KEYCLOAK-2716

This commit is contained in:
Bill Burke 2016-03-30 18:15:11 -04:00
parent 9cf788c590
commit 545fb8b849
6 changed files with 61 additions and 35 deletions

View file

@ -25,6 +25,7 @@ import javax.ws.rs.POST;
import javax.ws.rs.Path; import javax.ws.rs.Path;
import javax.ws.rs.PathParam; import javax.ws.rs.PathParam;
import javax.ws.rs.Produces; import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
import java.util.List; import java.util.List;
@ -45,6 +46,10 @@ public interface ClientsResource {
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
public List<ClientRepresentation> findAll(); public List<ClientRepresentation> findAll();
@GET
@Produces(MediaType.APPLICATION_JSON)
public List<ClientRepresentation> findByClientId(@QueryParam("clientId") String clientId);
} }

View file

@ -627,26 +627,7 @@ public class ClientAdapter implements ClientModel, JpaModel<ClientEntity> {
@Override @Override
public boolean removeRole(RoleModel roleModel) { public boolean removeRole(RoleModel roleModel) {
if (roleModel == null) { return session.realms().removeRole(realm, roleModel);
return false;
}
if (!roleModel.getContainer().equals(this)) return false;
session.users().preRemove(getRealm(), roleModel);
RoleEntity role = RoleAdapter.toRoleEntity(roleModel, em);
if (!role.isClientRole()) return false;
entity.getDefaultRoles().remove(role);
String compositeRoleTable = JpaUtils.getTableNameForNativeQuery("COMPOSITE_ROLE", em);
em.createNativeQuery("delete from " + compositeRoleTable + " where CHILD_ROLE = :role").setParameter("role", role).executeUpdate();
em.createNamedQuery("deleteScopeMappingByRole").setParameter("role", role).executeUpdate();
em.createNamedQuery("deleteTemplateScopeMappingByRole").setParameter("role", role).executeUpdate();
role.setClient(null);
em.flush();
em.remove(role);
em.flush();
return true;
} }
@Override @Override

View file

@ -261,7 +261,7 @@ public class JpaRealmProvider implements RealmProvider {
em.createNativeQuery("delete from " + compositeRoleTable + " where CHILD_ROLE = :role").setParameter("role", roleEntity).executeUpdate(); em.createNativeQuery("delete from " + compositeRoleTable + " where CHILD_ROLE = :role").setParameter("role", roleEntity).executeUpdate();
em.createNamedQuery("deleteScopeMappingByRole").setParameter("role", roleEntity).executeUpdate(); em.createNamedQuery("deleteScopeMappingByRole").setParameter("role", roleEntity).executeUpdate();
em.createNamedQuery("deleteTemplateScopeMappingByRole").setParameter("role", roleEntity).executeUpdate(); em.createNamedQuery("deleteTemplateScopeMappingByRole").setParameter("role", roleEntity).executeUpdate();
em.createNamedQuery("deleteGroupRoleMappingsByRole").setParameter("roleId", roleEntity.getId()).executeUpdate(); int val = em.createNamedQuery("deleteGroupRoleMappingsByRole").setParameter("roleId", roleEntity.getId()).executeUpdate();
em.remove(roleEntity); em.remove(roleEntity);
em.flush(); em.flush();

View file

@ -583,8 +583,7 @@ public class ClientAdapter extends AbstractMongoAdapter<MongoClientEntity> imple
@Override @Override
public boolean removeRole(RoleModel role) { public boolean removeRole(RoleModel role) {
session.users().preRemove(getRealm(), role); return session.realms().removeRole(realm, role);
return getMongoStore().removeEntity(MongoRoleEntity.class, role.getId(), invocationContext);
} }
@Override @Override

View file

@ -36,6 +36,7 @@ import javax.ws.rs.POST;
import javax.ws.rs.Path; import javax.ws.rs.Path;
import javax.ws.rs.PathParam; import javax.ws.rs.PathParam;
import javax.ws.rs.Produces; import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context; import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
@ -71,14 +72,18 @@ public class ClientsResource {
* Get clients belonging to the realm * Get clients belonging to the realm
* *
* Returns a list of clients belonging to the realm * Returns a list of clients belonging to the realm
*
* @param clientId filter by clientId
*/ */
@GET @GET
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@NoCache @NoCache
public List<ClientRepresentation> getClients() { public List<ClientRepresentation> getClients(@QueryParam("clientId") String clientId) {
auth.requireAny(); auth.requireAny();
List<ClientRepresentation> rep = new ArrayList<>(); List<ClientRepresentation> rep = new ArrayList<>();
if (clientId == null) {
List<ClientModel> clientModels = realm.getClients(); List<ClientModel> clientModels = realm.getClients();
boolean view = auth.hasView(); boolean view = auth.hasView();
@ -93,6 +98,12 @@ public class ClientsResource {
rep.add(client); rep.add(client);
} }
} }
} else {
ClientModel client = realm.getClientByClientId(clientId);
if (client != null) {
rep.add(ModelToRepresentation.toRepresentation(client));
}
}
return rep; return rep;
} }

View file

@ -36,6 +36,7 @@ import org.keycloak.protocol.oidc.mappers.UserAttributeMapper;
import org.keycloak.provider.ProviderConfigProperty; import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.AccessToken; import org.keycloak.representations.AccessToken;
import org.keycloak.representations.RefreshToken; import org.keycloak.representations.RefreshToken;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.GroupRepresentation; import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
@ -95,6 +96,35 @@ public class GroupTest {
@WebResource @WebResource
protected OAuthClient oauth; protected OAuthClient oauth;
/**
* KEYCLOAK-2716
* @throws Exception
*/
@Test
public void testClientRemoveWithClientRoleGroupMapping() throws Exception {
RealmResource realm = keycloak.realms().realm("test");
ClientRepresentation client = new ClientRepresentation();
client.setClientId("foo");
client.setRootUrl("http://foo");
client.setProtocol("openid-connect");
Response response = realm.clients().create(client);
response.close();
client = realm.clients().findByClientId("foo").get(0);
RoleRepresentation role = new RoleRepresentation();
role.setName("foo-role");
realm.clients().get(client.getId()).roles().create(role);
role = realm.clients().get(client.getId()).roles().get("foo-role").toRepresentation();
GroupRepresentation group = new GroupRepresentation();
group.setName("2716");
realm.groups().add(group).close();
group = realm.getGroupByPath("/2716");
List<RoleRepresentation> list = new LinkedList<>();
list.add(role);
realm.groups().group(group.getId()).roles().clientLevel(client.getId()).add(list);
realm.clients().get(client.getId()).remove();
}
@Test @Test
public void createAndTestGroups() throws Exception { public void createAndTestGroups() throws Exception {
RealmResource realm = keycloak.realms().realm("test"); RealmResource realm = keycloak.realms().realm("test");