From 906d53ea7ed28325aa24d3479c2213116892c82f Mon Sep 17 00:00:00 2001 From: Matthias Piepkorn <mpiepk@gmail.com> Date: Sat, 08 Sep 2018 19:56:09 +0000 Subject: [PATCH] update to Keycloak 4.3.0.Final --- src/main/java/org/keycloak/protocol/cas/mappers/UserClientRoleMappingMapper.java | 22 +++++++--------------- 1 files changed, 7 insertions(+), 15 deletions(-) diff --git a/src/main/java/org/keycloak/protocol/cas/mappers/UserClientRoleMappingMapper.java b/src/main/java/org/keycloak/protocol/cas/mappers/UserClientRoleMappingMapper.java index 15ff8ac..ff872d3 100644 --- a/src/main/java/org/keycloak/protocol/cas/mappers/UserClientRoleMappingMapper.java +++ b/src/main/java/org/keycloak/protocol/cas/mappers/UserClientRoleMappingMapper.java @@ -2,6 +2,7 @@ import org.keycloak.models.*; import org.keycloak.protocol.ProtocolMapperUtils; +import org.keycloak.protocol.oidc.TokenManager; import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper; import org.keycloak.provider.ProviderConfigProperty; @@ -78,10 +79,7 @@ return RoleModel::isClientRole; } - ClientTemplateModel template = client.getClientTemplate(); - boolean useTemplateScope = template != null && client.useTemplateScope(); - boolean fullScopeAllowed = (useTemplateScope && template.isFullScopeAllowed()) || client.isFullScopeAllowed(); - + boolean fullScopeAllowed = client.isFullScopeAllowed(); Set<RoleModel> clientRoleMappings = client.getRoles(); if (fullScopeAllowed) { return clientRoleMappings::contains; @@ -89,16 +87,10 @@ Set<RoleModel> scopeMappings = new HashSet<>(); - if (useTemplateScope) { - Set<RoleModel> templateScopeMappings = template.getScopeMappings(); - if (templateScopeMappings != null) { - scopeMappings.addAll(templateScopeMappings); - } - } - - Set<RoleModel> clientScopeMappings = client.getScopeMappings(); - if (clientScopeMappings != null) { - scopeMappings.addAll(clientScopeMappings); + // CAS protocol does not support scopes, so pass null scopeParam + Set<ClientScopeModel> clientScopes = TokenManager.getRequestedClientScopes(null, client); + for (ClientScopeModel clientScope : clientScopes) { + scopeMappings.addAll(clientScope.getScopeMappings()); } return role -> clientRoleMappings.contains(role) && scopeMappings.contains(role); @@ -107,7 +99,7 @@ public static ProtocolMapperModel create(String clientId, String clientRolePrefix, String name, String tokenClaimName) { ProtocolMapperModel mapper = CASAttributeMapperHelper.createClaimMapper(name, tokenClaimName, - "String", true, name, PROVIDER_ID); + "String", PROVIDER_ID); mapper.getConfig().put(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_CLIENT_ID, clientId); mapper.getConfig().put(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_ROLE_PREFIX, clientRolePrefix); return mapper; -- Gitblit v1.9.1