External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity

Export failing if the realm has FGAP enabled

Browse Source 
Closes #38695

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
This commit is contained in:
Pedro Igor 2025-04-07 13:47:44 -03:00 committed by GitHub
parent 87430fc181
commit 8521b9952a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 2707 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/ExportDistTest.java vendored
View File

@ -17,12 +17,17 @@
package org.keycloak.it.cli.dist;
import static org.junit.jupiter.api.Assertions.assertTrue;
import java.nio.file.Path;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.keycloak.it.junit5.extension.CLIResult;
import org.keycloak.it.junit5.extension.DistributionTest;
import org.keycloak.it.junit5.extension.RawDistOnly;
import org.keycloak.it.utils.KeycloakDistribution;
import org.keycloak.it.utils.RawKeycloakDistribution;
@RawDistOnly(reason = "Containers are immutable")
@DistributionTest(defaultOptions = "--db=dev-file")
@ -53,4 +58,17 @@ public class ExportDistTest {
cliResult.assertMessage("Realm 'master' - data exported");
}
@Test
void testExportRealmFGAPEnabled(KeycloakDistribution dist) {
RawKeycloakDistribution rawDist = dist.unwrap(RawKeycloakDistribution.class);
Path importDir = rawDist.getDistPath().resolve("data").resolve("import");
assertTrue(importDir.toFile().mkdirs());
dist.copyOrReplaceFileFromClasspath("/fgap-realm.json", importDir.resolve("fgap-realm.json"));
rawDist.run("start-dev","-v", "--import-realm", "--features=admin-fine-grained-authz:v2");
rawDist.stop();
CLIResult cliResult = rawDist.run("export", "--realm=fgap", "--dir=" + importDir.toAbsolutePath(), "--features=admin-fine-grained-authz:v2");
cliResult.assertMessage("Export of realm 'fgap' requested.");
cliResult.assertMessage("Export finished successfully");
}
}

2685
quarkus/tests/integration/src/test/resources/fgap-realm.json Normal file
View File

File diff suppressed because it is too large Load Diff

6
server-spi-private/src/main/java/org/keycloak/authorization/PartialEvaluator.java
View File

@ -58,7 +58,7 @@ public class PartialEvaluator {
UserModel adminUser = session.getContext().getUser();
if (shouldSkipPartialEvaluation(session, adminUser, realm, resourceType)) {
if (shouldSkipPartialEvaluation(session, adminUser, resourceType)) {
// only run partial evaluation if the admin user does not have view-* or manage-* role for specified resourceType or has any query-* role
return List.of();
}
@ -219,9 +219,9 @@ public class PartialEvaluator {
return permission.getScopes().stream().map(Scope::getName).anyMatch(name -> name.startsWith(AdminPermissionsSchema.VIEW));
}
private boolean shouldSkipPartialEvaluation(KeycloakSession session, UserModel user, RealmModel realm, ResourceType resourceType) {
private boolean shouldSkipPartialEvaluation(KeycloakSession session, UserModel user, ResourceType resourceType) {
if (user == null) {
return false;
return true;
}
ClientModel client = getRealmManagementClient(session);

6
services/src/main/java/org/keycloak/services/DefaultKeycloakContext.java
View File

@ -304,10 +304,6 @@ public abstract class DefaultKeycloakContext implements KeycloakContext {
user = userSession == null ? null : userSession.getUser();
}
if (user != null) {
return user;
}
throw new IllegalStateException("Could not resolve subject");
return user;
}
}