无法从 json 文件创建复合角色
Not able to create composite role from json file
这是 JSON 的角色描述:
{
"id": "<role-id>",
"name": "<role-name>",
"composite": true,
"composites": {
"client": {
"realm-management": [
"realm-admin",
"manage-identity-providers",
"view-users",
"view-clients",
"query-users",
"manage-authorization",
"view-events",
"manage-users",
"manage-events",
"view-identity-providers",
"view-authorization",
"query-groups",
"query-realms",
"query-clients",
"impersonation",
"create-client",
"view-realm",
"manage-clients",
"manage-realm"
]
}
},
"clientRole": false,
"containerId": "<realm-id>",
"attributes": {}
}
即使它是在 Keycloak 中创建的,但当我 运行 kcadm.sh get roles/<role-name> 时,它说,它不是复合的。深入挖掘,我在 Keycloak 日志中发现了以下错误:
ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-15) Uncaught server error: com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of `org.keycloak.representations.idm.RoleRepresentation$Composites` (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('client')
所以我想,问题出在“复合材料”字段下的某个地方。
我显示的文件是通过导出获得的,因此它必须有效
UPD 我用来创建角色的命令是kcadm.sh create roles -s name=<role-name> -r <realm-name> -f role.json
您可以先创建一个包含以下内容的 .json(让我们命名为 role.json):
{
"roles": {
"realm": [
{
"name": "<ROLE_NAME>",
"composite": true,
"composites": {
"client": {
"realm-management": [
"realm-admin",
"view-events",
"manage-clients",
"create-client",
"manage-realm",
"view-users",
"manage-identity-providers",
"manage-users",
"query-users",
"view-clients",
"query-realms",
"view-authorization",
"view-realm",
"query-groups",
"impersonation",
"manage-events",
"manage-authorization",
"query-clients",
"view-identity-providers"
]
}
},
"clientRole": false,
"containerId": "Realm",
"attributes": {}
}
]
}
}
然后调用./kcadm.sh create partialImport -r <REALM_NAME> -s ifResourceExists=FAIL -o -f role.json
这是 JSON 的角色描述:
{
"id": "<role-id>",
"name": "<role-name>",
"composite": true,
"composites": {
"client": {
"realm-management": [
"realm-admin",
"manage-identity-providers",
"view-users",
"view-clients",
"query-users",
"manage-authorization",
"view-events",
"manage-users",
"manage-events",
"view-identity-providers",
"view-authorization",
"query-groups",
"query-realms",
"query-clients",
"impersonation",
"create-client",
"view-realm",
"manage-clients",
"manage-realm"
]
}
},
"clientRole": false,
"containerId": "<realm-id>",
"attributes": {}
}
即使它是在 Keycloak 中创建的,但当我 运行 kcadm.sh get roles/<role-name> 时,它说,它不是复合的。深入挖掘,我在 Keycloak 日志中发现了以下错误:
ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-15) Uncaught server error: com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of `org.keycloak.representations.idm.RoleRepresentation$Composites` (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('client')
所以我想,问题出在“复合材料”字段下的某个地方。 我显示的文件是通过导出获得的,因此它必须有效
UPD 我用来创建角色的命令是kcadm.sh create roles -s name=<role-name> -r <realm-name> -f role.json
您可以先创建一个包含以下内容的 .json(让我们命名为 role.json):
{
"roles": {
"realm": [
{
"name": "<ROLE_NAME>",
"composite": true,
"composites": {
"client": {
"realm-management": [
"realm-admin",
"view-events",
"manage-clients",
"create-client",
"manage-realm",
"view-users",
"manage-identity-providers",
"manage-users",
"query-users",
"view-clients",
"query-realms",
"view-authorization",
"view-realm",
"query-groups",
"impersonation",
"manage-events",
"manage-authorization",
"query-clients",
"view-identity-providers"
]
}
},
"clientRole": false,
"containerId": "Realm",
"attributes": {}
}
]
}
}
然后调用./kcadm.sh create partialImport -r <REALM_NAME> -s ifResourceExists=FAIL -o -f role.json