Details
diff --git a/server-spi/src/main/java/org/keycloak/models/UserFederationManager.java b/server-spi/src/main/java/org/keycloak/models/UserFederationManager.java
index 3169ea4..c58278b 100755
--- a/server-spi/src/main/java/org/keycloak/models/UserFederationManager.java
+++ b/server-spi/src/main/java/org/keycloak/models/UserFederationManager.java
@@ -1,6 +1,7 @@
package org.keycloak.models;
import org.jboss.logging.Logger;
+import org.keycloak.models.utils.KeycloakModelUtils;
import java.util.ArrayList;
import java.util.Arrays;
@@ -104,19 +105,19 @@ public class UserFederationManager implements UserProvider {
}
- protected void deleteInvalidUser(RealmModel realm, UserModel user) {
- KeycloakSession tx = session.getKeycloakSessionFactory().create();
- try {
- tx.getTransaction().begin();
- RealmModel realmModel = tx.realms().getRealm(realm.getId());
- if (realmModel == null) return;
- UserModel deletedUser = tx.userStorage().getUserById(user.getId(), realmModel);
- tx.userStorage().removeUser(realmModel, deletedUser);
- logger.debugf("Removed invalid user '%s'", user.getUsername());
- tx.getTransaction().commit();
- } finally {
- tx.close();
- }
+ protected void deleteInvalidUser(final RealmModel realm, final UserModel user) {
+ KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), new KeycloakSessionTask() {
+
+ @Override
+ public void run(KeycloakSession session) {
+ RealmModel realmModel = session.realms().getRealm(realm.getId());
+ if (realmModel == null) return;
+ UserModel deletedUser = session.userStorage().getUserById(user.getId(), realmModel);
+ session.userStorage().removeUser(realmModel, deletedUser);
+ logger.debugf("Removed invalid user '%s'", user.getUsername());
+ }
+
+ });
}
diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
index a72079c..b432ee8 100755
--- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@@ -472,7 +472,7 @@ public class RealmManager implements RealmImporter {
private boolean hasClient(RealmRepresentation rep, String clientId) {
if (rep.getClients() != null) {
for (ClientRepresentation clientRep : rep.getClients()) {
- if (clientRep.getClientId().equals(clientId)) {
+ if (clientRep.getClientId() != null && clientRep.getClientId().equals(clientId)) {
return true;
}
}
diff --git a/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java b/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
index 38cc097..f59263c 100644
--- a/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
+++ b/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
@@ -258,28 +258,33 @@ public class KeycloakApplication extends Application {
public void importRealm(RealmRepresentation rep, String from) {
KeycloakSession session = sessionFactory.create();
+ boolean exists = false;
try {
session.getTransaction().begin();
- RealmManager manager = new RealmManager(session);
- manager.setContextPath(getContextPath());
- if (rep.getId() != null && manager.getRealm(rep.getId()) != null) {
- logger.realmExists(rep.getRealm(), from);
- return;
- }
+ try {
+ RealmManager manager = new RealmManager(session);
+ manager.setContextPath(getContextPath());
- if (manager.getRealmByName(rep.getRealm()) != null) {
- logger.realmExists(rep.getRealm(), from);
- return;
- }
+ if (rep.getId() != null && manager.getRealm(rep.getId()) != null) {
+ logger.realmExists(rep.getRealm(), from);
+ exists = true;
+ }
- try {
- RealmModel realm = manager.importRealm(rep);
+ if (manager.getRealmByName(rep.getRealm()) != null) {
+ logger.realmExists(rep.getRealm(), from);
+ exists = true;
+ }
+ if (!exists) {
+ RealmModel realm = manager.importRealm(rep);
+ logger.importedRealm(realm.getName(), from);
+ }
session.getTransaction().commit();
- logger.importedRealm(realm.getName(), from);
} catch (Throwable t) {
session.getTransaction().rollback();
- logger.unableToImportRealm(t, rep.getRealm(), from);
+ if (!exists) {
+ logger.unableToImportRealm(t, rep.getRealm(), from);
+ }
}
} finally {
session.close();
@@ -321,6 +326,7 @@ public class KeycloakApplication extends Application {
session.getTransaction().commit();
logger.addUserSuccess(userRep.getUsername(), realmRep.getRealm());
} catch (ModelDuplicateException e) {
+ session.getTransaction().rollback();
logger.addUserFailedUserExists(userRep.getUsername(), realmRep.getRealm());
} catch (Throwable t) {
session.getTransaction().rollback();
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/CompositeRolesModelTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/CompositeRolesModelTest.java
index 1d1100f..02cac37 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/CompositeRolesModelTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/CompositeRolesModelTest.java
@@ -2,7 +2,9 @@ package org.keycloak.testsuite.model;
import org.junit.Assert;
import org.junit.Before;
+import org.junit.Rule;
import org.junit.Test;
+import org.junit.rules.ExpectedException;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
@@ -10,6 +12,7 @@ import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
+import java.io.IOException;
import java.util.HashSet;
import java.util.Set;
@@ -18,6 +21,9 @@ import java.util.Set;
*/
public class CompositeRolesModelTest extends AbstractModelTest {
+ @Rule
+ public ExpectedException expectedException = ExpectedException.none();
+
@Before
@Override
public void before() throws Exception {
@@ -25,7 +31,19 @@ public class CompositeRolesModelTest extends AbstractModelTest {
RealmManager manager = realmManager;
RealmRepresentation rep = AbstractModelTest.loadJson("model/testcomposites.json");
rep.setId("TestComposites");
- RealmModel realm = manager.importRealm(rep);
+ manager.importRealm(rep);
+ }
+
+ @Test
+ public void testNoClientID() throws IOException {
+
+ RealmManager manager = realmManager;
+ RealmRepresentation rep = AbstractModelTest.loadJson("model/testrealm-noclient-id.json");
+ rep.setId("TestNoClientID");
+ expectedException.expect(RuntimeException.class);
+ expectedException.expectMessage("Unknown client specified in client scope mappings");
+ manager.importRealm(rep);
+
}
@Test
diff --git a/testsuite/integration/src/test/resources/model/testrealm-noclient-id.json b/testsuite/integration/src/test/resources/model/testrealm-noclient-id.json
new file mode 100755
index 0000000..4751c7f
--- /dev/null
+++ b/testsuite/integration/src/test/resources/model/testrealm-noclient-id.json
@@ -0,0 +1,57 @@
+
+{
+ "realm": "demo-no-client-id",
+ "enabled": true,
+ "accessTokenLifespan": 300,
+ "accessCodeLifespan": 10,
+ "accessCodeLifespanUserAction": 600,
+ "sslRequired": "external",
+ "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
+ "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "requiredCredentials": [ "password" ],
+ "users" : [
+ {
+ "username" : "bburke@redhat.com",
+ "enabled": true,
+ "email" : "bburke@redhat.com",
+ "credentials" : [
+ { "type" : "Password",
+ "value" : "password" }
+ ],
+ "realmRoles": [ "user" ]
+ }
+ ],
+ "roles" : {
+ "realm" : [
+ {
+ "name": "user",
+ "description": "Have User privileges"
+ },
+ {
+ "name": "admin",
+ "description": "Have Administrator privileges"
+ }
+ ]
+ },
+ "scopeMappings": [
+ {
+ "client": "third-party",
+ "roles": ["user"]
+ }
+ ],
+ "clients": [
+ {
+ "name": "third-party",
+ "enabled": true,
+ "bearerOnly": true
+ }
+ ],
+ "clientScopeMappings": {
+ "realm-management": [
+ {
+ "client": "some-client",
+ "roles": ["create-client"]
+ }
+ ]
+ }
+}
\ No newline at end of file
