From 3c3bbdbbdb390d3d715ac23c9448eb0264bcef98 Mon Sep 17 00:00:00 2001 From: mposolda Date: Wed, 13 Apr 2016 11:47:54 +0200 Subject: [PATCH] KEYCLOAK-2809 NPE when removing role, which is in scope of some ClientTemplate --- .../resource/ClientTemplatesResource.java | 2 +- .../cache/infinispan/RealmCacheSession.java | 5 ++ .../infinispan/stream/HasRolePredicate.java | 6 ++ .../admin/client/ClientTemplateTest.java | 69 +++++++++++++++++++ 4 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientTemplateTest.java diff --git a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ClientTemplatesResource.java b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ClientTemplatesResource.java index 19addd7ea8..2f3f9a7361 100755 --- a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ClientTemplatesResource.java +++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ClientTemplatesResource.java @@ -36,7 +36,7 @@ import java.util.List; public interface ClientTemplatesResource { @Path("{id}") - public ClientTemplatesResource get(@PathParam("id") String id); + public ClientTemplateResource get(@PathParam("id") String id); @POST @Consumes(MediaType.APPLICATION_JSON) diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmCacheSession.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmCacheSession.java index b4ed669ff1..2a3880d67b 100755 --- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmCacheSession.java +++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmCacheSession.java @@ -220,6 +220,11 @@ public class RealmCacheSession implements CacheRealmProvider { group.invalidate(); continue; } + ClientTemplateAdapter clientTemplate = managedClientTemplates.get(id); + if (clientTemplate != null) { + clientTemplate.invalidate(); + continue; + } } diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/stream/HasRolePredicate.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/stream/HasRolePredicate.java index 13f11658dc..e0de8e751a 100755 --- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/stream/HasRolePredicate.java +++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/stream/HasRolePredicate.java @@ -1,6 +1,7 @@ package org.keycloak.models.cache.infinispan.stream; import org.keycloak.models.cache.infinispan.entities.CachedClient; +import org.keycloak.models.cache.infinispan.entities.CachedClientTemplate; import org.keycloak.models.cache.infinispan.entities.CachedGroup; import org.keycloak.models.cache.infinispan.entities.CachedRole; import org.keycloak.models.cache.infinispan.entities.Revisioned; @@ -46,6 +47,11 @@ public class HasRolePredicate implements Predicate CachedClient cachedClient = (CachedClient)value; if (cachedClient.getScope().contains(role)) return true; + } + if (value instanceof CachedClientTemplate) { + CachedClientTemplate cachedClientTemplate = (CachedClientTemplate)value; + if (cachedClientTemplate.getScope().contains(role)) return true; + } return false; } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientTemplateTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientTemplateTest.java new file mode 100644 index 0000000000..81246950ed --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientTemplateTest.java @@ -0,0 +1,69 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.testsuite.admin.client; + +import java.util.Collections; +import java.util.List; + +import javax.ws.rs.core.Response; + +import org.junit.Assert; +import org.junit.Test; +import org.keycloak.representations.idm.ClientTemplateRepresentation; +import org.keycloak.representations.idm.RoleRepresentation; +import org.keycloak.testsuite.admin.ApiUtil; + +/** + * @author Marek Posolda + */ +public class ClientTemplateTest extends AbstractClientTest { + + + // KEYCLOAK-2809 + @Test + public void testRemove() { + // Add realm role + RoleRepresentation roleRep = new RoleRepresentation(); + roleRep.setName("foo-role"); + testRealmResource().roles().create(roleRep); + roleRep = testRealmResource().roles().get("foo-role").toRepresentation(); + + // Add client template + ClientTemplateRepresentation templateRep = new ClientTemplateRepresentation(); + templateRep.setName("bar-template"); + templateRep.setFullScopeAllowed(false); + Response resp = testRealmResource().clientTemplates().create(templateRep); + resp.close(); + String clientTemplateId = ApiUtil.getCreatedId(resp); + + // Add realm role to scopes of clientTemplate + testRealmResource().clientTemplates().get(clientTemplateId).getScopeMappings().realmLevel().add(Collections.singletonList(roleRep)); + + List roleReps = testRealmResource().clientTemplates().get(clientTemplateId).getScopeMappings().realmLevel().listAll(); + Assert.assertEquals(1, roleReps.size()); + Assert.assertEquals("foo-role", roleReps.get(0).getName()); + + // Remove realm role + testRealmResource().roles().deleteRole("foo-role"); + + // Get scope mappings + roleReps = testRealmResource().clientTemplates().get(clientTemplateId).getScopeMappings().realmLevel().listAll(); + Assert.assertEquals(0, roleReps.size()); + } + +}