keycloak-aplcache
Changes
services/src/main/java/org/keycloak/services/clientregistration/AbstractClientRegistrationProvider.java 6(+4 -2)
Details
diff --git a/services/src/main/java/org/keycloak/services/clientregistration/AbstractClientRegistrationProvider.java b/services/src/main/java/org/keycloak/services/clientregistration/AbstractClientRegistrationProvider.java
index d6683f1..0f6ec8f 100755
--- a/services/src/main/java/org/keycloak/services/clientregistration/AbstractClientRegistrationProvider.java
+++ b/services/src/main/java/org/keycloak/services/clientregistration/AbstractClientRegistrationProvider.java
@@ -31,6 +31,8 @@ import org.keycloak.services.ErrorResponseException;
import org.keycloak.services.ForbiddenException;
import org.keycloak.services.clientregistration.policy.ClientRegistrationPolicyManager;
import org.keycloak.services.clientregistration.policy.RegistrationAuth;
+import org.keycloak.services.managers.ClientManager;
+import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.validation.ValidationMessages;
import javax.ws.rs.core.Response;
@@ -67,7 +69,7 @@ public abstract class AbstractClientRegistrationProvider implements ClientRegist
try {
RealmModel realm = session.getContext().getRealm();
- ClientModel clientModel = RepresentationToModel.createClient(session, realm, client, true);
+ ClientModel clientModel = new ClientManager(new RealmManager(session)).createClient(session, realm, client, true);
ClientRegistrationPolicyManager.triggerAfterRegister(context, registrationAuth, clientModel);
@@ -153,7 +155,7 @@ public abstract class AbstractClientRegistrationProvider implements ClientRegist
ClientModel client = session.getContext().getRealm().getClientByClientId(clientId);
auth.requireDelete(client);
- if (session.getContext().getRealm().removeClient(client.getId())) {
+ if (new ClientManager(new RealmManager(session)).removeClient(session.getContext().getRealm(), client)) {
event.client(client.getClientId()).success();
} else {
throw new ForbiddenException();
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cli/registration/KcRegCreateTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cli/registration/KcRegCreateTest.java
index d916a9b..1f08b8b 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cli/registration/KcRegCreateTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cli/registration/KcRegCreateTest.java
@@ -74,7 +74,7 @@ public class KcRegCreateTest extends AbstractRegCliTest {
" \"name\": \"My Client App\",\n" +
" \"implicitFlowEnabled\": false,\n" +
" \"publicClient\": true,\n" +
- " \"protocol\": \"leycloak-oidc\",\n" +
+ " \"protocol\": \"openid-connect\",\n" +
" \"webOrigins\": [\"http://localhost:8980/myapp\"],\n" +
" \"consentRequired\": false,\n" +
" \"baseUrl\": \"http://localhost:8980/myapp\",\n" +
@@ -99,7 +99,7 @@ public class KcRegCreateTest extends AbstractRegCliTest {
Assert.assertEquals("implicitFlowEnabled", false, client.isImplicitFlowEnabled());
Assert.assertEquals("publicClient", true, client.isPublicClient());
// note there is no server-side check if protocol is supported
- Assert.assertEquals("protocol", "leycloak-oidc", client.getProtocol());
+ Assert.assertEquals("protocol", "openid-connect", client.getProtocol());
Assert.assertEquals("webOrigins", Arrays.asList("http://localhost:8980/myapp"), client.getWebOrigins());
Assert.assertEquals("consentRequired", false, client.isConsentRequired());
Assert.assertEquals("baseUrl", "http://localhost:8980/myapp", client.getBaseUrl());
@@ -110,7 +110,7 @@ public class KcRegCreateTest extends AbstractRegCliTest {
// create configuration from file as a template and override clientId and other attributes ... output an object
exe = execute("create --config '" + configFile.getName() + "' -o -f '" + tmpFile.getName() +
"' -s clientId=my_client2 -s enabled=false -s 'redirectUris=[\"http://localhost:8980/myapp2/*\"]'" +
- " -s 'name=My Client App II' -s protocol=keycloak-oidc -s 'webOrigins=[\"http://localhost:8980/myapp2\"]'" +
+ " -s 'name=My Client App II' -s protocol=openid-connect -s 'webOrigins=[\"http://localhost:8980/myapp2\"]'" +
" -s baseUrl=http://localhost:8980/myapp2 -s rootUrl=http://localhost:8980/myapp2");
assertExitCodeAndStdErrSize(exe, 0, 0);
@@ -124,7 +124,7 @@ public class KcRegCreateTest extends AbstractRegCliTest {
Assert.assertEquals("name", "My Client App II", client2.getName());
Assert.assertEquals("implicitFlowEnabled", false, client2.isImplicitFlowEnabled());
Assert.assertEquals("publicClient", true, client2.isPublicClient());
- Assert.assertEquals("protocol", "keycloak-oidc", client2.getProtocol());
+ Assert.assertEquals("protocol", "openid-connect", client2.getProtocol());
Assert.assertEquals("webOrigins", Arrays.asList("http://localhost:8980/myapp2"), client2.getWebOrigins());
Assert.assertEquals("consentRequired", false, client2.isConsentRequired());
Assert.assertEquals("baseUrl", "http://localhost:8980/myapp2", client2.getBaseUrl());
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java
index 86edae7..f586d62 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java
@@ -17,13 +17,20 @@
package org.keycloak.testsuite.client;
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.Test;
import org.keycloak.client.registration.Auth;
import org.keycloak.client.registration.ClientRegistration;
import org.keycloak.client.registration.ClientRegistrationException;
import org.keycloak.client.registration.HttpErrorException;
+import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
+import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.ClientRepresentation;
+import org.keycloak.representations.idm.UserRepresentation;
+import org.keycloak.testsuite.runonserver.RunOnServerDeployment;
+import org.keycloak.testsuite.runonserver.RunOnServerTest;
import javax.ws.rs.NotFoundException;
import java.util.Collections;
@@ -38,6 +45,11 @@ import static org.junit.Assert.fail;
*/
public class ClientRegistrationTest extends AbstractClientRegistrationTest {
+ @Deployment
+ public static WebArchive deploy() {
+ return RunOnServerDeployment.create(ClientRegistrationTest.class);
+ }
+
private static final String CLIENT_ID = "test-client";
private static final String CLIENT_SECRET = "test-client-secret";
@@ -72,6 +84,28 @@ public class ClientRegistrationTest extends AbstractClientRegistrationTest {
registerClient();
}
+ // KEYCLOAK-5907
+ @Test
+ public void withServiceAccount() throws ClientRegistrationException {
+ authManageClients();
+ ClientRepresentation clientRep = buildClient();
+ clientRep.setServiceAccountsEnabled(true);
+
+ ClientRepresentation rep = registerClient(clientRep);
+
+ UserRepresentation serviceAccountUser = adminClient.realm("test").clients().get(rep.getId()).getServiceAccountUser();
+
+ assertNotNull(serviceAccountUser);
+
+ deleteClient(rep);
+
+ try {
+ adminClient.realm("test").users().get(serviceAccountUser.getId()).toRepresentation();
+ fail("Expected NotFoundException");
+ } catch (NotFoundException e) {
+ }
+ }
+
@Test
public void registerClientInMasterRealm() throws Exception {
ClientRegistration masterReg = ClientRegistration.create().url(suiteContext.getAuthServerInfo().getContextRoot() + "/auth", "master").build();