diff --git a/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java b/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java index 52ff18538d..23363e3011 100755 --- a/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java +++ b/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java @@ -326,8 +326,9 @@ public class RepresentationToModel { } } + Map createdClients = new HashMap<>(); if (rep.getClients() != null) { - createClients(session, rep, newRealm, mappedFlows); + createdClients = createClients(session, rep, newRealm, mappedFlows); } importRoles(rep.getRoles(), newRealm); @@ -342,20 +343,19 @@ public class RepresentationToModel { if (rep.getClients() != null) { for (ClientRepresentation resourceRep : rep.getClients()) { if (resourceRep.getDefaultRoles() != null) { - ClientModel clientModel = newRealm.getClientByClientId(resourceRep.getClientId()); + ClientModel clientModel = createdClients.computeIfAbsent(resourceRep.getClientId(), k -> newRealm.getClientByClientId(resourceRep.getClientId())); clientModel.updateDefaultRoles(resourceRep.getDefaultRoles()); + createdClients.put(clientModel.getClientId(), clientModel); } } } // Now that all possible roles and clients are created, create scope mappings - //Map appMap = newRealm.getClientNameMap(); - if (rep.getClientScopeMappings() != null) { for (Map.Entry> entry : rep.getClientScopeMappings().entrySet()) { - ClientModel app = newRealm.getClientByClientId(entry.getKey()); + ClientModel app = createdClients.computeIfAbsent(entry.getKey(), k -> newRealm.getClientByClientId(entry.getKey())); if (app == null) { throw new RuntimeException("Unable to find client role mappings for client: " + entry.getKey()); } @@ -364,17 +364,19 @@ public class RepresentationToModel { } if (rep.getScopeMappings() != null) { + Map roleModelMap = newRealm.getRolesStream().collect(Collectors.toMap(RoleModel::getId, Function.identity())); + for (ScopeMappingRepresentation scope : rep.getScopeMappings()) { ScopeContainerModel scopeContainer = getScopeContainerHavingScope(newRealm, scope); - for (String roleString : scope.getRoles()) { - RoleModel role = newRealm.getRole(roleString.trim()); + final String roleStringTrimmed = roleString.trim(); + RoleModel role = roleModelMap.computeIfAbsent(roleStringTrimmed, k -> newRealm.getRole(roleStringTrimmed)); if (role == null) { - role = newRealm.addRole(roleString.trim()); + role = newRealm.addRole(roleString); + roleModelMap.put(role.getId(), role); } scopeContainer.addScopeMapping(role); } - } } @@ -412,14 +414,13 @@ public class RepresentationToModel { if (rep.getUsers() != null) { for (UserRepresentation userRep : rep.getUsers()) { - UserModel user = createUser(session, newRealm, userRep); + createUser(session, newRealm, userRep); } } if (rep.getFederatedUsers() != null) { for (UserRepresentation userRep : rep.getFederatedUsers()) { importFederatedUser(session, newRealm, userRep); - } } diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java index 961716adb4..a7c5787ea9 100755 --- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java +++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java @@ -303,11 +303,11 @@ public class RealmManager { String adminRealmId = Config.getAdminRealm(); RealmModel adminRealm = model.getRealm(adminRealmId); ClientModel masterApp = adminRealm.getClientByClientId(KeycloakModelUtils.getMasterRealmAdminApplicationClientId(realm.getName())); - if (masterApp != null) { - realm.setMasterAdminClient(masterApp); - } else { + if (masterApp == null) { createMasterAdminManagement(realm); + return; } + realm.setMasterAdminClient(masterApp); } private void createMasterAdminManagement(RealmModel realm) { @@ -521,22 +521,19 @@ public class RealmManager { if (!hasRealmAdminManagementClient(rep)) setupRealmAdminManagement(realm); if (!hasAccountManagementClient(rep)) setupAccountManagement(realm); - boolean postponeImpersonationSetup = false; - if (hasRealmAdminManagementClient(rep)) { - postponeImpersonationSetup = true; - } else { + boolean postponeImpersonationSetup = hasRealmAdminManagementClient(rep); + if (!postponeImpersonationSetup) { setupImpersonationService(realm); } - if (!hasBrokerClient(rep)) setupBrokerService(realm); if (!hasAdminConsoleClient(rep)) setupAdminConsole(realm); boolean postponeAdminCliSetup = false; if (!hasAdminCliClient(rep)) { - if (hasRealmAdminManagementClient(rep)) { - postponeAdminCliSetup = true; - } else { + postponeAdminCliSetup = hasRealmAdminManagementClient(rep); + + if(!postponeAdminCliSetup) { setupAdminCli(realm); } } @@ -550,7 +547,6 @@ public class RealmManager { } RepresentationToModel.importRealm(session, rep, realm, skipUserDependent); - List clients = rep.getClients(); setupClientServiceAccountsAndAuthorizationOnImport(rep, skipUserDependent); @@ -570,8 +566,7 @@ public class RealmManager { // I need to postpone impersonation because it needs "realm-management" client and its roles set if (postponeImpersonationSetup) { setupImpersonationService(realm); - String realmAdminClientId = getRealmAdminClientId(realm); - } + } if (postponeAdminCliSetup) { setupAdminCli(realm);