diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/app.js b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/app.js
index 3438d6b923..8053a5cafa 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/app.js
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/app.js
@@ -489,9 +489,6 @@ module.config([ '$routeProvider', function($routeProvider) {
},
applications : function(ApplicationListLoader) {
return ApplicationListLoader();
- },
- roles : function(RoleListLoader) {
- return RoleListLoader();
}
},
controller : 'ApplicationScopeMappingCtrl'
@@ -603,9 +600,6 @@ module.config([ '$routeProvider', function($routeProvider) {
},
applications : function(ApplicationListLoader) {
return ApplicationListLoader();
- },
- roles : function(RoleListLoader) {
- return RoleListLoader();
}
},
controller : 'OAuthClientScopeMappingCtrl'
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/oauth-clients.js b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/oauth-clients.js
index 2e91b1a0e6..9241e4b543 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/oauth-clients.js
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/oauth-clients.js
@@ -182,129 +182,90 @@ module.controller('OAuthClientDetailCtrl', function($scope, realm, oauth, OAuthC
});
-module.controller('OAuthClientScopeMappingCtrl', function($scope, $http, realm, oauth, roles, applications, OAuthClientRealmScopeMapping, OAuthClientApplicationScopeMapping, ApplicationRole) {
+module.controller('OAuthClientScopeMappingCtrl', function($scope, $http, realm, oauth, applications,
+ OAuthClientRealmScopeMapping, OAuthClientApplicationScopeMapping, ApplicationRole,
+ OAuthClientAvailableRealmScopeMapping, OAuthClientAvailableApplicationScopeMapping,
+ OAuthClientCompositeRealmScopeMapping, OAuthClientCompositeApplicationScopeMapping) {
$scope.realm = realm;
$scope.oauth = oauth;
- $scope.realmRoles = angular.copy(roles);
$scope.selectedRealmRoles = [];
$scope.selectedRealmMappings = [];
$scope.realmMappings = [];
$scope.applications = applications;
$scope.applicationRoles = [];
+ $scope.applicationComposite = [];
$scope.selectedApplicationRoles = [];
$scope.selectedApplicationMappings = [];
$scope.applicationMappings = [];
+ $scope.dummymodel = [];
+ function updateRealmRoles() {
+ $scope.realmRoles = OAuthClientAvailableRealmScopeMapping.query({realm : realm.realm, oauth : oauth.id});
+ $scope.realmMappings = OAuthClientRealmScopeMapping.query({realm : realm.realm, oauth : oauth.id});
+ $scope.realmComposite = OAuthClientCompositeRealmScopeMapping.query({realm : realm.realm, oauth : oauth.id});
+ }
-
- $scope.realmMappings = OAuthClientRealmScopeMapping.query({realm : realm.realm, oauth : oauth.id}, function(){
- for (var i = 0; i < $scope.realmMappings.length; i++) {
- var role = $scope.realmMappings[i];
- for (var j = 0; j < $scope.realmRoles.length; j++) {
- var realmRole = $scope.realmRoles[j];
- if (realmRole.id == role.id) {
- var idx = $scope.realmRoles.indexOf(realmRole);
- if (idx != -1) {
- $scope.realmRoles.splice(idx, 1);
- break;
- }
- }
- }
+ function updateAppRoles() {
+ if ($scope.targetApp) {
+ console.debug($scope.targetApp.name);
+ $scope.applicationRoles = OAuthClientAvailableApplicationScopeMapping.query({realm : realm.realm, oauth : oauth.id, targetApp : $scope.targetApp.name});
+ $scope.applicationMappings = OAuthClientApplicationScopeMapping.query({realm : realm.realm, oauth : oauth.id, targetApp : $scope.targetApp.name});
+ $scope.applicationComposite = OAuthClientCompositeApplicationScopeMapping.query({realm : realm.realm, oauth : oauth.id, targetApp : $scope.targetApp.name});
+ } else {
+ $scope.applicationRoles = null;
+ $scope.applicationMappings = null;
+ $scope.applicationComposite = null;
}
- });
+ }
$scope.addRealmRole = function() {
- $http.post(authUrl + '/admin/realms/' + realm.realm + '/oauth-clients/' + oauth.id + '/scope-mappings/realm',
- $scope.selectedRealmRoles).success(function() {
- for (var i = 0; i < $scope.selectedRealmRoles.length; i++) {
- var role = $scope.selectedRealmRoles[i];
- var idx = $scope.realmRoles.indexOf($scope.selectedRealmRoles[i]);
- if (idx != -1) {
- $scope.realmRoles.splice(idx, 1);
- $scope.realmMappings.push(role);
- }
- }
- $scope.selectRealmRoles = [];
- });
+ $http.post(authUrl + '/admin/realms/' + realm.realm + '/oauth-clients/' + oauth.id + '/scope-mappings/realm', $scope.selectedRealmRoles)
+ .success(updateRealmRoles);
};
$scope.deleteRealmRole = function() {
$http.delete(authUrl + '/admin/realms/' + realm.realm + '/oauth-clients/' + oauth.id + '/scope-mappings/realm',
- {data : $scope.selectedRealmMappings, headers : {"content-type" : "application/json"}}).success(function() {
- for (var i = 0; i < $scope.selectedRealmMappings.length; i++) {
- var role = $scope.selectedRealmMappings[i];
- var idx = $scope.realmMappings.indexOf($scope.selectedRealmMappings[i]);
- if (idx != -1) {
- $scope.realmMappings.splice(idx, 1);
- $scope.realmRoles.push(role);
- }
- }
- $scope.selectedRealmMappings = [];
- });
+ {data : $scope.selectedRealmMappings, headers : {"content-type" : "application/json"}})
+ .success(updateRealmRoles);
};
$scope.addApplicationRole = function() {
$http.post(authUrl + '/admin/realms/' + realm.realm + '/oauth-clients/' + oauth.id + '/scope-mappings/applications/' + $scope.targetApp.name,
- $scope.selectedApplicationRoles).success(function() {
- for (var i = 0; i < $scope.selectedApplicationRoles.length; i++) {
- var role = $scope.selectedApplicationRoles[i];
- var idx = $scope.applicationRoles.indexOf($scope.selectedApplicationRoles[i]);
- if (idx != -1) {
- $scope.applicationRoles.splice(idx, 1);
- $scope.applicationMappings.push(role);
- }
- }
- $scope.selectedApplicationRoles = [];
- });
+ $scope.selectedApplicationRoles).success(updateAppRoles);
};
$scope.deleteApplicationRole = function() {
$http.delete(authUrl + '/admin/realms/' + realm.realm + '/oauth-clients/' + oauth.id + '/scope-mappings/applications/' + $scope.targetApp.name,
- {data : $scope.selectedApplicationMappings, headers : {"content-type" : "application/json"}}).success(function() {
- for (var i = 0; i < $scope.selectedApplicationMappings.length; i++) {
- var role = $scope.selectedApplicationMappings[i];
- var idx = $scope.applicationMappings.indexOf($scope.selectedApplicationMappings[i]);
- if (idx != -1) {
- $scope.applicationMappings.splice(idx, 1);
- $scope.applicationRoles.push(role);
- }
- }
- $scope.selectedApplicationMappings = [];
- });
+ {data : $scope.selectedApplicationMappings, headers : {"content-type" : "application/json"}}).success(updateAppRoles);
};
-
$scope.changeApplication = function() {
- if ($scope.targetApp) {
- $scope.applicationRoles = ApplicationRole.query({realm : realm.realm, application : $scope.targetApp.name}, function() {
- $scope.applicationMappings = OAuthClientApplicationScopeMapping.query({realm : realm.realm, oauth : oauth.id, targetApp : $scope.targetApp.name}, function(){
- for (var i = 0; i < $scope.applicationMappings.length; i++) {
- var role = $scope.applicationMappings[i];
- for (var j = 0; j < $scope.applicationRoles.length; j++) {
- var realmRole = $scope.applicationRoles[j];
- if (realmRole.id == role.id) {
- var idx = $scope.applicationRoles.indexOf(realmRole);
- if (idx != -1) {
- $scope.applicationRoles.splice(idx, 1);
- break;
- }
- }
- }
- }
- });
-
- }
- );
- } else {
- $scope.targetApp = null;
- }
+ updateAppRoles();
};
+ $scope.addRealmRole = function() {
+ $http.post(authUrl + '/admin/realms/' + realm.realm + '/oauth-clients/' + oauth.id + '/scope-mappings/realm',
+ $scope.selectedRealmRoles).success(updateRealmRoles);
+ };
+ $scope.deleteRealmRole = function() {
+ $http.delete(authUrl + '/admin/realms/' + realm.realm + '/oauth-clients/' + oauth.id + '/scope-mappings/realm',
+ {data : $scope.selectedRealmMappings, headers : {"content-type" : "application/json"}}).success(updateRealmRoles);
+ };
+ $scope.addApplicationRole = function() {
+ $http.post(authUrl + '/admin/realms/' + realm.realm + '/oauth-clients/' + oauth.id + '/scope-mappings/applications/' + $scope.targetApp.name,
+ $scope.selectedApplicationRoles).success(updateAppRoles);
+ };
+
+ $scope.deleteApplicationRole = function() {
+ $http.delete(authUrl + '/admin/realms/' + realm.realm + '/oauth-clients/' + oauth.id + '/scope-mappings/applications/' + $scope.targetApp.name,
+ {data : $scope.selectedApplicationMappings, headers : {"content-type" : "application/json"}}).success(updateAppRoles);
+ };
+
+ updateRealmRoles();
});
-
module.controller('OAuthClientInstallationCtrl', function($scope, realm, installation, oauth, OAuthClientInstallation, $routeParams) {
$scope.realm = realm;
$scope.oauth = oauth;
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/services.js b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/services.js
index 3a48af662b..979199a1a8 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/services.js
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/services.js
@@ -764,6 +764,20 @@ module.factory('OAuthClientRealmScopeMapping', function($resource) {
});
});
+module.factory('OAuthClientCompositeRealmScopeMapping', function($resource) {
+ return $resource(authUrl + '/admin/realms/:realm/oauth-clients/:oauth/scope-mappings/realm/composite', {
+ realm : '@realm',
+ oauth : '@oauth'
+ });
+});
+
+module.factory('OAuthClientAvailableRealmScopeMapping', function($resource) {
+ return $resource(authUrl + '/admin/realms/:realm/oauth-clients/:oauth/scope-mappings/realm/available', {
+ realm : '@realm',
+ oauth : '@oauth'
+ });
+});
+
module.factory('OAuthClientApplicationScopeMapping', function($resource) {
return $resource(authUrl + '/admin/realms/:realm/oauth-clients/:oauth/scope-mappings/applications/:targetApp', {
realm : '@realm',
@@ -772,6 +786,24 @@ module.factory('OAuthClientApplicationScopeMapping', function($resource) {
});
});
+module.factory('OAuthClientCompositeApplicationScopeMapping', function($resource) {
+ return $resource(authUrl + '/admin/realms/:realm/oauth-clients/:oauth/scope-mappings/applications/:targetApp/composite', {
+ realm : '@realm',
+ oauth : '@oauth',
+ targetApp : '@targetApp'
+ });
+});
+
+module.factory('OAuthClientAvailableApplicationScopeMapping', function($resource) {
+ return $resource(authUrl + '/admin/realms/:realm/oauth-clients/:oauth/scope-mappings/applications/:targetApp/available', {
+ realm : '@realm',
+ oauth : '@oauth',
+ targetApp : '@targetApp'
+ });
+});
+
+
+
module.factory('OAuthClientInstallation', function($resource) {
var url = authUrl + '/admin/realms/:realm/oauth-clients/:oauth/installation';
var resource = $resource(authUrl + '/admin/realms/:realm/oauth-clients/:oauth/installation', {
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-scope-mappings.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-scope-mappings.html
index 64fa1ccc53..ba1f809535 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-scope-mappings.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-scope-mappings.html
@@ -49,9 +49,9 @@
ng-model="selectedRealmMappings"
ng-options="r.name for r in realmMappings">
-
- -
-
+
+
+ -
Effective Roles
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-scope-mappings.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-scope-mappings.html
index 5a5e2abc6d..67bc4161e4 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-scope-mappings.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/oauth-client-scope-mappings.html
@@ -48,6 +48,17 @@
ng-options="r.name for r in realmMappings">
+
+ -
+
+
+ Effective Roles
+
+
+
@@ -92,6 +103,17 @@
ng-options="r.name for r in applicationMappings">
+
+ -
+
+
+ Effective Roles
+
+
+
diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
index 66a49e0a6c..c897d77972 100755
--- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@@ -114,10 +114,12 @@ public class RealmManager {
RoleModel adminRole;
if (realm.getName().equals(Config.getAdminRealm())) {
adminRole = realm.getRole(AdminRoles.ADMIN);
- realm.addScopeMapping(adminConsole, adminRole);
} else {
- // security roles are defined in application for the realm.
+ String realmAdminApplicationName = getRealmAdminApplicationName(realm);
+ ApplicationModel realmAdminApp = realm.getApplicationByName(realmAdminApplicationName);
+ adminRole = realmAdminApp.getRole(AdminRoles.REALM_ADMIN);
}
+ realm.addScopeMapping(adminConsole, adminRole);
}
public String getMasterRealmAdminApplicationName(RealmModel realm) {