Details
diff --git a/server-spi-private/src/main/java/org/keycloak/migration/MigrationModelManager.java b/server-spi-private/src/main/java/org/keycloak/migration/MigrationModelManager.java
index db980c4..dc13fa6 100755
--- a/server-spi-private/src/main/java/org/keycloak/migration/MigrationModelManager.java
+++ b/server-spi-private/src/main/java/org/keycloak/migration/MigrationModelManager.java
@@ -37,6 +37,7 @@ import org.keycloak.migration.migrators.MigrateTo3_1_0;
import org.keycloak.migration.migrators.MigrateTo3_2_0;
import org.keycloak.migration.migrators.MigrateTo3_4_0;
import org.keycloak.migration.migrators.MigrateTo3_4_1;
+import org.keycloak.migration.migrators.MigrateTo3_4_2;
import org.keycloak.migration.migrators.Migration;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
@@ -68,7 +69,8 @@ public class MigrationModelManager {
new MigrateTo3_1_0(),
new MigrateTo3_2_0(),
new MigrateTo3_4_0(),
- new MigrateTo3_4_1()
+ new MigrateTo3_4_1(),
+ new MigrateTo3_4_2()
};
public static void migrate(KeycloakSession session) {
diff --git a/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo3_4_2.java b/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo3_4_2.java
new file mode 100644
index 0000000..c395cbe
--- /dev/null
+++ b/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo3_4_2.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.migration.migrators;
+
+
+import org.keycloak.migration.ModelVersion;
+import org.keycloak.models.ClientModel;
+import org.keycloak.models.Constants;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.RoleModel;
+import org.keycloak.representations.idm.RealmRepresentation;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:bruno@abstractj.org">Bruno Oliveira</a>
+ */
+public class MigrateTo3_4_2 implements Migration {
+
+ public static final ModelVersion VERSION = new ModelVersion("3.4.2");
+
+ @Override
+ public void migrate(KeycloakSession session) {
+ session.realms().getRealms().stream().forEach(
+ r -> {
+ migrateRealm(r);
+ }
+ );
+ }
+
+ @Override
+ public void migrateImport(KeycloakSession session, RealmModel realm, RealmRepresentation rep, boolean skipUserDependent) {
+ migrateRealm(realm);
+ }
+
+ protected void migrateRealm(RealmModel realm) {
+ // this is a fix for migration that should have been done in 3_2_0
+ ClientModel cli = realm.getClientByClientId(Constants.ADMIN_CLI_CLIENT_ID);
+ clearScope(cli);
+ ClientModel console = realm.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID);
+ clearScope(console);
+
+ }
+
+ private void clearScope(ClientModel cli) {
+ if (cli.isFullScopeAllowed()) cli.setFullScopeAllowed(false);
+ Set<RoleModel> scope = cli.getScopeMappings();
+ if (scope.size() > 0) {
+ for (RoleModel role : scope) cli.deleteScopeMapping(role);
+ }
+ }
+
+ @Override
+ public ModelVersion getVersion() {
+ return VERSION;
+ }
+
+}
diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
index e3643bb..325c048 100755
--- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@@ -151,15 +151,6 @@ public class RealmManager {
adminConsole.addRedirectUri(baseUrl + "/*");
adminConsole.setFullScopeAllowed(false);
adminConsole.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
-
- RoleModel adminRole;
- if (realm.getName().equals(Config.getAdminRealm())) {
- adminRole = realm.getRole(AdminRoles.ADMIN);
- } else {
- String realmAdminApplicationClientId = getRealmAdminClientId(realm);
- ClientModel realmAdminApp = realm.getClientByClientId(realmAdminApplicationClientId);
- adminRole = realmAdminApp.getRole(AdminRoles.REALM_ADMIN);
- }
}
protected void setupAdminConsoleLocaleMapper(RealmModel realm) {
@@ -185,15 +176,6 @@ public class RealmManager {
adminCli.setStandardFlowEnabled(false);
adminCli.setDirectAccessGrantsEnabled(true);
adminCli.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
-
- RoleModel adminRole;
- if (realm.getName().equals(Config.getAdminRealm())) {
- adminRole = realm.getRole(AdminRoles.ADMIN);
- } else {
- String realmAdminApplicationClientId = getRealmAdminClientId(realm);
- ClientModel realmAdminApp = realm.getClientByClientId(realmAdminApplicationClientId);
- adminRole = realmAdminApp.getRole(AdminRoles.REALM_ADMIN);
- }
}
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/AbstractMigrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/AbstractMigrationTest.java
index b8282f8..07a08ab 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/AbstractMigrationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/AbstractMigrationTest.java
@@ -34,6 +34,7 @@ import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ClientTemplateRepresentation;
import org.keycloak.representations.idm.ComponentRepresentation;
+import org.keycloak.representations.idm.MappingsRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RequiredActionProviderRepresentation;
@@ -180,6 +181,23 @@ public abstract class AbstractMigrationTest extends AbstractKeycloakTest {
}
}
+ protected void testMigrationTo3_4_2() {
+ testCliConsoleScopeSize(this.masterRealm);
+ testCliConsoleScopeSize(this.migrationRealm);
+ }
+
+ private void testCliConsoleScopeSize(RealmResource realm) {
+ ClientRepresentation cli = realm.clients().findByClientId(Constants.ADMIN_CLI_CLIENT_ID).get(0);
+ ClientRepresentation console = realm.clients().findByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID).get(0);
+ MappingsRepresentation scopeMappings = realm.clients().get(console.getId()).getScopeMappings().getAll();
+ Assert.assertNull(scopeMappings.getClientMappings());
+ Assert.assertNull(scopeMappings.getRealmMappings());
+
+ scopeMappings = realm.clients().get(cli.getId()).getScopeMappings().getAll();
+ Assert.assertNull(scopeMappings.getClientMappings());
+ Assert.assertNull(scopeMappings.getRealmMappings());
+ }
+
protected void testDockerAuthenticationFlow(RealmResource... realms) {
for (RealmResource realm : realms) {
AuthenticationFlowRepresentation flow = null;
@@ -420,6 +438,7 @@ public abstract class AbstractMigrationTest extends AbstractKeycloakTest {
testMigrationTo3_2_0();
testMigrationTo3_4_0();
testMigrationTo3_4_1();
+ testMigrationTo3_4_2();
}
