KEYCLOAK-2696 Unexpected error when trying to delete role mappings from read-only LDAP role mapper
This commit is contained in:
mposolda
parent
4a06d7590e
commit
7ffd6dc7a7
5 changed files with 58 additions and 8 deletions
|
|
@ -27,7 +27,6 @@ import java.util.Map;
|
|||
import java.util.Set;
|
||||
|
||||
import org.jboss.logging.Logger;
|
||||
import org.keycloak.federation.ldap.LDAPConfig;
|
||||
import org.keycloak.federation.ldap.LDAPFederationProvider;
|
||||
import org.keycloak.federation.ldap.LDAPUtils;
|
||||
import org.keycloak.federation.ldap.idm.model.LDAPDn;
|
||||
|
|
@ -42,11 +41,9 @@ import org.keycloak.federation.ldap.mappers.membership.LDAPGroupMapperMode;
|
|||
import org.keycloak.federation.ldap.mappers.membership.MembershipType;
|
||||
import org.keycloak.federation.ldap.mappers.membership.UserRolesRetrieveStrategy;
|
||||
import org.keycloak.models.GroupModel;
|
||||
import org.keycloak.models.LDAPConstants;
|
||||
import org.keycloak.models.ModelException;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserFederationMapperModel;
|
||||
import org.keycloak.models.UserFederationProviderModel;
|
||||
import org.keycloak.models.UserFederationSyncResult;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||
|
|
|
|||
|
|
@ -20,11 +20,14 @@ import org.jboss.resteasy.annotations.cache.NoCache;
|
|||
import org.jboss.resteasy.spi.NotFoundException;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.ModelException;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RoleMapperModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
import org.keycloak.models.utils.ModelToRepresentation;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
import org.keycloak.services.ErrorResponseException;
|
||||
import org.keycloak.services.ServicesLogger;
|
||||
|
||||
import javax.ws.rs.Consumes;
|
||||
|
|
@ -34,11 +37,14 @@ import javax.ws.rs.POST;
|
|||
import javax.ws.rs.Path;
|
||||
import javax.ws.rs.Produces;
|
||||
import javax.ws.rs.core.MediaType;
|
||||
import javax.ws.rs.core.Response;
|
||||
import javax.ws.rs.core.UriInfo;
|
||||
|
||||
import java.text.MessageFormat;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Properties;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
|
|
@ -48,6 +54,7 @@ import java.util.Set;
|
|||
public class ClientRoleMappingsResource {
|
||||
protected static final ServicesLogger logger = ServicesLogger.ROOT_LOGGER;
|
||||
|
||||
protected KeycloakSession session;
|
||||
protected RealmModel realm;
|
||||
protected RealmAuth auth;
|
||||
protected RoleMapperModel user;
|
||||
|
|
@ -55,8 +62,9 @@ public class ClientRoleMappingsResource {
|
|||
protected AdminEventBuilder adminEvent;
|
||||
private UriInfo uriInfo;
|
||||
|
||||
public ClientRoleMappingsResource(UriInfo uriInfo, RealmModel realm, RealmAuth auth, RoleMapperModel user, ClientModel client, AdminEventBuilder adminEvent) {
|
||||
public ClientRoleMappingsResource(UriInfo uriInfo, KeycloakSession session, RealmModel realm, RealmAuth auth, RoleMapperModel user, ClientModel client, AdminEventBuilder adminEvent) {
|
||||
this.uriInfo = uriInfo;
|
||||
this.session = session;
|
||||
this.realm = realm;
|
||||
this.auth = auth;
|
||||
this.user = user;
|
||||
|
|
@ -182,7 +190,14 @@ public class ClientRoleMappingsResource {
|
|||
if (roleModel == null || !roleModel.getId().equals(role.getId())) {
|
||||
throw new NotFoundException("Role not found");
|
||||
}
|
||||
user.deleteRoleMapping(roleModel);
|
||||
|
||||
try {
|
||||
user.deleteRoleMapping(roleModel);
|
||||
} catch (ModelException me) {
|
||||
Properties messages = AdminRoot.getMessages(session, realm, auth.getAuth().getToken().getLocale());
|
||||
throw new ErrorResponseException(me.getMessage(), MessageFormat.format(messages.getProperty(me.getMessage(), me.getMessage()), me.getParameters()),
|
||||
Response.Status.BAD_REQUEST);
|
||||
}
|
||||
}
|
||||
}
|
||||
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).representation(roles).success();
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ import org.keycloak.common.ClientConnection;
|
|||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.ModelException;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RoleMapperModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
|
|
@ -29,6 +30,7 @@ import org.keycloak.models.utils.ModelToRepresentation;
|
|||
import org.keycloak.representations.idm.ClientMappingsRepresentation;
|
||||
import org.keycloak.representations.idm.MappingsRepresentation;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
import org.keycloak.services.ErrorResponseException;
|
||||
import org.keycloak.services.ServicesLogger;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
|
||||
|
|
@ -42,11 +44,15 @@ import javax.ws.rs.Produces;
|
|||
import javax.ws.rs.core.Context;
|
||||
import javax.ws.rs.core.HttpHeaders;
|
||||
import javax.ws.rs.core.MediaType;
|
||||
import javax.ws.rs.core.Response;
|
||||
import javax.ws.rs.core.UriInfo;
|
||||
|
||||
import java.text.MessageFormat;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Properties;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
|
|
@ -238,7 +244,14 @@ public class RoleMapperResource {
|
|||
if (roleModel == null || !roleModel.getId().equals(role.getId())) {
|
||||
throw new NotFoundException("Role not found");
|
||||
}
|
||||
roleMapper.deleteRoleMapping(roleModel);
|
||||
|
||||
try {
|
||||
roleMapper.deleteRoleMapping(roleModel);
|
||||
} catch (ModelException me) {
|
||||
Properties messages = AdminRoot.getMessages(session, realm, auth.getAuth().getToken().getLocale());
|
||||
throw new ErrorResponseException(me.getMessage(), MessageFormat.format(messages.getProperty(me.getMessage(), me.getMessage()), me.getParameters()),
|
||||
Response.Status.BAD_REQUEST);
|
||||
}
|
||||
|
||||
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo, role.getId()).representation(roles).success();
|
||||
}
|
||||
|
|
@ -253,7 +266,7 @@ public class RoleMapperResource {
|
|||
throw new NotFoundException("Client not found");
|
||||
}
|
||||
|
||||
return new ClientRoleMappingsResource(uriInfo, realm, auth, roleMapper, clientModel, adminEvent);
|
||||
return new ClientRoleMappingsResource(uriInfo, session, realm, auth, roleMapper, clientModel, adminEvent);
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -939,7 +939,14 @@ public class UsersResource {
|
|||
if (group == null) {
|
||||
throw new NotFoundException("Group not found");
|
||||
}
|
||||
if (user.isMemberOf(group)) user.leaveGroup(group);
|
||||
|
||||
try {
|
||||
if (user.isMemberOf(group)) user.leaveGroup(group);
|
||||
} catch (ModelException me) {
|
||||
Properties messages = AdminRoot.getMessages(session, realm, auth.getAuth().getToken().getLocale());
|
||||
throw new ErrorResponseException(me.getMessage(), MessageFormat.format(messages.getProperty(me.getMessage(), me.getMessage()), me.getParameters()),
|
||||
Response.Status.BAD_REQUEST);
|
||||
}
|
||||
}
|
||||
|
||||
@PUT
|
||||
|
|
|
|||
|
|
@ -59,6 +59,12 @@ module.controller('UserRoleMappingCtrl', function($scope, $http, realm, user, cl
|
|||
$scope.selectedClientMappings = [];
|
||||
}
|
||||
Notifications.success("Role mappings updated.");
|
||||
}).error(function(response) {
|
||||
if (response && response['error_description']) {
|
||||
Notifications.error(response['error_description']);
|
||||
} else {
|
||||
Notifications.error("Failed to remove role mapping");
|
||||
}
|
||||
});
|
||||
};
|
||||
|
||||
|
|
@ -87,6 +93,12 @@ module.controller('UserRoleMappingCtrl', function($scope, $http, realm, user, cl
|
|||
$scope.realmComposite = CompositeRealmRoleMapping.query({realm : realm.realm, userId : user.id});
|
||||
$scope.realmRoles = AvailableRealmRoleMapping.query({realm : realm.realm, userId : user.id});
|
||||
Notifications.success("Role mappings updated.");
|
||||
}).error(function(response) {
|
||||
if (response && response['error_description']) {
|
||||
Notifications.error(response['error_description']);
|
||||
} else {
|
||||
Notifications.error("Failed to remove role mapping");
|
||||
}
|
||||
});
|
||||
};
|
||||
|
||||
|
|
@ -1170,6 +1182,12 @@ module.controller('UserGroupMembershipCtrl', function($scope, $route, realm, gro
|
|||
UserGroupMapping.remove({realm: realm.realm, userId: user.id, groupId: $scope.selectedGroup.id}, function() {
|
||||
Notifications.success('Removed group membership');
|
||||
$route.reload();
|
||||
}, function(response) {
|
||||
if (response.data && response.data['error_description']) {
|
||||
Notifications.error(response.data['error_description']);
|
||||
} else {
|
||||
Notifications.error("Failed to leave group");
|
||||
}
|
||||
});
|
||||
|
||||
};
|
||||
|
|
|
|||
Loading…
Reference in a new issue