From c5366f1c817aa8f2af854f3559c92978283bb1e4 Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Fri, 17 Jan 2014 09:30:56 +0000
Subject: [PATCH 1/2] KEYCLOAK-264 Remove option to enable/disable acct mngmt

---
 .../admin/partials/realm-detail.html          |  4 ---
 .../idm/RealmRepresentation.java              |  9 -------
 examples/as7-eap-demo/testrealm.json          |  1 -
 examples/wildfly-demo/testrealm.json          |  1 -
 .../services/managers/ApplianceBootstrap.java |  1 -
 .../services/managers/RealmManager.java       | 27 +++++--------------
 .../java/org/keycloak/test/AdapterTest.java   |  4 +--
 .../keycloak/test/ApplicationModelTest.java   |  2 +-
 .../java/org/keycloak/test/ImportTest.java    |  2 +-
 .../src/test/resources/testrealm.json         |  1 -
 10 files changed, 10 insertions(+), 42 deletions(-)

diff --git a/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-detail.html b/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-detail.html
index 7975742bbf..f0117d514d 100755
--- a/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-detail.html
+++ b/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-detail.html
@@ -61,10 +61,6 @@
                             <label for="verifyEmail" class="control-label">Verify email</label>
                             <input ng-model="realm.verifyEmail" name="verifyEmail" id="verifyEmail" onoffswitch />
                         </div>
-                        <div class="form-group clearfix block">
-                            <label for="accountManagement" class="control-label two-lines">User account management</label>
-                            <input ng-model="realm.accountManagement" name="accountManagement" id="accountManagement" onoffswitch />
-                        </div>
                         <div class="form-group clearfix block">
                             <label for="requireSsl" class="control-label">Require SSL</label>
                             <input ng-model="realm.requireSsl" name="requireSsl" id="requireSsl" onoffswitch />
diff --git a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
index 376de43a5e..5cb379975d 100755
--- a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
@@ -17,7 +17,6 @@ public class RealmRepresentation {
     protected Integer accessCodeLifespan;
     protected Integer accessCodeLifespanUserAction;
     protected Boolean enabled;
-    protected Boolean accountManagement;
     protected Boolean sslNotRequired;
     protected Boolean registrationAllowed;
     protected Boolean verifyEmail;
@@ -107,14 +106,6 @@ public class RealmRepresentation {
         this.enabled = enabled;
     }
 
-    public Boolean getAccountManagement() {
-        return accountManagement;
-    }
-
-    public void setAccountManagement(Boolean accountManagement) {
-        this.accountManagement = accountManagement;
-    }
-
     public Boolean isSslNotRequired() {
         return sslNotRequired;
     }
diff --git a/examples/as7-eap-demo/testrealm.json b/examples/as7-eap-demo/testrealm.json
index da8b804b03..7f39c9adc8 100755
--- a/examples/as7-eap-demo/testrealm.json
+++ b/examples/as7-eap-demo/testrealm.json
@@ -4,7 +4,6 @@
     "tokenLifespan": 3000,
     "accessCodeLifespan": 10,
     "accessCodeLifespanUserAction": 6000,
-    "accountManagement": true,
     "sslNotRequired": true,
     "registrationAllowed": false,
     "social": false,
diff --git a/examples/wildfly-demo/testrealm.json b/examples/wildfly-demo/testrealm.json
index da8b804b03..7f39c9adc8 100755
--- a/examples/wildfly-demo/testrealm.json
+++ b/examples/wildfly-demo/testrealm.json
@@ -4,7 +4,6 @@
     "tokenLifespan": 3000,
     "accessCodeLifespan": 10,
     "accessCodeLifespanUserAction": 6000,
-    "accountManagement": true,
     "sslNotRequired": true,
     "registrationAllowed": false,
     "social": false,
diff --git a/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java b/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java
index 554a910f0b..04986f3b36 100755
--- a/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java
+++ b/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java
@@ -76,7 +76,6 @@ public class ApplianceBootstrap {
 
         adminConsole.grantRole(adminUser, adminRole);
 
-        manager.enableAccountManagement(realm);
         ApplicationModel accountApp = realm.getApplicationNameMap().get(Constants.ACCOUNT_APPLICATION);
         for (String r : accountApp.getDefaultRoles()) {
             accountApp.grantRole(adminUser, accountApp.getRole(r));
diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
index 7f1ead8d42..54908a0cd0 100755
--- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@@ -78,6 +78,9 @@ public class RealmManager {
         realm.setName(name);
         realm.addRole(Constants.APPLICATION_ROLE);
         realm.addRole(Constants.IDENTITY_REQUESTER_ROLE);
+
+        setupAccountManagement(realm);
+
         return realm;
     }
 
@@ -125,12 +128,6 @@ public class RealmManager {
             realm.updateDefaultRoles(rep.getDefaultRoles().toArray(new String[rep.getDefaultRoles().size()]));
         }
 
-        if (rep.getAccountManagement() != null && rep.getAccountManagement()) {
-            enableAccountManagement(realm);
-        } else {
-            disableAccountManagement(realm);
-        }
-
         if (rep.getSmtpServer() != null) {
             realm.setSmtpConfig(new HashMap(rep.getSmtpServer()));
         }
@@ -144,10 +141,12 @@ public class RealmManager {
         }
     }
 
-    public void enableAccountManagement(RealmModel realm) {
+    private void setupAccountManagement(RealmModel realm) {
         ApplicationModel application = realm.getApplicationNameMap().get(Constants.ACCOUNT_APPLICATION);
         if (application == null) {
             application = realm.addApplication(Constants.ACCOUNT_APPLICATION);
+            application.setEnabled(true);
+
             application.addDefaultRole(Constants.ACCOUNT_PROFILE_ROLE);
             application.addDefaultRole(Constants.ACCOUNT_MANAGE_ROLE);
 
@@ -160,14 +159,6 @@ public class RealmManager {
             RoleModel applicationRole = realm.getRole(Constants.APPLICATION_ROLE);
             realm.grantRole(application.getApplicationUser(), applicationRole);
         }
-        application.setEnabled(true);
-    }
-
-    public void disableAccountManagement(RealmModel realm) {
-        ApplicationModel application = realm.getApplicationNameMap().get(Constants.ACCOUNT_APPLICATION);
-        if (application != null) {
-            application.setEnabled(false); // TODO Should we delete the application instead?
-        }
     }
 
     public RealmModel importRealm(RealmRepresentation rep, UserModel realmCreator) {
@@ -180,7 +171,6 @@ public class RealmManager {
         return realm;
     }
 
-
     public void importRealm(RealmRepresentation rep, RealmModel newRealm) {
         newRealm.setName(rep.getRealm());
         if (rep.isEnabled() != null) newRealm.setEnabled(rep.isEnabled());
@@ -270,10 +260,6 @@ public class RealmManager {
 
         }
 
-        if (rep.getAccountManagement() != null && rep.getAccountManagement()) {
-            enableAccountManagement(newRealm);
-        }
-
         // Now that all possible users and applications are created (users, apps, and oauth clients), do role mappings and scope mappings
 
         Map<String, ApplicationModel> appMap = newRealm.getApplicationNameMap();
@@ -492,7 +478,6 @@ public class RealmManager {
         }
 
         ApplicationModel accountManagementApplication = realm.getApplicationNameMap().get(Constants.ACCOUNT_APPLICATION);
-        rep.setAccountManagement(accountManagementApplication != null && accountManagementApplication.isEnabled());
 
         List<String> defaultRoles = realm.getDefaultRoles();
         if (!defaultRoles.isEmpty()) {
diff --git a/services/src/test/java/org/keycloak/test/AdapterTest.java b/services/src/test/java/org/keycloak/test/AdapterTest.java
index cd522d8f39..08a0057f3a 100755
--- a/services/src/test/java/org/keycloak/test/AdapterTest.java
+++ b/services/src/test/java/org/keycloak/test/AdapterTest.java
@@ -438,8 +438,8 @@ public class AdapterTest extends AbstractKeycloakTest {
         RealmModel otherRealm = adapter.createRealm("other");
         otherRealm.addUser("bburke");
 
-        Assert.assertEquals(1, otherRealm.getUsers().size());
-        Assert.assertEquals(1, otherRealm.searchForUser("u").size());
+        Assert.assertEquals(2, otherRealm.getUsers().size());
+        Assert.assertEquals(1, otherRealm.searchForUser("bu").size());
     }
 
 
diff --git a/services/src/test/java/org/keycloak/test/ApplicationModelTest.java b/services/src/test/java/org/keycloak/test/ApplicationModelTest.java
index e32248195c..1942b41f01 100755
--- a/services/src/test/java/org/keycloak/test/ApplicationModelTest.java
+++ b/services/src/test/java/org/keycloak/test/ApplicationModelTest.java
@@ -68,7 +68,7 @@ public class ApplicationModelTest extends AbstractKeycloakServerTest {
     public void persist() {
         RealmModel persisted = manager.getRealm(realm.getId());
 
-        assertEquals(application, persisted.getApplications().get(0));
+        assertEquals(application, persisted.getApplicationNameMap().get("app-name"));
     }
 
     @Test
diff --git a/services/src/test/java/org/keycloak/test/ImportTest.java b/services/src/test/java/org/keycloak/test/ImportTest.java
index 5c4550964c..383c683dc4 100755
--- a/services/src/test/java/org/keycloak/test/ImportTest.java
+++ b/services/src/test/java/org/keycloak/test/ImportTest.java
@@ -54,7 +54,7 @@ public class ImportTest extends AbstractKeycloakTest {
         Assert.assertEquals(0, realm.getSocialLinks(user).size());
 
         List<ApplicationModel> resources = realm.getApplications();
-        Assert.assertEquals(2, resources.size());
+        Assert.assertEquals(3, resources.size());
 
         // Test scope relationship
         ApplicationModel application = realm.getApplicationNameMap().get("Application");
diff --git a/testsuite/integration/src/test/resources/testrealm.json b/testsuite/integration/src/test/resources/testrealm.json
index c25ece4f1c..755d9ea516 100755
--- a/testsuite/integration/src/test/resources/testrealm.json
+++ b/testsuite/integration/src/test/resources/testrealm.json
@@ -7,7 +7,6 @@
     "accessCodeLifespanUserAction": 600,
     "sslNotRequired": true,
     "registrationAllowed": true,
-    "accountManagement": true,
     "resetPasswordAllowed": true,
     "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
     "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",

From 070c0ddba4f74e2feeef0b4a05124009153442ca Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Fri, 17 Jan 2014 10:03:13 +0000
Subject: [PATCH 2/2] Renamed registration to default roles, add default roles
 to all users when they are created

---
 .../resources/META-INF/resources/admin/js/app.js |  6 +++---
 .../resources/admin/js/controllers/realm.js      |  4 ++--
 .../admin/partials/realm-credentials.html        |  2 +-
 ...egistration.html => realm-default-roles.html} |  2 +-
 .../resources/admin/partials/realm-detail.html   |  2 +-
 .../resources/admin/partials/realm-keys.html     |  2 +-
 .../resources/admin/partials/realm-smtp.html     |  2 +-
 .../resources/admin/partials/realm-social.html   |  2 +-
 .../resources/admin/partials/realm-tokens.html   |  2 +-
 .../resources/admin/partials/role-detail.html    |  2 +-
 .../resources/admin/partials/role-list.html      |  2 +-
 .../org/keycloak/models/jpa/RealmAdapter.java    | 14 +++++++++++++-
 .../keycloak/models/picketlink/RealmAdapter.java | 16 ++++++++++++++--
 .../services/resources/TokenService.java         | 10 ----------
 .../keycloak/testsuite/account/ProfileTest.java  |  6 +++---
 .../keycloak/testsuite/forms/AccountTest.java    |  7 ++++---
 16 files changed, 48 insertions(+), 33 deletions(-)
 rename admin-ui/src/main/resources/META-INF/resources/admin/partials/{realm-registration.html => realm-default-roles.html} (99%)

diff --git a/admin-ui/src/main/resources/META-INF/resources/admin/js/app.js b/admin-ui/src/main/resources/META-INF/resources/admin/js/app.js
index 701d4a0389..401be0c6bc 100755
--- a/admin-ui/src/main/resources/META-INF/resources/admin/js/app.js
+++ b/admin-ui/src/main/resources/META-INF/resources/admin/js/app.js
@@ -82,8 +82,8 @@ module.config([ '$routeProvider', function($routeProvider) {
             },
             controller : 'RealmSocialCtrl'
         })
-        .when('/realms/:realm/registration-settings', {
-            templateUrl : 'partials/realm-registration.html',
+        .when('/realms/:realm/default-roles', {
+            templateUrl : 'partials/realm-default-roles.html',
             resolve : {
                 realm : function(RealmLoader) {
                     return RealmLoader();
@@ -95,7 +95,7 @@ module.config([ '$routeProvider', function($routeProvider) {
                     return RoleListLoader();
                 }
             },
-            controller : 'RealmRegistrationCtrl'
+            controller : 'RealmDefaultRolesCtrl'
         })
         .when('/realms/:realm/required-credentials', {
             templateUrl : 'partials/realm-credentials.html',
diff --git a/admin-ui/src/main/resources/META-INF/resources/admin/js/controllers/realm.js b/admin-ui/src/main/resources/META-INF/resources/admin/js/controllers/realm.js
index d74a7ae092..aa6199320d 100755
--- a/admin-ui/src/main/resources/META-INF/resources/admin/js/controllers/realm.js
+++ b/admin-ui/src/main/resources/META-INF/resources/admin/js/controllers/realm.js
@@ -427,9 +427,9 @@ module.controller('RealmRequiredCredentialsCtrl', function($scope, Realm, realm,
     };
 });
 
-module.controller('RealmRegistrationCtrl', function ($scope, Realm, realm, applications, roles, Notifications, ApplicationRole, Application) {
+module.controller('RealmDefaultRolesCtrl', function ($scope, Realm, realm, applications, roles, Notifications, ApplicationRole, Application) {
 
-    console.log('RealmRegistrationCtrl');
+    console.log('RealmDefaultRolesCtrl');
 
     $scope.realm = realm;
 
diff --git a/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-credentials.html b/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-credentials.html
index 9d0e0f68cf..d027574ebe 100755
--- a/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-credentials.html
+++ b/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-credentials.html
@@ -6,8 +6,8 @@
                 <ul class="rcue-tabs">
                     <li><a href="#/realms/{{realm.realm}}">General</a></li>
                     <li data-ng-show="realm.social"><a href="#/realms/{{realm.realm}}/social-settings">Social</a></li>
-                    <li data-ng-show="realm.registrationAllowed"><a href="#/realms/{{realm.realm}}/registration-settings">Registration</a></li>
                     <li><a href="#/realms/{{realm.realm}}/roles">Roles</a></li>
+                    <li><a href="#/realms/{{realm.realm}}/default-roles">Default Roles</a></li>
                     <li class="active"><a href="#/realms/{{realm.realm}}/required-credentials">Credentials</a></li>
                     <li><a href="#/realms/{{realm.realm}}/token-settings">Token</a></li>
                     <li><a href="#/realms/{{realm.realm}}/keys-settings">Keys</a></li>
diff --git a/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-registration.html b/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-default-roles.html
similarity index 99%
rename from admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-registration.html
rename to admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-default-roles.html
index 867305f2b4..e2a5314a64 100755
--- a/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-registration.html
+++ b/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-default-roles.html
@@ -6,8 +6,8 @@
                 <ul class="rcue-tabs">
                     <li><a href="#/realms/{{realm.realm}}">General</a></li>
                     <li data-ng-show="realm.social"><a href="#/realms/{{realm.realm}}/social-settings">Social</a></li>
-                    <li class="active"><a href="#/realms/{{realm.realm}}/registration-settings">Registration</a></li>
                     <li><a href="#/realms/{{realm.realm}}/roles">Roles</a></li>
+                    <li class="active"><a href="#/realms/{{realm.realm}}/default-roles">Default Roles</a></li>
                     <li><a href="#/realms/{{realm.realm}}/required-credentials">Credentials</a></li>
                     <li><a href="#/realms/{{realm.realm}}/token-settings">Token</a></li>
                     <li><a href="#/realms/{{realm.realm}}/keys-settings">Keys</a></li>
diff --git a/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-detail.html b/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-detail.html
index f0117d514d..726d56f005 100755
--- a/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-detail.html
+++ b/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-detail.html
@@ -6,8 +6,8 @@
                 <ul class="rcue-tabs">
                     <li class="active"><a href="#/realms/{{realm.realm}}">General</a></li>
                     <li data-ng-show="social"><a href="#/realms/{{realm.realm}}/social-settings">Social</a></li>
-                    <li data-ng-show="registrationAllowed"><a href="#/realms/{{realm.realm}}/registration-settings">Registration</a></li>
                     <li><a href="#/realms/{{realm.realm}}/roles">Roles</a></li>
+                    <li><a href="#/realms/{{realm.realm}}/default-roles">Default Roles</a></li>
                     <li><a href="#/realms/{{realm.realm}}/required-credentials">Credentials</a></li>
                     <li><a href="#/realms/{{realm.realm}}/token-settings">Token</a></li>
                     <li><a href="#/realms/{{realm.realm}}/keys-settings">Keys</a></li>
diff --git a/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-keys.html b/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-keys.html
index f60f38b993..a05f12bae2 100755
--- a/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-keys.html
+++ b/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-keys.html
@@ -6,8 +6,8 @@
                 <ul class="rcue-tabs">
                     <li><a href="#/realms/{{realm.realm}}">General</a></li>
                     <li data-ng-show="realm.social"><a href="#/realms/{{realm.realm}}/social-settings">Social</a></li>
-                    <li data-ng-show="realm.registrationAllowed"><a href="#/realms/{{realm.realm}}/registration-settings">Registration</a></li>
                     <li><a href="#/realms/{{realm.realm}}/roles">Roles</a></li>
+                    <li><a href="#/realms/{{realm.realm}}/default-roles">Default Roles</a></li>
                     <li><a href="#/realms/{{realm.realm}}/required-credentials">Credentials</a></li>
                     <li><a href="#/realms/{{realm.realm}}/token-settings">Token</a></li>
                     <li class="active"><a href="#/realms/{{realm.realm}}/keys-settings">Keys</a></li>
diff --git a/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-smtp.html b/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-smtp.html
index f731d19c06..1f685f9f0f 100755
--- a/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-smtp.html
+++ b/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-smtp.html
@@ -6,8 +6,8 @@
                 <ul class="rcue-tabs">
                     <li><a href="#/realms/{{realm.realm}}">General</a></li>
                     <li data-ng-show="realm.social"><a href="#/realms/{{realm.realm}}/social-settings">Social</a></li>
-                    <li data-ng-show="realm.registrationAllowed"><a href="#/realms/{{realm.realm}}/registration-settings">Registration</a></li>
                     <li><a href="#/realms/{{realm.realm}}/roles">Roles</a></li>
+                    <li><a href="#/realms/{{realm.realm}}/default-roles">Default Roles</a></li>
                     <li><a href="#/realms/{{realm.realm}}/required-credentials">Credentials</a></li>
                     <li><a href="#/realms/{{realm.realm}}/token-settings">Token</a></li>
                     <li><a href="#/realms/{{realm.realm}}/keys-settings">Keys</a></li>
diff --git a/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-social.html b/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-social.html
index 723d5fc18a..bd6dde2871 100755
--- a/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-social.html
+++ b/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-social.html
@@ -6,8 +6,8 @@
                 <ul class="rcue-tabs">
                     <li><a href="#/realms/{{realm.realm}}">General</a></li>
                     <li class="active" data-ng-show="realm.social"><a href="#/realms/{{realm.realm}}/social-settings">Social</a></li>
-                    <li data-ng-show="realm.registrationAllowed"><a href="#/realms/{{realm.realm}}/registration-settings">Registration</a></li>
                     <li><a href="#/realms/{{realm.realm}}/roles">Roles</a></li>
+                    <li><a href="#/realms/{{realm.realm}}/default-roles">Default Roles</a></li>
                     <li><a href="#/realms/{{realm.realm}}/required-credentials">Credentials</a></li>
                     <li><a href="#/realms/{{realm.realm}}/token-settings">Token</a></li>
                     <li><a href="#/realms/{{realm.realm}}/keys-settings">Keys</a></li>
diff --git a/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-tokens.html b/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-tokens.html
index 7c77f6adb3..0ea6617ef7 100755
--- a/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-tokens.html
+++ b/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-tokens.html
@@ -6,8 +6,8 @@
                 <ul class="rcue-tabs">
                     <li><a href="#/realms/{{realm.realm}}">General</a></li>
                     <li data-ng-show="realm.social"><a href="#/realms/{{realm.realm}}/social-settings">Social</a></li>
-                    <li data-ng-show="realm.registrationAllowed"><a href="#/realms/{{realm.realm}}/registration-settings">Registration</a></li>
                     <li><a href="#/realms/{{realm.realm}}/roles">Roles</a></li>
+                    <li><a href="#/realms/{{realm.realm}}/default-roles">Default Roles</a></li>
                     <li><a href="#/realms/{{realm.realm}}/required-credentials">Credentials</a></li>
                     <li class="active"><a href="#/realms/{{realm.realm}}/token-settings">Token</a></li>
                     <li><a href="#/realms/{{realm.realm}}/keys-settings">Keys</a></li>
diff --git a/admin-ui/src/main/resources/META-INF/resources/admin/partials/role-detail.html b/admin-ui/src/main/resources/META-INF/resources/admin/partials/role-detail.html
index 6fd412b257..3e05f3495c 100755
--- a/admin-ui/src/main/resources/META-INF/resources/admin/partials/role-detail.html
+++ b/admin-ui/src/main/resources/META-INF/resources/admin/partials/role-detail.html
@@ -6,8 +6,8 @@
                 <ul class="rcue-tabs">
                     <li><a href="#/realms/{{realm.realm}}">General</a></li>
                     <li data-ng-show="realm.social"><a href="#/realms/{{realm.realm}}/social-settings">Social</a></li>
-                    <li><a href="#/realms/{{realm.realm}}/registration-settings">Registration</a></li>
                     <li class="active"><a href="#/realms/{{realm.realm}}/roles">Roles</a></li>
+                    <li><a href="#/realms/{{realm.realm}}/default-roles">Default Roles</a></li>
                     <li><a href="#/realms/{{realm.realm}}/required-credentials">Credentials</a></li>
                     <li><a href="#/realms/{{realm.realm}}/token-settings">Token</a></li>
                     <li><a href="#/realms/{{realm.realm}}/keys-settings">Keys</a></li>
diff --git a/admin-ui/src/main/resources/META-INF/resources/admin/partials/role-list.html b/admin-ui/src/main/resources/META-INF/resources/admin/partials/role-list.html
index 49d6a9a920..213342a9ba 100755
--- a/admin-ui/src/main/resources/META-INF/resources/admin/partials/role-list.html
+++ b/admin-ui/src/main/resources/META-INF/resources/admin/partials/role-list.html
@@ -6,8 +6,8 @@
                 <ul class="rcue-tabs">
                     <li><a href="#/realms/{{realm.realm}}">General</a></li>
                     <li data-ng-show="realm.social"><a href="#/realms/{{realm.realm}}/social-settings">Social</a></li>
-                    <li data-ng-show="realm.registrationAllowed"><a href="#/realms/{{realm.realm}}/registration-settings">Registration</a></li>
                     <li class="active"><a href="#/realms/{{realm.realm}}/roles">Roles</a></li>
+                    <li><a href="#/realms/{{realm.realm}}/default-roles">Default Roles</a></li>
                     <li><a href="#/realms/{{realm.realm}}/required-credentials">Credentials</a></li>
                     <li><a href="#/realms/{{realm.realm}}/token-settings">Token</a></li>
                     <li><a href="#/realms/{{realm.realm}}/keys-settings">Keys</a></li>
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
index 0488bddd81..9b9679d7fc 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
@@ -444,7 +444,19 @@ public class RealmAdapter implements RealmModel {
         entity.setRealm(realm);
         em.persist(entity);
         em.flush();
-        return new UserAdapter(entity);
+        UserModel userModel = new UserAdapter(entity);
+
+        for (String r : getDefaultRoles()) {
+            grantRole(userModel, getRole(r));
+        }
+
+        for (ApplicationModel application : getApplications()) {
+            for (String r : application.getDefaultRoles()) {
+                application.grantRole(userModel, application.getRole(r));
+            }
+        }
+
+        return userModel;
     }
 
     @Override
diff --git a/model/picketlink/src/main/java/org/keycloak/models/picketlink/RealmAdapter.java b/model/picketlink/src/main/java/org/keycloak/models/picketlink/RealmAdapter.java
index 13d78a35ed..4b0b005477 100755
--- a/model/picketlink/src/main/java/org/keycloak/models/picketlink/RealmAdapter.java
+++ b/model/picketlink/src/main/java/org/keycloak/models/picketlink/RealmAdapter.java
@@ -516,7 +516,19 @@ public class RealmAdapter implements RealmModel {
         if (user != null) throw new IllegalStateException("User already exists");
         user = new User(username);
         getIdm().add(user);
-        return new UserAdapter(user, getIdm());
+        UserAdapter userModel = new UserAdapter(user, getIdm());
+
+        for (String r : getDefaultRoles()) {
+            grantRole(userModel, getRole(r));
+        }
+
+        for (ApplicationModel application : getApplications()) {
+            for (String r : application.getDefaultRoles()) {
+                application.grantRole(userModel, application.getRole(r));
+            }
+        }
+
+        return userModel;
     }
 
     @Override
@@ -885,7 +897,7 @@ public class RealmAdapter implements RealmModel {
     @Override
     public Set<SocialLinkModel> getSocialLinks(UserModel user) {
         RelationshipQuery<SocialLinkRelationship> query = getRelationshipManager().createRelationshipQuery(SocialLinkRelationship.class);
-        query.setParameter(SocialLinkRelationship.USER, ((UserAdapter)user).getUser());
+        query.setParameter(SocialLinkRelationship.USER, ((UserAdapter) user).getUser());
         List<SocialLinkRelationship> plSocialLinks = query.getResultList();
 
         Set<SocialLinkModel> results = new HashSet<SocialLinkModel>();
diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java
index 24c014cdc6..2ce30a524d 100755
--- a/services/src/main/java/org/keycloak/services/resources/TokenService.java
+++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java
@@ -339,16 +339,6 @@ public class TokenService {
             realm.updateCredential(user, credentials);
         }
 
-        for (String r : realm.getDefaultRoles()) {
-            realm.grantRole(user, realm.getRole(r));
-        }
-
-        for (ApplicationModel application : realm.getApplications()) {
-            for (String r : application.getDefaultRoles()) {
-                application.grantRole(user, application.getRole(r));
-            }
-        }
-
         return processLogin(clientId, scopeParam, state, redirect, formData);
     }
 
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java
index e3fe2dd4e9..7a8f2a24bb 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java
@@ -54,12 +54,12 @@ public class ProfileTest {
             user.setAttribute("key2", "value2");
 
             ApplicationModel accountApp = appRealm.getApplicationNameMap().get(org.keycloak.models.Constants.ACCOUNT_APPLICATION);
-            for (String r : accountApp.getDefaultRoles()) {
-                accountApp.grantRole(user, accountApp.getRole(r));
-            }
 
             UserModel user2 = appRealm.addUser("test-user-no-access@localhost");
             user2.setEnabled(true);
+            for (String r : accountApp.getDefaultRoles()) {
+                accountApp.deleteRoleMapping(user2, accountApp.getRole(r));
+            }
             UserCredentialModel creds = new UserCredentialModel();
             creds.setType(CredentialRepresentation.PASSWORD);
             creds.setValue("password");
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/AccountTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/AccountTest.java
index 020a838fea..3a06d4495f 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/AccountTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/AccountTest.java
@@ -52,13 +52,14 @@ public class AccountTest {
         @Override
         public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
             UserModel user = appRealm.getUser("test-user@localhost");
+
             ApplicationModel accountApp = appRealm.getApplicationNameMap().get(org.keycloak.models.Constants.ACCOUNT_APPLICATION);
-            for (String r : accountApp.getDefaultRoles()) {
-                accountApp.grantRole(user, accountApp.getRole(r));
-            }
 
             UserModel user2 = appRealm.addUser("test-user-no-access@localhost");
             user2.setEnabled(true);
+            for (String r : accountApp.getDefaultRoles()) {
+                accountApp.deleteRoleMapping(user2, accountApp.getRole(r));
+            }
             UserCredentialModel creds = new UserCredentialModel();
             creds.setType(CredentialRepresentation.PASSWORD);
             creds.setValue("password");