libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Fix adding all roles for an application to token, should be all roles associated with the user for that application

Browse source
This commit is contained in:
Stian Thorgersen 2013-11-18 14:16:37 +00:00
parent 0e07f47d6f
commit 42d7e430ce
2 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
services/src/main/java/org/keycloak/services/managers/TokenManager.java
View file

@ -67,7 +67,9 @@ public class TokenManager {
}
for (ApplicationModel resource : realm.getApplications()) {
if (applicationResource && resource.getApplicationUser().getLoginName().equals(client.getLoginName())) {
resourceRolesRequested.addAll(resource.getName(), resource.getRoles());
for (String role : resource.getRoleMappingValues(user)) {
resourceRolesRequested.addAll(resource.getName(), resource.getRole(role));
}
} else {
Set<String> mapping = resource.getRoleMappingValues(user);
if (mapping != null && mapping.size() > 0 && (scopeMap == null || scopeMap.containsKey(resource.getName()))) {

4
testsuite/integration/src/test/resources/testrealm.json
View file

@ -83,6 +83,10 @@
{
"name": "customer-user",
"description": "Have Customer User privileges"
},
{
"name": "customer-admin",
"description": "Have Customer Admin privileges"
}
],
"roleMappings": [