libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Change String client.id to ClientModel client in ResourceServerStore

Browse source 
Closes #10442
This commit is contained in:
Vlasta Ramik 2022-02-24 12:46:26 +01:00 committed by GitHub
parent 07d47cf6c2
commit aa6a131b73
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
23 changed files with 88 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java
View file

@ -109,7 +109,7 @@ public class ClientPolicyProviderFactory implements PolicyProviderFactory<Client
PolicyStore policyStore = storeFactory.getPolicyStore(); PolicyStore policyStore = storeFactory.getPolicyStore();
ClientModel removedClient = ((ClientRemovedEvent) event).getClient(); ClientModel removedClient = ((ClientRemovedEvent) event).getClient();
ResourceServerStore resourceServerStore = storeFactory.getResourceServerStore(); ResourceServerStore resourceServerStore = storeFactory.getResourceServerStore();
ResourceServer resourceServer = resourceServerStore.findById(removedClient.getId()); ResourceServer resourceServer = resourceServerStore.findByClient(removedClient);
if (resourceServer != null) { if (resourceServer != null) {
policyStore.findByType(getId(), resourceServer.getId()).forEach(policy -> { policyStore.findByType(getId(), resourceServer.getId()).forEach(policy -> {

2
authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProviderFactory.java
View file

@ -220,7 +220,7 @@ public class RolePolicyProviderFactory implements PolicyProviderFactory<RolePoli
} }
private void updateResourceServer(ClientModel clientModel, RoleModel removedRole, ResourceServerStore resourceServerStore, PolicyStore policyStore) { private void updateResourceServer(ClientModel clientModel, RoleModel removedRole, ResourceServerStore resourceServerStore, PolicyStore policyStore) {
ResourceServer resourceServer = resourceServerStore.findById(clientModel.getId()); ResourceServer resourceServer = resourceServerStore.findByClient(clientModel);
if (resourceServer != null) { if (resourceServer != null) {
policyStore.findByType(getId(), resourceServer.getId()).forEach(policy -> { policyStore.findByType(getId(), resourceServer.getId()).forEach(policy -> {

16
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheSession.java vendored
View file

@ -43,6 +43,7 @@ import org.keycloak.authorization.store.ResourceServerStore;
import org.keycloak.authorization.store.ResourceStore; import org.keycloak.authorization.store.ResourceStore;
import org.keycloak.authorization.store.ScopeStore; import org.keycloak.authorization.store.ScopeStore;
import org.keycloak.authorization.store.StoreFactory; import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakTransaction; import org.keycloak.models.KeycloakTransaction;
import org.keycloak.models.ModelException; import org.keycloak.models.ModelException;
@ -434,17 +435,19 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
protected class ResourceServerCache implements ResourceServerStore { protected class ResourceServerCache implements ResourceServerStore {
@Override @Override
public ResourceServer create(String clientId) { public ResourceServer create(ClientModel client) {
String clientId = client.getId();
if (!StorageId.isLocalStorage(clientId)) { if (!StorageId.isLocalStorage(clientId)) {
throw new ModelException("Creating resource server from federated ClientModel not supported"); throw new ModelException("Creating resource server from federated ClientModel not supported");
} }
ResourceServer server = getResourceServerStoreDelegate().create(clientId); ResourceServer server = getResourceServerStoreDelegate().create(client);
registerResourceServerInvalidation(server.getId()); registerResourceServerInvalidation(server.getId());
return server; return server;
} }
@Override @Override
public void delete(String id) { public void delete(ClientModel client) {
String id = client.getId();
if (id == null) return; if (id == null) return;
ResourceServer server = findById(id); ResourceServer server = findById(id);
if (server == null) return; if (server == null) return;
@ -452,7 +455,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
cache.invalidateObject(id); cache.invalidateObject(id);
invalidationEvents.add(ResourceServerRemovedEvent.create(id, server.getId())); invalidationEvents.add(ResourceServerRemovedEvent.create(id, server.getId()));
cache.resourceServerRemoval(id, invalidations); cache.resourceServerRemoval(id, invalidations);
getResourceServerStoreDelegate().delete(id); getResourceServerStoreDelegate().delete(client);
} }
@ -484,6 +487,11 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
managedResourceServers.put(id, adapter); managedResourceServers.put(id, adapter);
return adapter; return adapter;
} }
@Override
public ResourceServer findByClient(ClientModel client) {
return findById(client.getId());
}
} }
protected class ScopeCache implements ScopeStore { protected class ScopeCache implements ScopeStore {

12
model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAResourceServerStore.java
View file

@ -31,6 +31,7 @@ import org.keycloak.storage.StorageId;
import javax.persistence.EntityManager; import javax.persistence.EntityManager;
import javax.persistence.TypedQuery; import javax.persistence.TypedQuery;
import java.util.List; import java.util.List;
import org.keycloak.models.ClientModel;
/** /**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a> * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
@ -46,7 +47,8 @@ public class JPAResourceServerStore implements ResourceServerStore {
} }
@Override @Override
public ResourceServer create(String clientId) { public ResourceServer create(ClientModel client) {
String clientId = client.getId();
if (!StorageId.isLocalStorage(clientId)) { if (!StorageId.isLocalStorage(clientId)) {
throw new ModelException("Creating resource server from federated ClientModel not supported"); throw new ModelException("Creating resource server from federated ClientModel not supported");
} }
@ -60,7 +62,8 @@ public class JPAResourceServerStore implements ResourceServerStore {
} }
@Override @Override
public void delete(String id) { public void delete(ClientModel client) {
String id = client.getId();
ResourceServerEntity entity = entityManager.find(ResourceServerEntity.class, id); ResourceServerEntity entity = entityManager.find(ResourceServerEntity.class, id);
if (entity == null) return; if (entity == null) return;
//This didn't work, had to loop through and remove each policy individually //This didn't work, had to loop through and remove each policy individually
@ -124,4 +127,9 @@ public class JPAResourceServerStore implements ResourceServerStore {
if (entity == null) return null; if (entity == null) return null;
return new ResourceServerAdapter(entity, entityManager, provider.getStoreFactory()); return new ResourceServerAdapter(entity, entityManager, provider.getStoreFactory());
} }
@Override
public ResourceServer findByClient(ClientModel client) {
return findById(client.getId());
}
} }

12
model/map/src/main/java/org/keycloak/models/map/authorization/MapResourceServerStore.java
View file

@ -40,6 +40,7 @@ import org.keycloak.models.map.storage.MapStorage;
import org.keycloak.storage.StorageId; import org.keycloak.storage.StorageId;
import static org.keycloak.common.util.StackUtil.getShortStackTrace; import static org.keycloak.common.util.StackUtil.getShortStackTrace;
import org.keycloak.models.ClientModel;
public class MapResourceServerStore implements ResourceServerStore { public class MapResourceServerStore implements ResourceServerStore {
@ -62,7 +63,8 @@ public class MapResourceServerStore implements ResourceServerStore {
} }
@Override @Override
public ResourceServer create(String clientId) { public ResourceServer create(ClientModel client) {
String clientId = client.getId();
LOG.tracef("create(%s)%s", clientId, getShortStackTrace()); LOG.tracef("create(%s)%s", clientId, getShortStackTrace());
if (clientId == null) return null; if (clientId == null) return null;
@ -82,7 +84,8 @@ public class MapResourceServerStore implements ResourceServerStore {
} }
@Override @Override
public void delete(String id) { public void delete(ClientModel client) {
String id = client.getId();
LOG.tracef("delete(%s, %s)%s", id, getShortStackTrace()); LOG.tracef("delete(%s, %s)%s", id, getShortStackTrace());
if (id == null) return; if (id == null) return;
@ -121,4 +124,9 @@ public class MapResourceServerStore implements ResourceServerStore {
MapResourceServerEntity entity = tx.read(id); MapResourceServerEntity entity = tx.read(id);
return entityToAdapter(entity); return entityToAdapter(entity);
} }
@Override
public ResourceServer findByClient(ClientModel client) {
return findById(client.getId());
}
} }

22
server-spi-private/src/main/java/org/keycloak/authorization/store/ResourceServerStore.java
View file

@ -19,6 +19,7 @@
package org.keycloak.authorization.store; package org.keycloak.authorization.store;
import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.models.ClientModel;
/** /**
* A {@link ResourceServerStore} is responsible to manage the persistence of {@link ResourceServer} instances. * A {@link ResourceServerStore} is responsible to manage the persistence of {@link ResourceServer} instances.
@ -30,18 +31,18 @@ public interface ResourceServerStore {
/** /**
* <p>Creates a {@link ResourceServer} instance backed by this persistent storage implementation. * <p>Creates a {@link ResourceServer} instance backed by this persistent storage implementation.
* *
* @param clientId the client id acting as a resource server * @param client the client acting as a resource server
* *
* @return an instance backed by the underlying storage implementation * @return an instance backed by the underlying storage implementation
*/ */
ResourceServer create(String clientId); ResourceServer create(ClientModel client);
/** /**
* Removes a {@link ResourceServer} instance, with the given {@code id} from the persistent storage. * Removes a {@link ResourceServer} instance, with the given client from the persistent storage.
* *
* @param id the identifier of an existing resource server instance * @param client the client acting as a resource server
*/ */
void delete(String id); void delete(ClientModel client);
/** /**
* Returns a {@link ResourceServer} instance based on its identifier. * Returns a {@link ResourceServer} instance based on its identifier.
@ -49,6 +50,17 @@ public interface ResourceServerStore {
* @param id the identifier of an existing resource server instance * @param id the identifier of an existing resource server instance
* *
* @return the resource server instance with the given identifier or null if no instance was found * @return the resource server instance with the given identifier or null if no instance was found
* @deprecated use {@code findByClient} instead.
*/ */
@Deprecated
ResourceServer findById(String id); ResourceServer findById(String id);
/**
* Returns a {@link ResourceServer} instance based on a client.
*
* @param client the client acting as a resource server
*
* @return the resource server instance or null if no instance was found
*/
ResourceServer findByClient(ClientModel client);
} }

4
server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java
View file

@ -50,10 +50,10 @@ public class ClientApplicationSynchronizer implements Synchronizer<ClientRemoved
private void removeFromClientPolicies(ClientRemovedEvent event, AuthorizationProvider authorizationProvider) { private void removeFromClientPolicies(ClientRemovedEvent event, AuthorizationProvider authorizationProvider) {
StoreFactory storeFactory = authorizationProvider.getStoreFactory(); StoreFactory storeFactory = authorizationProvider.getStoreFactory();
ResourceServerStore store = storeFactory.getResourceServerStore(); ResourceServerStore store = storeFactory.getResourceServerStore();
ResourceServer resourceServer = store.findById(event.getClient().getId()); ResourceServer resourceServer = store.findByClient(event.getClient());
if (resourceServer != null) { if (resourceServer != null) {
storeFactory.getResourceServerStore().delete(resourceServer.getId()); storeFactory.getResourceServerStore().delete(event.getClient());
} }
Map<Policy.FilterOption, String[]> attributes = new EnumMap<>(Policy.FilterOption.class); Map<Policy.FilterOption, String[]> attributes = new EnumMap<>(Policy.FilterOption.class);

6
server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/RealmSynchronizer.java
View file

@ -19,7 +19,6 @@
package org.keycloak.authorization.store.syncronization; package org.keycloak.authorization.store.syncronization;
import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.store.ResourceServerStore; import org.keycloak.authorization.store.ResourceServerStore;
import org.keycloak.authorization.store.StoreFactory; import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.models.KeycloakSessionFactory;
@ -37,9 +36,6 @@ public class RealmSynchronizer implements Synchronizer<RealmRemovedEvent> {
StoreFactory storeFactory = authorizationProvider.getStoreFactory(); StoreFactory storeFactory = authorizationProvider.getStoreFactory();
ResourceServerStore resourceServerStore = storeFactory.getResourceServerStore(); ResourceServerStore resourceServerStore = storeFactory.getResourceServerStore();
event.getRealm().getClientsStream().forEach(clientModel -> { event.getRealm().getClientsStream().forEach(resourceServerStore::delete);
String id = clientModel.getId();
resourceServerStore.delete(id);
});
} }
} }

2
server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo2_1_0.java
View file

@ -75,7 +75,7 @@ public class MigrateTo2_1_0 implements Migration {
StoreFactory storeFactory = authorizationProvider.getStoreFactory(); StoreFactory storeFactory = authorizationProvider.getStoreFactory();
PolicyStore policyStore = storeFactory.getPolicyStore(); PolicyStore policyStore = storeFactory.getPolicyStore();
realm.getClientsStream().forEach(clientModel -> { realm.getClientsStream().forEach(clientModel -> {
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
if (resourceServer != null) { if (resourceServer != null) {
policyStore.findByType("role", resourceServer.getId()).forEach(policy -> { policyStore.findByType("role", resourceServer.getId()).forEach(policy -> {

2
server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
View file

@ -689,7 +689,7 @@ public class ModelToRepresentation {
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) { if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ResourceServer resourceServer = authorization.getStoreFactory().getResourceServerStore().findById(clientModel.getId()); ResourceServer resourceServer = authorization.getStoreFactory().getResourceServerStore().findByClient(clientModel);
if (resourceServer != null) { if (resourceServer != null) {
rep.setAuthorizationServicesEnabled(true); rep.setAuthorizationServicesEnabled(true);

10
server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
View file

@ -2284,17 +2284,17 @@ public class RepresentationToModel {
rep.setClientId(client.getId()); rep.setClientId(client.getId());
toModel(rep, authorization); toModel(rep, authorization, client);
} }
} }
public static ResourceServer toModel(ResourceServerRepresentation rep, AuthorizationProvider authorization) { public static ResourceServer toModel(ResourceServerRepresentation rep, AuthorizationProvider authorization, ClientModel client) {
ResourceServerStore resourceServerStore = authorization.getStoreFactory().getResourceServerStore(); ResourceServerStore resourceServerStore = authorization.getStoreFactory().getResourceServerStore();
ResourceServer resourceServer; ResourceServer resourceServer;
ResourceServer existing = resourceServerStore.findById(rep.getClientId()); ResourceServer existing = resourceServerStore.findByClient(client);
if (existing == null) { if (existing == null) {
resourceServer = resourceServerStore.create(rep.getClientId()); resourceServer = resourceServerStore.create(client);
resourceServer.setAllowRemoteResourceManagement(true); resourceServer.setAllowRemoteResourceManagement(true);
resourceServer.setPolicyEnforcementMode(PolicyEnforcementMode.ENFORCING); resourceServer.setPolicyEnforcementMode(PolicyEnforcementMode.ENFORCING);
} else { } else {
@ -2903,6 +2903,6 @@ public class RepresentationToModel {
representation.setAllowRemoteResourceManagement(true); representation.setAllowRemoteResourceManagement(true);
representation.setClientId(client.getId()); representation.setClientId(client.getId());
return toModel(representation, authorization); return toModel(representation, authorization, client);
} }
} }

2
services/src/main/java/org/keycloak/authorization/admin/AuthorizationService.java
View file

@ -43,7 +43,7 @@ public class AuthorizationService {
this.client = client; this.client = client;
this.authorization = session.getProvider(AuthorizationProvider.class); this.authorization = session.getProvider(AuthorizationProvider.class);
this.adminEvent = adminEvent; this.adminEvent = adminEvent;
this.resourceServer = this.authorization.getStoreFactory().getResourceServerStore().findById(this.client.getId()); this.resourceServer = this.authorization.getStoreFactory().getResourceServerStore().findByClient(this.client);
this.auth = auth; this.auth = auth;
} }

4
services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java
View file

@ -106,7 +106,7 @@ public class ResourceServerService {
public void delete() { public void delete() {
this.auth.realm().requireManageAuthorization(); this.auth.realm().requireManageAuthorization();
authorization.getStoreFactory().getResourceServerStore().delete(resourceServer.getId()); authorization.getStoreFactory().getResourceServerStore().delete(client);
audit(OperationType.DELETE, session.getContext().getUri(), false); audit(OperationType.DELETE, session.getContext().getUri(), false);
} }
@ -133,7 +133,7 @@ public class ResourceServerService {
rep.setClientId(client.getId()); rep.setClientId(client.getId());
RepresentationToModel.toModel(rep, authorization); RepresentationToModel.toModel(rep, authorization, client);
audit(OperationType.UPDATE, session.getContext().getUri(), false); audit(OperationType.UPDATE, session.getContext().getUri(), false);

2
services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java
View file

@ -438,7 +438,7 @@ public class AuthorizationTokenService {
throw unknownServerIdException; throw unknownServerIdException;
} }
ResourceServer resourceServer = resourceServerStore.findById(clientModel.getId()); ResourceServer resourceServer = resourceServerStore.findByClient(clientModel);
if (resourceServer == null) { if (resourceServer == null) {
CorsErrorResponseException unsupportedPermissionsException = new CorsErrorResponseException(request.getCors(), OAuthErrorException.INVALID_REQUEST, "Client does not support permissions", Status.BAD_REQUEST); CorsErrorResponseException unsupportedPermissionsException = new CorsErrorResponseException(request.getCors(), OAuthErrorException.INVALID_REQUEST, "Client does not support permissions", Status.BAD_REQUEST);

2
services/src/main/java/org/keycloak/authorization/protection/ProtectionService.java
View file

@ -142,7 +142,7 @@ public class ProtectionService {
} }
} }
ResourceServer resourceServer = this.authorization.getStoreFactory().getResourceServerStore().findById(clientModel.getId()); ResourceServer resourceServer = this.authorization.getStoreFactory().getResourceServerStore().findByClient(clientModel);
if (resourceServer == null) { if (resourceServer == null) {
throw new ErrorResponseException("invalid_clientId", "Client application [" + clientModel.getClientId() + "] is not registered as a resource server.", Status.FORBIDDEN); throw new ErrorResponseException("invalid_clientId", "Client application [" + clientModel.getClientId() + "] is not registered as a resource server.", Status.FORBIDDEN);

2
services/src/main/java/org/keycloak/exportimport/util/ExportUtils.java
View file

@ -297,7 +297,7 @@ public class ExportUtils {
AuthorizationProviderFactory providerFactory = (AuthorizationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class); AuthorizationProviderFactory providerFactory = (AuthorizationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class);
AuthorizationProvider authorization = providerFactory.create(session, client.getRealm()); AuthorizationProvider authorization = providerFactory.create(session, client.getRealm());
StoreFactory storeFactory = authorization.getStoreFactory(); StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer settingsModel = authorization.getStoreFactory().getResourceServerStore().findById(client.getId()); ResourceServer settingsModel = authorization.getStoreFactory().getResourceServerStore().findByClient(client);
if (settingsModel == null) { if (settingsModel == null) {
return null; return null;

2
services/src/main/java/org/keycloak/services/resources/account/resources/ResourceService.java
View file

@ -58,7 +58,7 @@ public class ResourceService extends AbstractResourceService {
Auth auth, HttpRequest request) { Auth auth, HttpRequest request) {
super(session, user, auth, request); super(session, user, auth, request);
this.resource = resource; this.resource = resource;
this.resourceServer = provider.getStoreFactory().getResourceServerStore().findById(resource.getResourceServer()); this.resourceServer = provider.getStoreFactory().getResourceServerStore().findByClient(provider.getRealm().getClientById(resource.getResourceServer()));
} }
/** /**

6
services/src/main/java/org/keycloak/services/resources/admin/permissions/MgmtPermissions.java
View file

@ -256,7 +256,7 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage
ClientModel client = getRealmManagementClient(); ClientModel client = getRealmManagementClient();
if (client == null) return null; if (client == null) return null;
ResourceServerStore resourceServerStore = authz.getStoreFactory().getResourceServerStore(); ResourceServerStore resourceServerStore = authz.getStoreFactory().getResourceServerStore();
realmResourceServer = resourceServerStore.findById(client.getId()); realmResourceServer = resourceServerStore.findByClient(client);
return realmResourceServer; return realmResourceServer;
} }
@ -265,9 +265,9 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage
if (!Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) return null; if (!Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) return null;
if (realmResourceServer != null) return realmResourceServer; if (realmResourceServer != null) return realmResourceServer;
ClientModel client = getRealmManagementClient(); ClientModel client = getRealmManagementClient();
realmResourceServer = authz.getStoreFactory().getResourceServerStore().findById(client.getId()); realmResourceServer = authz.getStoreFactory().getResourceServerStore().findByClient(client);
if (realmResourceServer == null) { if (realmResourceServer == null) {
realmResourceServer = authz.getStoreFactory().getResourceServerStore().create(client.getId()); realmResourceServer = authz.getStoreFactory().getResourceServerStore().create(client);
} }
return realmResourceServer; return realmResourceServer;
} }

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ResourcesRestServiceTest.java
View file

@ -62,6 +62,7 @@ import java.util.function.Consumer;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull; import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail; import static org.junit.Assert.fail;
@ -129,6 +130,7 @@ public class ResourcesRestServiceTest extends AbstractRestServiceTest {
try (Response response1 = authorization.resources().create(resource)) { try (Response response1 = authorization.resources().create(resource)) {
resource.setId(response1.readEntity(ResourceRepresentation.class).getId()); resource.setId(response1.readEntity(ResourceRepresentation.class).getId());
assertTrue(resource.getId() != null);
} }
for (String scope : Arrays.asList("Scope A", "Scope B")) { for (String scope : Arrays.asList("Scope A", "Scope B")) {

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AuthzCleanupTest.java
View file

@ -81,7 +81,7 @@ public class AuthzCleanupTest extends AbstractKeycloakTest {
session.getContext().setRealm(realm); session.getContext().setRealm(realm);
AuthorizationProvider authz = session.getProvider(AuthorizationProvider.class); AuthorizationProvider authz = session.getProvider(AuthorizationProvider.class);
ClientModel myclient = realm.getClientByClientId("myclient"); ClientModel myclient = realm.getClientByClientId("myclient");
ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().findById(myclient.getId()); ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().findByClient(myclient);
createRolePolicy(authz, resourceServer, myclient.getClientId() + "/client-role-1"); createRolePolicy(authz, resourceServer, myclient.getClientId() + "/client-role-1");
createRolePolicy(authz, resourceServer, myclient.getClientId() + "/client-role-2"); createRolePolicy(authz, resourceServer, myclient.getClientId() + "/client-role-2");
} }

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PolicyEvaluationCompositeRoleTest.java
View file

@ -75,7 +75,7 @@ public class PolicyEvaluationCompositeRoleTest extends AbstractAuthzTest {
AuthorizationProviderFactory factory = (AuthorizationProviderFactory)session.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class); AuthorizationProviderFactory factory = (AuthorizationProviderFactory)session.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class);
AuthorizationProvider authz = factory.create(session, realm); AuthorizationProvider authz = factory.create(session, realm);
ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().create(client.getId()); ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().create(client);
Policy policy = createRolePolicy(authz, resourceServer, role1); Policy policy = createRolePolicy(authz, resourceServer, role1);
Scope scope = authz.getStoreFactory().getScopeStore().create("myscope", resourceServer); Scope scope = authz.getStoreFactory().getScopeStore().create("myscope", resourceServer);

24
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PolicyEvaluationTest.java
View file

@ -135,7 +135,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test"); ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
StoreFactory storeFactory = authorization.getStoreFactory(); StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
TimePolicyRepresentation policyRepresentation = new TimePolicyRepresentation(); TimePolicyRepresentation policyRepresentation = new TimePolicyRepresentation();
policyRepresentation.setName("testCheckDateAndTime"); policyRepresentation.setName("testCheckDateAndTime");
@ -170,7 +170,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test"); ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
StoreFactory storeFactory = authorization.getStoreFactory(); StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation(); JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
policyRepresentation.setName("testCheckUserInGroup"); policyRepresentation.setName("testCheckUserInGroup");
@ -329,7 +329,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test"); ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
StoreFactory storeFactory = authorization.getStoreFactory(); StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation(); JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
policyRepresentation.setName("testCheckUserInRole"); policyRepresentation.setName("testCheckUserInRole");
@ -376,7 +376,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test"); ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
StoreFactory storeFactory = authorization.getStoreFactory(); StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation(); JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
policyRepresentation.setName("testCheckUserInClientRole"); policyRepresentation.setName("testCheckUserInClientRole");
@ -423,7 +423,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test"); ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
StoreFactory storeFactory = authorization.getStoreFactory(); StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation(); JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
policyRepresentation.setName("testCheckGroupInRole"); policyRepresentation.setName("testCheckGroupInRole");
@ -470,7 +470,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test"); ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
StoreFactory storeFactory = authorization.getStoreFactory(); StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation(); JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
policyRepresentation.setName("testCheckUserRealmRoles"); policyRepresentation.setName("testCheckUserRealmRoles");
@ -502,7 +502,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test"); ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
StoreFactory storeFactory = authorization.getStoreFactory(); StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation(); JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
policyRepresentation.setName("testCheckUserClientRoles"); policyRepresentation.setName("testCheckUserClientRoles");
@ -534,7 +534,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test"); ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
StoreFactory storeFactory = authorization.getStoreFactory(); StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation(); JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
policyRepresentation.setName("testCheckUserGroups"); policyRepresentation.setName("testCheckUserGroups");
@ -572,7 +572,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test"); ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
StoreFactory storeFactory = authorization.getStoreFactory(); StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation(); JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
policyRepresentation.setName("testCheckUserAttributes"); policyRepresentation.setName("testCheckUserAttributes");
@ -604,7 +604,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test"); ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
StoreFactory storeFactory = authorization.getStoreFactory(); StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation(); JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
policyRepresentation.setName("testCheckResourceAttributes"); policyRepresentation.setName("testCheckResourceAttributes");
@ -641,7 +641,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test"); ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
StoreFactory storeFactory = authorization.getStoreFactory(); StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation(); JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
policyRepresentation.setName("testCheckReadOnlyInstances"); policyRepresentation.setName("testCheckReadOnlyInstances");
@ -687,7 +687,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test"); ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
StoreFactory storeFactory = authorization.getStoreFactory(); StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
Scope readScope = storeFactory.getScopeStore().create("read", resourceServer); Scope readScope = storeFactory.getScopeStore().create("read", resourceServer);
Scope writeScope = storeFactory.getScopeStore().create("write", resourceServer); Scope writeScope = storeFactory.getScopeStore().create("write", resourceServer);

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/ImportTest.java
View file

@ -133,7 +133,7 @@ public class ImportTest extends AbstractTestRealmKeycloakTest {
RealmModel realm = session.realms().getRealmByName("authz-bug"); RealmModel realm = session.realms().getRealmByName("authz-bug");
AuthorizationProvider authz = session.getProvider(AuthorizationProvider.class); AuthorizationProvider authz = session.getProvider(AuthorizationProvider.class);
ClientModel client = realm.getClientByClientId("appserver"); ClientModel client = realm.getClientByClientId("appserver");
ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().findById(client.getId()); ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().findByClient(client);
Assert.assertEquals("AFFIRMATIVE", resourceServer.getDecisionStrategy().name()); Assert.assertEquals("AFFIRMATIVE", resourceServer.getDecisionStrategy().name());
}); });
} }