KEYCLOAK-17764 Remove all clients querying fallback (#8077)
This commit is contained in:
parent
1ab0d585a9
commit
5c71c3d97f
7 changed files with 17 additions and 24 deletions
|
@ -173,13 +173,6 @@ public class RolePolicyProviderFactory implements PolicyProviderFactory<RolePoli
|
||||||
role = client.getRole(roleName);
|
role = client.getRole(roleName);
|
||||||
}
|
}
|
||||||
|
|
||||||
// fallback to find any client role with the given name
|
|
||||||
if (role == null) {
|
|
||||||
String finalRoleName = roleName;
|
|
||||||
role = realm.getClientsStream().map(clientModel -> clientModel.getRole(finalRoleName)).filter(roleModel -> roleModel != null)
|
|
||||||
.findFirst().orElse(null);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (role == null) {
|
if (role == null) {
|
||||||
throw new RuntimeException("Error while updating policy [" + policy.getName() + "]. Role [" + roleName + "] could not be found.");
|
throw new RuntimeException("Error while updating policy [" + policy.getName() + "]. Role [" + roleName + "] could not be found.");
|
||||||
}
|
}
|
||||||
|
|
|
@ -81,7 +81,7 @@
|
||||||
"decisionStrategy": "UNANIMOUS",
|
"decisionStrategy": "UNANIMOUS",
|
||||||
"config": {
|
"config": {
|
||||||
"applyPolicies": "[]",
|
"applyPolicies": "[]",
|
||||||
"roles": "[{\"id\":\"user\"},{\"id\":\"manage-albums\",\"required\":true}]"
|
"roles": "[{\"id\":\"user\"},{\"id\":\"photoz-restful-api/manage-albums\",\"required\":true}]"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -232,4 +232,4 @@
|
||||||
"name": "admin:manage"
|
"name": "admin:manage"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -222,7 +222,7 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractBaseServle
|
||||||
|
|
||||||
policy.setName("Required Role Policy");
|
policy.setName("Required Role Policy");
|
||||||
policy.addRole("user_premium", false);
|
policy.addRole("user_premium", false);
|
||||||
policy.addRole("required-role", false);
|
policy.addRole(RESOURCE_SERVER_ID + "/required-role", false);
|
||||||
|
|
||||||
RolePoliciesResource rolePolicy = getAuthorizationResource().policies().role();
|
RolePoliciesResource rolePolicy = getAuthorizationResource().policies().role();
|
||||||
|
|
||||||
|
@ -237,7 +237,7 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractBaseServle
|
||||||
|
|
||||||
policy.getRoles().clear();
|
policy.getRoles().clear();
|
||||||
policy.addRole("user_premium", false);
|
policy.addRole("user_premium", false);
|
||||||
policy.addRole("required-role", true);
|
policy.addRole(RESOURCE_SERVER_ID + "/required-role", true);
|
||||||
|
|
||||||
rolePolicy.findById(policy.getId()).update(policy);
|
rolePolicy.findById(policy.getId()).update(policy);
|
||||||
|
|
||||||
|
@ -258,7 +258,7 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractBaseServle
|
||||||
|
|
||||||
policy.getRoles().clear();
|
policy.getRoles().clear();
|
||||||
policy.addRole("user_premium", false);
|
policy.addRole("user_premium", false);
|
||||||
policy.addRole("required-role", false);
|
policy.addRole(RESOURCE_SERVER_ID + "/required-role", false);
|
||||||
|
|
||||||
rolePolicy.findById(policy.getId()).update(policy);
|
rolePolicy.findById(policy.getId()).update(policy);
|
||||||
|
|
||||||
|
|
|
@ -74,8 +74,8 @@ public class AuthzCleanupTest extends AbstractKeycloakTest {
|
||||||
AuthorizationProvider authz = session.getProvider(AuthorizationProvider.class);
|
AuthorizationProvider authz = session.getProvider(AuthorizationProvider.class);
|
||||||
ClientModel myclient = realm.getClientByClientId("myclient");
|
ClientModel myclient = realm.getClientByClientId("myclient");
|
||||||
ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().findById(myclient.getId());
|
ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().findById(myclient.getId());
|
||||||
createRolePolicy(authz, resourceServer, "client-role-1");
|
createRolePolicy(authz, resourceServer, myclient.getClientId() + "/client-role-1");
|
||||||
createRolePolicy(authz, resourceServer, "client-role-2");
|
createRolePolicy(authz, resourceServer, myclient.getClientId() + "/client-role-2");
|
||||||
}
|
}
|
||||||
|
|
||||||
private static Policy createRolePolicy(AuthorizationProvider authz, ResourceServer resourceServer, String roleName) {
|
private static Policy createRolePolicy(AuthorizationProvider authz, ResourceServer resourceServer, String roleName) {
|
||||||
|
|
|
@ -92,7 +92,7 @@ public class RolePolicyManagementTest extends AbstractPolicyManagementTest {
|
||||||
|
|
||||||
roles.create(new RoleRepresentation("Client Role B", "desc", false));
|
roles.create(new RoleRepresentation("Client Role B", "desc", false));
|
||||||
|
|
||||||
representation.addRole("Client Role A");
|
representation.addRole("resource-server-test/Client Role A");
|
||||||
representation.addClientRole(clientRep.getClientId(), "Client Role B", true);
|
representation.addClientRole(clientRep.getClientId(), "Client Role B", true);
|
||||||
|
|
||||||
assertCreated(authorization, representation);
|
assertCreated(authorization, representation);
|
||||||
|
|
|
@ -56,7 +56,7 @@
|
||||||
"logic": "POSITIVE",
|
"logic": "POSITIVE",
|
||||||
"decisionStrategy": "UNANIMOUS",
|
"decisionStrategy": "UNANIMOUS",
|
||||||
"config": {
|
"config": {
|
||||||
"roles": "[{\"id\":\"Acme administrator\",\"required\":true}]"
|
"roles": "[{\"id\":\"myclient/Acme administrator\",\"required\":true}]"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -65,7 +65,7 @@
|
||||||
"logic": "POSITIVE",
|
"logic": "POSITIVE",
|
||||||
"decisionStrategy": "UNANIMOUS",
|
"decisionStrategy": "UNANIMOUS",
|
||||||
"config": {
|
"config": {
|
||||||
"roles": "[{\"id\":\"Acme viewer\",\"required\":true}]"
|
"roles": "[{\"id\":\"myclient/Acme viewer\",\"required\":true}]"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -74,7 +74,7 @@
|
||||||
"logic": "POSITIVE",
|
"logic": "POSITIVE",
|
||||||
"decisionStrategy": "UNANIMOUS",
|
"decisionStrategy": "UNANIMOUS",
|
||||||
"config": {
|
"config": {
|
||||||
"roles": "[{\"id\":\"tenant user\",\"required\":true}]"
|
"roles": "[{\"id\":\"myclient/tenant user\",\"required\":true}]"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -83,7 +83,7 @@
|
||||||
"logic": "POSITIVE",
|
"logic": "POSITIVE",
|
||||||
"decisionStrategy": "UNANIMOUS",
|
"decisionStrategy": "UNANIMOUS",
|
||||||
"config": {
|
"config": {
|
||||||
"roles": "[{\"id\":\"tenant administrator\",\"required\":true}]"
|
"roles": "[{\"id\":\"myclient/tenant administrator\",\"required\":true}]"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -92,7 +92,7 @@
|
||||||
"logic": "POSITIVE",
|
"logic": "POSITIVE",
|
||||||
"decisionStrategy": "UNANIMOUS",
|
"decisionStrategy": "UNANIMOUS",
|
||||||
"config": {
|
"config": {
|
||||||
"roles": "[{\"id\":\"tenant viewer\",\"required\":true}]"
|
"roles": "[{\"id\":\"myclient/tenant viewer\",\"required\":true}]"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -188,4 +188,4 @@
|
||||||
"name": "urn:acme.com:scopes:userprofile:manage"
|
"name": "urn:acme.com:scopes:userprofile:manage"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -68,7 +68,7 @@
|
||||||
"logic": "POSITIVE",
|
"logic": "POSITIVE",
|
||||||
"decisionStrategy": "UNANIMOUS",
|
"decisionStrategy": "UNANIMOUS",
|
||||||
"config": {
|
"config": {
|
||||||
"roles": "[{\"id\":\"user\"},{\"id\":\"manage-albums\",\"required\":true}]"
|
"roles": "[{\"id\":\"user\"},{\"id\":\"resource-server-test/manage-albums\",\"required\":true}]"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -143,7 +143,7 @@
|
||||||
"logic": "POSITIVE",
|
"logic": "POSITIVE",
|
||||||
"decisionStrategy": "UNANIMOUS",
|
"decisionStrategy": "UNANIMOUS",
|
||||||
"config": {
|
"config": {
|
||||||
"roles": "[{\"id\":\"admin\",\"required\":true}]"
|
"roles": "[{\"id\":\"resource-server-test/admin\",\"required\":true}]"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -188,4 +188,4 @@
|
||||||
"name": "urn:photoz.com:scopes:album:admin:manage"
|
"name": "urn:photoz.com:scopes:album:admin:manage"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue