diff --git a/server-spi/src/main/java/org/keycloak/models/utils/ComponentUtil.java b/server-spi/src/main/java/org/keycloak/models/utils/ComponentUtil.java
index fc4616b..5efbb1c 100644
--- a/server-spi/src/main/java/org/keycloak/models/utils/ComponentUtil.java
+++ b/server-spi/src/main/java/org/keycloak/models/utils/ComponentUtil.java
@@ -73,12 +73,12 @@ public class ComponentUtil {
private static ComponentFactory getComponentFactory(KeycloakSession session, String providerType, String providerId) {
Class<? extends Provider> provider = session.getProviderClass(providerType);
if (provider == null) {
- throw new RuntimeException("Invalid provider type '" + providerType + "'");
+ throw new IllegalArgumentException("Invalid provider type '" + providerType + "'");
}
ProviderFactory<? extends Provider> f = session.getKeycloakSessionFactory().getProviderFactory(provider, providerId);
if (f == null) {
- throw new RuntimeException("No such provider '" + providerId + "'");
+ throw new IllegalArgumentException("No such provider '" + providerId + "'");
}
ComponentFactory cf = (ComponentFactory) f;
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ComponentResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ComponentResource.java
index d414fcf..5919b2d 100644
--- a/services/src/main/java/org/keycloak/services/resources/admin/ComponentResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ComponentResource.java
@@ -32,6 +32,7 @@ import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.ErrorResponseException;
+import javax.ws.rs.BadRequestException;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
@@ -85,7 +86,7 @@ public class ComponentResource {
this.realm = realm;
this.adminEvent = adminEvent;
- auth.init(RealmAuth.Resource.USER);
+ auth.init(RealmAuth.Resource.REALM);
}
@GET
@@ -126,6 +127,8 @@ public class ComponentResource {
return Response.created(uriInfo.getAbsolutePathBuilder().path(model.getId()).build()).build();
} catch (ComponentValidationException e) {
return localizedErrorResponse(e);
+ } catch (IllegalArgumentException e) {
+ throw new BadRequestException();
}
}
@@ -134,7 +137,7 @@ public class ComponentResource {
@Produces(MediaType.APPLICATION_JSON)
@NoCache
public ComponentRepresentation getComponent(@PathParam("id") String id) {
- auth.requireManage();
+ auth.requireView();
ComponentModel model = realm.getComponent(id);
if (model == null) {
throw new NotFoundException("Could not find component");
@@ -159,8 +162,9 @@ public class ComponentResource {
return Response.noContent().build();
} catch (ComponentValidationException e) {
return localizedErrorResponse(e);
+ } catch (IllegalArgumentException e) {
+ throw new BadRequestException();
}
-
}
@DELETE
@Path("{id}")
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java
index 14f8d0a..e1fe92c 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java
@@ -33,6 +33,7 @@ import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
import org.keycloak.representations.idm.ClientInitialAccessCreatePresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ClientTemplateRepresentation;
+import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
@@ -1576,6 +1577,40 @@ public class PermissionsTest extends AbstractKeycloakTest {
}, Resource.USER, true);
}
+ @Test
+ public void components() {
+ invoke(new Invocation() {
+ public void invoke(RealmResource realm) {
+ realm.components().query();
+ }
+ }, Resource.REALM, false);
+ invoke(new Invocation() {
+ public void invoke(RealmResource realm) {
+ realm.components().query("nosuch");
+ }
+ }, Resource.REALM, false);
+ invoke(new InvocationWithResponse() {
+ public void invoke(RealmResource realm, AtomicReference<Response> response) {
+ response.set(realm.components().add(new ComponentRepresentation()));
+ }
+ }, Resource.REALM, true);
+ invoke(new Invocation() {
+ public void invoke(RealmResource realm) {
+ realm.components().component("nosuch").toRepresentation();
+ }
+ }, Resource.REALM, false);
+ invoke(new Invocation() {
+ public void invoke(RealmResource realm) {
+ realm.components().component("nosuch").update(new ComponentRepresentation());
+ }
+ }, Resource.REALM, true);
+ invoke(new Invocation() {
+ public void invoke(RealmResource realm) {
+ realm.components().component("nosuch").remove();
+ }
+ }, Resource.REALM, true);
+ }
+
private void invoke(final Invocation invocation, Resource resource, boolean manage) {
invoke(new InvocationWithResponse() {
public void invoke(RealmResource realm, AtomicReference<Response> response) {
