Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Use admin console correctly in KeycloakIdentity #29733

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
hmlnarik merged 1 commit into from
May 21, 2024
Merged

Use admin console correctly in KeycloakIdentity #29733

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions js/apps/admin-ui/cypress/e2e/client_authorization_test.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -195,7 +195,7 @@ describe("Client authentication subtab", () => {
);
});

describe.skip("Client authorization tab access for view-realm-authorization", () => {
describe("Client authorization tab access for view-realm-authorization", () => {
const clientId = "realm-view-authz-client-" + uuid();

beforeEach(async () => {
Expand Down Expand Up @@ -241,11 +241,11 @@ describe("Client authentication subtab", () => {
loginPage.logIn("test-view-authz-user", "password");
keycloakBefore();

sidebarPage
.waitForPageLoad()
.goToRealm("realm-view-authz")
.waitForPageLoad()
.goToClients();
sidebarPage.waitForPageLoad().goToRealm("realm-view-authz");

cy.reload();

sidebarPage.waitForPageLoad().goToClients();

listingPage
.searchItem(clientId, true, "realm-view-authz")
Expand Down
3 changes: 2 additions & 1 deletion rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/UIRealmsResource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,9 +52,10 @@ public UIRealmsResource(KeycloakSession session, AdminPermissionEvaluator auth)
)}
)
public Stream<RealmNameRepresentation> getRealms() {
final RealmsPermissionEvaluator eval = AdminPermissions.realms(session, auth.adminAuth());

Stream<RealmNameRepresentation> realms = session.realms().getRealmsStream()
.filter(realm -> {
RealmsPermissionEvaluator eval = AdminPermissions.realms(session, auth.adminAuth());
return eval.canView(realm) || eval.isAdmin(realm);
})
.map((RealmModel realm) -> {
Expand Down
13 changes: 9 additions & 4 deletions ...ices/src/main/java/org/keycloak/services/resources/admin/permissions/MgmtPermissions.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,12 +97,17 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage
}

private void initIdentity(KeycloakSession session, AdminAuth auth) {
if (Constants.ADMIN_CLI_CLIENT_ID.equals(auth.getToken().getIssuedFor())
|| Constants.ADMIN_CONSOLE_CLIENT_ID.equals(auth.getToken().getIssuedFor())) {
this.identity = new UserModelIdentity(auth.getRealm(), auth.getUser());
final String issuedFor = auth.getToken().getIssuedFor();

if (Constants.ADMIN_CLI_CLIENT_ID.equals(issuedFor) || Constants.ADMIN_CONSOLE_CLIENT_ID.equals(issuedFor)) {
this.identity = new UserModelIdentity(auth.getRealm(), auth.getUser());
} else {
this.identity = new KeycloakIdentity(auth.getToken(), session);
ClientModel client = session.clients().getClientByClientId(auth.getRealm(), issuedFor);
if (client != null && Boolean.parseBoolean(client.getAttribute(Constants.SECURITY_ADMIN_CONSOLE_ATTR))) {
Copy link
Contributor Author

@hmlnarik hmlnarik May 21, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a condition similar to the one added in the #29646

this.identity = new UserModelIdentity(auth.getRealm(), auth.getUser());
} else {
this.identity = new KeycloakIdentity(auth.getToken(), session);
}
}
}

Expand Down