[KEYCLOAK-9666] - Entitlement request with service account results in server error
This commit is contained in:
parent
658a083a0c
commit
ed2d392a3d
3 changed files with 64 additions and 2 deletions
|
@ -74,7 +74,9 @@ public class AuthorizationResource {
|
|||
Callable<AuthorizationResponse> callable = new Callable<AuthorizationResponse>() {
|
||||
@Override
|
||||
public AuthorizationResponse call() throws Exception {
|
||||
if (request.getAudience() == null) {
|
||||
request.setAudience(configuration.getResource());
|
||||
}
|
||||
|
||||
HttpMethod<AuthorizationResponse> method = http.<AuthorizationResponse>post(serverConfiguration.getTokenEndpoint());
|
||||
|
||||
|
|
|
@ -81,6 +81,7 @@ import org.keycloak.services.CorsErrorResponseException;
|
|||
import org.keycloak.services.ErrorResponseException;
|
||||
import org.keycloak.services.Urls;
|
||||
import org.keycloak.services.managers.AuthenticationManager;
|
||||
import org.keycloak.services.managers.AuthenticationSessionManager;
|
||||
import org.keycloak.services.resources.Cors;
|
||||
import org.keycloak.sessions.AuthenticationSessionModel;
|
||||
import org.keycloak.sessions.RootAuthenticationSessionModel;
|
||||
|
@ -283,7 +284,12 @@ public class AuthorizationTokenService {
|
|||
RootAuthenticationSessionModel rootAuthSession = keycloakSession.authenticationSessions().getRootAuthenticationSession(realm, userSessionModel.getId());
|
||||
|
||||
if (rootAuthSession == null) {
|
||||
if (userSessionModel.getUser().getServiceAccountClientLink() == null) {
|
||||
rootAuthSession = keycloakSession.authenticationSessions().createRootAuthenticationSession(userSessionModel.getId(), realm);
|
||||
} else {
|
||||
// if the user session is associated with a service account
|
||||
rootAuthSession = new AuthenticationSessionManager(keycloakSession).createAuthenticationSession(realm, false);
|
||||
}
|
||||
}
|
||||
|
||||
AuthenticationSessionModel authSession = rootAuthSession.createAuthenticationSession(targetClient);
|
||||
|
|
|
@ -2038,6 +2038,60 @@ public class EntitlementAPITest extends AbstractAuthzTest {
|
|||
assertEquals("Resource A", permissions.iterator().next().getResourceName());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testClientToClientPermissionRequest() throws Exception {
|
||||
ClientResource client = getClient(getRealm(), RESOURCE_SERVER_TEST);
|
||||
AuthorizationResource authorization = client.authorization();
|
||||
|
||||
JSPolicyRepresentation policy = new JSPolicyRepresentation();
|
||||
|
||||
policy.setName(KeycloakModelUtils.generateId());
|
||||
policy.setCode("$evaluation.grant();");
|
||||
|
||||
authorization.policies().js().create(policy).close();
|
||||
|
||||
ResourceRepresentation resource = new ResourceRepresentation();
|
||||
|
||||
resource.setName("Sensors");
|
||||
|
||||
try (Response response = authorization.resources().create(resource)) {
|
||||
response.readEntity(ResourceRepresentation.class);
|
||||
}
|
||||
|
||||
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
|
||||
|
||||
permission.setName("View Sensor");
|
||||
permission.addPolicy(policy.getName());
|
||||
|
||||
authorization.permissions().resource().create(permission).close();
|
||||
|
||||
ClientRepresentation otherClient = new ClientRepresentation();
|
||||
|
||||
otherClient.setClientId("serviceB");
|
||||
otherClient.setServiceAccountsEnabled(true);
|
||||
otherClient.setSecret("secret");
|
||||
otherClient.setPublicClient(false);
|
||||
|
||||
getRealm().clients().create(otherClient);
|
||||
|
||||
Map<String, Object> credentials = new HashMap<>();
|
||||
|
||||
credentials.put("secret", "secret");
|
||||
|
||||
AuthzClient authzClient = AuthzClient
|
||||
.create(new Configuration(suiteContext.getAuthServerInfo().getContextRoot().toString() + "/auth",
|
||||
getRealm().toRepresentation().getRealm(), otherClient.getClientId(),
|
||||
credentials, getAuthzClient(AUTHZ_CLIENT_CONFIG).getConfiguration().getHttpClient()));
|
||||
|
||||
AuthorizationRequest request = new AuthorizationRequest();
|
||||
|
||||
request.setAudience(RESOURCE_SERVER_TEST);
|
||||
|
||||
AuthorizationResponse response = authzClient.authorization().authorize(request);
|
||||
|
||||
assertNotNull(response.getToken());
|
||||
}
|
||||
|
||||
private void testRptRequestWithResourceName(String configFile) {
|
||||
Metadata metadata = new Metadata();
|
||||
|
||||
|
|
Loading…
Reference in a new issue