Make sure there is always Realm or ResourceServer when searching for … #11831
Conversation
There was a problem hiding this comment.
I can see the parameter is used across all objects (legacy jpa adn infinispan adapters) within authz, not only for PermissionTickets. Shouldn't it rather be placed in e.g. AuthorizationProvider?
There was a problem hiding this comment.
You are right. This should not be here, it is quite confusing. Maybe we should not have it in the server-spi* modules at all. A good place would be the module that will be introduced here: #10279, however this is not there yet. I think it would make sense to have it inside model/[jpa|infinispan] to make sure we do not use it anywhere else. WDYT?
There was a problem hiding this comment.
It makes sense to me, I'd add a note to #10279 (as part of it) to move it into the new module. For now I believe it's ok to have it in infinispan module.
There was a problem hiding this comment.
Thinking about this again. Maybe it makes even more sense to have it in infinispan/jpa modules rather than in the legacy. Let's leave it as is.
Please let me know once you see and agree with the commit I added so I can squash them.
There was a problem hiding this comment.
Please let me know once you see and agree with the commit I added so I can squash them.
Please, go ahead, The PR LGTM!
There was a problem hiding this comment.
just nitpick:
| policyStore.delete(realm, policy.getId()); | |
| policyStore.delete(removedClient.getRealm(), policy.getId()); |
it could be then avoided a creation of RealmModel object in some cases (e.g. when clients.isEmpty() == true) in this particular case.
If you decide to apply the suggestion, there is one more occurrence like this in RolePolicyProviderFactory.
3cdb755 to
6cff353
Compare
…authz entities Closes keycloak#11817
…authz entities
Closes #11817