keycloak-uncached
Changes
admin-ui/src/main/resources/META-INF/resources/admin/partials/application-scope-mappings.html 2(+1 -1)
examples/js/testrealm.json 1(+0 -1)
Details
diff --git a/admin-ui/src/main/resources/META-INF/resources/admin/js/app.js b/admin-ui/src/main/resources/META-INF/resources/admin/js/app.js
index 439cff4..34a20d6 100755
--- a/admin-ui/src/main/resources/META-INF/resources/admin/js/app.js
+++ b/admin-ui/src/main/resources/META-INF/resources/admin/js/app.js
@@ -489,16 +489,28 @@ module.filter('remove', function() {
for ( var i = 0; i < input.length; i++) {
var e = input[i];
- for (var j = 0; j < remove.length; j++) {
+ if (Array.isArray(remove)) {
+ for (var j = 0; j < remove.length; j++) {
+ if (attribute) {
+ if (remove[j][attribute] == e[attribute]) {
+ e = null;
+ break;
+ }
+ } else {
+ if (remove[j] == e) {
+ e = null;
+ break;
+ }
+ }
+ }
+ } else {
if (attribute) {
- if (remove[j][attribute] == e[attribute]) {
+ if (remove[attribute] == e[attribute]) {
e = null;
- break;
}
} else {
- if (remove[j] == e) {
+ if (remove == e) {
e = null;
- break;
}
}
}
diff --git a/admin-ui/src/main/resources/META-INF/resources/admin/js/controllers/realm.js b/admin-ui/src/main/resources/META-INF/resources/admin/js/controllers/realm.js
index 19a08cf..410d324 100755
--- a/admin-ui/src/main/resources/META-INF/resources/admin/js/controllers/realm.js
+++ b/admin-ui/src/main/resources/META-INF/resources/admin/js/controllers/realm.js
@@ -208,7 +208,6 @@ module.controller('RealmRequiredCredentialsCtrl', function($scope, Realm, realm,
module.controller('RealmRegistrationCtrl', function ($scope, Realm, realm, applications, roles, Notifications, ApplicationRole, Application) {
console.log('RealmRegistrationCtrl');
- var systemRoles = ["*", "KEYCLOAK_APPLICATION", "KEYCLOAK_IDENTITY_REQUESTER"];
$scope.realm = realm;
@@ -230,7 +229,7 @@ module.controller('RealmRegistrationCtrl', function ($scope, Realm, realm, appli
for (var i = 0; i < roles.length; i++) {
var item = roles[i].name;
- if ((systemRoles.indexOf(item) < 0) && ($scope.realm.defaultRoles.indexOf(item) < 0)) {
+ if ($scope.realm.defaultRoles.indexOf(item) < 0) {
$scope.availableRealmRoles.push(item);
}
}
diff --git a/admin-ui/src/main/resources/META-INF/resources/admin/partials/application-scope-mappings.html b/admin-ui/src/main/resources/META-INF/resources/admin/partials/application-scope-mappings.html
index 6ca4b0b..ebabbd9 100755
--- a/admin-ui/src/main/resources/META-INF/resources/admin/partials/application-scope-mappings.html
+++ b/admin-ui/src/main/resources/META-INF/resources/admin/partials/application-scope-mappings.html
@@ -56,7 +56,7 @@
<label for="applications">Application</label>
<div class="input-group">
<div class="select-rcue">
- <select id="applications" name="applications" ng-change="changeApplication()" ng-model="targetApp" ng-options="a.name for a in applications">
+ <select id="applications" name="applications" ng-change="changeApplication()" ng-model="targetApp" ng-options="a.name for a in (applications|remove:application:'id')">
<option value="" selected> Select an Application </option>
</select>
</div>
diff --git a/core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java
index 59347ca..bab05a0 100755
--- a/core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java
@@ -14,7 +14,6 @@ public class ApplicationRepresentation {
protected String adminUrl;
protected String baseUrl;
protected boolean surrogateAuthRequired;
- protected boolean useRealmMappings;
protected boolean enabled;
protected List<CredentialRepresentation> credentials;
protected List<RoleRepresentation> roles;
@@ -142,14 +141,6 @@ public class ApplicationRepresentation {
return this;
}
- public boolean isUseRealmMappings() {
- return useRealmMappings;
- }
-
- public void setUseRealmMappings(boolean useRealmMappings) {
- this.useRealmMappings = useRealmMappings;
- }
-
public List<String> getRedirectUris() {
return redirectUris;
}
diff --git a/examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json b/examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json
index c30c963..cc267ee 100755
--- a/examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json
+++ b/examples/as7-eap-demo/server/src/main/resources/META-INF/testrealm.json
@@ -65,7 +65,6 @@
"name": "customer-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/customer-portal/j_admin_request",
- "useRealmMappings": true,
"credentials": [
{
"type": "password",
@@ -77,7 +76,6 @@
"name": "product-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/product-portal/j_admin_request",
- "useRealmMappings": true,
"credentials": [
{
"type": "password",
diff --git a/examples/as7-eap-dev/server/src/main/resources/META-INF/testrealm.json b/examples/as7-eap-dev/server/src/main/resources/META-INF/testrealm.json
index b289fcf..888a518 100755
--- a/examples/as7-eap-dev/server/src/main/resources/META-INF/testrealm.json
+++ b/examples/as7-eap-dev/server/src/main/resources/META-INF/testrealm.json
@@ -65,7 +65,6 @@
"name": "customer-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/customer-portal/j_admin_request",
- "useRealmMappings": true,
"webOrigins" : [ "http://localhost1:8080"],
"credentials": [
{
@@ -78,7 +77,6 @@
"name": "product-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/product-portal/j_admin_request",
- "useRealmMappings": true,
"credentials": [
{
"type": "password",
examples/js/testrealm.json 1(+0 -1)
diff --git a/examples/js/testrealm.json b/examples/js/testrealm.json
index 38225c6..ee72300 100755
--- a/examples/js/testrealm.json
+++ b/examples/js/testrealm.json
@@ -48,7 +48,6 @@
"name": "test-app",
"enabled": true,
"adminUrl": "http://localhost:8081/app/logout",
- "useRealmMappings": true,
"webOrigins": [ "http://localhost", "http://localhost:8000", "http://localhost:8080" ],
"credentials": [
{
diff --git a/model/api/src/main/java/org/keycloak/models/Constants.java b/model/api/src/main/java/org/keycloak/models/Constants.java
index 53f0813..fb29037 100755
--- a/model/api/src/main/java/org/keycloak/models/Constants.java
+++ b/model/api/src/main/java/org/keycloak/models/Constants.java
@@ -11,11 +11,8 @@ public interface Constants {
String ADMIN_CONSOLE_ADMIN_ROLE = "admin";
String APPLICATION_ROLE = INTERNAL_ROLE + "_APPLICATION";
String IDENTITY_REQUESTER_ROLE = INTERNAL_ROLE + "_IDENTITY_REQUESTER";
- String WILDCARD_ROLE = "*";
String ACCOUNT_APPLICATION = "Account";
String ACCOUNT_PROFILE_ROLE = "view-profile";
String ACCOUNT_MANAGE_ROLE = "manage-account";
-
- String ACCOUNT_MANAGEMENT_APPLICATION = "Account Management";
}
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
index 0d4813a..9cf12e0 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
@@ -568,8 +568,6 @@ public class RealmAdapter implements RealmModel {
em.persist(applicationData);
em.flush();
ApplicationModel resource = new ApplicationAdapter(em, applicationData);
- resource.addRole("*");
- resource.addScopeMapping(new UserAdapter(user), "*");
em.flush();
return resource;
}
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
index 391334a..7d4aa72 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
@@ -451,8 +451,6 @@ public class RealmAdapter implements RealmModel {
noSQL.saveObject(appData);
ApplicationModel resource = new ApplicationAdapter(appData, noSQL);
- resource.addRole("*");
- resource.addScopeMapping(resourceUser, "*");
return resource;
}
diff --git a/model/picketlink/src/main/java/org/keycloak/models/picketlink/RealmAdapter.java b/model/picketlink/src/main/java/org/keycloak/models/picketlink/RealmAdapter.java
index 83a6047..9fb4eec 100755
--- a/model/picketlink/src/main/java/org/keycloak/models/picketlink/RealmAdapter.java
+++ b/model/picketlink/src/main/java/org/keycloak/models/picketlink/RealmAdapter.java
@@ -625,8 +625,6 @@ public class RealmAdapter implements RealmModel {
resourceRelationship.setApplication(applicationData.getName());
getRelationshipManager().add(resourceRelationship);
ApplicationModel resource = new ApplicationAdapter(applicationData, this, partitionManager);
- resource.addRole("*");
- resource.addScopeMapping(new UserAdapter(resourceUser, idm), "*");
return resource;
}
diff --git a/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java b/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
index 67a8286..6b97269 100755
--- a/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/ApplicationManager.java
@@ -102,7 +102,6 @@ public class ApplicationManager {
}
}
}
- if (resourceRep.isUseRealmMappings()) realm.addScopeMapping(applicationModel.getApplicationUser(), "*");
return applicationModel;
}
diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
index d042270..6c72da6 100755
--- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@@ -68,7 +68,6 @@ public class RealmManager {
public RealmModel createRealm(String id, String name) {
RealmModel realm = identitySession.createRealm(id, name);
realm.setName(name);
- realm.addRole(Constants.WILDCARD_ROLE);
realm.addRole(Constants.APPLICATION_ROLE);
realm.addRole(Constants.IDENTITY_REQUESTER_ROLE);
return realm;
@@ -245,7 +244,10 @@ public class RealmManager {
}
if (rep.getApplications() != null) {
- createApplications(rep, newRealm);
+ Map<String, ApplicationModel> appMap = createApplications(rep, newRealm);
+ for (ApplicationModel app : appMap.values()) {
+ userMap.put(app.getApplicationUser().getLoginName(), app.getApplicationUser());
+ }
}
if (rep.getRoleMappings() != null) {
@@ -406,12 +408,15 @@ public class RealmManager {
}
- protected void createApplications(RealmRepresentation rep, RealmModel realm) {
+ protected Map<String, ApplicationModel> createApplications(RealmRepresentation rep, RealmModel realm) {
+ Map<String, ApplicationModel> appMap = new HashMap<String, ApplicationModel>();
RoleModel loginRole = realm.getRole(Constants.APPLICATION_ROLE);
ApplicationManager manager = new ApplicationManager(this);
for (ApplicationRepresentation resourceRep : rep.getApplications()) {
- manager.createApplication(realm, loginRole, resourceRep);
+ ApplicationModel app = manager.createApplication(realm, loginRole, resourceRep);
+ appMap.put(app.getName(), app);
}
+ return appMap;
}
public static UserRepresentation toRepresentation(UserModel user) {
diff --git a/services/src/main/java/org/keycloak/services/managers/TokenManager.java b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
index 1fe7768..689139e 100755
--- a/services/src/main/java/org/keycloak/services/managers/TokenManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
@@ -46,6 +46,8 @@ public class TokenManager {
public AccessCodeEntry createAccessCode(String scopeParam, String state, String redirect, RealmModel realm, UserModel client, UserModel user) {
+ boolean applicationResource = realm.hasRole(client, realm.getRole(Constants.APPLICATION_ROLE));
+
AccessCodeEntry code = new AccessCodeEntry();
SkeletonKeyScope scopeMap = null;
if (scopeParam != null) scopeMap = decodeScope(scopeParam);
@@ -56,42 +58,26 @@ public class TokenManager {
if (realmMapping != null && realmMapping.size() > 0 && (scopeMap == null || scopeMap.containsKey("realm"))) {
Set<String> scope = realm.getScopeMappingValues(client);
if (scope.size() > 0) {
- Set<String> scopeRequest = null;
- if (scopeMap != null) {
- if (scopeRequest == null) {
- scopeRequest = new HashSet<String>();
- }
- scopeRequest.addAll(scopeMap.get("realm"));
- if (scopeRequest.contains(Constants.WILDCARD_ROLE)) scopeRequest = null;
- }
+ Set<String> scopeRequest = scopeMap != null ? new HashSet<String>(scopeMap.get("realm")) : null;
for (String role : realmMapping) {
- if (
- (scopeRequest == null || scopeRequest.contains(role)) &&
- (scope.contains("*") || scope.contains(role))
- )
+ if ((scopeRequest == null || scopeRequest.contains(role)) && scope.contains(role))
realmRolesRequested.add(realm.getRole(role));
}
}
}
for (ApplicationModel resource : realm.getApplications()) {
- Set<String> mapping = resource.getRoleMappingValues(user);
- if (mapping != null && mapping.size() > 0 && (scopeMap == null || scopeMap.containsKey(resource.getName()))) {
- Set<String> scope = resource.getScopeMappingValues(client);
- if (scope.size() > 0) {
- Set<String> scopeRequest = null;
- if (scopeMap != null) {
- if (scopeRequest == null) {
- scopeRequest = new HashSet<String>();
+ if (applicationResource && resource.getApplicationUser().getLoginName().equals(client.getLoginName())) {
+ resourceRolesRequested.addAll(resource.getName(), resource.getRoles());
+ } else {
+ Set<String> mapping = resource.getRoleMappingValues(user);
+ if (mapping != null && mapping.size() > 0 && (scopeMap == null || scopeMap.containsKey(resource.getName()))) {
+ Set<String> scope = resource.getScopeMappingValues(client);
+ if (scope.size() > 0) {
+ Set<String> scopeRequest = scopeMap != null ? new HashSet<String>(scopeMap.get(resource.getName())) : null;
+ for (String role : mapping) {
+ if ((scopeRequest == null || scopeRequest.contains(role)) && scope.contains(role))
+ resourceRolesRequested.add(resource.getName(), resource.getRole(role));
}
- scopeRequest.addAll(scopeMap.get(resource.getName()));
- if (scopeRequest.contains(Constants.WILDCARD_ROLE)) scopeRequest = null;
- }
- for (String role : mapping) {
- if (
- (scopeRequest == null || scopeRequest.contains(role)) &&
- (scope.contains("*") || scope.contains(role))
- )
- resourceRolesRequested.add(resource.getName(), resource.getRole(role));
}
}
}
diff --git a/services/src/test/java/org/keycloak/test/AdapterTest.java b/services/src/test/java/org/keycloak/test/AdapterTest.java
index ce44f4c..fff9532 100755
--- a/services/src/test/java/org/keycloak/test/AdapterTest.java
+++ b/services/src/test/java/org/keycloak/test/AdapterTest.java
@@ -350,7 +350,7 @@ public class AdapterTest extends AbstractKeycloakTest {
realmModel.addRole("admin");
realmModel.addRole("user");
List<RoleModel> roles = realmModel.getRoles();
- Assert.assertEquals(6, roles.size());
+ Assert.assertEquals(5, roles.size());
UserModel user = realmModel.addUser("bburke");
RoleModel role = realmModel.getRole("user");
realmModel.grantRole(user, role);
diff --git a/services/src/test/java/org/keycloak/test/ImportTest.java b/services/src/test/java/org/keycloak/test/ImportTest.java
index 9bd13f9..2645f6d 100755
--- a/services/src/test/java/org/keycloak/test/ImportTest.java
+++ b/services/src/test/java/org/keycloak/test/ImportTest.java
@@ -50,8 +50,7 @@ public class ImportTest extends AbstractKeycloakTest {
UserModel user = realm.getUser("loginclient");
Assert.assertNotNull(user);
Set<String> scopes = realm.getScopeMappingValues(user);
- System.out.println("Scopes size: " + scopes.size());
- Assert.assertTrue(scopes.contains("*"));
+ Assert.assertEquals(0, scopes.size());
Assert.assertEquals(0, realm.getSocialLinks(user).size());
List<ApplicationModel> resources = realm.getApplications();
diff --git a/services/src/test/resources/testrealm.json b/services/src/test/resources/testrealm.json
index cfe5215..d21823a 100755
--- a/services/src/test/resources/testrealm.json
+++ b/services/src/test/resources/testrealm.json
@@ -64,12 +64,6 @@
"roles": ["admin"]
}
],
- "scopeMappings": [
- {
- "username": "loginclient",
- "roles": ["*"]
- }
- ],
"socialMappings": [
{
"username": "mySocialUser",
diff --git a/services/src/test/resources/testrealm-demo.json b/services/src/test/resources/testrealm-demo.json
index 75173d7..9e96d21 100755
--- a/services/src/test/resources/testrealm-demo.json
+++ b/services/src/test/resources/testrealm-demo.json
@@ -62,7 +62,6 @@
"name": "customer-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/customer-portal/j_admin_request",
- "useRealmMappings": true,
"credentials": [
{
"type": "totp",
@@ -75,7 +74,6 @@
"name": "product-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/product-portal/j_admin_request",
- "useRealmMappings": true,
"credentials": [
{
"type": "totp",
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java
index b504852..0b25e48 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java
@@ -73,6 +73,9 @@ public class AccessTokenTest {
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
Assert.assertTrue(token.getRealmAccess().isUserInRole("user"));
+
+ Assert.assertEquals(1, token.getResourceAccess(oauth.getClientId()).getRoles().size());
+ Assert.assertTrue(token.getResourceAccess(oauth.getClientId()).isUserInRole("customer-user"));
}
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java
index c69208f..5b1118f 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java
@@ -145,6 +145,10 @@ public class OAuthClient {
}
}
+ public String getClientId() {
+ return clientId;
+ }
+
public String getCurrentRequest() {
return driver.getCurrentUrl().substring(0, driver.getCurrentUrl().indexOf('?'));
}
diff --git a/testsuite/integration/src/test/resources/testrealm.json b/testsuite/integration/src/test/resources/testrealm.json
index 6ed4949..112b8ce 100755
--- a/testsuite/integration/src/test/resources/testrealm.json
+++ b/testsuite/integration/src/test/resources/testrealm.json
@@ -62,6 +62,10 @@
{
"username": "third-party",
"roles": ["user"]
+ },
+ {
+ "username": "test-app",
+ "roles": ["user"]
}
],
"applications": [
@@ -69,7 +73,6 @@
"name": "test-app",
"enabled": true,
"adminUrl": "http://localhost:8081/app/logout",
- "useRealmMappings": true,
"credentials": [
{
"type": "password",