[KEYCLOAK-12640] Client authorizationSettings.decisionStrategy value lost on realm import

2020-02-26 06:59:55 -08:00 · 2020-02-26 06:59:55 -08:00 · 85d7216228
commit 85d7216228
parent f1e54455e7
3 changed files with 45 additions and 0 deletions
--- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@ -562,6 +562,9 @@ public class RealmManager {

                if (Boolean.TRUE.equals(client.getAuthorizationServicesEnabled())) {
                    RepresentationToModel.createResourceServer(clientModel, session, true);
+                    if(!skipUserDependent) {
+                        RepresentationToModel.importAuthorizationSettings(client, clientModel, session);
+                    }
                }
            }
        }
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/ImportTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/ImportTest.java
@ -22,7 +22,10 @@ import org.junit.Assert;
 import org.junit.FixMethodOrder;
 import org.junit.Test;
 import org.junit.runners.MethodSorters;
+import org.keycloak.authorization.AuthorizationProvider;
+import org.keycloak.authorization.model.ResourceServer;
 import org.keycloak.authorization.policy.evaluation.Realm;
+import org.keycloak.models.ClientModel;
 import org.keycloak.models.Constants;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
@ -119,6 +122,21 @@ public class ImportTest extends AbstractTestRealmKeycloakTest {
        });
    }

+    // KEYCLOAK-12640
+    @Test
+    public void importAuthorizationSettings() throws Exception {
+        RealmRepresentation testRealm = loadJson(getClass().getResourceAsStream("/model/authz-bug.json"), RealmRepresentation.class);
+        adminClient.realms().create(testRealm);
+
+        testingClient.server().run(session -> {
+            RealmModel realm = session.realms().getRealmByName("authz-bug");
+            AuthorizationProvider authz = session.getProvider(AuthorizationProvider.class);
+            ClientModel client = realm.getClientByClientId("appserver");
+            ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().findById(client.getId());
+            Assert.assertEquals("AFFIRMATIVE", resourceServer.getDecisionStrategy().name());
+        });
+    }
+
    @Override
    public void configureTestRealm(RealmRepresentation testRealmParm) {

--- a/testsuite/integration-arquillian/tests/base/src/test/resources/model/authz-bug.json
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/model/authz-bug.json
@ -0,0 +1,24 @@
+{
+  "realm": "authz-bug",
+  "enabled": true,
+  "clients": [
+  {
+    "clientId": "appserver",
+    "enabled": true,
+    "clientAuthenticatorType": "client-secret",
+    "secret": "appserver-secret",
+    "bearerOnly": false,
+    "consentRequired": false,
+    "standardFlowEnabled": false,
+    "implicitFlowEnabled": false,
+    "directAccessGrantsEnabled": true,
+    "serviceAccountsEnabled": true,
+    "authorizationServicesEnabled": true,
+    "publicClient": false,
+    "fullScopeAllowed": true,
+    "authorizationSettings": {
+      "policyEnforcementMode": "ENFORCING",
+      "decisionStrategy": "AFFIRMATIVE"
+    }
+  }]
+}