From adffe16cb829e7daf19214f4f328a64c1615ed3a Mon Sep 17 00:00:00 2001
From: Pedro Igor <pigor.craveiro@gmail.com>
Date: Tue, 4 Jul 2017 10:16:55 -0300
Subject: [PATCH] [KEYCLOAK-5135] - Wrong comparison when checking for
 duplicate resources during creation

---
 .../models/utils/RepresentationToModel.java   | 26 ++++++++++--
 .../admin/ResourceSetService.java             | 41 ++++++-------------
 2 files changed, 36 insertions(+), 31 deletions(-)

diff --git a/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java b/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
index a18c27a087..bf2da444de 100755
--- a/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
+++ b/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
@@ -76,6 +76,7 @@ import org.keycloak.models.ScopeContainerModel;
 import org.keycloak.models.UserConsentModel;
 import org.keycloak.models.UserCredentialModel;
 import org.keycloak.models.UserModel;
+import org.keycloak.models.UserProvider;
 import org.keycloak.provider.ProviderConfigProperty;
 import org.keycloak.representations.idm.ApplicationRepresentation;
 import org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation;
@@ -2245,10 +2246,10 @@ public class RepresentationToModel {
             existing.setType(resource.getType());
             existing.setUri(resource.getUri());
             existing.setIconUri(resource.getIconUri());
-
             existing.updateScopes(resource.getScopes().stream()
                     .map((ScopeRepresentation scope) -> toModel(scope, resourceServer, authorization))
                     .collect(Collectors.toSet()));
+
             return existing;
         }
 
@@ -2259,11 +2260,30 @@ public class RepresentationToModel {
             owner.setId(resourceServer.getClientId());
         }
 
-        if (owner.getId() == null) {
+        String ownerId = owner.getId();
+
+        if (ownerId == null) {
             throw new RuntimeException("No owner specified for resource [" + resource.getName() + "].");
         }
 
-        Resource model = resourceStore.create(resource.getName(), resourceServer, owner.getId());
+        if (!resourceServer.getClientId().equals(ownerId)) {
+            RealmModel realm = authorization.getRealm();
+            KeycloakSession keycloakSession = authorization.getKeycloakSession();
+            UserProvider users = keycloakSession.users();
+            UserModel ownerModel = users.getUserById(ownerId, realm);
+
+            if (ownerModel == null) {
+                ownerModel = users.getUserByUsername(ownerId, realm);
+            }
+
+            if (ownerModel == null) {
+                throw new RuntimeException("Owner must be a valid username or user identifier. If the resource server, the client id or null.");
+            }
+
+            owner.setId(ownerModel.getId());
+        }
+
+        Resource model = resourceStore.create(resource.getName(), resourceServer, ownerId);
 
         model.setType(resource.getType());
         model.setUri(resource.getUri());
diff --git a/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java b/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java
index 7c95281f14..3f8b7373c3 100644
--- a/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java
@@ -101,39 +101,24 @@ public class ResourceSetService {
         Resource existingResource = storeFactory.getResourceStore().findByName(resource.getName(), this.resourceServer.getId());
         ResourceOwnerRepresentation owner = resource.getOwner();
 
-        if (existingResource != null && existingResource.getResourceServer().getId().equals(this.resourceServer.getId())
-                && existingResource.getOwner().equals(owner)) {
+        if (owner == null) {
+            owner = new ResourceOwnerRepresentation();
+            owner.setId(resourceServer.getClientId());
+        }
+
+        String ownerId = owner.getId();
+
+        if (ownerId == null) {
+            return ErrorResponse.error("You must specify the resource owner.", Status.BAD_REQUEST);
+        }
+
+        if (existingResource != null && existingResource.getOwner().equals(ownerId)) {
             return ErrorResponse.exists("Resource with name [" + resource.getName() + "] already exists.");
         }
 
-        if (owner != null) {
-            String ownerId = owner.getId();
-
-            if (ownerId != null) {
-                if (!resourceServer.getClientId().equals(ownerId)) {
-                    RealmModel realm = authorization.getRealm();
-                    KeycloakSession keycloakSession = authorization.getKeycloakSession();
-                    UserProvider users = keycloakSession.users();
-                    UserModel ownerModel = users.getUserById(ownerId, realm);
-
-                    if (ownerModel == null) {
-                        ownerModel = users.getUserByUsername(ownerId, realm);
-                    }
-
-                    if (ownerModel == null) {
-                        return ErrorResponse.error("Owner must be a valid username or user identifier. If the resource server, the client id or null.", Status.BAD_REQUEST);
-                    }
-
-                    owner.setId(ownerModel.getId());
-                }
-            }
-        }
-
-        Resource model = toModel(resource, this.resourceServer, authorization);
-
         ResourceRepresentation representation = new ResourceRepresentation();
 
-        representation.setId(model.getId());
+        representation.setId(toModel(resource, this.resourceServer, authorization).getId());
 
         return Response.status(Status.CREATED).entity(representation).build();
     }