External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity

[FGAP] Create scopes upon creation of the admin permission client

Browse Source 
Closes #35810

Signed-off-by: vramik <vramik@redhat.com>
This commit is contained in:
vramik 2024-12-11 13:53:22 +01:00 committed by Pedro Igor
parent 4c263f4897
commit 16a42d5a64
2 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
server-spi-private/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java
View File

@ -85,7 +85,14 @@ import java.util.function.Function;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.common.Profile;
import org.keycloak.representations.idm.authorization.AdminPermissionsAuthorizationSchema;
import org.keycloak.representations.idm.authorization.AuthorizationSchema;
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
import org.keycloak.representations.idm.authorization.ResourceType;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import static org.keycloak.utils.StreamsUtil.closing;
@ -1192,7 +1199,21 @@ public final class KeycloakModelUtils {
public static void setupAdminPermissionsClient(KeycloakSession session, RealmModel realm) {
ClientModel client = session.clients().addClient(realm, Constants.ADMIN_PERMISSIONS_CLIENT_ID);
realm.setAdminPermissionsClient(client);
RepresentationToModel.createResourceServer(client, session, false);
ResourceServer resourceServer = RepresentationToModel.createResourceServer(client, session, false);
ResourceServerRepresentation resourceServerRep = ModelToRepresentation.toRepresentation(resourceServer, client);
AuthorizationSchema schema = AdminPermissionsAuthorizationSchema.INSTANCE;
//there is no way how to map scopes to the resourceType, we need to collect all scopes from all resourceTypes
Set<ScopeRepresentation> scopes = schema.getResourceTypes().stream()
.flatMap((resourceType) -> resourceType.getScopes().stream())
.map(scope -> new ScopeRepresentation(scope))
.collect(Collectors.toSet());//collecting to set to get rid of duplicities
resourceServerRep.setScopes(List.copyOf(scopes));
RepresentationToModel.toModel(resourceServerRep, session.getProvider(AuthorizationProvider.class), client);
}
}

5
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/admin/permissions/AdminPermissionsTest.java
View File

@ -22,6 +22,8 @@ import static org.hamcrest.Matchers.notNullValue;
import static org.hamcrest.Matchers.nullValue;
import java.util.List;
import java.util.stream.Collectors;
import org.hamcrest.Matchers;
import org.junit.Test;
import org.keycloak.common.Profile;
import org.keycloak.representations.idm.ClientRepresentation;
@ -90,6 +92,9 @@ public class AdminPermissionsTest extends AbstractTestRealmKeycloakTest {
authorizationSettings = testRealm().clients().get(adminPermissionsClient.getId()).authorization().getSettings();
assertThat(authorizationSettings.getAuthorizationSchema(), notNullValue());
List<String> scopeNames = testRealm().clients().get(adminPermissionsClient.getId()).authorization().scopes().scopes().stream().map((rep) -> rep.getName()).collect(Collectors.toList());
assertThat(scopeNames, Matchers.hasItem("manage"));
}
}