KEYCLOAK-2716
This commit is contained in:
parent
9cf788c590
commit
545fb8b849
6 changed files with 61 additions and 35 deletions
|
@ -25,6 +25,7 @@ import javax.ws.rs.POST;
|
||||||
import javax.ws.rs.Path;
|
import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.PathParam;
|
import javax.ws.rs.PathParam;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
|
import javax.ws.rs.QueryParam;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
@ -45,6 +46,10 @@ public interface ClientsResource {
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
public List<ClientRepresentation> findAll();
|
public List<ClientRepresentation> findAll();
|
||||||
|
|
||||||
|
@GET
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
public List<ClientRepresentation> findByClientId(@QueryParam("clientId") String clientId);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -627,26 +627,7 @@ public class ClientAdapter implements ClientModel, JpaModel<ClientEntity> {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean removeRole(RoleModel roleModel) {
|
public boolean removeRole(RoleModel roleModel) {
|
||||||
if (roleModel == null) {
|
return session.realms().removeRole(realm, roleModel);
|
||||||
return false;
|
|
||||||
}
|
|
||||||
if (!roleModel.getContainer().equals(this)) return false;
|
|
||||||
|
|
||||||
session.users().preRemove(getRealm(), roleModel);
|
|
||||||
RoleEntity role = RoleAdapter.toRoleEntity(roleModel, em);
|
|
||||||
if (!role.isClientRole()) return false;
|
|
||||||
|
|
||||||
entity.getDefaultRoles().remove(role);
|
|
||||||
String compositeRoleTable = JpaUtils.getTableNameForNativeQuery("COMPOSITE_ROLE", em);
|
|
||||||
em.createNativeQuery("delete from " + compositeRoleTable + " where CHILD_ROLE = :role").setParameter("role", role).executeUpdate();
|
|
||||||
em.createNamedQuery("deleteScopeMappingByRole").setParameter("role", role).executeUpdate();
|
|
||||||
em.createNamedQuery("deleteTemplateScopeMappingByRole").setParameter("role", role).executeUpdate();
|
|
||||||
role.setClient(null);
|
|
||||||
em.flush();
|
|
||||||
em.remove(role);
|
|
||||||
em.flush();
|
|
||||||
|
|
||||||
return true;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -261,7 +261,7 @@ public class JpaRealmProvider implements RealmProvider {
|
||||||
em.createNativeQuery("delete from " + compositeRoleTable + " where CHILD_ROLE = :role").setParameter("role", roleEntity).executeUpdate();
|
em.createNativeQuery("delete from " + compositeRoleTable + " where CHILD_ROLE = :role").setParameter("role", roleEntity).executeUpdate();
|
||||||
em.createNamedQuery("deleteScopeMappingByRole").setParameter("role", roleEntity).executeUpdate();
|
em.createNamedQuery("deleteScopeMappingByRole").setParameter("role", roleEntity).executeUpdate();
|
||||||
em.createNamedQuery("deleteTemplateScopeMappingByRole").setParameter("role", roleEntity).executeUpdate();
|
em.createNamedQuery("deleteTemplateScopeMappingByRole").setParameter("role", roleEntity).executeUpdate();
|
||||||
em.createNamedQuery("deleteGroupRoleMappingsByRole").setParameter("roleId", roleEntity.getId()).executeUpdate();
|
int val = em.createNamedQuery("deleteGroupRoleMappingsByRole").setParameter("roleId", roleEntity.getId()).executeUpdate();
|
||||||
|
|
||||||
em.remove(roleEntity);
|
em.remove(roleEntity);
|
||||||
em.flush();
|
em.flush();
|
||||||
|
|
|
@ -583,8 +583,7 @@ public class ClientAdapter extends AbstractMongoAdapter<MongoClientEntity> imple
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean removeRole(RoleModel role) {
|
public boolean removeRole(RoleModel role) {
|
||||||
session.users().preRemove(getRealm(), role);
|
return session.realms().removeRole(realm, role);
|
||||||
return getMongoStore().removeEntity(MongoRoleEntity.class, role.getId(), invocationContext);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -36,6 +36,7 @@ import javax.ws.rs.POST;
|
||||||
import javax.ws.rs.Path;
|
import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.PathParam;
|
import javax.ws.rs.PathParam;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
|
import javax.ws.rs.QueryParam;
|
||||||
import javax.ws.rs.core.Context;
|
import javax.ws.rs.core.Context;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
@ -71,14 +72,18 @@ public class ClientsResource {
|
||||||
* Get clients belonging to the realm
|
* Get clients belonging to the realm
|
||||||
*
|
*
|
||||||
* Returns a list of clients belonging to the realm
|
* Returns a list of clients belonging to the realm
|
||||||
|
*
|
||||||
|
* @param clientId filter by clientId
|
||||||
*/
|
*/
|
||||||
@GET
|
@GET
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@NoCache
|
@NoCache
|
||||||
public List<ClientRepresentation> getClients() {
|
public List<ClientRepresentation> getClients(@QueryParam("clientId") String clientId) {
|
||||||
auth.requireAny();
|
auth.requireAny();
|
||||||
|
|
||||||
List<ClientRepresentation> rep = new ArrayList<>();
|
List<ClientRepresentation> rep = new ArrayList<>();
|
||||||
|
|
||||||
|
if (clientId == null) {
|
||||||
List<ClientModel> clientModels = realm.getClients();
|
List<ClientModel> clientModels = realm.getClients();
|
||||||
|
|
||||||
boolean view = auth.hasView();
|
boolean view = auth.hasView();
|
||||||
|
@ -93,6 +98,12 @@ public class ClientsResource {
|
||||||
rep.add(client);
|
rep.add(client);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
ClientModel client = realm.getClientByClientId(clientId);
|
||||||
|
if (client != null) {
|
||||||
|
rep.add(ModelToRepresentation.toRepresentation(client));
|
||||||
|
}
|
||||||
|
}
|
||||||
return rep;
|
return rep;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -36,6 +36,7 @@ import org.keycloak.protocol.oidc.mappers.UserAttributeMapper;
|
||||||
import org.keycloak.provider.ProviderConfigProperty;
|
import org.keycloak.provider.ProviderConfigProperty;
|
||||||
import org.keycloak.representations.AccessToken;
|
import org.keycloak.representations.AccessToken;
|
||||||
import org.keycloak.representations.RefreshToken;
|
import org.keycloak.representations.RefreshToken;
|
||||||
|
import org.keycloak.representations.idm.ClientRepresentation;
|
||||||
import org.keycloak.representations.idm.GroupRepresentation;
|
import org.keycloak.representations.idm.GroupRepresentation;
|
||||||
import org.keycloak.representations.idm.RoleRepresentation;
|
import org.keycloak.representations.idm.RoleRepresentation;
|
||||||
import org.keycloak.representations.idm.UserRepresentation;
|
import org.keycloak.representations.idm.UserRepresentation;
|
||||||
|
@ -95,6 +96,35 @@ public class GroupTest {
|
||||||
@WebResource
|
@WebResource
|
||||||
protected OAuthClient oauth;
|
protected OAuthClient oauth;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-2716
|
||||||
|
* @throws Exception
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testClientRemoveWithClientRoleGroupMapping() throws Exception {
|
||||||
|
RealmResource realm = keycloak.realms().realm("test");
|
||||||
|
ClientRepresentation client = new ClientRepresentation();
|
||||||
|
client.setClientId("foo");
|
||||||
|
client.setRootUrl("http://foo");
|
||||||
|
client.setProtocol("openid-connect");
|
||||||
|
Response response = realm.clients().create(client);
|
||||||
|
response.close();
|
||||||
|
client = realm.clients().findByClientId("foo").get(0);
|
||||||
|
RoleRepresentation role = new RoleRepresentation();
|
||||||
|
role.setName("foo-role");
|
||||||
|
realm.clients().get(client.getId()).roles().create(role);
|
||||||
|
role = realm.clients().get(client.getId()).roles().get("foo-role").toRepresentation();
|
||||||
|
GroupRepresentation group = new GroupRepresentation();
|
||||||
|
group.setName("2716");
|
||||||
|
realm.groups().add(group).close();
|
||||||
|
group = realm.getGroupByPath("/2716");
|
||||||
|
List<RoleRepresentation> list = new LinkedList<>();
|
||||||
|
list.add(role);
|
||||||
|
realm.groups().group(group.getId()).roles().clientLevel(client.getId()).add(list);
|
||||||
|
realm.clients().get(client.getId()).remove();
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void createAndTestGroups() throws Exception {
|
public void createAndTestGroups() throws Exception {
|
||||||
RealmResource realm = keycloak.realms().realm("test");
|
RealmResource realm = keycloak.realms().realm("test");
|
||||||
|
|
Loading…
Reference in a new issue