diff --git a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java index b47fea1e4d..c1fc5c08c3 100644 --- a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java +++ b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java @@ -109,7 +109,7 @@ public class ClientPolicyProviderFactory implements PolicyProviderFactory { diff --git a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProviderFactory.java b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProviderFactory.java index b7ad3158fe..a58090482c 100644 --- a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProviderFactory.java +++ b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProviderFactory.java @@ -220,7 +220,7 @@ public class RolePolicyProviderFactory implements PolicyProviderFactory { diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheSession.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheSession.java index 723e2e4a06..9c99832315 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheSession.java +++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheSession.java @@ -43,6 +43,7 @@ import org.keycloak.authorization.store.ResourceServerStore; import org.keycloak.authorization.store.ResourceStore; import org.keycloak.authorization.store.ScopeStore; import org.keycloak.authorization.store.StoreFactory; +import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakTransaction; import org.keycloak.models.ModelException; @@ -434,17 +435,19 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { protected class ResourceServerCache implements ResourceServerStore { @Override - public ResourceServer create(String clientId) { + public ResourceServer create(ClientModel client) { + String clientId = client.getId(); if (!StorageId.isLocalStorage(clientId)) { throw new ModelException("Creating resource server from federated ClientModel not supported"); } - ResourceServer server = getResourceServerStoreDelegate().create(clientId); + ResourceServer server = getResourceServerStoreDelegate().create(client); registerResourceServerInvalidation(server.getId()); return server; } @Override - public void delete(String id) { + public void delete(ClientModel client) { + String id = client.getId(); if (id == null) return; ResourceServer server = findById(id); if (server == null) return; @@ -452,7 +455,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { cache.invalidateObject(id); invalidationEvents.add(ResourceServerRemovedEvent.create(id, server.getId())); cache.resourceServerRemoval(id, invalidations); - getResourceServerStoreDelegate().delete(id); + getResourceServerStoreDelegate().delete(client); } @@ -484,6 +487,11 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { managedResourceServers.put(id, adapter); return adapter; } + + @Override + public ResourceServer findByClient(ClientModel client) { + return findById(client.getId()); + } } protected class ScopeCache implements ScopeStore { diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAResourceServerStore.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAResourceServerStore.java index 308b073111..2c9bc986a3 100644 --- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAResourceServerStore.java +++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAResourceServerStore.java @@ -31,6 +31,7 @@ import org.keycloak.storage.StorageId; import javax.persistence.EntityManager; import javax.persistence.TypedQuery; import java.util.List; +import org.keycloak.models.ClientModel; /** * @author Pedro Igor @@ -46,7 +47,8 @@ public class JPAResourceServerStore implements ResourceServerStore { } @Override - public ResourceServer create(String clientId) { + public ResourceServer create(ClientModel client) { + String clientId = client.getId(); if (!StorageId.isLocalStorage(clientId)) { throw new ModelException("Creating resource server from federated ClientModel not supported"); } @@ -60,7 +62,8 @@ public class JPAResourceServerStore implements ResourceServerStore { } @Override - public void delete(String id) { + public void delete(ClientModel client) { + String id = client.getId(); ResourceServerEntity entity = entityManager.find(ResourceServerEntity.class, id); if (entity == null) return; //This didn't work, had to loop through and remove each policy individually @@ -124,4 +127,9 @@ public class JPAResourceServerStore implements ResourceServerStore { if (entity == null) return null; return new ResourceServerAdapter(entity, entityManager, provider.getStoreFactory()); } + + @Override + public ResourceServer findByClient(ClientModel client) { + return findById(client.getId()); + } } diff --git a/model/map/src/main/java/org/keycloak/models/map/authorization/MapResourceServerStore.java b/model/map/src/main/java/org/keycloak/models/map/authorization/MapResourceServerStore.java index 5085efd659..042474aa3a 100644 --- a/model/map/src/main/java/org/keycloak/models/map/authorization/MapResourceServerStore.java +++ b/model/map/src/main/java/org/keycloak/models/map/authorization/MapResourceServerStore.java @@ -40,6 +40,7 @@ import org.keycloak.models.map.storage.MapStorage; import org.keycloak.storage.StorageId; import static org.keycloak.common.util.StackUtil.getShortStackTrace; +import org.keycloak.models.ClientModel; public class MapResourceServerStore implements ResourceServerStore { @@ -62,7 +63,8 @@ public class MapResourceServerStore implements ResourceServerStore { } @Override - public ResourceServer create(String clientId) { + public ResourceServer create(ClientModel client) { + String clientId = client.getId(); LOG.tracef("create(%s)%s", clientId, getShortStackTrace()); if (clientId == null) return null; @@ -82,7 +84,8 @@ public class MapResourceServerStore implements ResourceServerStore { } @Override - public void delete(String id) { + public void delete(ClientModel client) { + String id = client.getId(); LOG.tracef("delete(%s, %s)%s", id, getShortStackTrace()); if (id == null) return; @@ -121,4 +124,9 @@ public class MapResourceServerStore implements ResourceServerStore { MapResourceServerEntity entity = tx.read(id); return entityToAdapter(entity); } + + @Override + public ResourceServer findByClient(ClientModel client) { + return findById(client.getId()); + } } diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/store/ResourceServerStore.java b/server-spi-private/src/main/java/org/keycloak/authorization/store/ResourceServerStore.java index d01b19a411..2d49abafab 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/store/ResourceServerStore.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/store/ResourceServerStore.java @@ -19,6 +19,7 @@ package org.keycloak.authorization.store; import org.keycloak.authorization.model.ResourceServer; +import org.keycloak.models.ClientModel; /** * A {@link ResourceServerStore} is responsible to manage the persistence of {@link ResourceServer} instances. @@ -30,18 +31,18 @@ public interface ResourceServerStore { /** *

Creates a {@link ResourceServer} instance backed by this persistent storage implementation. * - * @param clientId the client id acting as a resource server + * @param client the client acting as a resource server * * @return an instance backed by the underlying storage implementation */ - ResourceServer create(String clientId); + ResourceServer create(ClientModel client); /** - * Removes a {@link ResourceServer} instance, with the given {@code id} from the persistent storage. + * Removes a {@link ResourceServer} instance, with the given client from the persistent storage. * - * @param id the identifier of an existing resource server instance + * @param client the client acting as a resource server */ - void delete(String id); + void delete(ClientModel client); /** * Returns a {@link ResourceServer} instance based on its identifier. @@ -49,6 +50,17 @@ public interface ResourceServerStore { * @param id the identifier of an existing resource server instance * * @return the resource server instance with the given identifier or null if no instance was found + * @deprecated use {@code findByClient} instead. */ + @Deprecated ResourceServer findById(String id); + + /** + * Returns a {@link ResourceServer} instance based on a client. + * + * @param client the client acting as a resource server + * + * @return the resource server instance or null if no instance was found + */ + ResourceServer findByClient(ClientModel client); } diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java index 1878c6f03d..d94d8ba541 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java @@ -50,10 +50,10 @@ public class ClientApplicationSynchronizer implements Synchronizer attributes = new EnumMap<>(Policy.FilterOption.class); diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/RealmSynchronizer.java b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/RealmSynchronizer.java index 69fb6718d9..3caceaa21d 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/RealmSynchronizer.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/RealmSynchronizer.java @@ -19,7 +19,6 @@ package org.keycloak.authorization.store.syncronization; import org.keycloak.authorization.AuthorizationProvider; -import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.store.ResourceServerStore; import org.keycloak.authorization.store.StoreFactory; import org.keycloak.models.KeycloakSessionFactory; @@ -37,9 +36,6 @@ public class RealmSynchronizer implements Synchronizer { StoreFactory storeFactory = authorizationProvider.getStoreFactory(); ResourceServerStore resourceServerStore = storeFactory.getResourceServerStore(); - event.getRealm().getClientsStream().forEach(clientModel -> { - String id = clientModel.getId(); - resourceServerStore.delete(id); - }); + event.getRealm().getClientsStream().forEach(resourceServerStore::delete); } } diff --git a/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo2_1_0.java b/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo2_1_0.java index 6eef89a99e..88f21d3635 100644 --- a/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo2_1_0.java +++ b/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo2_1_0.java @@ -75,7 +75,7 @@ public class MigrateTo2_1_0 implements Migration { StoreFactory storeFactory = authorizationProvider.getStoreFactory(); PolicyStore policyStore = storeFactory.getPolicyStore(); realm.getClientsStream().forEach(clientModel -> { - ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); + ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel); if (resourceServer != null) { policyStore.findByType("role", resourceServer.getId()).forEach(policy -> { diff --git a/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java b/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java index 282eedf40f..1d53864d25 100755 --- a/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java +++ b/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java @@ -689,7 +689,7 @@ public class ModelToRepresentation { if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) { AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); - ResourceServer resourceServer = authorization.getStoreFactory().getResourceServerStore().findById(clientModel.getId()); + ResourceServer resourceServer = authorization.getStoreFactory().getResourceServerStore().findByClient(clientModel); if (resourceServer != null) { rep.setAuthorizationServicesEnabled(true); diff --git a/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java b/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java index 478c42f53c..a9b8dbe799 100755 --- a/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java +++ b/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java @@ -2284,17 +2284,17 @@ public class RepresentationToModel { rep.setClientId(client.getId()); - toModel(rep, authorization); + toModel(rep, authorization, client); } } - public static ResourceServer toModel(ResourceServerRepresentation rep, AuthorizationProvider authorization) { + public static ResourceServer toModel(ResourceServerRepresentation rep, AuthorizationProvider authorization, ClientModel client) { ResourceServerStore resourceServerStore = authorization.getStoreFactory().getResourceServerStore(); ResourceServer resourceServer; - ResourceServer existing = resourceServerStore.findById(rep.getClientId()); + ResourceServer existing = resourceServerStore.findByClient(client); if (existing == null) { - resourceServer = resourceServerStore.create(rep.getClientId()); + resourceServer = resourceServerStore.create(client); resourceServer.setAllowRemoteResourceManagement(true); resourceServer.setPolicyEnforcementMode(PolicyEnforcementMode.ENFORCING); } else { @@ -2903,6 +2903,6 @@ public class RepresentationToModel { representation.setAllowRemoteResourceManagement(true); representation.setClientId(client.getId()); - return toModel(representation, authorization); + return toModel(representation, authorization, client); } } diff --git a/services/src/main/java/org/keycloak/authorization/admin/AuthorizationService.java b/services/src/main/java/org/keycloak/authorization/admin/AuthorizationService.java index e141784a5d..71d5d8a7d2 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/AuthorizationService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/AuthorizationService.java @@ -43,7 +43,7 @@ public class AuthorizationService { this.client = client; this.authorization = session.getProvider(AuthorizationProvider.class); this.adminEvent = adminEvent; - this.resourceServer = this.authorization.getStoreFactory().getResourceServerStore().findById(this.client.getId()); + this.resourceServer = this.authorization.getStoreFactory().getResourceServerStore().findByClient(this.client); this.auth = auth; } diff --git a/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java b/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java index c7f6d36551..54f5501c35 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java @@ -106,7 +106,7 @@ public class ResourceServerService { public void delete() { this.auth.realm().requireManageAuthorization(); - authorization.getStoreFactory().getResourceServerStore().delete(resourceServer.getId()); + authorization.getStoreFactory().getResourceServerStore().delete(client); audit(OperationType.DELETE, session.getContext().getUri(), false); } @@ -133,7 +133,7 @@ public class ResourceServerService { rep.setClientId(client.getId()); - RepresentationToModel.toModel(rep, authorization); + RepresentationToModel.toModel(rep, authorization, client); audit(OperationType.UPDATE, session.getContext().getUri(), false); diff --git a/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java b/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java index ffb000fdcc..abffcf4d43 100644 --- a/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java +++ b/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java @@ -438,7 +438,7 @@ public class AuthorizationTokenService { throw unknownServerIdException; } - ResourceServer resourceServer = resourceServerStore.findById(clientModel.getId()); + ResourceServer resourceServer = resourceServerStore.findByClient(clientModel); if (resourceServer == null) { CorsErrorResponseException unsupportedPermissionsException = new CorsErrorResponseException(request.getCors(), OAuthErrorException.INVALID_REQUEST, "Client does not support permissions", Status.BAD_REQUEST); diff --git a/services/src/main/java/org/keycloak/authorization/protection/ProtectionService.java b/services/src/main/java/org/keycloak/authorization/protection/ProtectionService.java index 6301e0c707..e1bfb311d4 100644 --- a/services/src/main/java/org/keycloak/authorization/protection/ProtectionService.java +++ b/services/src/main/java/org/keycloak/authorization/protection/ProtectionService.java @@ -142,7 +142,7 @@ public class ProtectionService { } } - ResourceServer resourceServer = this.authorization.getStoreFactory().getResourceServerStore().findById(clientModel.getId()); + ResourceServer resourceServer = this.authorization.getStoreFactory().getResourceServerStore().findByClient(clientModel); if (resourceServer == null) { throw new ErrorResponseException("invalid_clientId", "Client application [" + clientModel.getClientId() + "] is not registered as a resource server.", Status.FORBIDDEN); diff --git a/services/src/main/java/org/keycloak/exportimport/util/ExportUtils.java b/services/src/main/java/org/keycloak/exportimport/util/ExportUtils.java index e4eb3ba7b1..3df2391af6 100755 --- a/services/src/main/java/org/keycloak/exportimport/util/ExportUtils.java +++ b/services/src/main/java/org/keycloak/exportimport/util/ExportUtils.java @@ -297,7 +297,7 @@ public class ExportUtils { AuthorizationProviderFactory providerFactory = (AuthorizationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class); AuthorizationProvider authorization = providerFactory.create(session, client.getRealm()); StoreFactory storeFactory = authorization.getStoreFactory(); - ResourceServer settingsModel = authorization.getStoreFactory().getResourceServerStore().findById(client.getId()); + ResourceServer settingsModel = authorization.getStoreFactory().getResourceServerStore().findByClient(client); if (settingsModel == null) { return null; diff --git a/services/src/main/java/org/keycloak/services/resources/account/resources/ResourceService.java b/services/src/main/java/org/keycloak/services/resources/account/resources/ResourceService.java index 6e7438edbb..2147c9bd05 100644 --- a/services/src/main/java/org/keycloak/services/resources/account/resources/ResourceService.java +++ b/services/src/main/java/org/keycloak/services/resources/account/resources/ResourceService.java @@ -58,7 +58,7 @@ public class ResourceService extends AbstractResourceService { Auth auth, HttpRequest request) { super(session, user, auth, request); this.resource = resource; - this.resourceServer = provider.getStoreFactory().getResourceServerStore().findById(resource.getResourceServer()); + this.resourceServer = provider.getStoreFactory().getResourceServerStore().findByClient(provider.getRealm().getClientById(resource.getResourceServer())); } /** diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/MgmtPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/MgmtPermissions.java index 940f1eee21..599132edd7 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/MgmtPermissions.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/MgmtPermissions.java @@ -256,7 +256,7 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage ClientModel client = getRealmManagementClient(); if (client == null) return null; ResourceServerStore resourceServerStore = authz.getStoreFactory().getResourceServerStore(); - realmResourceServer = resourceServerStore.findById(client.getId()); + realmResourceServer = resourceServerStore.findByClient(client); return realmResourceServer; } @@ -265,9 +265,9 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage if (!Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) return null; if (realmResourceServer != null) return realmResourceServer; ClientModel client = getRealmManagementClient(); - realmResourceServer = authz.getStoreFactory().getResourceServerStore().findById(client.getId()); + realmResourceServer = authz.getStoreFactory().getResourceServerStore().findByClient(client); if (realmResourceServer == null) { - realmResourceServer = authz.getStoreFactory().getResourceServerStore().create(client.getId()); + realmResourceServer = authz.getStoreFactory().getResourceServerStore().create(client); } return realmResourceServer; } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ResourcesRestServiceTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ResourcesRestServiceTest.java index b4f6f49f94..0c00fa8672 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ResourcesRestServiceTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ResourcesRestServiceTest.java @@ -62,6 +62,7 @@ import java.util.function.Consumer; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertThat; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; @@ -129,6 +130,7 @@ public class ResourcesRestServiceTest extends AbstractRestServiceTest { try (Response response1 = authorization.resources().create(resource)) { resource.setId(response1.readEntity(ResourceRepresentation.class).getId()); + assertTrue(resource.getId() != null); } for (String scope : Arrays.asList("Scope A", "Scope B")) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AuthzCleanupTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AuthzCleanupTest.java index b4fc38a55d..b31acfcaaf 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AuthzCleanupTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AuthzCleanupTest.java @@ -81,7 +81,7 @@ public class AuthzCleanupTest extends AbstractKeycloakTest { session.getContext().setRealm(realm); AuthorizationProvider authz = session.getProvider(AuthorizationProvider.class); ClientModel myclient = realm.getClientByClientId("myclient"); - ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().findById(myclient.getId()); + ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().findByClient(myclient); createRolePolicy(authz, resourceServer, myclient.getClientId() + "/client-role-1"); createRolePolicy(authz, resourceServer, myclient.getClientId() + "/client-role-2"); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PolicyEvaluationCompositeRoleTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PolicyEvaluationCompositeRoleTest.java index 106e38638c..18c132fc18 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PolicyEvaluationCompositeRoleTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PolicyEvaluationCompositeRoleTest.java @@ -75,7 +75,7 @@ public class PolicyEvaluationCompositeRoleTest extends AbstractAuthzTest { AuthorizationProviderFactory factory = (AuthorizationProviderFactory)session.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class); AuthorizationProvider authz = factory.create(session, realm); - ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().create(client.getId()); + ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().create(client); Policy policy = createRolePolicy(authz, resourceServer, role1); Scope scope = authz.getStoreFactory().getScopeStore().create("myscope", resourceServer); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PolicyEvaluationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PolicyEvaluationTest.java index d23b877427..a5f3bbfbbb 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PolicyEvaluationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PolicyEvaluationTest.java @@ -135,7 +135,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest { AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test"); StoreFactory storeFactory = authorization.getStoreFactory(); - ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); + ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel); TimePolicyRepresentation policyRepresentation = new TimePolicyRepresentation(); policyRepresentation.setName("testCheckDateAndTime"); @@ -170,7 +170,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest { AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test"); StoreFactory storeFactory = authorization.getStoreFactory(); - ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); + ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel); JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation(); policyRepresentation.setName("testCheckUserInGroup"); @@ -329,7 +329,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest { AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test"); StoreFactory storeFactory = authorization.getStoreFactory(); - ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); + ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel); JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation(); policyRepresentation.setName("testCheckUserInRole"); @@ -376,7 +376,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest { AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test"); StoreFactory storeFactory = authorization.getStoreFactory(); - ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); + ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel); JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation(); policyRepresentation.setName("testCheckUserInClientRole"); @@ -423,7 +423,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest { AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test"); StoreFactory storeFactory = authorization.getStoreFactory(); - ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); + ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel); JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation(); policyRepresentation.setName("testCheckGroupInRole"); @@ -470,7 +470,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest { AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test"); StoreFactory storeFactory = authorization.getStoreFactory(); - ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); + ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel); JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation(); policyRepresentation.setName("testCheckUserRealmRoles"); @@ -502,7 +502,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest { AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test"); StoreFactory storeFactory = authorization.getStoreFactory(); - ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); + ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel); JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation(); policyRepresentation.setName("testCheckUserClientRoles"); @@ -534,7 +534,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest { AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test"); StoreFactory storeFactory = authorization.getStoreFactory(); - ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); + ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel); JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation(); policyRepresentation.setName("testCheckUserGroups"); @@ -572,7 +572,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest { AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test"); StoreFactory storeFactory = authorization.getStoreFactory(); - ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); + ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel); JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation(); policyRepresentation.setName("testCheckUserAttributes"); @@ -604,7 +604,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest { AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test"); StoreFactory storeFactory = authorization.getStoreFactory(); - ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); + ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel); JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation(); policyRepresentation.setName("testCheckResourceAttributes"); @@ -641,7 +641,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest { AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test"); StoreFactory storeFactory = authorization.getStoreFactory(); - ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); + ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel); JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation(); policyRepresentation.setName("testCheckReadOnlyInstances"); @@ -687,7 +687,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest { AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test"); StoreFactory storeFactory = authorization.getStoreFactory(); - ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); + ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel); Scope readScope = storeFactory.getScopeStore().create("read", resourceServer); Scope writeScope = storeFactory.getScopeStore().create("write", resourceServer); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/ImportTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/ImportTest.java index 5af87ff1db..4c6d1b73a7 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/ImportTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/ImportTest.java @@ -133,7 +133,7 @@ public class ImportTest extends AbstractTestRealmKeycloakTest { RealmModel realm = session.realms().getRealmByName("authz-bug"); AuthorizationProvider authz = session.getProvider(AuthorizationProvider.class); ClientModel client = realm.getClientByClientId("appserver"); - ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().findById(client.getId()); + ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().findByClient(client); Assert.assertEquals("AFFIRMATIVE", resourceServer.getDecisionStrategy().name()); }); }