diff --git a/js/apps/admin-ui/src/App.tsx b/js/apps/admin-ui/src/App.tsx
index d3cc7671c5..8ed5c10162 100644
--- a/js/apps/admin-ui/src/App.tsx
+++ b/js/apps/admin-ui/src/App.tsx
@@ -22,9 +22,9 @@ import { AuthWall } from "./root/AuthWall";
export const mainPageContentId = "kc-main-content-page-container";
const AppContexts = ({ children }: PropsWithChildren) => (
-
-
-
+
+
+
@@ -34,9 +34,9 @@ const AppContexts = ({ children }: PropsWithChildren) => (
-
-
-
+
+
+
);
export const App = () => {
diff --git a/js/apps/admin-ui/src/context/whoami/WhoAmI.tsx b/js/apps/admin-ui/src/context/whoami/WhoAmI.tsx
index fe91c62320..8dab265f02 100644
--- a/js/apps/admin-ui/src/context/whoami/WhoAmI.tsx
+++ b/js/apps/admin-ui/src/context/whoami/WhoAmI.tsx
@@ -7,6 +7,7 @@ import { adminClient } from "../../admin-client";
import environment from "../../environment";
import { DEFAULT_LOCALE, i18n } from "../../i18n/i18n";
import { useFetch } from "../../utils/useFetch";
+import { useRealm } from "../realm-context/RealmContext";
export class WhoAmI {
constructor(private me?: WhoAmIRepresentation) {
@@ -66,15 +67,20 @@ export const useWhoAmI = () => useRequiredContext(WhoAmIContext);
export const WhoAmIContextProvider = ({ children }: PropsWithChildren) => {
const [whoAmI, setWhoAmI] = useState(new WhoAmI());
+ const { realm } = useRealm();
const [key, setKey] = useState(0);
useFetch(
- () => adminClient.whoAmI.find({ realm: environment.loginRealm }),
+ () =>
+ adminClient.whoAmI.find({
+ realm: environment.loginRealm,
+ currentRealm: realm!,
+ }),
(me) => {
const whoAmI = new WhoAmI(me);
setWhoAmI(whoAmI);
},
- [key],
+ [key, realm],
);
return (
diff --git a/js/libs/keycloak-admin-client/src/resources/whoAmI.ts b/js/libs/keycloak-admin-client/src/resources/whoAmI.ts
index f6013d33d5..36da57d52d 100644
--- a/js/libs/keycloak-admin-client/src/resources/whoAmI.ts
+++ b/js/libs/keycloak-admin-client/src/resources/whoAmI.ts
@@ -13,8 +13,12 @@ export class WhoAmI extends Resource<{ realm?: string }> {
});
}
- public find = this.makeRequest<{}, WhoAmIRepresentation>({
+ public find = this.makeRequest<
+ { currentRealm: string },
+ WhoAmIRepresentation
+ >({
method: "GET",
path: "/whoami",
+ queryParamKeys: ["currentRealm"],
});
}
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java b/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java
index 1edf6e9448..23cf52d047 100644
--- a/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java
@@ -198,7 +198,7 @@ public class AdminConsole {
@GET
@Produces(MediaType.APPLICATION_JSON)
@NoCache
- public Response whoAmI() {
+ public Response whoAmI(@QueryParam("currentRealm") String currentRealm) {
RealmManager realmManager = new RealmManager(session);
AuthenticationManager.AuthResult authResult = new AppAuthManager.BearerTokenAuthenticator(session)
.setRealm(realm)
@@ -231,7 +231,7 @@ public class AdminConsole {
if (createRealmRole != null) {
createRealm = user.hasRole(createRealmRole);
}
- addMasterRealmAccess(user, realmAccess);
+ addMasterRealmAccess(user, currentRealm, realmAccess);
} else {
logger.debug("setting up realm access for a realm user");
addRealmAccess(realm, user, realmAccess);
@@ -251,11 +251,9 @@ public class AdminConsole {
getRealmAdminAccess(realm, realmAdminApp, user, realmAdminAccess);
}
- private void addMasterRealmAccess(UserModel user, Map> realmAdminAccess) {
- session.realms().getRealmsStream().forEach(realm -> {
- ClientModel realmAdminApp = realm.getMasterAdminClient();
- getRealmAdminAccess(realm, realmAdminApp, user, realmAdminAccess);
- });
+ private void addMasterRealmAccess(UserModel user, String currentRealm, Map> realmAdminAccess) {
+ final RealmModel realm = session.realms().getRealmByName(currentRealm);
+ getRealmAdminAccess(realm, realm.getMasterAdminClient(), user, realmAdminAccess);
}
private static HashSet union(Set set1, Set set2) {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AdminConsolePermissionsCalculatedTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AdminConsolePermissionsCalculatedTest.java
index 802ae4aeaa..222489dbf5 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AdminConsolePermissionsCalculatedTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AdminConsolePermissionsCalculatedTest.java
@@ -16,13 +16,13 @@
*/
package org.keycloak.testsuite.admin;
-import org.keycloak.Config;
import com.fasterxml.jackson.databind.JsonNode;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
+import org.keycloak.Config;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.representations.AccessTokenResponse;
@@ -69,12 +69,11 @@ public class AdminConsolePermissionsCalculatedTest extends AbstractKeycloakTest
AccessTokenResponse accessToken = adminClient.tokenManager().getAccessToken();
assertNotNull(adminClient.realms().findAll());
- String whoAmiUrl = suiteContext.getAuthServerInfo().getContextRoot().toString() + "/auth/admin/master/console/whoami";
+ String whoAmiUrl = suiteContext.getAuthServerInfo().getContextRoot().toString() + "/auth/admin/master/console/whoami?currentRealm=master";
JsonNode jsonNode = SimpleHttp.doGet(whoAmiUrl, client).auth(accessToken.getToken()).asJson();
assertTrue("Permissions for " + Config.getAdminRealm() + " realm.", jsonNode.at("/realm_access/" + Config.getAdminRealm()).isArray());
- assertTrue("Permissions for " + REALM_NAME + " realm.", jsonNode.at("/realm_access/" + REALM_NAME).isArray());
}
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AdminSignatureAlgorithmTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AdminSignatureAlgorithmTest.java
index cd1c1f2014..e93cb22ec9 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AdminSignatureAlgorithmTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AdminSignatureAlgorithmTest.java
@@ -57,12 +57,6 @@ public class AdminSignatureAlgorithmTest extends AbstractKeycloakTest {
assertEquals(Algorithm.ES256, verifier.getHeader().getAlgorithm().name());
assertNotNull(adminClient.realms().findAll());
-
- String whoAmiUrl = suiteContext.getAuthServerInfo().getContextRoot().toString() + "/auth/admin/master/console/whoami";
-
- JsonNode jsonNode = SimpleHttp.doGet(whoAmiUrl, client).auth(accessToken.getToken()).asJson();
- assertNotNull(jsonNode.get("realm"));
- assertNotNull(jsonNode.get("userId"));
} finally {
TokenSignatureUtil.changeRealmTokenSignatureProvider("master", adminClient, defaultSignatureAlgorithm);
}