KEYCLOAK-3828

Component uses wrong role
2016-10-28 07:56:44 +02:00 · 2016-10-28 07:56:44 +02:00 · db428dad1d
commit db428dad1d
parent 69dddfa73a
3 changed files with 44 additions and 5 deletions
--- a/server-spi/src/main/java/org/keycloak/models/utils/ComponentUtil.java
+++ b/server-spi/src/main/java/org/keycloak/models/utils/ComponentUtil.java
@ -73,12 +73,12 @@ public class ComponentUtil {
    private static ComponentFactory getComponentFactory(KeycloakSession session, String providerType, String providerId) {
        Class<? extends Provider> provider = session.getProviderClass(providerType);
        if (provider == null) {
-            throw new RuntimeException("Invalid provider type '" + providerType + "'");
+            throw new IllegalArgumentException("Invalid provider type '" + providerType + "'");
        }

        ProviderFactory<? extends Provider> f = session.getKeycloakSessionFactory().getProviderFactory(provider, providerId);
        if (f == null) {
-            throw new RuntimeException("No such provider '" + providerId + "'");
+            throw new IllegalArgumentException("No such provider '" + providerId + "'");
        }

        ComponentFactory cf = (ComponentFactory) f;
--- a/services/src/main/java/org/keycloak/services/resources/admin/ComponentResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ComponentResource.java
@ -32,6 +32,7 @@ import org.keycloak.representations.idm.ComponentRepresentation;
 import org.keycloak.services.ErrorResponse;
 import org.keycloak.services.ErrorResponseException;

+import javax.ws.rs.BadRequestException;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DELETE;
 import javax.ws.rs.GET;
@ -85,7 +86,7 @@ public class ComponentResource {
        this.realm = realm;
        this.adminEvent = adminEvent;

-        auth.init(RealmAuth.Resource.USER);
+        auth.init(RealmAuth.Resource.REALM);
    }

    @GET
@ -126,6 +127,8 @@ public class ComponentResource {
            return Response.created(uriInfo.getAbsolutePathBuilder().path(model.getId()).build()).build();
        } catch (ComponentValidationException e) {
            return localizedErrorResponse(e);
+        } catch (IllegalArgumentException e) {
+            throw new BadRequestException();
        }
    }

@ -134,7 +137,7 @@ public class ComponentResource {
    @Produces(MediaType.APPLICATION_JSON)
    @NoCache
    public ComponentRepresentation getComponent(@PathParam("id") String id) {
-        auth.requireManage();
+        auth.requireView();
        ComponentModel model = realm.getComponent(id);
        if (model == null) {
            throw new NotFoundException("Could not find component");
@ -159,8 +162,9 @@ public class ComponentResource {
            return Response.noContent().build();
        } catch (ComponentValidationException e) {
            return localizedErrorResponse(e);
+        } catch (IllegalArgumentException e) {
+            throw new BadRequestException();
        }
-
    }
    @DELETE
    @Path("{id}")
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java
@ -33,6 +33,7 @@ import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
 import org.keycloak.representations.idm.ClientInitialAccessCreatePresentation;
 import org.keycloak.representations.idm.ClientRepresentation;
 import org.keycloak.representations.idm.ClientTemplateRepresentation;
+import org.keycloak.representations.idm.ComponentRepresentation;
 import org.keycloak.representations.idm.GroupRepresentation;
 import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
 import org.keycloak.representations.idm.IdentityProviderRepresentation;
@ -1576,6 +1577,40 @@ public class PermissionsTest extends AbstractKeycloakTest {
        }, Resource.USER, true);
    }

+    @Test
+    public void components() {
+        invoke(new Invocation() {
+            public void invoke(RealmResource realm) {
+                realm.components().query();
+            }
+        }, Resource.REALM, false);
+        invoke(new Invocation() {
+            public void invoke(RealmResource realm) {
+                realm.components().query("nosuch");
+            }
+        }, Resource.REALM, false);
+        invoke(new InvocationWithResponse() {
+            public void invoke(RealmResource realm, AtomicReference<Response> response) {
+                response.set(realm.components().add(new ComponentRepresentation()));
+            }
+        }, Resource.REALM, true);
+        invoke(new Invocation() {
+            public void invoke(RealmResource realm) {
+                realm.components().component("nosuch").toRepresentation();
+            }
+        }, Resource.REALM, false);
+        invoke(new Invocation() {
+            public void invoke(RealmResource realm) {
+                realm.components().component("nosuch").update(new ComponentRepresentation());
+            }
+        }, Resource.REALM, true);
+        invoke(new Invocation() {
+            public void invoke(RealmResource realm) {
+                realm.components().component("nosuch").remove();
+            }
+        }, Resource.REALM, true);
+    }
+
    private void invoke(final Invocation invocation, Resource resource, boolean manage) {
        invoke(new InvocationWithResponse() {
            public void invoke(RealmResource realm, AtomicReference<Response> response) {