From 9f88abb022beab64d8550931e3c147211e249e08 Mon Sep 17 00:00:00 2001
From: Gideon Caranzo <gideon.caranzo@gemalto.com>
Date: Fri, 9 Nov 2018 20:02:08 +0800
Subject: [PATCH] KEYCLOAK-8783 only checked master and realm admin roles when
 roles are specified in imported realm

---
 .../java/org/keycloak/services/managers/RealmManager.java | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
index e1c0f14bd0..798cd9a220 100755
--- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@@ -531,9 +531,11 @@ public class RealmManager {
             setupMasterAdminManagement(realm);
         }
 
-        // Assert all admin roles are available once import took place. This is needed due to import from previous version where JSON file may not contain all admin roles
-        checkMasterAdminManagementRoles(realm);
-        checkRealmAdminManagementRoles(realm);
+        if (rep.getRoles() != null) {
+        	// Assert all admin roles are available once import took place. This is needed due to import from previous version where JSON file may not contain all admin roles
+        	checkMasterAdminManagementRoles(realm);
+        	checkRealmAdminManagementRoles(realm);
+        }
 
         // Could happen when migrating from older version and I have exported JSON file, which contains "realm-management" client but not "impersonation" client
         // I need to postpone impersonation because it needs "realm-management" client and its roles set