 

integration/admin-client/src/main/java/org/keycloak/admin/client/token/TokenService.java

@@ -18,11 +18,11 @@ import javax.ws.rs.core.MultivaluedMap;
 public interface TokenService {
 
     @POST
-    @Path("/realms/{realm}/protocol/openid-connect/grants/access")
+    @Path("/realms/{realm}/protocol/openid-connect/token")
     public AccessTokenResponse grantToken(@PathParam("realm") String realm, MultivaluedMap<String, String> map);
 
     @POST
-    @Path("/realms/{realm}/protocol/openid-connect/refresh")
+    @Path("/realms/{realm}/protocol/openid-connect/token")
     public AccessTokenResponse refreshToken(@PathParam("realm") String realm, MultivaluedMap<String, String> map);
 
 }

model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java

@@ -1000,8 +1000,8 @@ public class RealmAdapter implements RealmModel {
         if (!role.getContainer().equals(this)) return false;
         session.users().preRemove(this, role);
         RoleEntity roleEntity = RoleAdapter.toRoleEntity(role, em);
-        realm.getRoles().remove(role);
-        realm.getDefaultRoles().remove(role);
+        realm.getRoles().remove(roleEntity);
+        realm.getDefaultRoles().remove(roleEntity);
 
         em.createNativeQuery("delete from COMPOSITE_ROLE where CHILD_ROLE = :role").setParameter("role", roleEntity).executeUpdate();
         em.createNamedQuery("deleteScopeMappingByRole").setParameter("role", roleEntity).executeUpdate();

testsuite/integration/src/test/java/org/keycloak/testsuite/admin/ApplicationTest.java

@@ -6,6 +6,8 @@ import org.keycloak.admin.client.resource.ApplicationResource;
 import org.keycloak.models.ApplicationModel;
 import org.keycloak.models.RealmModel;
 import org.keycloak.representations.idm.ApplicationRepresentation;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.representations.idm.RoleRepresentation;
 import org.keycloak.representations.idm.UserSessionRepresentation;
 import org.keycloak.services.managers.RealmManager;
 import org.keycloak.testsuite.OAuthClient;
@@ -14,11 +16,16 @@ import org.keycloak.testsuite.rule.WebResource;
 import org.keycloak.testsuite.rule.WebRule;
 import org.openqa.selenium.WebDriver;
 
+import javax.ws.rs.NotFoundException;
+import java.util.LinkedList;
 import java.util.List;
 
+import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
 
 /**
  * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@@ -84,4 +91,26 @@ public class ApplicationTest extends AbstractClientTest {
         assertEquals(1, userSessions.get(0).getApplications().size());
     }
 
+    @Test
+    // KEYCLOAK-1110
+    public void deleteDefaultRole() {
+        ApplicationRepresentation rep = new ApplicationRepresentation();
+        rep.setName("my-app");
+        rep.setEnabled(true);
+        realm.applications().create(rep);
+
+        RoleRepresentation role = new RoleRepresentation("test", "test");
+        realm.applications().get("my-app").roles().create(role);
+
+        rep = realm.applications().get("my-app").toRepresentation();
+        rep.setDefaultRoles(new String[] { "test" });
+        realm.applications().get("my-app").update(rep);
+
+        assertArrayEquals(new String[] { "test" }, realm.applications().get("my-app").toRepresentation().getDefaultRoles());
+
+        realm.applications().get("my-app").roles().deleteRole("test");
+
+        assertNull(realm.applications().get("my-app").toRepresentation().getDefaultRoles());
+    }
+
 }

testsuite/integration/src/test/java/org/keycloak/testsuite/admin/RealmTest.java

@@ -4,14 +4,18 @@ import org.junit.Test;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.representations.idm.RoleRepresentation;
 import org.keycloak.services.managers.RealmManager;
 
+import javax.ws.rs.NotFoundException;
+import java.util.LinkedList;
 import java.util.List;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
 
 /**
  * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@@ -101,4 +105,27 @@ public class RealmTest extends AbstractClientTest {
         assertNotNull(rep.getCertificate());
     }
 
+    @Test
+    // KEYCLOAK-1110
+    public void deleteDefaultRole() {
+        RoleRepresentation role = new RoleRepresentation("test", "test");
+        realm.roles().create(role);
+
+        assertNotNull(realm.roles().get("test").toRepresentation());
+
+        RealmRepresentation rep = realm.toRepresentation();
+        rep.setDefaultRoles(new LinkedList<String>());
+        rep.getDefaultRoles().add("test");
+
+        realm.update(rep);
+
+        realm.roles().deleteRole("test");
+
+        try {
+            realm.roles().get("testsadfsadf").toRepresentation();
+            fail("Expected NotFoundException");
+        } catch (NotFoundException e) {
+        }
+    }
+
 }