keycloak-uncached
Changes
core/src/main/java/org/keycloak/representations/idm/authorization/ResourceRepresentation.java 11(+1 -10)
server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultPolicyEvaluator.java 5(+0 -5)
testsuite/integration-arquillian/test-apps/servlet-authz/servlet-authz-app-authz-service.json 2(+0 -2)
testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/servlet-policy-enforcer-authz-realm.json 39(+13 -26)
Details
diff --git a/core/src/main/java/org/keycloak/representations/idm/authorization/ResourceRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/authorization/ResourceRepresentation.java
index ae876f0..ce823c9 100644
--- a/core/src/main/java/org/keycloak/representations/idm/authorization/ResourceRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/authorization/ResourceRepresentation.java
@@ -51,9 +51,8 @@ public class ResourceRepresentation {
@JsonInclude(JsonInclude.Include.NON_EMPTY)
private List<PolicyRepresentation> policies;
- private List<ScopeRepresentation> typedScopes;
- private String displayName;
+ private String displayName;
/**
* Creates a new instance.
*
@@ -187,14 +186,6 @@ public class ResourceRepresentation {
this.ownerManagedAccess = ownerManagedAccess;
}
- public void setTypedScopes(List<ScopeRepresentation> typedScopes) {
- this.typedScopes = typedScopes;
- }
-
- public List<ScopeRepresentation> getTypedScopes() {
- return typedScopes;
- }
-
public void addScope(String... scopeNames) {
if (scopes == null) {
scopes = new HashSet<>();
diff --git a/examples/authz/servlet-authz/servlet-authz-app-config.json b/examples/authz/servlet-authz/servlet-authz-app-config.json
index 43ebde4..5b64811 100644
--- a/examples/authz/servlet-authz/servlet-authz-app-config.json
+++ b/examples/authz/servlet-authz/servlet-authz-app-config.json
@@ -25,7 +25,6 @@
{
"name": "Premium Resource",
"uri": "/protected/premium/*",
- "type": "urn:servlet-authz:protected:resource",
"scopes": [
{
"name": "urn:servlet-authz:protected:premium:access"
@@ -34,7 +33,6 @@
},
{
"name": "Main Page",
- "type": "urn:servlet-authz:protected:resource",
"scopes": [
{
"name": "urn:servlet-authz:page:main:actionForAdmin"
diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultPolicyEvaluator.java b/server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultPolicyEvaluator.java
index 9b708c5..0cf15b4 100644
--- a/server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultPolicyEvaluator.java
+++ b/server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultPolicyEvaluator.java
@@ -86,11 +86,6 @@ public class DefaultPolicyEvaluator implements PolicyEvaluator {
return policies;
}, consumer);
}
-
- if (scopes.isEmpty() && !resource.getScopes().isEmpty()) {
- scopes.removeAll(resource.getScopes());
- evaluatePolicies(() -> policyStore.findByScopeIds(resource.getScopes().stream().map(Scope::getId).collect(Collectors.toList()), resourceServer.getId()), consumer);
- }
}
if (!scopes.isEmpty()) {
diff --git a/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java b/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
index 56c95e5..22b4a3e 100755
--- a/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
+++ b/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
@@ -841,24 +841,6 @@ public class ModelToRepresentation {
}
return scope;
}).collect(Collectors.toSet()));
-
- if (resource.getType() != null) {
- ResourceStore resourceStore = authorization.getStoreFactory().getResourceStore();
- for (Resource typed : resourceStore.findByType(resource.getType(), resourceServer.getId())) {
- if (typed.getOwner().equals(resourceServer.getId()) && !typed.getId().equals(resource.getId())) {
- resource.setTypedScopes(typed.getScopes().stream().map(model1 -> {
- ScopeRepresentation scope = new ScopeRepresentation();
- scope.setId(model1.getId());
- scope.setName(model1.getName());
- String iconUri = model1.getIconUri();
- if (iconUri != null) {
- scope.setIconUri(iconUri);
- }
- return scope;
- }).filter(scopeRepresentation -> !resource.getScopes().contains(scopeRepresentation)).collect(Collectors.toList()));
- }
- }
- }
}
return resource;
diff --git a/testsuite/integration-arquillian/test-apps/servlet-authz/servlet-authz-app-authz-service.json b/testsuite/integration-arquillian/test-apps/servlet-authz/servlet-authz-app-authz-service.json
index 0a31003..b074ebc 100644
--- a/testsuite/integration-arquillian/test-apps/servlet-authz/servlet-authz-app-authz-service.json
+++ b/testsuite/integration-arquillian/test-apps/servlet-authz/servlet-authz-app-authz-service.json
@@ -25,7 +25,6 @@
{
"name": "Premium Resource",
"uri": "/protected/premium/*",
- "type": "urn:servlet-authz:protected:resource",
"scopes": [
{
"name": "urn:servlet-authz:protected:premium:access"
@@ -34,7 +33,6 @@
},
{
"name": "Main Page",
- "type": "urn:servlet-authz:protected:resource",
"scopes": [
{
"name": "urn:servlet-authz:page:main:actionForAdmin"
diff --git a/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/servlet-policy-enforcer-authz-realm.json b/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/servlet-policy-enforcer-authz-realm.json
index a5299bf..073dd80 100644
--- a/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/servlet-policy-enforcer-authz-realm.json
+++ b/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/servlet-policy-enforcer-authz-realm.json
@@ -62,64 +62,51 @@
"resources": [
{
"name": "Welcome Resource",
- "uri": "",
- "typedScopes": []
+ "uri": ""
},
{
"name": "Pattern 1",
- "uri": "",
- "typedScopes": []
+ "uri": ""
},
{
"name": "Pattern 2",
- "uri": "/resource/resource-a",
- "typedScopes": []
+ "uri": "/resource/resource-a"
},
{
"name": "Pattern 3",
- "uri": "/resource/resource-b/test",
- "typedScopes": []
+ "uri": "/resource/resource-b/test"
},
{
"name": "Pattern 4",
- "uri": "/resource-c",
- "typedScopes": []
+ "uri": "/resource-c"
},
{
"name": "Pattern 5",
- "uri": "/resource/d/resource-d",
- "typedScopes": []
+ "uri": "/resource/d/resource-d"
},
{
"name": "Pattern 6",
- "uri": "",
- "typedScopes": []
+ "uri": ""
},
{
"name": "Pattern 7",
- "uri": "",
- "typedScopes": []
+ "uri": ""
},
{
- "name": "Pattern 8",
- "typedScopes": []
+ "name": "Pattern 8"
},
{
- "name": "Pattern 9",
- "typedScopes": []
+ "name": "Pattern 9"
},
{
- "name": "Pattern 10",
- "typedScopes": []
+ "name": "Pattern 10"
},
{
- "name": "Pattern 11",
- "typedScopes": []
+ "name": "Pattern 11"
},
{
"name": "Pattern 12",
- "uri": "/realm_uri",
- "typedScopes": []
+ "uri": "/realm_uri"
}
],
"policies": [
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/acme-resource-server-cleanup-test.json b/testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/acme-resource-server-cleanup-test.json
index 3c1f55f..902e861 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/acme-resource-server-cleanup-test.json
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/acme-resource-server-cleanup-test.json
@@ -13,8 +13,7 @@
{
"name": "urn:acme.com:scopes:admin:view"
}
- ],
- "typedScopes": []
+ ]
},
{
"name": "Role resource",
@@ -24,8 +23,7 @@
{
"name": "urn:acme.com:scopes:role:view"
}
- ],
- "typedScopes": []
+ ]
},
{
"name": "User profile resource",
@@ -38,8 +36,7 @@
{
"name": "urn:acme.com:scopes:userprofile:view"
}
- ],
- "typedScopes": []
+ ]
},
{
"name": "Account resource",
@@ -49,8 +46,7 @@
{
"name": "urn:acme.com:scopes:account:manage"
}
- ],
- "typedScopes": []
+ ]
}
],
"policies": [
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-2.2.1.Final.json b/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-2.2.1.Final.json
index 910905f..eddd6b9 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-2.2.1.Final.json
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-2.2.1.Final.json
@@ -134,8 +134,7 @@
{
"name": "urn:photoz.com:scopes:profile:view"
}
- ],
- "typedScopes": []
+ ]
},
{
"name": "Album Resource",
@@ -151,8 +150,7 @@
{
"name": "urn:photoz.com:scopes:album:delete"
}
- ],
- "typedScopes": []
+ ]
},
{
"name": "Admin Resources",
@@ -162,8 +160,7 @@
{
"name": "urn:photoz.com:scopes:album:admin:manage"
}
- ],
- "typedScopes": []
+ ]
}
],
"policies": [