From b8d686069c3249e4bd11eb5eef95f5bd51ea58fb Mon Sep 17 00:00:00 2001
From: Matthias Piepkorn <mpiepk@gmail.com>
Date: Sun, 17 Jun 2018 10:13:40 +0000
Subject: [PATCH] update for KEYCLOAK-6630 Client scopes initial support

---
 src/main/java/org/keycloak/protocol/cas/mappers/UserClientRoleMappingMapper.java |   22 +++++++---------------
 1 files changed, 7 insertions(+), 15 deletions(-)

diff --git a/src/main/java/org/keycloak/protocol/cas/mappers/UserClientRoleMappingMapper.java b/src/main/java/org/keycloak/protocol/cas/mappers/UserClientRoleMappingMapper.java
index 15ff8ac..ff872d3 100644
--- a/src/main/java/org/keycloak/protocol/cas/mappers/UserClientRoleMappingMapper.java
+++ b/src/main/java/org/keycloak/protocol/cas/mappers/UserClientRoleMappingMapper.java
@@ -2,6 +2,7 @@
 
 import org.keycloak.models.*;
 import org.keycloak.protocol.ProtocolMapperUtils;
+import org.keycloak.protocol.oidc.TokenManager;
 import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
 import org.keycloak.provider.ProviderConfigProperty;
 
@@ -78,10 +79,7 @@
             return RoleModel::isClientRole;
         }
 
-        ClientTemplateModel template = client.getClientTemplate();
-        boolean useTemplateScope = template != null && client.useTemplateScope();
-        boolean fullScopeAllowed = (useTemplateScope && template.isFullScopeAllowed()) || client.isFullScopeAllowed();
-
+        boolean fullScopeAllowed = client.isFullScopeAllowed();
         Set<RoleModel> clientRoleMappings = client.getRoles();
         if (fullScopeAllowed) {
             return clientRoleMappings::contains;
@@ -89,16 +87,10 @@
 
         Set<RoleModel> scopeMappings = new HashSet<>();
 
-        if (useTemplateScope) {
-            Set<RoleModel> templateScopeMappings = template.getScopeMappings();
-            if (templateScopeMappings != null) {
-                scopeMappings.addAll(templateScopeMappings);
-            }
-        }
-
-        Set<RoleModel> clientScopeMappings = client.getScopeMappings();
-        if (clientScopeMappings != null) {
-            scopeMappings.addAll(clientScopeMappings);
+        // CAS protocol does not support scopes, so pass null scopeParam
+        Set<ClientScopeModel> clientScopes = TokenManager.getRequestedClientScopes(null, client);
+        for (ClientScopeModel clientScope : clientScopes) {
+            scopeMappings.addAll(clientScope.getScopeMappings());
         }
 
         return role -> clientRoleMappings.contains(role) && scopeMappings.contains(role);
@@ -107,7 +99,7 @@
     public static ProtocolMapperModel create(String clientId, String clientRolePrefix,
                                              String name, String tokenClaimName) {
         ProtocolMapperModel mapper = CASAttributeMapperHelper.createClaimMapper(name, tokenClaimName,
-                "String", true, name, PROVIDER_ID);
+                "String", PROVIDER_ID);
         mapper.getConfig().put(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_CLIENT_ID, clientId);
         mapper.getConfig().put(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_ROLE_PREFIX, clientRolePrefix);
         return mapper;

--
Gitblit v1.9.1