以下是包含角色描述的 JSON:
{
"id": "<role-id>",
"name": "<role-name>",
"composite": true,
"composites": {
"client": {
"realm-management": [
"realm-admin",
"manage-identity-providers",
"view-users",
"view-clients",
"query-users",
"manage-authorization",
"view-events",
"manage-users",
"manage-events",
"view-identity-providers",
"view-authorization",
"query-groups",
"query-realms",
"query-clients",
"impersonation",
"create-client",
"view-realm",
"manage-clients",
"manage-realm"
]
}
},
"clientRole": false,
"containerId": "<realm-id>",
"attributes": {}
}
即使它是在 Keycloak 中创建的,当我运行 kcadm.sh get roles/<role-name> 时,它说,它不是复合 Material 。深入挖掘后,我在 Keycloak 日志中发现了以下错误:
ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-15) Uncaught server error: com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of `org.keycloak.representations.idm.RoleRepresentation$Composites` (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('client')
所以我猜,问题出在“复合 Material ”领域的某个地方。 我展示的文件是通过导出获得的,因此它必须有效
UPD 我用来创建角色的命令是 kcadm.sh create roles -s name=<role-name> -r <realm-name> -f role.json
最佳答案
您可以通过首先创建 .json 来做到这一点(让我们命名为 role.json ),内容如下:
{
"roles": {
"realm": [
{
"name": "<ROLE_NAME>",
"composite": true,
"composites": {
"client": {
"realm-management": [
"realm-admin",
"view-events",
"manage-clients",
"create-client",
"manage-realm",
"view-users",
"manage-identity-providers",
"manage-users",
"query-users",
"view-clients",
"query-realms",
"view-authorization",
"view-realm",
"query-groups",
"impersonation",
"manage-events",
"manage-authorization",
"query-clients",
"view-identity-providers"
]
}
},
"clientRole": false,
"containerId": "Realm",
"attributes": {}
}
]
}
}
然后调用./kcadm.sh create partialImport -r <REALM_NAME> -s ifResourceExists=FAIL -o -f role.json
关于keycloak - 无法从 json 文件创建复合角色,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/65302448/