fix demo

core/pom.xml

@@ -21,6 +21,7 @@
         <dependency>
             <groupId>net.iharder</groupId>
             <artifactId>base64</artifactId>
+            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.codehaus.jackson</groupId>

distribution/modules/build.xml

@@ -43,6 +43,10 @@
           ~ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
           -->
 
+        <module-def name="net.iharder.base64">
+            <maven-resource group="net.iharder" artifact="base64"/>
+        </module-def>
+
         <module-def name="org.bouncycastle">
             <maven-resource group="org.bouncycastle" artifact="bcprov-jdk16"/>
         </module-def>

distribution/modules/src/main/resources/modules/net/iharder/base64/main/module.xml

@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  ~ JBoss, Home of Professional Open Source.
+  ~ Copyright 2010, Red Hat, Inc., and individual contributors
+  ~ as indicated by the @author tags. See the copyright.txt file in the
+  ~ distribution for a full listing of individual contributors.
+  ~
+  ~ This is free software; you can redistribute it and/or modify it
+  ~ under the terms of the GNU Lesser General Public License as
+  ~ published by the Free Software Foundation; either version 2.1 of
+  ~ the License, or (at your option) any later version.
+  ~
+  ~ This software is distributed in the hope that it will be useful,
+  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  ~ Lesser General Public License for more details.
+  ~
+  ~ You should have received a copy of the GNU Lesser General Public
+  ~ License along with this software; if not, write to the Free
+  ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  -->
+
+<module xmlns="urn:jboss:module:1.1" name="net.iharder.base64">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>

distribution/modules/src/main/resources/modules/org/keycloak/keycloak-core/main/module.xml

@@ -31,6 +31,7 @@
         <module name="org.codehaus.jackson.jackson-mapper-asl"/>
         <module name="org.codehaus.jackson.jackson-xc"/>
         <module name="org.bouncycastle"/>
+        <module name="net.iharder.base64"/>
         <module name="javax.api"/>
     </dependencies>
 

integration/as7-eap6/adapter/pom.xml

@@ -28,6 +28,10 @@
             <artifactId>httpclient</artifactId>
             <version>${keycloak.apache.httpcomponents.version}</version>
         </dependency>
+        <dependency>
+            <groupId>net.iharder</groupId>
+            <artifactId>base64</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk16</artifactId>

integration/servlet-oauth-client/pom.xml

@@ -40,6 +40,10 @@
             <groupId>org.codehaus.jackson</groupId>
             <artifactId>jackson-mapper-asl</artifactId>
         </dependency>
+        <dependency>
+            <groupId>net.iharder</groupId>
+            <artifactId>base64</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.jboss.spec.javax.servlet</groupId>
             <artifactId>jboss-servlet-api_3.0_spec</artifactId>

integration/undertow/pom.xml

@@ -34,6 +34,10 @@
             <artifactId>httpclient</artifactId>
             <version>${keycloak.apache.httpcomponents.version}</version>
         </dependency>
+        <dependency>
+            <groupId>net.iharder</groupId>
+            <artifactId>base64</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk16</artifactId>

server/pom.xml

@@ -19,6 +19,10 @@
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk16</artifactId>
         </dependency>
+        <dependency>
+            <groupId>net.iharder</groupId>
+            <artifactId>base64</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.keycloak</groupId>
             <artifactId>keycloak-core</artifactId>

services/src/main/java/org/keycloak/services/managers/TokenManager.java

@@ -3,7 +3,6 @@ package org.keycloak.services.managers;
 import org.jboss.resteasy.logging.Logger;
 import org.keycloak.jose.jws.JWSBuilder;
 import org.keycloak.models.ApplicationModel;
-import org.keycloak.models.Constants;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RoleModel;
 import org.keycloak.models.UserModel;
@@ -15,7 +14,6 @@ import org.keycloak.util.JsonSerialization;
 import javax.ws.rs.core.MultivaluedMap;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
-import java.util.ArrayList;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
@@ -62,7 +60,7 @@ public class TokenManager {
         return scope == null || scope.isEmpty();
     }
 
-    public static void addScopes(RoleModel role, RoleModel scope, Set<RoleModel> visited, Set<RoleModel> requested) {
+    public static void applyScope(RoleModel role, RoleModel scope, Set<RoleModel> visited, Set<RoleModel> requested) {
         if (visited.contains(scope)) return;
         visited.add(scope);
         if (role.hasRole(scope)) {
@@ -72,7 +70,7 @@ public class TokenManager {
         if (!scope.isComposite()) return;
 
         for (RoleModel contained : scope.getComposites()) {
-            addScopes(role, contained, visited, requested);
+            applyScope(role, contained, visited, requested);
         }
     }
 
@@ -98,7 +96,7 @@ public class TokenManager {
             if (clientApp != null && role.getContainer().equals(clientApp)) requestedRoles.add(role);
             for (RoleModel desiredRole : scopeMappings) {
                 Set<RoleModel> visited = new HashSet<RoleModel>();
-                addScopes(role, desiredRole, visited, requestedRoles);
+                applyScope(role, desiredRole, visited, requestedRoles);
             }
         }
 
@@ -114,35 +112,6 @@ public class TokenManager {
             }
         }
 
-
-
-
-        Set<RoleModel> realmRoleMappings = realm.getRealmRoleMappings(user);
-
-        for (RoleModel role : realmRoleMappings) {
-            if (!desiresScope(scopeMap, "realm", role.getName())) continue;
-            for (RoleModel desiredRole : scopeMappings) {
-                if (desiredRole.hasRole(role)) {
-                    realmRolesRequested.add(role);
-                } else if (role.hasRole(desiredRole)) {
-                    realmRolesRequested.add(desiredRole);
-                }
-            }
-        }
-
-        for (ApplicationModel application : realm.getApplications()) {
-            if (!desiresScopeGroup(scopeMap, application.getName())) continue;
-            Set<RoleModel> appRoleMappings = application.getApplicationRoleMappings(user);
-            for (RoleModel role : appRoleMappings) {
-                if (!desiresScope(scopeMap, application.getName(), role.getName())) continue;
-                for (RoleModel desiredRole : scopeMappings) {
-                    if (!application.getApplicationUser().getLoginName().equals(client.getLoginName())
-                          && !desiredRole.hasRole(role)) continue;
-                    resourceRolesRequested.add(application.getName(), role);
-                }
-            }
-        }
-
         createToken(code, realm, client, user);
         code.setRealm(realm);
         code.setExpiration((System.currentTimeMillis() / 1000) + realm.getAccessCodeLifespan());