libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-10904 ExportImportTest unstable

Browse source 
- adding an exception for realm-management clients into the client confidentiality check
- fixing some performance test datasets to only enable authz for confidential clients
This commit is contained in:
Tomas Kyjovsky 2019-08-16 15:05:46 +02:00 committed by Pedro Igor
parent 411ea331f6
commit fe18e93ba4
3 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
View file

@ -32,6 +32,7 @@ import java.util.function.Function;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.OAuth2Constants; import org.keycloak.OAuth2Constants;
import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.AuthorizationProviderFactory; import org.keycloak.authorization.AuthorizationProviderFactory;
@ -2634,7 +2635,8 @@ public class RepresentationToModel {
} }
public static ResourceServer createResourceServer(ClientModel client, KeycloakSession session, boolean addDefaultRoles) { public static ResourceServer createResourceServer(ClientModel client, KeycloakSession session, boolean addDefaultRoles) {
if (client.isBearerOnly() || client.isPublicClient()) { if ((client.isBearerOnly() || client.isPublicClient())
&& !(client.getClientId().equals(Config.getAdminRealm() + "-realm") || client.getClientId().equals(Constants.REALM_MANAGEMENT_CLIENT_ID))) {
throw new RuntimeException("Only confidential clients are allowed to set authorization settings"); throw new RuntimeException("Only confidential clients are allowed to set authorization settings");
} }
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);

2
testsuite/performance/tests/src/test/resources/dataset/1r_100c_10000u_1hi_10000res_100sc_100po_100pe.properties
View file

@ -27,7 +27,7 @@ client.webOrigins=
client.protocol=openid-connect client.protocol=openid-connect
client.publicClient=<#if index % 3 == 0>true<#else>false</#if> client.publicClient=<#if index % 3 == 0>true<#else>false</#if>
client.bearerOnly=<#if index % 3 == 1>true<#else>false</#if> client.bearerOnly=<#if index % 3 == 1>true<#else>false</#if>
client.authorizationServicesEnabled=${(!isPublicClient())?c} client.authorizationServicesEnabled=${(!isPublicClient() && !isBearerOnly())?c}
client.serviceAccountsEnabled=${authorizationServicesEnabled?c} client.serviceAccountsEnabled=${authorizationServicesEnabled?c}
# CLIENT ROLE # CLIENT ROLE

2
testsuite/performance/tests/src/test/resources/dataset/default.properties
View file

@ -29,7 +29,7 @@ client.webOrigins=
client.protocol=openid-connect client.protocol=openid-connect
client.publicClient=<#if index % 3 == 0>true<#else>false</#if> client.publicClient=<#if index % 3 == 0>true<#else>false</#if>
client.bearerOnly=<#if index % 3 == 1>true<#else>false</#if> client.bearerOnly=<#if index % 3 == 1>true<#else>false</#if>
client.authorizationServicesEnabled=${(!isPublicClient())?c} client.authorizationServicesEnabled=${(!isPublicClient() && !isBearerOnly())?c}
client.serviceAccountsEnabled=${authorizationServicesEnabled?c} client.serviceAccountsEnabled=${authorizationServicesEnabled?c}
# CLIENT ROLE # CLIENT ROLE