diff --git a/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java b/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java
index d02b827..52d6a38 100644
--- a/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java
@@ -74,8 +74,15 @@ public class ResourceServerService {
public void create() {
this.auth.requireManage();
+
+ UserModel serviceAccount = this.session.users().getServiceAccount(client);
+
+ if (serviceAccount == null) {
+ throw new RuntimeException("Client does not have a service account.");
+ }
+
this.resourceServer = this.authorization.getStoreFactory().getResourceServerStore().create(this.client.getId());
- createDefaultRoles();
+ createDefaultRoles(serviceAccount);
createDefaultPermission(createDefaultResource(), createDefaultPolicy());
}
@@ -215,15 +222,13 @@ public class ResourceServerService {
return defaultResource;
}
- private void createDefaultRoles() {
+ private void createDefaultRoles(UserModel serviceAccount) {
RoleModel umaProtectionRole = client.getRole(Constants.AUTHZ_UMA_PROTECTION);
if (umaProtectionRole == null) {
umaProtectionRole = client.addRole(Constants.AUTHZ_UMA_PROTECTION);
}
- UserModel serviceAccount = this.session.users().getServiceAccount(client);
-
if (!serviceAccount.hasRole(umaProtectionRole)) {
serviceAccount.grantRole(umaProtectionRole);
}
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java
index c97a8f5..7c1139c 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java
@@ -154,8 +154,12 @@ public class ClientResource {
}
public void updateClientFromRep(ClientRepresentation rep, ClientModel client, KeycloakSession session) throws ModelDuplicateException {
- if (TRUE.equals(rep.isServiceAccountsEnabled()) && !client.isServiceAccountsEnabled()) {
- new ClientManager(new RealmManager(session)).enableServiceAccount(client);
+ if (TRUE.equals(rep.isServiceAccountsEnabled())) {
+ UserModel serviceAccount = this.session.users().getServiceAccount(client);
+
+ if (serviceAccount == null) {
+ new ClientManager(new RealmManager(session)).enableServiceAccount(client);
+ }
}
if (!rep.getClientId().equals(client.getClientId())) {
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java
index 2cd6d47..77e0d6b 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java
@@ -16,20 +16,26 @@
*/
package org.keycloak.services.resources.admin;
+import static java.lang.Boolean.TRUE;
+
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
+import org.keycloak.authorization.admin.AuthorizationService;
+import org.keycloak.common.Profile;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.ErrorResponseException;
import org.keycloak.services.managers.ClientManager;
+import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.validation.ClientValidator;
import org.keycloak.services.validation.PairwiseClientValidator;
import org.keycloak.services.validation.ValidationMessages;
@@ -93,7 +99,17 @@ public class ClientsResource {
boolean view = auth.hasView();
for (ClientModel clientModel : clientModels) {
if (view) {
- rep.add(ModelToRepresentation.toRepresentation(clientModel));
+ ClientRepresentation representation = ModelToRepresentation.toRepresentation(clientModel);
+
+ if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
+ AuthorizationService authorizationService = getAuthorizationService(clientModel);
+
+ if (authorizationService.isEnabled()) {
+ representation.setAuthorizationServicesEnabled(true);
+ }
+ }
+
+ rep.add(representation);
} else {
ClientRepresentation client = new ClientRepresentation();
client.setId(clientModel.getId());
@@ -111,6 +127,10 @@ public class ClientsResource {
return rep;
}
+ private AuthorizationService getAuthorizationService(ClientModel clientModel) {
+ return new AuthorizationService(session, clientModel, auth);
+ }
+
/**
* Create a new client
*
@@ -138,6 +158,20 @@ public class ClientsResource {
try {
ClientModel clientModel = ClientManager.createClient(session, realm, rep, true);
+ if (TRUE.equals(rep.isServiceAccountsEnabled())) {
+ UserModel serviceAccount = session.users().getServiceAccount(clientModel);
+
+ if (serviceAccount == null) {
+ new ClientManager(new RealmManager(session)).enableServiceAccount(clientModel);
+ }
+ }
+
+ if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
+ if (TRUE.equals(rep.getAuthorizationServicesEnabled())) {
+ getAuthorizationService(clientModel).enable();
+ }
+ }
+
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, clientModel.getId()).representation(rep).success();
return Response.created(uriInfo.getAbsolutePathBuilder().path(clientModel.getId()).build()).build();
