libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Change String client.id to ClientModel client in ResourceServerStore

Browse source 
Closes #10442
This commit is contained in:
Vlasta Ramik 2022-02-24 12:46:26 +01:00 committed by GitHub
parent 07d47cf6c2
commit aa6a131b73
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
23 changed files with 88 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java
View file

@ -109,7 +109,7 @@ public class ClientPolicyProviderFactory implements PolicyProviderFactory<Client
PolicyStore policyStore = storeFactory.getPolicyStore();
ClientModel removedClient = ((ClientRemovedEvent) event).getClient();
ResourceServerStore resourceServerStore = storeFactory.getResourceServerStore();
ResourceServer resourceServer = resourceServerStore.findById(removedClient.getId());
ResourceServer resourceServer = resourceServerStore.findByClient(removedClient);
if (resourceServer != null) {
policyStore.findByType(getId(), resourceServer.getId()).forEach(policy -> {

2
authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProviderFactory.java
View file

@ -220,7 +220,7 @@ public class RolePolicyProviderFactory implements PolicyProviderFactory<RolePoli
}
private void updateResourceServer(ClientModel clientModel, RoleModel removedRole, ResourceServerStore resourceServerStore, PolicyStore policyStore) {
ResourceServer resourceServer = resourceServerStore.findById(clientModel.getId());
ResourceServer resourceServer = resourceServerStore.findByClient(clientModel);
if (resourceServer != null) {
policyStore.findByType(getId(), resourceServer.getId()).forEach(policy -> {

16
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheSession.java vendored
View file

@ -43,6 +43,7 @@ import org.keycloak.authorization.store.ResourceServerStore;
import org.keycloak.authorization.store.ResourceStore;
import org.keycloak.authorization.store.ScopeStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakTransaction;
import org.keycloak.models.ModelException;
@ -434,17 +435,19 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
protected class ResourceServerCache implements ResourceServerStore {
@Override
public ResourceServer create(String clientId) {
public ResourceServer create(ClientModel client) {
String clientId = client.getId();
if (!StorageId.isLocalStorage(clientId)) {
throw new ModelException("Creating resource server from federated ClientModel not supported");
}
ResourceServer server = getResourceServerStoreDelegate().create(clientId);
ResourceServer server = getResourceServerStoreDelegate().create(client);
registerResourceServerInvalidation(server.getId());
return server;
}
@Override
public void delete(String id) {
public void delete(ClientModel client) {
String id = client.getId();
if (id == null) return;
ResourceServer server = findById(id);
if (server == null) return;
@ -452,7 +455,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
cache.invalidateObject(id);
invalidationEvents.add(ResourceServerRemovedEvent.create(id, server.getId()));
cache.resourceServerRemoval(id, invalidations);
getResourceServerStoreDelegate().delete(id);
getResourceServerStoreDelegate().delete(client);
}
@ -484,6 +487,11 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
managedResourceServers.put(id, adapter);
return adapter;
}
@Override
public ResourceServer findByClient(ClientModel client) {
return findById(client.getId());
}
}
protected class ScopeCache implements ScopeStore {

12
model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAResourceServerStore.java
View file

@ -31,6 +31,7 @@ import org.keycloak.storage.StorageId;
import javax.persistence.EntityManager;
import javax.persistence.TypedQuery;
import java.util.List;
import org.keycloak.models.ClientModel;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
@ -46,7 +47,8 @@ public class JPAResourceServerStore implements ResourceServerStore {
}
@Override
public ResourceServer create(String clientId) {
public ResourceServer create(ClientModel client) {
String clientId = client.getId();
if (!StorageId.isLocalStorage(clientId)) {
throw new ModelException("Creating resource server from federated ClientModel not supported");
}
@ -60,7 +62,8 @@ public class JPAResourceServerStore implements ResourceServerStore {
}
@Override
public void delete(String id) {
public void delete(ClientModel client) {
String id = client.getId();
ResourceServerEntity entity = entityManager.find(ResourceServerEntity.class, id);
if (entity == null) return;
//This didn't work, had to loop through and remove each policy individually
@ -124,4 +127,9 @@ public class JPAResourceServerStore implements ResourceServerStore {
if (entity == null) return null;
return new ResourceServerAdapter(entity, entityManager, provider.getStoreFactory());
}
@Override
public ResourceServer findByClient(ClientModel client) {
return findById(client.getId());
}
}

12
model/map/src/main/java/org/keycloak/models/map/authorization/MapResourceServerStore.java
View file

@ -40,6 +40,7 @@ import org.keycloak.models.map.storage.MapStorage;
import org.keycloak.storage.StorageId;
import static org.keycloak.common.util.StackUtil.getShortStackTrace;
import org.keycloak.models.ClientModel;
public class MapResourceServerStore implements ResourceServerStore {
@ -62,7 +63,8 @@ public class MapResourceServerStore implements ResourceServerStore {
}
@Override
public ResourceServer create(String clientId) {
public ResourceServer create(ClientModel client) {
String clientId = client.getId();
LOG.tracef("create(%s)%s", clientId, getShortStackTrace());
if (clientId == null) return null;
@ -82,7 +84,8 @@ public class MapResourceServerStore implements ResourceServerStore {
}
@Override
public void delete(String id) {
public void delete(ClientModel client) {
String id = client.getId();
LOG.tracef("delete(%s, %s)%s", id, getShortStackTrace());
if (id == null) return;
@ -121,4 +124,9 @@ public class MapResourceServerStore implements ResourceServerStore {
MapResourceServerEntity entity = tx.read(id);
return entityToAdapter(entity);
}
@Override
public ResourceServer findByClient(ClientModel client) {
return findById(client.getId());
}
}

22
server-spi-private/src/main/java/org/keycloak/authorization/store/ResourceServerStore.java
View file

@ -19,6 +19,7 @@
package org.keycloak.authorization.store;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.models.ClientModel;
/**
* A {@link ResourceServerStore} is responsible to manage the persistence of {@link ResourceServer} instances.
@ -30,18 +31,18 @@ public interface ResourceServerStore {
/**
* <p>Creates a {@link ResourceServer} instance backed by this persistent storage implementation.
*
* @param clientId the client id acting as a resource server
* @param client the client acting as a resource server
*
* @return an instance backed by the underlying storage implementation
*/
ResourceServer create(String clientId);
ResourceServer create(ClientModel client);
/**
* Removes a {@link ResourceServer} instance, with the given {@code id} from the persistent storage.
* Removes a {@link ResourceServer} instance, with the given client from the persistent storage.
*
* @param id the identifier of an existing resource server instance
* @param client the client acting as a resource server
*/
void delete(String id);
void delete(ClientModel client);
/**
* Returns a {@link ResourceServer} instance based on its identifier.
@ -49,6 +50,17 @@ public interface ResourceServerStore {
* @param id the identifier of an existing resource server instance
*
* @return the resource server instance with the given identifier or null if no instance was found
* @deprecated use {@code findByClient} instead.
*/
@Deprecated
ResourceServer findById(String id);
/**
* Returns a {@link ResourceServer} instance based on a client.
*
* @param client the client acting as a resource server
*
* @return the resource server instance or null if no instance was found
*/
ResourceServer findByClient(ClientModel client);
}

4
server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java
View file

@ -50,10 +50,10 @@ public class ClientApplicationSynchronizer implements Synchronizer<ClientRemoved
private void removeFromClientPolicies(ClientRemovedEvent event, AuthorizationProvider authorizationProvider) {
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
ResourceServerStore store = storeFactory.getResourceServerStore();
ResourceServer resourceServer = store.findById(event.getClient().getId());
ResourceServer resourceServer = store.findByClient(event.getClient());
if (resourceServer != null) {
storeFactory.getResourceServerStore().delete(resourceServer.getId());
storeFactory.getResourceServerStore().delete(event.getClient());
}
Map<Policy.FilterOption, String[]> attributes = new EnumMap<>(Policy.FilterOption.class);

6
server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/RealmSynchronizer.java
View file

@ -19,7 +19,6 @@
package org.keycloak.authorization.store.syncronization;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.store.ResourceServerStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.KeycloakSessionFactory;
@ -37,9 +36,6 @@ public class RealmSynchronizer implements Synchronizer<RealmRemovedEvent> {
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
ResourceServerStore resourceServerStore = storeFactory.getResourceServerStore();
event.getRealm().getClientsStream().forEach(clientModel -> {
String id = clientModel.getId();
resourceServerStore.delete(id);
});
event.getRealm().getClientsStream().forEach(resourceServerStore::delete);
}
}

2
server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo2_1_0.java
View file

@ -75,7 +75,7 @@ public class MigrateTo2_1_0 implements Migration {
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
PolicyStore policyStore = storeFactory.getPolicyStore();
realm.getClientsStream().forEach(clientModel -> {
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId());
ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
if (resourceServer != null) {
policyStore.findByType("role", resourceServer.getId()).forEach(policy -> {

2
server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
View file

@ -689,7 +689,7 @@ public class ModelToRepresentation {
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ResourceServer resourceServer = authorization.getStoreFactory().getResourceServerStore().findById(clientModel.getId());
ResourceServer resourceServer = authorization.getStoreFactory().getResourceServerStore().findByClient(clientModel);
if (resourceServer != null) {
rep.setAuthorizationServicesEnabled(true);

10
server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
View file

@ -2284,17 +2284,17 @@ public class RepresentationToModel {
rep.setClientId(client.getId());
toModel(rep, authorization);
toModel(rep, authorization, client);
}
}
public static ResourceServer toModel(ResourceServerRepresentation rep, AuthorizationProvider authorization) {
public static ResourceServer toModel(ResourceServerRepresentation rep, AuthorizationProvider authorization, ClientModel client) {
ResourceServerStore resourceServerStore = authorization.getStoreFactory().getResourceServerStore();
ResourceServer resourceServer;
ResourceServer existing = resourceServerStore.findById(rep.getClientId());
ResourceServer existing = resourceServerStore.findByClient(client);
if (existing == null) {
resourceServer = resourceServerStore.create(rep.getClientId());
resourceServer = resourceServerStore.create(client);
resourceServer.setAllowRemoteResourceManagement(true);
resourceServer.setPolicyEnforcementMode(PolicyEnforcementMode.ENFORCING);
} else {
@ -2903,6 +2903,6 @@ public class RepresentationToModel {
representation.setAllowRemoteResourceManagement(true);
representation.setClientId(client.getId());
return toModel(representation, authorization);
return toModel(representation, authorization, client);
}
}

2
services/src/main/java/org/keycloak/authorization/admin/AuthorizationService.java
View file

@ -43,7 +43,7 @@ public class AuthorizationService {
this.client = client;
this.authorization = session.getProvider(AuthorizationProvider.class);
this.adminEvent = adminEvent;
this.resourceServer = this.authorization.getStoreFactory().getResourceServerStore().findById(this.client.getId());
this.resourceServer = this.authorization.getStoreFactory().getResourceServerStore().findByClient(this.client);
this.auth = auth;
}

4
services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java
View file

@ -106,7 +106,7 @@ public class ResourceServerService {
public void delete() {
this.auth.realm().requireManageAuthorization();
authorization.getStoreFactory().getResourceServerStore().delete(resourceServer.getId());
authorization.getStoreFactory().getResourceServerStore().delete(client);
audit(OperationType.DELETE, session.getContext().getUri(), false);
}
@ -133,7 +133,7 @@ public class ResourceServerService {
rep.setClientId(client.getId());
RepresentationToModel.toModel(rep, authorization);
RepresentationToModel.toModel(rep, authorization, client);
audit(OperationType.UPDATE, session.getContext().getUri(), false);

2
services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java
View file

@ -438,7 +438,7 @@ public class AuthorizationTokenService {
throw unknownServerIdException;
}
ResourceServer resourceServer = resourceServerStore.findById(clientModel.getId());
ResourceServer resourceServer = resourceServerStore.findByClient(clientModel);
if (resourceServer == null) {
CorsErrorResponseException unsupportedPermissionsException = new CorsErrorResponseException(request.getCors(), OAuthErrorException.INVALID_REQUEST, "Client does not support permissions", Status.BAD_REQUEST);

2
services/src/main/java/org/keycloak/authorization/protection/ProtectionService.java
View file

@ -142,7 +142,7 @@ public class ProtectionService {
}
}
ResourceServer resourceServer = this.authorization.getStoreFactory().getResourceServerStore().findById(clientModel.getId());
ResourceServer resourceServer = this.authorization.getStoreFactory().getResourceServerStore().findByClient(clientModel);
if (resourceServer == null) {
throw new ErrorResponseException("invalid_clientId", "Client application [" + clientModel.getClientId() + "] is not registered as a resource server.", Status.FORBIDDEN);

2
services/src/main/java/org/keycloak/exportimport/util/ExportUtils.java
View file

@ -297,7 +297,7 @@ public class ExportUtils {
AuthorizationProviderFactory providerFactory = (AuthorizationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class);
AuthorizationProvider authorization = providerFactory.create(session, client.getRealm());
StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer settingsModel = authorization.getStoreFactory().getResourceServerStore().findById(client.getId());
ResourceServer settingsModel = authorization.getStoreFactory().getResourceServerStore().findByClient(client);
if (settingsModel == null) {
return null;

2
services/src/main/java/org/keycloak/services/resources/account/resources/ResourceService.java
View file

@ -58,7 +58,7 @@ public class ResourceService extends AbstractResourceService {
Auth auth, HttpRequest request) {
super(session, user, auth, request);
this.resource = resource;
this.resourceServer = provider.getStoreFactory().getResourceServerStore().findById(resource.getResourceServer());
this.resourceServer = provider.getStoreFactory().getResourceServerStore().findByClient(provider.getRealm().getClientById(resource.getResourceServer()));
}
/**

6
services/src/main/java/org/keycloak/services/resources/admin/permissions/MgmtPermissions.java
View file

@ -256,7 +256,7 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage
ClientModel client = getRealmManagementClient();
if (client == null) return null;
ResourceServerStore resourceServerStore = authz.getStoreFactory().getResourceServerStore();
realmResourceServer = resourceServerStore.findById(client.getId());
realmResourceServer = resourceServerStore.findByClient(client);
return realmResourceServer;
}
@ -265,9 +265,9 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage
if (!Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) return null;
if (realmResourceServer != null) return realmResourceServer;
ClientModel client = getRealmManagementClient();
realmResourceServer = authz.getStoreFactory().getResourceServerStore().findById(client.getId());
realmResourceServer = authz.getStoreFactory().getResourceServerStore().findByClient(client);
if (realmResourceServer == null) {
realmResourceServer = authz.getStoreFactory().getResourceServerStore().create(client.getId());
realmResourceServer = authz.getStoreFactory().getResourceServerStore().create(client);
}
return realmResourceServer;
}

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ResourcesRestServiceTest.java
View file

@ -62,6 +62,7 @@ import java.util.function.Consumer;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
@ -129,6 +130,7 @@ public class ResourcesRestServiceTest extends AbstractRestServiceTest {
try (Response response1 = authorization.resources().create(resource)) {
resource.setId(response1.readEntity(ResourceRepresentation.class).getId());
assertTrue(resource.getId() != null);
}
for (String scope : Arrays.asList("Scope A", "Scope B")) {

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AuthzCleanupTest.java
View file

@ -81,7 +81,7 @@ public class AuthzCleanupTest extends AbstractKeycloakTest {
session.getContext().setRealm(realm);
AuthorizationProvider authz = session.getProvider(AuthorizationProvider.class);
ClientModel myclient = realm.getClientByClientId("myclient");
ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().findById(myclient.getId());
ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().findByClient(myclient);
createRolePolicy(authz, resourceServer, myclient.getClientId() + "/client-role-1");
createRolePolicy(authz, resourceServer, myclient.getClientId() + "/client-role-2");
}

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PolicyEvaluationCompositeRoleTest.java
View file

@ -75,7 +75,7 @@ public class PolicyEvaluationCompositeRoleTest extends AbstractAuthzTest {
AuthorizationProviderFactory factory = (AuthorizationProviderFactory)session.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class);
AuthorizationProvider authz = factory.create(session, realm);
ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().create(client.getId());
ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().create(client);
Policy policy = createRolePolicy(authz, resourceServer, role1);
Scope scope = authz.getStoreFactory().getScopeStore().create("myscope", resourceServer);

24
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PolicyEvaluationTest.java
View file

@ -135,7 +135,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId());
ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
TimePolicyRepresentation policyRepresentation = new TimePolicyRepresentation();
policyRepresentation.setName("testCheckDateAndTime");
@ -170,7 +170,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId());
ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
policyRepresentation.setName("testCheckUserInGroup");
@ -329,7 +329,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId());
ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
policyRepresentation.setName("testCheckUserInRole");
@ -376,7 +376,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId());
ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
policyRepresentation.setName("testCheckUserInClientRole");
@ -423,7 +423,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId());
ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
policyRepresentation.setName("testCheckGroupInRole");
@ -470,7 +470,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId());
ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
policyRepresentation.setName("testCheckUserRealmRoles");
@ -502,7 +502,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId());
ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
policyRepresentation.setName("testCheckUserClientRoles");
@ -534,7 +534,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId());
ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
policyRepresentation.setName("testCheckUserGroups");
@ -572,7 +572,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId());
ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
policyRepresentation.setName("testCheckUserAttributes");
@ -604,7 +604,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId());
ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
policyRepresentation.setName("testCheckResourceAttributes");
@ -641,7 +641,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId());
ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
policyRepresentation.setName("testCheckReadOnlyInstances");
@ -687,7 +687,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId());
ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
Scope readScope = storeFactory.getScopeStore().create("read", resourceServer);
Scope writeScope = storeFactory.getScopeStore().create("write", resourceServer);

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/ImportTest.java
View file

@ -133,7 +133,7 @@ public class ImportTest extends AbstractTestRealmKeycloakTest {
RealmModel realm = session.realms().getRealmByName("authz-bug");
AuthorizationProvider authz = session.getProvider(AuthorizationProvider.class);
ClientModel client = realm.getClientByClientId("appserver");
ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().findById(client.getId());
ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().findByClient(client);
Assert.assertEquals("AFFIRMATIVE", resourceServer.getDecisionStrategy().name());
});
}