1

这是带有角色描述的 JSON:

      {
    "id": "<role-id>",
    "name": "<role-name>",
    "composite": true,
    "composites": {
      "client": {
        "realm-management": [
          "realm-admin",
          "manage-identity-providers",
          "view-users",
          "view-clients",
          "query-users",
          "manage-authorization",
          "view-events",
          "manage-users",
          "manage-events",
          "view-identity-providers",
          "view-authorization",
          "query-groups",
          "query-realms",
          "query-clients",
          "impersonation",
          "create-client",
          "view-realm",
          "manage-clients",
          "manage-realm"
        ]
      }
    },
    "clientRole": false,
    "containerId": "<realm-id>",
    "attributes": {}
  }

即使它是在 Keycloak 中创建的,但当我运行时kcadm.sh get roles/<role-name>,它会说,它不是复合材料。再深入一点,我在 Keycloak 日志中发现了以下错误:

ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-15) Uncaught server error: com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of `org.keycloak.representations.idm.RoleRepresentation$Composites` (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('client')

所以我想,问题存在于“复合材料”领域的某个地方。我展示的文件是通过导出获得的,所以它必须是有效的

UPD我用来创建角色的命令是kcadm.sh create roles -s name=<role-name> -r <realm-name> -f role.json

4

1 回答 1

2

您可以通过首先创建一个具有以下内容的.json(让我们命名)来做到这一点:role.json

{
  "roles": {
    "realm": [
      {
        "name": "<ROLE_NAME>",
        "composite": true,
        "composites": {
          "client": {
            "realm-management": [
              "realm-admin",
              "view-events",
              "manage-clients",
              "create-client",
              "manage-realm",
              "view-users",
              "manage-identity-providers",
              "manage-users",
              "query-users",
              "view-clients",
              "query-realms",
              "view-authorization",
              "view-realm",
              "query-groups",
              "impersonation",
              "manage-events",
              "manage-authorization",
              "query-clients",
              "view-identity-providers"
            ]
          }
        },
        "clientRole": false,
        "containerId": "Realm",
        "attributes": {}
      }
    ]
  }
}

然后打电话./kcadm.sh create partialImport -r <REALM_NAME> -s ifResourceExists=FAIL -o -f role.json

于 2020-12-15T11:20:47.583 回答