libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

KEYCLOAK-18509 Fix permission error when deleting client

Browse source
This commit is contained in:
Simen Heggestøyl 2021-08-03 13:50:07 +02:00 committed by Pedro Igor
parent b31b60fffe
commit 624a9a3ed7
2 changed files with 58 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java
View file

@ -60,6 +60,7 @@ public class ClientApplicationSynchronizer implements Synchronizer<ClientRemoved
attributes.put(Policy.FilterOption.TYPE, new String[] {"client"});
attributes.put(Policy.FilterOption.CONFIG, new String[] {"clients", event.getClient().getId()});
attributes.put(Policy.FilterOption.ANY_OWNER, Policy.FilterOption.EMPTY_FILTER);
List<Policy> search = storeFactory.getPolicyStore().findByResourceServer(attributes, null, -1, -1);

57
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedPermissionServiceTest.java
View file

@ -109,6 +109,9 @@ public class UserManagedPermissionServiceTest extends AbstractResourceServerTest
.client(ClientBuilder.create().clientId("client-a")
.redirectUris("http://localhost/resource-server-test")
.publicClient())
.client(ClientBuilder.create().clientId("client-remove")
.redirectUris("http://localhost/resource-server-test")
.publicClient())
.build());
}
@ -992,6 +995,60 @@ public class UserManagedPermissionServiceTest extends AbstractResourceServerTest
assertTrue(policies.isEmpty());
}
@Test
public void testRemovePoliciesOnClientDelete() {
ResourceRepresentation resource = new ResourceRepresentation();
resource.setName("Resource A");
resource.setOwnerManagedAccess(true);
resource.setOwner("marta");
resource.addScope("Scope A", "Scope B", "Scope C");
resource = getAuthzClient().protection().resource().create(resource);
UmaPermissionRepresentation newPermission = new UmaPermissionRepresentation();
newPermission.setName("Custom User-Managed Permission");
newPermission.addClient("client-remove");
ProtectionResource protection = getAuthzClient().protection("marta", "password");
protection.policy(resource.getId()).create(newPermission);
getTestingClient().server().run((RunOnServer) UserManagedPermissionServiceTest::testRemovePoliciesOnClientDelete);
}
private static void testRemovePoliciesOnClientDelete(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("authz-test");
ClientModel client = realm.getClientByClientId("resource-server-test");
AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
UserModel user = session.users().getUserByUsername(realm, "marta");
Map<Policy.FilterOption, String[]> filters = new HashMap<>();
filters.put(Policy.FilterOption.TYPE, new String[] {"uma"});
filters.put(OWNER, new String[] {user.getId()});
List<Policy> policies = provider.getStoreFactory().getPolicyStore()
.findByResourceServer(filters, client.getId(), -1, -1);
assertEquals(1, policies.size());
Policy policy = policies.get(0);
assertFalse(policy.getResources().isEmpty());
Resource resource = policy.getResources().iterator().next();
assertEquals("Resource A", resource.getName());
realm.removeClient(realm.getClientByClientId("client-remove").getId());
filters = new HashMap<>();
filters.put(OWNER, new String[] {user.getId()});
policies = provider.getStoreFactory().getPolicyStore()
.findByResourceServer(filters, client.getId(), -1, -1);
assertTrue(policies.isEmpty());
}
private List<PolicyRepresentation> getAssociatedPolicies(UmaPermissionRepresentation permission) {
return getClient(getRealm()).authorization().policies().policy(permission.getId()).associatedPolicies();
}