libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

[KEYCLOAK-12640] Client authorizationSettings.decisionStrategy value lost on realm import

Browse source
This commit is contained in:
Douglas Palmer 2020-02-26 06:59:55 -08:00 committed by Pedro Igor
parent f1e54455e7
commit 85d7216228
3 changed files with 45 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
services/src/main/java/org/keycloak/services/managers/RealmManager.java
View file

@ -562,6 +562,9 @@ public class RealmManager {
if (Boolean.TRUE.equals(client.getAuthorizationServicesEnabled())) { if (Boolean.TRUE.equals(client.getAuthorizationServicesEnabled())) {
RepresentationToModel.createResourceServer(clientModel, session, true); RepresentationToModel.createResourceServer(clientModel, session, true);
if(!skipUserDependent) {
RepresentationToModel.importAuthorizationSettings(client, clientModel, session);
}
} }
} }
} }

18
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/ImportTest.java
View file

@ -22,7 +22,10 @@ import org.junit.Assert;
import org.junit.FixMethodOrder; import org.junit.FixMethodOrder;
import org.junit.Test; import org.junit.Test;
import org.junit.runners.MethodSorters; import org.junit.runners.MethodSorters;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.policy.evaluation.Realm; import org.keycloak.authorization.policy.evaluation.Realm;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants; import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
@ -119,6 +122,21 @@ public class ImportTest extends AbstractTestRealmKeycloakTest {
}); });
} }
// KEYCLOAK-12640
@Test
public void importAuthorizationSettings() throws Exception {
RealmRepresentation testRealm = loadJson(getClass().getResourceAsStream("/model/authz-bug.json"), RealmRepresentation.class);
adminClient.realms().create(testRealm);
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealmByName("authz-bug");
AuthorizationProvider authz = session.getProvider(AuthorizationProvider.class);
ClientModel client = realm.getClientByClientId("appserver");
ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().findById(client.getId());
Assert.assertEquals("AFFIRMATIVE", resourceServer.getDecisionStrategy().name());
});
}
@Override @Override
public void configureTestRealm(RealmRepresentation testRealmParm) { public void configureTestRealm(RealmRepresentation testRealmParm) {

24
testsuite/integration-arquillian/tests/base/src/test/resources/model/authz-bug.json Normal file
View file

@ -0,0 +1,24 @@
{
"realm": "authz-bug",
"enabled": true,
"clients": [
{
"clientId": "appserver",
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "appserver-secret",
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": false,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": true,
"authorizationServicesEnabled": true,
"publicClient": false,
"fullScopeAllowed": true,
"authorizationSettings": {
"policyEnforcementMode": "ENFORCING",
"decisionStrategy": "AFFIRMATIVE"
}
}]
}