[KEYCLOAK-12640] Client authorizationSettings.decisionStrategy value lost on realm import

This commit is contained in:
Douglas Palmer 2020-02-26 06:59:55 -08:00 committed by Pedro Igor
parent f1e54455e7
commit 85d7216228
3 changed files with 45 additions and 0 deletions

View file

@ -562,6 +562,9 @@ public class RealmManager {
if (Boolean.TRUE.equals(client.getAuthorizationServicesEnabled())) {
RepresentationToModel.createResourceServer(clientModel, session, true);
if(!skipUserDependent) {
RepresentationToModel.importAuthorizationSettings(client, clientModel, session);
}
}
}
}

View file

@ -22,7 +22,10 @@ import org.junit.Assert;
import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.runners.MethodSorters;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.policy.evaluation.Realm;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
@ -119,6 +122,21 @@ public class ImportTest extends AbstractTestRealmKeycloakTest {
});
}
// KEYCLOAK-12640
@Test
public void importAuthorizationSettings() throws Exception {
RealmRepresentation testRealm = loadJson(getClass().getResourceAsStream("/model/authz-bug.json"), RealmRepresentation.class);
adminClient.realms().create(testRealm);
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealmByName("authz-bug");
AuthorizationProvider authz = session.getProvider(AuthorizationProvider.class);
ClientModel client = realm.getClientByClientId("appserver");
ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().findById(client.getId());
Assert.assertEquals("AFFIRMATIVE", resourceServer.getDecisionStrategy().name());
});
}
@Override
public void configureTestRealm(RealmRepresentation testRealmParm) {

View file

@ -0,0 +1,24 @@
{
"realm": "authz-bug",
"enabled": true,
"clients": [
{
"clientId": "appserver",
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "appserver-secret",
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": false,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": true,
"authorizationServicesEnabled": true,
"publicClient": false,
"fullScopeAllowed": true,
"authorizationSettings": {
"policyEnforcementMode": "ENFORCING",
"decisionStrategy": "AFFIRMATIVE"
}
}]
}