From cb28f35126eecb095236e80901654c9a0c775ac6 Mon Sep 17 00:00:00 2001 From: Venkatesh Kannan Date: Wed, 20 Nov 2024 21:59:33 +0000 Subject: [PATCH] Persist admin event only when roles is non-empty Currently, an adminEvent is created regardless of if the roles passed to the role-mapping API is empty. The event should only be created when the list `roles` is non-empty. Closes #33195 Signed-off-by: Venkatesh Kannan --- .../services/resources/admin/ClientRoleMappingsResource.java | 4 +++- .../keycloak/services/resources/admin/RoleMapperResource.java | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientRoleMappingsResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientRoleMappingsResource.java index 437e48636f40..5e4b24d2b58a 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientRoleMappingsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientRoleMappingsResource.java @@ -183,7 +183,9 @@ public void addClientRoleMapping(List roles) { throw new ErrorResponseException("invalid_request", "Could not add user role or group mappings!", Response.Status.BAD_REQUEST); } - adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(roles).success(); + if (!roles.isEmpty()) { + adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(roles).success(); + } } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RoleMapperResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RoleMapperResource.java index 1a82e7e6af8e..38caaa2e46ca 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/RoleMapperResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/RoleMapperResource.java @@ -253,7 +253,9 @@ public void addRealmRoleMappings(@Parameter(description = "Roles to add") List