keycloak-aplcache
Merge pull request #4451 from glavoie/KEYCLOAK-4858-ResourceServer KEYCLOAK-4858: …
9/12/2017 3:54:16 PM
Changes
authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java 2(+1 -1)
authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProviderFactory.java 2(+1 -1)
authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/user/UserPolicyProviderFactory.java 2(+1 -1)
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/entities/CachedResourceServer.java 9(+0 -9)
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceServerRemovedEvent.java 2(+1 -1)
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceServerUpdatedEvent.java 8(+3 -5)
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/ResourceServerAdapter.java 8(+1 -7)
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheManager.java 8(+4 -4)
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheSession.java 39(+6 -33)
model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/ResourceServerEntity.java 27(+1 -26)
server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultPolicyEvaluator.java 2(+1 -1)
server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java 2(+1 -1)
server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/RealmSynchronizer.java 2(+1 -1)
server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/UserSynchronizer.java 4(+1 -3)
services/src/main/java/org/keycloak/authorization/protection/permission/AbstractPermissionService.java 2(+1 -1)
services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissions.java 2(+1 -1)
services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java 3(+1 -2)
services/src/main/java/org/keycloak/services/resources/admin/permissions/IdentityProviderPermissions.java 3(+1 -2)
services/src/main/java/org/keycloak/services/resources/admin/permissions/MgmtPermissions.java 5(+2 -3)
services/src/main/java/org/keycloak/services/resources/admin/permissions/RolePermissions.java 3(+1 -2)
services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AuthzCleanupTest.java 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java 2(+1 -1)
Details
diff --git a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java
index 6d7ed54..1360297 100644
--- a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java
+++ b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java
@@ -108,7 +108,7 @@ public class ClientPolicyProviderFactory implements PolicyProviderFactory<Client
PolicyStore policyStore = storeFactory.getPolicyStore();
ClientModel removedClient = ((ClientRemovedEvent) event).getClient();
ResourceServerStore resourceServerStore = storeFactory.getResourceServerStore();
- ResourceServer resourceServer = resourceServerStore.findByClient(removedClient.getId());
+ ResourceServer resourceServer = resourceServerStore.findById(removedClient.getId());
if (resourceServer != null) {
policyStore.findByType(getId(), resourceServer.getId()).forEach(policy -> {
diff --git a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProviderFactory.java b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProviderFactory.java
index 933a859..4769ee3 100644
--- a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProviderFactory.java
+++ b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProviderFactory.java
@@ -222,7 +222,7 @@ public class RolePolicyProviderFactory implements PolicyProviderFactory<RolePoli
}
private void updateResourceServer(ClientModel clientModel, RoleModel removedRole, ResourceServerStore resourceServerStore, PolicyStore policyStore) {
- ResourceServer resourceServer = resourceServerStore.findByClient(clientModel.getId());
+ ResourceServer resourceServer = resourceServerStore.findById(clientModel.getId());
if (resourceServer != null) {
policyStore.findByType(getId(), resourceServer.getId()).forEach(policy -> {
diff --git a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/user/UserPolicyProviderFactory.java b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/user/UserPolicyProviderFactory.java
index 5a90f93..28d4d0b 100644
--- a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/user/UserPolicyProviderFactory.java
+++ b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/user/UserPolicyProviderFactory.java
@@ -181,7 +181,7 @@ public class UserPolicyProviderFactory implements PolicyProviderFactory<UserPoli
RealmModel realm = ((UserRemovedEvent) event).getRealm();
ResourceServerStore resourceServerStore = storeFactory.getResourceServerStore();
realm.getClients().forEach(clientModel -> {
- ResourceServer resourceServer = resourceServerStore.findByClient(clientModel.getId());
+ ResourceServer resourceServer = resourceServerStore.findById(clientModel.getId());
if (resourceServer != null) {
policyStore.findByType(getId(), resourceServer.getId()).forEach(policy -> {
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/entities/CachedResourceServer.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/entities/CachedResourceServer.java
index 7dfb5fb..a904bd1 100644
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/entities/CachedResourceServer.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/entities/CachedResourceServer.java
@@ -22,29 +22,20 @@ import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.models.cache.infinispan.entities.AbstractRevisioned;
import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
-import java.io.Serializable;
-
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
public class CachedResourceServer extends AbstractRevisioned {
- private String clientId;
private boolean allowRemoteResourceManagement;
private PolicyEnforcementMode policyEnforcementMode;
public CachedResourceServer(Long revision, ResourceServer resourceServer) {
super(revision, resourceServer.getId());
- this.clientId = resourceServer.getClientId();
this.allowRemoteResourceManagement = resourceServer.isAllowRemoteResourceManagement();
this.policyEnforcementMode = resourceServer.getPolicyEnforcementMode();
}
-
- public String getClientId() {
- return this.clientId;
- }
-
public boolean isAllowRemoteResourceManagement() {
return this.allowRemoteResourceManagement;
}
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceServerRemovedEvent.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceServerRemovedEvent.java
index fbe5a7a..74b8d0c 100644
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceServerRemovedEvent.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceServerRemovedEvent.java
@@ -49,6 +49,6 @@ public class ResourceServerRemovedEvent extends InvalidationEvent implements Aut
@Override
public void addInvalidations(StoreFactoryCacheManager cache, Set<String> invalidations) {
- cache.resourceServerRemoval(id, clientId, invalidations);
+ cache.resourceServerRemoval(id, invalidations);
}
}
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceServerUpdatedEvent.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceServerUpdatedEvent.java
index 2034c9b..1862345 100644
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceServerUpdatedEvent.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceServerUpdatedEvent.java
@@ -28,12 +28,10 @@ import java.util.Set;
public class ResourceServerUpdatedEvent extends InvalidationEvent implements AuthorizationCacheInvalidationEvent {
private String id;
- private String clientId;
- public static ResourceServerUpdatedEvent create(String id, String clientId) {
+ public static ResourceServerUpdatedEvent create(String id) {
ResourceServerUpdatedEvent event = new ResourceServerUpdatedEvent();
event.id = id;
- event.clientId = clientId;
return event;
}
@@ -44,11 +42,11 @@ public class ResourceServerUpdatedEvent extends InvalidationEvent implements Aut
@Override
public String toString() {
- return String.format("ResourceServerRemovedEvent [ id=%s, clientId=%s ]", id, clientId);
+ return String.format("ResourceServerRemovedEvent [ id=%s, clientId=%s ]", id, id);
}
@Override
public void addInvalidations(StoreFactoryCacheManager cache, Set<String> invalidations) {
- cache.resourceServerUpdated(id, clientId, invalidations);
+ cache.resourceServerUpdated(id, invalidations);
}
}
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/ResourceServerAdapter.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/ResourceServerAdapter.java
index bb3ec6c..7d72c98 100644
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/ResourceServerAdapter.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/ResourceServerAdapter.java
@@ -38,7 +38,7 @@ public class ResourceServerAdapter implements ResourceServer, CachedModel<Resour
@Override
public ResourceServer getDelegateForUpdate() {
if (updated == null) {
- cacheSession.registerResourceServerInvalidation(cached.getId(), cached.getClientId());
+ cacheSession.registerResourceServerInvalidation(cached.getId());
updated = cacheSession.getResourceServerStoreDelegate().findById(cached.getId());
if (updated == null) throw new IllegalStateException("Not found in database");
}
@@ -79,12 +79,6 @@ public class ResourceServerAdapter implements ResourceServer, CachedModel<Resour
}
@Override
- public String getClientId() {
- if (isUpdated()) return updated.getClientId();
- return cached.getClientId();
- }
-
- @Override
public boolean isAllowRemoteResourceManagement() {
if (isUpdated()) return updated.isAllowRemoteResourceManagement();
return cached.isAllowRemoteResourceManagement();
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheManager.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheManager.java
index e9853d6..3f189a5 100644
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheManager.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheManager.java
@@ -53,13 +53,13 @@ public class StoreFactoryCacheManager extends CacheManager {
}
}
- public void resourceServerUpdated(String id, String clientId, Set<String> invalidations) {
+ public void resourceServerUpdated(String id, Set<String> invalidations) {
invalidations.add(id);
- invalidations.add(StoreFactoryCacheSession.getResourceServerByClientCacheKey(clientId));
+ invalidations.add(StoreFactoryCacheSession.getResourceServerByClientCacheKey(id));
}
- public void resourceServerRemoval(String id, String name, Set<String> invalidations) {
- resourceServerUpdated(id, name, invalidations);
+ public void resourceServerRemoval(String id, Set<String> invalidations) {
+ resourceServerUpdated(id, invalidations);
addInvalidations(InResourceServerPredicate.create().resourceServer(id), invalidations);
}
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheSession.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheSession.java
index 2efdd91..c70a43a 100644
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheSession.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheSession.java
@@ -229,12 +229,12 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
return invalidations.contains(id);
}
- public void registerResourceServerInvalidation(String id, String clientId) {
- cache.resourceServerUpdated(id, clientId, invalidations);
+ public void registerResourceServerInvalidation(String id) {
+ cache.resourceServerUpdated(id, invalidations);
ResourceServerAdapter adapter = managedResourceServers.get(id);
if (adapter != null) adapter.invalidateFlag();
- invalidationEvents.add(ResourceServerUpdatedEvent.create(id, clientId));
+ invalidationEvents.add(ResourceServerUpdatedEvent.create(id));
}
public void registerScopeInvalidation(String id, String name, String serverId) {
@@ -350,7 +350,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
@Override
public ResourceServer create(String clientId) {
ResourceServer server = getResourceServerStoreDelegate().create(clientId);
- registerResourceServerInvalidation(server.getId(), server.getClientId());
+ registerResourceServerInvalidation(server.getId());
return server;
}
@@ -361,8 +361,8 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
if (server == null) return;
cache.invalidateObject(id);
- invalidationEvents.add(ResourceServerRemovedEvent.create(id, server.getClientId()));
- cache.resourceServerRemoval(id, server.getClientId(), invalidations);
+ invalidationEvents.add(ResourceServerRemovedEvent.create(id, server.getId()));
+ cache.resourceServerRemoval(id, invalidations);
getResourceServerStoreDelegate().delete(id);
}
@@ -392,33 +392,6 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
managedResourceServers.put(id, adapter);
return adapter;
}
-
-
- @Override
- public ResourceServer findByClient(String clientId) {
- String cacheKey = getResourceServerByClientCacheKey(clientId);
- ResourceServerListQuery query = cache.get(cacheKey, ResourceServerListQuery.class);
- if (query != null) {
- logger.tracev("ResourceServer by clientId cache hit: {0}", clientId);
- }
- if (query == null) {
- Long loaded = cache.getCurrentRevision(cacheKey);
- ResourceServer model = getResourceServerStoreDelegate().findByClient(clientId);
- if (model == null) return null;
- if (invalidations.contains(model.getId())) return model;
- query = new ResourceServerListQuery(loaded, cacheKey, model.getId());
- cache.addRevisioned(query, startupRevision);
- return model;
- } else if (invalidations.contains(cacheKey)) {
- return getResourceServerStoreDelegate().findByClient(clientId);
- } else {
- String serverId = query.getResourceServers().iterator().next();
- if (invalidations.contains(serverId)) {
- return getResourceServerStoreDelegate().findByClient(clientId);
- }
- return findById(serverId);
- }
- }
}
protected class ScopeCache implements ScopeStore {
diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/ResourceServerEntity.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/ResourceServerEntity.java
index fabdd9c..46f236d 100644
--- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/ResourceServerEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/ResourceServerEntity.java
@@ -18,41 +18,24 @@
package org.keycloak.authorization.jpa.entities;
-import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
-import javax.persistence.Access;
-import javax.persistence.AccessType;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.Id;
-import javax.persistence.NamedQueries;
-import javax.persistence.NamedQuery;
-import javax.persistence.OneToMany;
import javax.persistence.Table;
-import javax.persistence.UniqueConstraint;
-import java.util.List;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
@Entity
-@Table(name = "RESOURCE_SERVER", uniqueConstraints = {@UniqueConstraint(columnNames = "CLIENT_ID")})
-@NamedQueries(
- {
- @NamedQuery(name="findResourceServerIdByClient", query="select r.id from ResourceServerEntity r where r.clientId = :clientId"),
- }
-)
+@Table(name = "RESOURCE_SERVER")
public class ResourceServerEntity {
@Id
@Column(name="ID", length = 36)
- @Access(AccessType.PROPERTY) // we do this because relationships often fetch id, but not entity. This avoids an extra SQL
private String id;
- @Column(name = "CLIENT_ID")
- private String clientId;
-
@Column(name = "ALLOW_RS_REMOTE_MGMT")
private boolean allowRemoteResourceManagement;
@@ -67,14 +50,6 @@ public class ResourceServerEntity {
this.id = id;
}
- public String getClientId() {
- return this.clientId;
- }
-
- public void setClientId(String clientId) {
- this.clientId = clientId;
- }
-
public boolean isAllowRemoteResourceManagement() {
return this.allowRemoteResourceManagement;
}
diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAResourceServerStore.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAResourceServerStore.java
index 8eb1037..207d4ab 100644
--- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAResourceServerStore.java
+++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAResourceServerStore.java
@@ -22,16 +22,11 @@ import org.keycloak.authorization.jpa.entities.PolicyEntity;
import org.keycloak.authorization.jpa.entities.ResourceEntity;
import org.keycloak.authorization.jpa.entities.ResourceServerEntity;
import org.keycloak.authorization.jpa.entities.ScopeEntity;
-import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
-import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.store.ResourceServerStore;
-import org.keycloak.models.utils.KeycloakModelUtils;
import javax.persistence.EntityManager;
-import javax.persistence.NoResultException;
-import javax.persistence.Query;
import javax.persistence.TypedQuery;
import java.util.LinkedList;
import java.util.List;
@@ -53,8 +48,7 @@ public class JPAResourceServerStore implements ResourceServerStore {
public ResourceServer create(String clientId) {
ResourceServerEntity entity = new ResourceServerEntity();
- entity.setId(KeycloakModelUtils.generateId());
- entity.setClientId(clientId);
+ entity.setId(clientId);
this.entityManager.persist(entity);
@@ -116,17 +110,4 @@ public class JPAResourceServerStore implements ResourceServerStore {
if (entity == null) return null;
return new ResourceServerAdapter(entity, entityManager, provider.getStoreFactory());
}
-
- @Override
- public ResourceServer findByClient(final String clientId) {
- TypedQuery<String> query = entityManager.createNamedQuery("findResourceServerIdByClient", String.class);
-
- query.setParameter("clientId", clientId);
- try {
- String id = query.getSingleResult();
- return provider.getStoreFactory().getResourceServerStore().findById(id);
- } catch (NoResultException ex) {
- return null;
- }
- }
}
diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/PolicyAdapter.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/PolicyAdapter.java
index 6fc2d1e..b789165 100644
--- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/PolicyAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/PolicyAdapter.java
@@ -16,7 +16,6 @@
*/
package org.keycloak.authorization.jpa.store;
-import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.jpa.entities.PolicyEntity;
import org.keycloak.authorization.jpa.entities.ResourceEntity;
import org.keycloak.authorization.jpa.entities.ScopeEntity;
diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceAdapter.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceAdapter.java
index 5c55114..9ce0de2 100644
--- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceAdapter.java
@@ -16,7 +16,6 @@
*/
package org.keycloak.authorization.jpa.store;
-import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.jpa.entities.ResourceEntity;
import org.keycloak.authorization.jpa.entities.ScopeEntity;
import org.keycloak.authorization.model.Resource;
diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceServerAdapter.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceServerAdapter.java
index 56d5856..72c7cc1 100644
--- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceServerAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceServerAdapter.java
@@ -16,11 +16,7 @@
*/
package org.keycloak.authorization.jpa.store;
-import org.keycloak.authorization.AuthorizationProvider;
-import org.keycloak.authorization.jpa.entities.ResourceEntity;
import org.keycloak.authorization.jpa.entities.ResourceServerEntity;
-import org.keycloak.authorization.model.Policy;
-import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.jpa.JpaModel;
@@ -54,11 +50,6 @@ public class ResourceServerAdapter implements ResourceServer, JpaModel<ResourceS
}
@Override
- public String getClientId() {
- return entity.getClientId();
- }
-
- @Override
public boolean isAllowRemoteResourceManagement() {
return entity.isAllowRemoteResourceManagement();
}
diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ScopeAdapter.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ScopeAdapter.java
index 6b59dc8..f77310e 100644
--- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ScopeAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ScopeAdapter.java
@@ -16,12 +16,10 @@
*/
package org.keycloak.authorization.jpa.store;
-import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.jpa.entities.ScopeEntity;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.store.StoreFactory;
-import org.keycloak.models.KeycloakSession;
import org.keycloak.models.jpa.JpaModel;
import javax.persistence.EntityManager;
diff --git a/model/jpa/src/main/resources/META-INF/jpa-changelog-authz-3.4.0.CR1.xml b/model/jpa/src/main/resources/META-INF/jpa-changelog-authz-3.4.0.CR1.xml
new file mode 100755
index 0000000..24b2970
--- /dev/null
+++ b/model/jpa/src/main/resources/META-INF/jpa-changelog-authz-3.4.0.CR1.xml
@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!--
+ ~ * Copyright 2017 Red Hat, Inc. and/or its affiliates
+ ~ * and other contributors as indicated by the @author tags.
+ ~ *
+ ~ * Licensed under the Apache License, Version 2.0 (the "License");
+ ~ * you may not use this file except in compliance with the License.
+ ~ * You may obtain a copy of the License at
+ ~ *
+ ~ * http://www.apache.org/licenses/LICENSE-2.0
+ ~ *
+ ~ * Unless required by applicable law or agreed to in writing, software
+ ~ * distributed under the License is distributed on an "AS IS" BASIS,
+ ~ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ * See the License for the specific language governing permissions and
+ ~ * limitations under the License.
+ -->
+
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.2.xsd">
+ <changeSet author="glavoie@gmail.com" id="authz-3.4.0.CR1-resource-server-pk-change-part1">
+ <!-- Data migration to change the PK of RESOURCE_SERVER to use the CLIENT_ID. -->
+ <addColumn tableName="RESOURCE_SERVER_POLICY">
+ <column name="RESOURCE_SERVER_CLIENT_ID" type="VARCHAR(36)"/>
+ </addColumn>
+ <addColumn tableName="RESOURCE_SERVER_RESOURCE">
+ <column name="RESOURCE_SERVER_CLIENT_ID" type="VARCHAR(36)"/>
+ </addColumn>
+ <addColumn tableName="RESOURCE_SERVER_SCOPE">
+ <column name="RESOURCE_SERVER_CLIENT_ID" type="VARCHAR(36)"/>
+ </addColumn>
+ </changeSet>
+
+ <changeSet author="glavoie@gmail.com" id="authz-3.4.0.CR1-resource-server-pk-change-part2">
+ <preConditions onSqlOutput="TEST" onFail="MARK_RAN">
+ <not>
+ <dbms type="mssql" />
+ </not>
+ </preConditions>
+ <sql>
+ UPDATE RESOURCE_SERVER_POLICY p SET RESOURCE_SERVER_CLIENT_ID = (SELECT CLIENT_ID FROM RESOURCE_SERVER s WHERE s.ID = p.RESOURCE_SERVER_ID);
+ UPDATE RESOURCE_SERVER_RESOURCE p SET RESOURCE_SERVER_CLIENT_ID = (SELECT CLIENT_ID FROM RESOURCE_SERVER s WHERE s.ID = p.RESOURCE_SERVER_ID);
+ UPDATE RESOURCE_SERVER_SCOPE p SET RESOURCE_SERVER_CLIENT_ID = (SELECT CLIENT_ID FROM RESOURCE_SERVER s WHERE s.ID = p.RESOURCE_SERVER_ID);
+ </sql>
+ </changeSet>
+ <changeSet author="glavoie@gmail.com" id="authz-3.4.0.CR1-resource-server-pk-change-part2-mssql">
+ <preConditions onSqlOutput="TEST" onFail="MARK_RAN">
+ <dbms type="mssql" />
+ </preConditions>
+ <sql>
+ UPDATE RESOURCE_SERVER_POLICY SET RESOURCE_SERVER_CLIENT_ID = s.CLIENT_ID FROM (SELECT ID, CLIENT_ID FROM RESOURCE_SERVER) s WHERE s.ID = RESOURCE_SERVER_POLICY.RESOURCE_SERVER_ID;
+ UPDATE RESOURCE_SERVER_RESOURCE SET RESOURCE_SERVER_CLIENT_ID = s.CLIENT_ID FROM (SELECT ID, CLIENT_ID FROM RESOURCE_SERVER) s WHERE s.ID = RESOURCE_SERVER_RESOURCE.RESOURCE_SERVER_ID;
+ UPDATE RESOURCE_SERVER_SCOPE SET RESOURCE_SERVER_CLIENT_ID = s.CLIENT_ID FROM (SELECT ID, CLIENT_ID FROM RESOURCE_SERVER) s WHERE s.ID = RESOURCE_SERVER_SCOPE.RESOURCE_SERVER_ID;
+ </sql>
+ </changeSet>
+
+ <changeSet author="glavoie@gmail.com" id="authz-3.4.0.CR1-resource-server-pk-change-part3">
+ <addNotNullConstraint tableName="RESOURCE_SERVER_POLICY" columnName="RESOURCE_SERVER_CLIENT_ID" columnDataType="VARCHAR(36)"/>
+ <addNotNullConstraint tableName="RESOURCE_SERVER_RESOURCE" columnName="RESOURCE_SERVER_CLIENT_ID" columnDataType="VARCHAR(36)"/>
+ <addNotNullConstraint tableName="RESOURCE_SERVER_SCOPE" columnName="RESOURCE_SERVER_CLIENT_ID" columnDataType="VARCHAR(36)"/>
+
+ <dropUniqueConstraint tableName="RESOURCE_SERVER_POLICY" constraintName="UK_FRSRPT700S9V50BU18WS5HA6"/>
+ <dropUniqueConstraint tableName="RESOURCE_SERVER_RESOURCE" constraintName="UK_FRSR6T700S9V50BU18WS5HA6"/>
+ <dropUniqueConstraint tableName="RESOURCE_SERVER_SCOPE" constraintName="UK_FRSRST700S9V50BU18WS5HA6"/>
+
+ <dropForeignKeyConstraint baseTableName="RESOURCE_SERVER_POLICY" constraintName="FK_FRSRPO213XCX4WNKOG82SSRFY"/>
+ <dropIndex tableName="RESOURCE_SERVER_POLICY" indexName="IDX_RES_SERV_POL_RES_SERV"/>
+ <dropColumn tableName="RESOURCE_SERVER_POLICY" columnName="RESOURCE_SERVER_ID"/>
+
+ <dropForeignKeyConstraint baseTableName="RESOURCE_SERVER_RESOURCE" constraintName="FK_FRSRHO213XCX4WNKOG82SSRFY"/>
+ <dropIndex tableName="RESOURCE_SERVER_RESOURCE" indexName="IDX_RES_SRV_RES_RES_SRV"/>
+ <dropColumn tableName="RESOURCE_SERVER_RESOURCE" columnName="RESOURCE_SERVER_ID"/>
+
+ <dropForeignKeyConstraint baseTableName="RESOURCE_SERVER_SCOPE" constraintName="FK_FRSRSO213XCX4WNKOG82SSRFY"/>
+ <dropIndex tableName="RESOURCE_SERVER_SCOPE" indexName="IDX_RES_SRV_SCOPE_RES_SRV"/>
+ <dropColumn tableName="RESOURCE_SERVER_SCOPE" columnName="RESOURCE_SERVER_ID"/>
+
+ <dropPrimaryKey tableName="RESOURCE_SERVER" constraintName="CONSTRAINT_FARS"/>
+ <dropUniqueConstraint tableName="RESOURCE_SERVER" constraintName="UK_AU8TT6T700S9V50BU18WS5HA6"/>
+
+ <dropColumn tableName="RESOURCE_SERVER" columnName="ID"/>
+
+ <renameColumn tableName="RESOURCE_SERVER" oldColumnName="CLIENT_ID" newColumnName="ID" columnDataType="VARCHAR(36)"/>
+ <renameColumn tableName="RESOURCE_SERVER_POLICY" oldColumnName="RESOURCE_SERVER_CLIENT_ID" newColumnName="RESOURCE_SERVER_ID" columnDataType="VARCHAR(36)"/>
+ <renameColumn tableName="RESOURCE_SERVER_RESOURCE" oldColumnName="RESOURCE_SERVER_CLIENT_ID" newColumnName="RESOURCE_SERVER_ID" columnDataType="VARCHAR(36)"/>
+ <renameColumn tableName="RESOURCE_SERVER_SCOPE" oldColumnName="RESOURCE_SERVER_CLIENT_ID" newColumnName="RESOURCE_SERVER_ID" columnDataType="VARCHAR(36)"/>
+
+ <addUniqueConstraint tableName="RESOURCE_SERVER_POLICY" constraintName="UK_FRSRPT700S9V50BU18WS5HA6"
+ columnNames="NAME, RESOURCE_SERVER_ID"/>
+ <addUniqueConstraint tableName="RESOURCE_SERVER_RESOURCE" constraintName="UK_FRSR6T700S9V50BU18WS5HA6"
+ columnNames="NAME, OWNER, RESOURCE_SERVER_ID"/>
+ <addUniqueConstraint tableName="RESOURCE_SERVER_SCOPE" constraintName="UK_FRSRST700S9V50BU18WS5HA6"
+ columnNames="NAME, RESOURCE_SERVER_ID"/>
+
+ <createIndex indexName="IDX_RES_SERV_POL_RES_SERV" tableName="RESOURCE_SERVER_POLICY">
+ <column name="RESOURCE_SERVER_ID" type="VARCHAR(36)"/>
+ </createIndex>
+ <createIndex indexName="IDX_RES_SRV_RES_RES_SRV" tableName="RESOURCE_SERVER_RESOURCE">
+ <column name="RESOURCE_SERVER_ID" type="VARCHAR(36)"/>
+ </createIndex>
+ <createIndex indexName="IDX_RES_SRV_SCOPE_RES_SRV" tableName="RESOURCE_SERVER_SCOPE">
+ <column name="RESOURCE_SERVER_ID" type="VARCHAR(36)"/>
+ </createIndex>
+
+ <addPrimaryKey tableName="RESOURCE_SERVER" constraintName="PK_RESOURCE_SERVER" columnNames="ID"/>
+ <addForeignKeyConstraint constraintName="FK_FRSRPO213XCX4WNKOG82SSRFY"
+ baseTableName="RESOURCE_SERVER_POLICY" baseColumnNames="RESOURCE_SERVER_ID"
+ referencedTableName="RESOURCE_SERVER" referencedColumnNames="ID"/>
+ <addForeignKeyConstraint constraintName="FK_FRSRHO213XCX4WNKOG82SSRFY"
+ baseTableName="RESOURCE_SERVER_RESOURCE" baseColumnNames="RESOURCE_SERVER_ID"
+ referencedTableName="RESOURCE_SERVER" referencedColumnNames="ID"/>
+ <addForeignKeyConstraint constraintName="FK_FRSRSO213XCX4WNKOG82SSRFY"
+ baseTableName="RESOURCE_SERVER_SCOPE" baseColumnNames="RESOURCE_SERVER_ID"
+ referencedTableName="RESOURCE_SERVER" referencedColumnNames="ID"/>
+ </changeSet>
+</databaseChangeLog>
diff --git a/model/jpa/src/main/resources/META-INF/jpa-changelog-master.xml b/model/jpa/src/main/resources/META-INF/jpa-changelog-master.xml
index 96b9a18..008443a 100755
--- a/model/jpa/src/main/resources/META-INF/jpa-changelog-master.xml
+++ b/model/jpa/src/main/resources/META-INF/jpa-changelog-master.xml
@@ -49,4 +49,5 @@
<include file="META-INF/jpa-changelog-3.0.0.xml"/>
<include file="META-INF/jpa-changelog-3.2.0.xml"/>
<include file="META-INF/jpa-changelog-3.3.0.xml"/>
+ <include file="META-INF/jpa-changelog-authz-3.4.0.CR1.xml"/>
</databaseChangeLog>
diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/model/ResourceServer.java b/server-spi-private/src/main/java/org/keycloak/authorization/model/ResourceServer.java
index d5b9ac4..69c3b6d 100644
--- a/server-spi-private/src/main/java/org/keycloak/authorization/model/ResourceServer.java
+++ b/server-spi-private/src/main/java/org/keycloak/authorization/model/ResourceServer.java
@@ -36,14 +36,6 @@ public interface ResourceServer {
String getId();
/**
- * Returns the identifier of the client application (which already exists in Keycloak) that is also acting as a resource
- * server.
- *
- * @return the identifier of the client application associated with this instance.
- */
- String getClientId();
-
- /**
* Indicates if the resource server is allowed to manage its own resources remotely using the Protection API.
*
* {@code true} if the resource server is allowed to managed them remotely
diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultPolicyEvaluator.java b/server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultPolicyEvaluator.java
index 1ec8887..c720504 100644
--- a/server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultPolicyEvaluator.java
+++ b/server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultPolicyEvaluator.java
@@ -165,7 +165,7 @@ public class DefaultPolicyEvaluator implements PolicyEvaluator {
List<Resource> resourcesByType = resourceStore.findByType(type, resource.getResourceServer().getId());
for (Resource resourceType : resourcesByType) {
- if (resourceType.getOwner().equals(resource.getResourceServer().getClientId())) {
+ if (resourceType.getOwner().equals(resource.getResourceServer().getId())) {
resources.add(resourceType);
}
}
diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/store/ResourceServerStore.java b/server-spi-private/src/main/java/org/keycloak/authorization/store/ResourceServerStore.java
index 742f98b..d01b19a 100644
--- a/server-spi-private/src/main/java/org/keycloak/authorization/store/ResourceServerStore.java
+++ b/server-spi-private/src/main/java/org/keycloak/authorization/store/ResourceServerStore.java
@@ -51,13 +51,4 @@ public interface ResourceServerStore {
* @return the resource server instance with the given identifier or null if no instance was found
*/
ResourceServer findById(String id);
-
- /**
- * Returns a {@link ResourceServer} instance based on the identifier of a client application.
- *
- * @param id the identifier of an existing client application
- *
- * @return the resource server instance, with the given client id or null if no instance was found
- */
- ResourceServer findByClient(String id);
}
diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java
index aeb039d..d8af293 100644
--- a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java
+++ b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java
@@ -37,7 +37,7 @@ public class ClientApplicationSynchronizer implements Synchronizer<ClientRemoved
AuthorizationProvider authorizationProvider = providerFactory.create(event.getKeycloakSession());
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
ResourceServerStore store = storeFactory.getResourceServerStore();
- ResourceServer resourceServer = store.findByClient(event.getClient().getId());
+ ResourceServer resourceServer = store.findById(event.getClient().getId());
if (resourceServer != null) {
String id = resourceServer.getId();
diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/RealmSynchronizer.java b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/RealmSynchronizer.java
index 971ae31..476c0d3 100644
--- a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/RealmSynchronizer.java
+++ b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/RealmSynchronizer.java
@@ -36,7 +36,7 @@ public class RealmSynchronizer implements Synchronizer<RealmRemovedEvent> {
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
event.getRealm().getClients().forEach(clientModel -> {
- ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel.getId());
+ ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId());
if (resourceServer != null) {
String id = resourceServer.getId();
diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/UserSynchronizer.java b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/UserSynchronizer.java
index 03a2cda..b760e8d 100644
--- a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/UserSynchronizer.java
+++ b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/UserSynchronizer.java
@@ -17,8 +17,6 @@
package org.keycloak.authorization.store.syncronization;
-import java.util.function.Consumer;
-
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.store.PolicyStore;
@@ -48,7 +46,7 @@ public class UserSynchronizer implements Synchronizer<UserRemovedEvent> {
RealmModel realm = event.getRealm();
realm.getClients().forEach(clientModel -> {
- ResourceServer resourceServer = resourceServerStore.findByClient(clientModel.getId());
+ ResourceServer resourceServer = resourceServerStore.findById(clientModel.getId());
if (resourceServer != null) {
resourceStore.findByOwner(userModel.getId(), resourceServer.getId()).forEach(resource -> {
diff --git a/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo2_1_0.java b/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo2_1_0.java
index d1e0ca2..9ff2a52 100644
--- a/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo2_1_0.java
+++ b/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo2_1_0.java
@@ -67,7 +67,7 @@ public class MigrateTo2_1_0 implements Migration {
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
PolicyStore policyStore = storeFactory.getPolicyStore();
realm.getClients().forEach(clientModel -> {
- ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel.getId());
+ ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId());
if (resourceServer != null) {
policyStore.findByType("role", resourceServer.getId()).forEach(policy -> {
diff --git a/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java b/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
index ef95c0a..172147a 100755
--- a/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
+++ b/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
@@ -35,7 +35,6 @@ import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.authorization.store.ResourceStore;
-import org.keycloak.common.Profile;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.common.util.Time;
import org.keycloak.component.ComponentModel;
@@ -43,10 +42,10 @@ import org.keycloak.credential.CredentialModel;
import org.keycloak.events.Event;
import org.keycloak.events.admin.AdminEvent;
import org.keycloak.events.admin.AuthDetails;
+import org.keycloak.models.AuthenticatedClientSessionModel;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.AuthenticatorConfigModel;
-import org.keycloak.models.AuthenticatedClientSessionModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientTemplateModel;
import org.keycloak.models.FederatedIdentityModel;
@@ -789,7 +788,7 @@ public class ModelToRepresentation {
ResourceServerRepresentation server = new ResourceServerRepresentation();
server.setId(model.getId());
- server.setClientId(model.getClientId());
+ server.setClientId(model.getId());
server.setName(client.getClientId());
server.setAllowRemoteResourceManagement(model.isAllowRemoteResourceManagement());
server.setPolicyEnforcementMode(model.getPolicyEnforcementMode());
@@ -852,8 +851,8 @@ public class ModelToRepresentation {
KeycloakSession keycloakSession = authorization.getKeycloakSession();
RealmModel realm = authorization.getRealm();
- if (owner.getId().equals(resourceServer.getClientId())) {
- ClientModel clientModel = realm.getClientById(resourceServer.getClientId());
+ if (owner.getId().equals(resourceServer.getId())) {
+ ClientModel clientModel = realm.getClientById(resourceServer.getId());
owner.setName(clientModel.getClientId());
} else {
UserModel userModel = keycloakSession.users().getUserById(owner.getId(), realm);
@@ -882,7 +881,7 @@ public class ModelToRepresentation {
if (resource.getType() != null) {
ResourceStore resourceStore = authorization.getStoreFactory().getResourceStore();
for (Resource typed : resourceStore.findByType(resource.getType(), resourceServer.getId())) {
- if (typed.getOwner().equals(resourceServer.getClientId()) && !typed.getId().equals(resource.getId())) {
+ if (typed.getOwner().equals(resourceServer.getId()) && !typed.getId().equals(resource.getId())) {
resource.setTypedScopes(typed.getScopes().stream().map(model1 -> {
ScopeRepresentation scope = new ScopeRepresentation();
scope.setId(model1.getId());
diff --git a/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java b/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
index 3fdddde..ad838ff 100755
--- a/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
+++ b/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
@@ -1922,7 +1922,7 @@ public class RepresentationToModel {
public static void toModel(ResourceServerRepresentation rep, AuthorizationProvider authorization) {
ResourceServerStore resourceServerStore = authorization.getStoreFactory().getResourceServerStore();
ResourceServer resourceServer;
- ResourceServer existing = resourceServerStore.findByClient(rep.getClientId());
+ ResourceServer existing = resourceServerStore.findById(rep.getClientId());
if (existing == null) {
resourceServer = resourceServerStore.create(rep.getClientId());
@@ -1947,7 +1947,7 @@ public class RepresentationToModel {
if (owner == null) {
owner = new ResourceOwnerRepresentation();
- owner.setId(resourceServer.getClientId());
+ owner.setId(resourceServer.getId());
resource.setOwner(owner);
} else if (owner.getName() != null) {
UserModel user = session.users().getUserByUsername(owner.getName(), realm);
@@ -2270,7 +2270,7 @@ public class RepresentationToModel {
if (owner == null) {
owner = new ResourceOwnerRepresentation();
- owner.setId(resourceServer.getClientId());
+ owner.setId(resourceServer.getId());
}
String ownerId = owner.getId();
@@ -2279,7 +2279,7 @@ public class RepresentationToModel {
throw new RuntimeException("No owner specified for resource [" + resource.getName() + "].");
}
- if (!resourceServer.getClientId().equals(ownerId)) {
+ if (!resourceServer.getId().equals(ownerId)) {
RealmModel realm = authorization.getRealm();
KeycloakSession keycloakSession = authorization.getKeycloakSession();
UserProvider users = keycloakSession.users();
diff --git a/services/src/main/java/org/keycloak/authorization/admin/AuthorizationService.java b/services/src/main/java/org/keycloak/authorization/admin/AuthorizationService.java
index 3d4f163..72772e2 100644
--- a/services/src/main/java/org/keycloak/authorization/admin/AuthorizationService.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/AuthorizationService.java
@@ -18,15 +18,15 @@
package org.keycloak.authorization.admin;
+import javax.ws.rs.Path;
+
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
-import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.services.resources.admin.AdminEventBuilder;
-
-import javax.ws.rs.Path;
+import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
@@ -43,7 +43,7 @@ public class AuthorizationService {
this.client = client;
this.authorization = session.getProvider(AuthorizationProvider.class);
this.adminEvent = adminEvent;
- this.resourceServer = this.authorization.getStoreFactory().getResourceServerStore().findByClient(this.client.getId());
+ this.resourceServer = this.authorization.getStoreFactory().getResourceServerStore().findById(this.client.getId());
this.auth = auth;
}
diff --git a/services/src/main/java/org/keycloak/authorization/admin/PolicyEvaluationService.java b/services/src/main/java/org/keycloak/authorization/admin/PolicyEvaluationService.java
index ecebaae..e3903a8 100644
--- a/services/src/main/java/org/keycloak/authorization/admin/PolicyEvaluationService.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/PolicyEvaluationService.java
@@ -229,7 +229,7 @@ public class PolicyEvaluationService {
String clientId = representation.getClientId();
if (clientId == null) {
- clientId = resourceServer.getClientId();
+ clientId = resourceServer.getId();
}
if (clientId != null) {
diff --git a/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java b/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java
index 3f8b737..f4d685c 100644
--- a/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java
@@ -30,17 +30,15 @@ import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
-import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
-import org.keycloak.models.UserProvider;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.services.ErrorResponse;
-import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.services.resources.admin.AdminEventBuilder;
+import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
@@ -103,7 +101,7 @@ public class ResourceSetService {
if (owner == null) {
owner = new ResourceOwnerRepresentation();
- owner.setId(resourceServer.getClientId());
+ owner.setId(resourceServer.getId());
}
String ownerId = owner.getId();
@@ -217,7 +215,7 @@ public class ResourceSetService {
if (model.getType() != null) {
ResourceStore resourceStore = authorization.getStoreFactory().getResourceStore();
for (Resource typed : resourceStore.findByType(model.getType(), resourceServer.getId())) {
- if (typed.getOwner().equals(resourceServer.getClientId()) && !typed.getId().equals(model.getId())) {
+ if (typed.getOwner().equals(resourceServer.getId()) && !typed.getId().equals(model.getId())) {
scopes.addAll(typed.getScopes().stream().map(model1 -> {
ScopeRepresentation scope = new ScopeRepresentation();
scope.setId(model1.getId());
diff --git a/services/src/main/java/org/keycloak/authorization/entitlement/EntitlementService.java b/services/src/main/java/org/keycloak/authorization/entitlement/EntitlementService.java
index 54097bb..0108eab 100644
--- a/services/src/main/java/org/keycloak/authorization/entitlement/EntitlementService.java
+++ b/services/src/main/java/org/keycloak/authorization/entitlement/EntitlementService.java
@@ -119,7 +119,7 @@ public class EntitlementService {
}
StoreFactory storeFactory = authorization.getStoreFactory();
- ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(client.getId());
+ ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(client.getId());
if (resourceServer == null) {
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Client does not support permissions", Status.FORBIDDEN);
@@ -152,7 +152,7 @@ public class EntitlementService {
}
StoreFactory storeFactory = authorization.getStoreFactory();
- ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(client.getId());
+ ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(client.getId());
if (resourceServer == null) {
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Client does not support permissions", Status.FORBIDDEN);
diff --git a/services/src/main/java/org/keycloak/authorization/protection/permission/AbstractPermissionService.java b/services/src/main/java/org/keycloak/authorization/protection/permission/AbstractPermissionService.java
index 665fe8f..1e669cf 100644
--- a/services/src/main/java/org/keycloak/authorization/protection/permission/AbstractPermissionService.java
+++ b/services/src/main/java/org/keycloak/authorization/protection/permission/AbstractPermissionService.java
@@ -114,7 +114,7 @@ public class AbstractPermissionService {
}
for (Resource baseResource : authorization.getStoreFactory().getResourceStore().findByType(resource.getType(), resourceServer.getId())) {
- if (baseResource.getOwner().equals(resource.getResourceServer().getClientId())) {
+ if (baseResource.getOwner().equals(resource.getResourceServer().getId())) {
for (Scope baseScope : baseResource.getScopes()) {
if (baseScope.getName().equals(scopeName)) {
return new ScopeRepresentation(scopeName);
diff --git a/services/src/main/java/org/keycloak/authorization/protection/ProtectionService.java b/services/src/main/java/org/keycloak/authorization/protection/ProtectionService.java
index 3779279..30afbc7 100644
--- a/services/src/main/java/org/keycloak/authorization/protection/ProtectionService.java
+++ b/services/src/main/java/org/keycloak/authorization/protection/ProtectionService.java
@@ -100,7 +100,7 @@ public class ProtectionService {
ResourceServer resourceServer = getResourceServer(identity);
KeycloakSession keycloakSession = authorization.getKeycloakSession();
RealmModel realm = keycloakSession.getContext().getRealm();
- ClientModel client = realm.getClientById(resourceServer.getClientId());
+ ClientModel client = realm.getClientById(resourceServer.getId());
if (!identity.hasClientRole(client.getClientId(), "uma_protection")) {
throw new ErrorResponseException(OAuthErrorException.INVALID_SCOPE, "Requires uma_protection scope.", Status.FORBIDDEN);
@@ -117,7 +117,7 @@ public class ProtectionService {
throw new ErrorResponseException("invalid_clientId", "Client application with id [" + identity.getId() + "] does not exist in realm [" + realm.getName() + "]", Status.BAD_REQUEST);
}
- ResourceServer resourceServer = this.authorization.getStoreFactory().getResourceServerStore().findByClient(identity.getId());
+ ResourceServer resourceServer = this.authorization.getStoreFactory().getResourceServerStore().findById(identity.getId());
if (resourceServer == null) {
throw new ErrorResponseException("invalid_clientId", "Client application [" + clientApplication.getClientId() + "] is not registered as resource server.", Status.FORBIDDEN);
diff --git a/services/src/main/java/org/keycloak/authorization/util/Permissions.java b/services/src/main/java/org/keycloak/authorization/util/Permissions.java
index b0e5daa..a420cf9 100644
--- a/services/src/main/java/org/keycloak/authorization/util/Permissions.java
+++ b/services/src/main/java/org/keycloak/authorization/util/Permissions.java
@@ -20,8 +20,6 @@ package org.keycloak.authorization.util;
import java.util.ArrayList;
import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.LinkedList;
@@ -70,7 +68,7 @@ public final class Permissions {
StoreFactory storeFactory = authorization.getStoreFactory();
ResourceStore resourceStore = storeFactory.getResourceStore();
- resourceStore.findByOwner(resourceServer.getClientId(), resourceServer.getId()).stream().forEach(resource -> permissions.addAll(createResourcePermissionsWithScopes(resource, new LinkedList(resource.getScopes()), authorization)));
+ resourceStore.findByOwner(resourceServer.getId(), resourceServer.getId()).stream().forEach(resource -> permissions.addAll(createResourcePermissionsWithScopes(resource, new LinkedList(resource.getScopes()), authorization)));
resourceStore.findByOwner(identity.getId(), resourceServer.getId()).stream().forEach(resource -> permissions.addAll(createResourcePermissionsWithScopes(resource, new LinkedList(resource.getScopes()), authorization)));
return permissions;
@@ -86,11 +84,11 @@ public final class Permissions {
scopes = new LinkedList<>(resource.getScopes());
// check if there is a typed resource whose scopes are inherited by the resource being requested. In this case, we assume that parent resource
// is owned by the resource server itself
- if (type != null && !resource.getOwner().equals(resourceServer.getClientId())) {
+ if (type != null && !resource.getOwner().equals(resourceServer.getId())) {
StoreFactory storeFactory = authorization.getStoreFactory();
ResourceStore resourceStore = storeFactory.getResourceStore();
resourceStore.findByType(type, resourceServer.getId()).forEach(resource1 -> {
- if (resource1.getOwner().equals(resourceServer.getClientId())) {
+ if (resource1.getOwner().equals(resourceServer.getId())) {
for (Scope typeScope : resource1.getScopes()) {
if (!scopes.contains(typeScope)) {
scopes.add(typeScope);
@@ -123,11 +121,11 @@ public final class Permissions {
// check if there is a typed resource whose scopes are inherited by the resource being requested. In this case, we assume that parent resource
// is owned by the resource server itself
- if (type != null && !resource.getOwner().equals(resourceServer.getClientId())) {
+ if (type != null && !resource.getOwner().equals(resourceServer.getId())) {
StoreFactory storeFactory = authorization.getStoreFactory();
ResourceStore resourceStore = storeFactory.getResourceStore();
resourceStore.findByType(type, resourceServer.getId()).forEach(resource1 -> {
- if (resource1.getOwner().equals(resourceServer.getClientId())) {
+ if (resource1.getOwner().equals(resourceServer.getId())) {
for (Scope typeScope : resource1.getScopes()) {
if (!scopes.contains(typeScope)) {
scopes.add(typeScope);
diff --git a/services/src/main/java/org/keycloak/exportimport/util/ExportUtils.java b/services/src/main/java/org/keycloak/exportimport/util/ExportUtils.java
index fa1e238..371c4da 100755
--- a/services/src/main/java/org/keycloak/exportimport/util/ExportUtils.java
+++ b/services/src/main/java/org/keycloak/exportimport/util/ExportUtils.java
@@ -55,7 +55,6 @@ import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserConsentModel;
import org.keycloak.models.UserModel;
-import org.keycloak.models.UserProvider;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ClientTemplateRepresentation;
@@ -73,6 +72,7 @@ import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.util.JsonSerialization;
+
import com.fasterxml.jackson.core.JsonEncoding;
import com.fasterxml.jackson.core.JsonFactory;
import com.fasterxml.jackson.core.JsonGenerator;
@@ -298,7 +298,7 @@ public class ExportUtils {
AuthorizationProviderFactory providerFactory = (AuthorizationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class);
AuthorizationProvider authorization = providerFactory.create(session, client.getRealm());
StoreFactory storeFactory = authorization.getStoreFactory();
- ResourceServer settingsModel = authorization.getStoreFactory().getResourceServerStore().findByClient(client.getId());
+ ResourceServer settingsModel = authorization.getStoreFactory().getResourceServerStore().findById(client.getId());
if (settingsModel == null) {
return null;
@@ -314,7 +314,7 @@ public class ExportUtils {
.stream().map(resource -> {
ResourceRepresentation rep = toRepresentation(resource, settingsModel, authorization);
- if (rep.getOwner().getId().equals(settingsModel.getClientId())) {
+ if (rep.getOwner().getId().equals(settingsModel.getId())) {
rep.setOwner(null);
} else {
rep.getOwner().setId(null);
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissions.java
index 8aeb9ab..149b313 100644
--- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissions.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissions.java
@@ -112,7 +112,7 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionM
String resourceName = getResourceName(client);
Resource resource = authz.getStoreFactory().getResourceStore().findByName(resourceName, server.getId());
if (resource == null) {
- resource = authz.getStoreFactory().getResourceStore().create(resourceName, server, server.getClientId());
+ resource = authz.getStoreFactory().getResourceStore().create(resourceName, server, server.getId());
resource.setType("Client");
Set<Scope> scopeset = new HashSet<>();
scopeset.add(configureScope);
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java
index 46b15d0..c6aa3c6 100644
--- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java
@@ -26,7 +26,6 @@ import org.keycloak.models.AdminRoles;
import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
-import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.services.ForbiddenException;
import java.util.HashMap;
@@ -95,7 +94,7 @@ class GroupPermissions implements GroupPermissionEvaluator, GroupPermissionManag
String groupResourceName = getGroupResourceName(group);
Resource groupResource = authz.getStoreFactory().getResourceStore().findByName(groupResourceName, server.getId());
if (groupResource == null) {
- groupResource = authz.getStoreFactory().getResourceStore().create(groupResourceName, server, server.getClientId());
+ groupResource = authz.getStoreFactory().getResourceStore().create(groupResourceName, server, server.getId());
Set<Scope> scopeset = new HashSet<>();
scopeset.add(manageScope);
scopeset.add(viewScope);
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/IdentityProviderPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/IdentityProviderPermissions.java
index 71661b1..9be37d6 100644
--- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/IdentityProviderPermissions.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/IdentityProviderPermissions.java
@@ -32,7 +32,6 @@ import org.keycloak.models.RealmModel;
import java.util.Arrays;
import java.util.Collection;
-import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.Map;
@@ -76,7 +75,7 @@ class IdentityProviderPermissions implements IdentityProviderPermissionManageme
String resourceName = getResourceName(idp);
Resource resource = authz.getStoreFactory().getResourceStore().findByName(resourceName, server.getId());
if (resource == null) {
- resource = authz.getStoreFactory().getResourceStore().create(resourceName, server, server.getClientId());
+ resource = authz.getStoreFactory().getResourceStore().create(resourceName, server, server.getId());
resource.setType("IdentityProvider");
Set<Scope> scopeset = new HashSet<>();
scopeset.add(exchangeToScope);
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/MgmtPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/MgmtPermissions.java
index 80812f2..6fa044f 100644
--- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/MgmtPermissions.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/MgmtPermissions.java
@@ -40,7 +40,6 @@ import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
-import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.ForbiddenException;
import org.keycloak.services.managers.RealmManager;
@@ -252,7 +251,7 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage
ResourceServerStore resourceServerStore = authz.getStoreFactory().getResourceServerStore();
ClientModel client = getRealmManagementClient();
if (client == null) return null;
- realmResourceServer = authz.getStoreFactory().getResourceServerStore().findByClient(client.getId());
+ realmResourceServer = authz.getStoreFactory().getResourceServerStore().findById(client.getId());
return realmResourceServer;
}
@@ -260,7 +259,7 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage
public ResourceServer initializeRealmResourceServer() {
if (realmResourceServer != null) return realmResourceServer;
ClientModel client = getRealmManagementClient();
- realmResourceServer = authz.getStoreFactory().getResourceServerStore().findByClient(client.getId());
+ realmResourceServer = authz.getStoreFactory().getResourceServerStore().findById(client.getId());
if (realmResourceServer == null) {
realmResourceServer = authz.getStoreFactory().getResourceServerStore().create(client.getId());
}
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/RolePermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/RolePermissions.java
index 0e12861..361cb0c 100644
--- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/RolePermissions.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/RolePermissions.java
@@ -34,7 +34,6 @@ import org.keycloak.models.RoleModel;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.services.ForbiddenException;
-import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.Map;
@@ -541,7 +540,7 @@ class RolePermissions implements RolePermissionEvaluator, RolePermissionManageme
String roleResourceName = getRoleResourceName(role);
Resource resource = authz.getStoreFactory().getResourceStore().findByName(roleResourceName, server.getId());
if (resource == null) {
- resource = authz.getStoreFactory().getResourceStore().create(roleResourceName, server, server.getClientId());
+ resource = authz.getStoreFactory().getResourceStore().create(roleResourceName, server, server.getId());
Set<Scope> scopeset = new HashSet<>();
scopeset.add(mapClientScope);
scopeset.add(mapCompositeScope);
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java
index 3ac26ed..0078497 100644
--- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java
@@ -84,7 +84,7 @@ class UserPermissions implements UserPermissionEvaluator, UserPermissionManageme
Resource usersResource = authz.getStoreFactory().getResourceStore().findByName(USERS_RESOURCE, server.getId());
if (usersResource == null) {
- usersResource = authz.getStoreFactory().getResourceStore().create(USERS_RESOURCE, server, server.getClientId());
+ usersResource = authz.getStoreFactory().getResourceStore().create(USERS_RESOURCE, server, server.getId());
Set<Scope> scopeset = new HashSet<>();
scopeset.add(manageScope);
scopeset.add(viewScope);
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AuthzCleanupTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AuthzCleanupTest.java
index 5adec44..11eac12 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AuthzCleanupTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AuthzCleanupTest.java
@@ -85,7 +85,7 @@ public class AuthzCleanupTest extends AbstractKeycloakTest {
session.getContext().setRealm(realm);
AuthorizationProvider authz = session.getProvider(AuthorizationProvider.class);
ClientModel myclient = realm.getClientByClientId("myclient");
- ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().findByClient(myclient.getId());
+ ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().findById(myclient.getId());
createRolePolicy(authz, resourceServer, "client-role-1");
createRolePolicy(authz, resourceServer, "client-role-2");
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java
index 16b0804..42dbdb0 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java
@@ -1829,7 +1829,7 @@ public class PermissionsTest extends AbstractKeycloakTest {
for (Method m : rep.getClass().getDeclaredMethods()) {
if (m.getParameters().length == 0 && m.getName().startsWith("get") && !ignoreList.contains(m.getName())) {
- try {
+ try {
Object o = m.invoke(rep);
assertNull("Expected " + m.getName() + " to be null", o);
} catch (Exception e) {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PolicyEvaluationCompositeRoleTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PolicyEvaluationCompositeRoleTest.java
index cb93c96..1c57147 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PolicyEvaluationCompositeRoleTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PolicyEvaluationCompositeRoleTest.java
@@ -87,7 +87,7 @@ public class PolicyEvaluationCompositeRoleTest extends AbstractAuthzTest {
Policy policy = createRolePolicy(authz, resourceServer, role1);
Scope scope = authz.getStoreFactory().getScopeStore().create("myscope", resourceServer);
- Resource resource = authz.getStoreFactory().getResourceStore().create("myresource", resourceServer, resourceServer.getClientId());
+ Resource resource = authz.getStoreFactory().getResourceStore().create("myresource", resourceServer, resourceServer.getId());
addScopePermission(authz, resourceServer, "mypermission", resource, scope, policy);
RoleModel composite = realm.addRole("composite");
diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/authorization/ResourceManagementTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/authorization/ResourceManagementTest.java
index 4a4fc9a..b9a75a4 100644
--- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/authorization/ResourceManagementTest.java
+++ b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/authorization/ResourceManagementTest.java
@@ -61,7 +61,6 @@ public class ResourceManagementTest extends AbstractPhotozAdminTest {
assertEquals("Resource Type", resourceModel.getType());
assertEquals("Resource Icon URI", resourceModel.getIconUri());
assertEquals("Resource URI", resourceModel.getUri());
- assertEquals(resourceServer.getClientId(), resourceModel.getOwner());
assertEquals(resourceServer.getId(), resourceModel.getResourceServer().getId());
});
}