Merge pull request #2137 from abstractj/KEYCLOAK-2411

Realm import will raise NPE when clientID is missing

services/src/main/java/org/keycloak/services/managers/RealmManager.java

@@ -472,7 +472,7 @@ public class RealmManager implements RealmImporter {
     private boolean hasClient(RealmRepresentation rep, String clientId) {
         if (rep.getClients() != null) {
             for (ClientRepresentation clientRep : rep.getClients()) {
-                if (clientRep.getClientId().equals(clientId)) {
+                if (clientRep.getClientId() != null && clientRep.getClientId().equals(clientId)) {
                     return true;
                 }
             }

testsuite/integration/src/test/java/org/keycloak/testsuite/model/CompositeRolesModelTest.java

@@ -2,7 +2,9 @@ package org.keycloak.testsuite.model;
 
 import org.junit.Assert;
 import org.junit.Before;
+import org.junit.Rule;
 import org.junit.Test;
+import org.junit.rules.ExpectedException;
 import org.keycloak.models.ClientModel;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RoleModel;
@@ -10,6 +12,7 @@ import org.keycloak.models.UserModel;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.services.managers.RealmManager;
 
+import java.io.IOException;
 import java.util.HashSet;
 import java.util.Set;
 
@@ -18,6 +21,9 @@ import java.util.Set;
  */
 public class CompositeRolesModelTest extends AbstractModelTest {
 
+    @Rule
+    public ExpectedException expectedException = ExpectedException.none();
+
     @Before
     @Override
     public void before() throws Exception {
@@ -25,7 +31,19 @@ public class CompositeRolesModelTest extends AbstractModelTest {
         RealmManager manager = realmManager;
         RealmRepresentation rep = AbstractModelTest.loadJson("model/testcomposites.json");
         rep.setId("TestComposites");
-        RealmModel realm = manager.importRealm(rep);
+        manager.importRealm(rep);
+    }
+
+    @Test
+    public void testNoClientID() throws IOException {
+
+        RealmManager manager = realmManager;
+        RealmRepresentation rep = AbstractModelTest.loadJson("model/testrealm-noclient-id.json");
+        rep.setId("TestNoClientID");
+        expectedException.expect(RuntimeException.class);
+        expectedException.expectMessage("Unknown client specified in client scope mappings");
+        manager.importRealm(rep);
+
     }
 
     @Test

testsuite/integration/src/test/resources/model/testrealm-noclient-id.json

@@ -0,0 +1,57 @@
+
+{
+    "realm": "demo-no-client-id",
+    "enabled": true,
+    "accessTokenLifespan": 300,
+    "accessCodeLifespan": 10,
+    "accessCodeLifespanUserAction": 600,
+    "sslRequired": "external",
+    "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
+    "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+    "requiredCredentials": [ "password" ],
+    "users" : [
+        {
+            "username" : "bburke@redhat.com",
+            "enabled": true,
+            "email" : "bburke@redhat.com",
+            "credentials" : [
+                { "type" : "Password",
+                    "value" : "password" }
+            ],
+            "realmRoles": [ "user" ]
+        }
+    ],
+    "roles" : {
+        "realm" : [
+            {
+                "name": "user",
+                "description": "Have User privileges"
+            },
+            {
+                "name": "admin",
+                "description": "Have Administrator privileges"
+            }
+        ]
+    },
+    "scopeMappings": [
+        {
+            "client": "third-party",
+            "roles": ["user"]
+        }
+    ],
+    "clients": [
+        {
+            "name": "third-party",
+            "enabled": true,
+            "bearerOnly": true
+        }
+    ],
+    "clientScopeMappings": {
+        "realm-management": [
+            {
+                "client": "some-client",
+                "roles": ["create-client"]
+            }
+        ]
+    }
+}