libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

[KEYCLOAK-3704] - Checkign if owner is a valid user

Browse source
This commit is contained in:
Pedro Igor 2016-11-02 21:01:24 -02:00
parent da516a78b3
commit 95d2130405
1 changed files with 20 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java
View file

@ -28,8 +28,11 @@ import org.keycloak.authorization.store.ResourceStore;
import org.keycloak.authorization.store.StoreFactory; import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.ClientModel; import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants; import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.UserFederationManager;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation; import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.services.ErrorResponse; import org.keycloak.services.ErrorResponse;
import org.keycloak.services.resources.admin.RealmAuth; import org.keycloak.services.resources.admin.RealmAuth;
@ -76,12 +79,28 @@ public class ResourceSetService {
requireManage(); requireManage();
StoreFactory storeFactory = this.authorization.getStoreFactory(); StoreFactory storeFactory = this.authorization.getStoreFactory();
Resource existingResource = storeFactory.getResourceStore().findByName(resource.getName(), this.resourceServer.getId()); Resource existingResource = storeFactory.getResourceStore().findByName(resource.getName(), this.resourceServer.getId());
ResourceOwnerRepresentation owner = resource.getOwner();
if (existingResource != null && existingResource.getResourceServer().getId().equals(this.resourceServer.getId()) if (existingResource != null && existingResource.getResourceServer().getId().equals(this.resourceServer.getId())
&& existingResource.getOwner().equals(resource.getOwner())) { && existingResource.getOwner().equals(owner)) {
return ErrorResponse.exists("Resource with name [" + resource.getName() + "] already exists."); return ErrorResponse.exists("Resource with name [" + resource.getName() + "] already exists.");
} }
String ownerId = owner.getId();
if (ownerId != null) {
if (!resourceServer.getClientId().equals(ownerId)) {
RealmModel realm = authorization.getRealm();
KeycloakSession keycloakSession = authorization.getKeycloakSession();
UserFederationManager users = keycloakSession.users();
UserModel ownerModel = users.getUserByUsername(ownerId, realm);
if (ownerModel == null) {
return ErrorResponse.error("Owner must be a valid username or, if the resource server, the client id.", Status.BAD_REQUEST);
}
}
}
Resource model = toModel(resource, this.resourceServer, authorization); Resource model = toModel(resource, this.resourceServer, authorization);
ResourceRepresentation representation = new ResourceRepresentation(); ResourceRepresentation representation = new ResourceRepresentation();