libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

KEYCLOAK-1070 Rename GrantedConsentModel to UserConsentModel. Mongo support for consents. Mongo fixes

Browse source
This commit is contained in:
mposolda 2015-04-20 19:11:49 +02:00
parent 136fd37b1b
commit 11035dbe1b
39 changed files with 871 additions and 647 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.2.0.RC1.xml
View file

@ -35,7 +35,7 @@
<addColumn tableName="CREDENTIAL">
<column name="CREATED_DATE" type="BIGINT"/>
</addColumn>
<createTable tableName="GRANTED_CONSENT">
<createTable tableName="USER_CONSENT">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
@ -46,16 +46,16 @@
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="GRANTED_CONSENT_ROLE">
<column name="GRANTED_CONSENT_ID" type="VARCHAR(36)">
<createTable tableName="USER_CONSENT_ROLE">
<column name="USER_CONSENT_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="ROLE_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="GRANTED_CONSENT_PROT_MAPPER">
<column name="GRANTED_CONSENT_ID" type="VARCHAR(36)">
<createTable tableName="USER_CONSENT_PROT_MAPPER">
<column name="USER_CONSENT_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="PROTOCOL_MAPPER_ID" type="VARCHAR(36)">
@ -64,14 +64,14 @@
</createTable>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_IDPM" tableName="IDENTITY_PROVIDER_MAPPER"/>
<addPrimaryKey columnNames="IDP_MAPPER_ID, NAME" constraintName="CONSTRAINT_IDPMConfig" tableName="IDP_MAPPER_CONFIG"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_GRNTCSNT_PM" tableName="GRANTED_CONSENT"/>
<addPrimaryKey columnNames="GRANTED_CONSENT_ID, ROLE_ID" constraintName="CONSTRAINT_GRNTCSNT_ROLE_PM" tableName="GRANTED_CONSENT_ROLE"/>
<addPrimaryKey columnNames="GRANTED_CONSENT_ID, PROTOCOL_MAPPER_ID" constraintName="CONSTRAINT_GRNTCSNT_PRM_PM" tableName="GRANTED_CONSENT_PROT_MAPPER"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_GRNTCSNT_PM" tableName="USER_CONSENT"/>
<addPrimaryKey columnNames="USER_CONSENT_ID, ROLE_ID" constraintName="CONSTRAINT_GRNTCSNT_ROLE_PM" tableName="USER_CONSENT_ROLE"/>
<addPrimaryKey columnNames="USER_CONSENT_ID, PROTOCOL_MAPPER_ID" constraintName="CONSTRAINT_GRNTCSNT_PRM_PM" tableName="USER_CONSENT_PROT_MAPPER"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="IDENTITY_PROVIDER_MAPPER" constraintName="FK_IDPM_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="IDP_MAPPER_ID" baseTableName="IDP_MAPPER_CONFIG" constraintName="FK_IDPMConfig" referencedColumnNames="ID" referencedTableName="IDENTITY_PROVIDER_MAPPER"/>
<addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="GRANTED_CONSENT" constraintName="FK_GRNTCSNT_USER" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
<addForeignKeyConstraint baseColumnNames="GRANTED_CONSENT_ID" baseTableName="GRANTED_CONSENT_ROLE" constraintName="FK_GRNTCSNT_ROLE_GR" referencedColumnNames="ID" referencedTableName="GRANTED_CONSENT"/>
<addForeignKeyConstraint baseColumnNames="GRANTED_CONSENT_ID" baseTableName="GRANTED_CONSENT_PROT_MAPPER" constraintName="FK_GRNTCSNT_PRM_GR" referencedColumnNames="ID" referencedTableName="GRANTED_CONSENT"/>
<addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="USER_CONSENT" constraintName="FK_GRNTCSNT_USER" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
<addForeignKeyConstraint baseColumnNames="USER_CONSENT_ID" baseTableName="USER_CONSENT_ROLE" constraintName="FK_GRNTCSNT_ROLE_GR" referencedColumnNames="ID" referencedTableName="USER_CONSENT"/>
<addForeignKeyConstraint baseColumnNames="USER_CONSENT_ID" baseTableName="USER_CONSENT_PROT_MAPPER" constraintName="FK_GRNTCSNT_PRM_GR" referencedColumnNames="ID" referencedTableName="USER_CONSENT"/>
<addColumn tableName="CLIENT">
<column name="CONSENT_REQUIRED" type="BOOLEAN" defaultValueBoolean="false">
@ -101,7 +101,7 @@
<dropUniqueConstraint tableName="KEYCLOAK_ROLE" constraintName="UK_J3RWUVD56ONTGSUHOGM184WW2"/>
<addUniqueConstraint columnNames="NAME,CLIENT_REALM_CONSTRAINT" constraintName="UK_J3RWUVD56ONTGSUHOGM184WW2-2" tableName="KEYCLOAK_ROLE"/>
<addUniqueConstraint columnNames="CLIENT_ID, USER_ID" constraintName="UK_JKUWUVD56ONTGSUHOGM8UEWRT" tableName="GRANTED_CONSENT"/>
<addUniqueConstraint columnNames="CLIENT_ID, USER_ID" constraintName="UK_JKUWUVD56ONTGSUHOGM8UEWRT" tableName="USER_CONSENT"/>
</changeSet>
</databaseChangeLog>

6
connections/jpa/src/main/resources/META-INF/persistence.xml
View file

@ -20,9 +20,9 @@
<class>org.keycloak.models.jpa.entities.IdentityProviderMapperEntity</class>
<class>org.keycloak.models.jpa.entities.ClientIdentityProviderMappingEntity</class>
<class>org.keycloak.models.jpa.entities.ProtocolMapperEntity</class>
<class>org.keycloak.models.jpa.entities.GrantedConsentEntity</class>
<class>org.keycloak.models.jpa.entities.GrantedConsentRoleEntity</class>
<class>org.keycloak.models.jpa.entities.GrantedConsentProtocolMapperEntity</class>
<class>org.keycloak.models.jpa.entities.UserConsentEntity</class>
<class>org.keycloak.models.jpa.entities.UserConsentRoleEntity</class>
<class>org.keycloak.models.jpa.entities.UserConsentProtocolMapperEntity</class>
<!-- JpaUserSessionProvider -->
<class>org.keycloak.models.sessions.jpa.entities.ClientSessionEntity</class>

1
connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_2_0_RC1.java
View file

@ -22,6 +22,7 @@ public class Update1_2_0_RC1 extends Update {
db.getCollection("realms").update(new BasicDBObject(), new BasicDBObject("$rename", new BasicDBObject("adminAppId", "clientId")), false, true);
ensureIndex("userConsents", new String[]{"clientId", "userId"}, true, false);
}
private void convertApplicationsToClients() {

3
connections/mongo/src/main/java/org/keycloak/connections/mongo/DefaultMongoConnectionFactoryProvider.java
View file

@ -38,7 +38,8 @@ public class DefaultMongoConnectionFactoryProvider implements MongoConnectionPro
"org.keycloak.models.sessions.mongo.entities.MongoUserSessionEntity",
"org.keycloak.models.sessions.mongo.entities.MongoClientSessionEntity",
"org.keycloak.models.entities.UserFederationProviderEntity",
"org.keycloak.models.entities.ProtocolMapperEntity"
"org.keycloak.models.entities.ProtocolMapperEntity",
"org.keycloak.models.mongo.keycloak.entities.MongoUserConsentEntity"
};
private static final Logger logger = Logger.getLogger(DefaultMongoConnectionFactoryProvider.class);

33
connections/mongo/src/main/java/org/keycloak/connections/mongo/api/MongoStore.java
View file

@ -24,13 +24,35 @@ public interface MongoStore {
*/
void updateEntity(MongoIdentifiableEntity entity, MongoStoreInvocationContext context);
/**
* Bulk update of more entities of some type
*
* @param type
* @param query
* @param update
* @param context
* @return count of updated entities
*/
<T extends MongoIdentifiableEntity> int updateEntities(Class<T> type, DBObject query, DBObject update, MongoStoreInvocationContext context);
<T extends MongoIdentifiableEntity> T loadEntity(Class<T> type, String id, MongoStoreInvocationContext context);
<T extends MongoIdentifiableEntity> T loadSingleEntity(Class<T> type, DBObject query, MongoStoreInvocationContext context);
/**
* @param type
* @param query
* @param context
* @return query result or empty list if no results available for the query. Doesn't return null
*/
<T extends MongoIdentifiableEntity> List<T> loadEntities(Class<T> type, DBObject query, MongoStoreInvocationContext context);
/**
* @param type
* @param query
* @param context
* @return query result or empty list if no results available for the query. Doesn't return null
*/
<T extends MongoIdentifiableEntity> List<T> loadEntities(Class<T> type, DBObject query, DBObject sort, int firstResult, int maxResults, MongoStoreInvocationContext context);
<T extends MongoIdentifiableEntity> int countEntities(Class<T> type, DBObject query, MongoStoreInvocationContext context);
@ -39,7 +61,16 @@ public interface MongoStore {
boolean removeEntity(Class<? extends MongoIdentifiableEntity> type, String id, MongoStoreInvocationContext context);
boolean removeEntities(Class<? extends MongoIdentifiableEntity> type, DBObject query, MongoStoreInvocationContext context);
/**
*
* @param type
* @param query
* @param callback if true, then store will first load all entities, then call "afterRemove" for every entity. If false, the entities are removed directly without load and calling "afterRemove" callback
* false has better performance (especially if we are going to remove big number of entities)
* @param context
* @return count of removed entities
*/
int removeEntities(Class<? extends MongoIdentifiableEntity> type, DBObject query, boolean callback, MongoStoreInvocationContext context);
<S> boolean pushItemToList(MongoIdentifiableEntity entity, String listPropertyName, S itemToPush, boolean skipIfAlreadyPresent, MongoStoreInvocationContext context);

2
connections/mongo/src/main/java/org/keycloak/connections/mongo/api/context/MongoStoreInvocationContext.java
View file

@ -22,6 +22,8 @@ public interface MongoStoreInvocationContext {
void beforeDBSearch(Class<? extends MongoIdentifiableEntity> entityType);
void beforeDBBulkUpdateOrRemove(Class<? extends MongoIdentifiableEntity> entityType);
void begin();
void commit();

48
connections/mongo/src/main/java/org/keycloak/connections/mongo/impl/MongoStoreImpl.java
View file

@ -7,6 +7,7 @@ import com.mongodb.DBCollection;
import com.mongodb.DBCursor;
import com.mongodb.DBObject;
import com.mongodb.MongoException;
import com.mongodb.WriteResult;
import org.jboss.logging.Logger;
import org.keycloak.connections.mongo.api.MongoCollection;
import org.keycloak.connections.mongo.api.MongoEntity;
@ -127,7 +128,7 @@ public class MongoStoreImpl implements MongoStore {
throw convertException(e);
}
// Treat object as created in this transaction (It is already submited to transaction)
// Treat object as created in this transaction (It is already submitted to transaction)
context.addCreatedEntity(entity);
}
@ -170,6 +171,16 @@ public class MongoStoreImpl implements MongoStore {
context.addUpdateTask(entity, fullUpdateTask);
}
@Override
public <T extends MongoIdentifiableEntity> int updateEntities(Class<T> type, DBObject query, DBObject update, MongoStoreInvocationContext context) {
context.beforeDBBulkUpdateOrRemove(type);
DBCollection collection = getDBCollectionForType(type);
WriteResult wr = collection.update(query, update, false, true);
logger.debugf("Updated %d collections of type %s", wr.getN(), type);
return wr.getN();
}
@Override
public <T extends MongoIdentifiableEntity> T loadEntity(Class<T> type, String id, MongoStoreInvocationContext context) {
@ -275,19 +286,32 @@ public class MongoStoreImpl implements MongoStore {
@Override
public boolean removeEntities(Class<? extends MongoIdentifiableEntity> type, DBObject query, MongoStoreInvocationContext context) {
List<? extends MongoIdentifiableEntity> foundObjects = loadEntities(type, query, context);
if (foundObjects.size() == 0) {
return false;
} else {
DBCollection dbCollection = getDBCollectionForType(type);
dbCollection.remove(query);
//logger.debug("Removed %d" + foundObjects.size() + " entities of type: " + type + ", query: " + query);
public int removeEntities(Class<? extends MongoIdentifiableEntity> type, DBObject query, boolean callback, MongoStoreInvocationContext context) {
if (callback) {
List<? extends MongoIdentifiableEntity> foundObjects = loadEntities(type, query, context);
if (foundObjects.size() == 0) {
return 0;
} else {
DBCollection dbCollection = getDBCollectionForType(type);
dbCollection.remove(query);
for (MongoIdentifiableEntity found : foundObjects) {
context.addRemovedEntity(found);;
logger.debugf("Removed %d entities of type: %s, query: %s", foundObjects.size(), type, query);
for (MongoIdentifiableEntity found : foundObjects) {
context.addRemovedEntity(found);;
}
return foundObjects.size();
}
return true;
} else {
context.beforeDBBulkUpdateOrRemove(type);
DBCollection dbCollection = getDBCollectionForType(type);
WriteResult writeResult = dbCollection.remove(query);
int removedCount = writeResult.getN();
logger.debugf("Removed directly %d entities of type: %s, query: %s", removedCount, type, query);
return removedCount;
}
}

4
connections/mongo/src/main/java/org/keycloak/connections/mongo/impl/context/SimpleMongoStoreInvocationContext.java
View file

@ -45,6 +45,10 @@ public class SimpleMongoStoreInvocationContext implements MongoStoreInvocationCo
public void beforeDBSearch(Class<? extends MongoIdentifiableEntity> entityType) {
}
@Override
public void beforeDBBulkUpdateOrRemove(Class<? extends MongoIdentifiableEntity> entityType) {
}
@Override
public void begin() {
}

22
connections/mongo/src/main/java/org/keycloak/connections/mongo/impl/context/TransactionMongoStoreInvocationContext.java
View file

@ -50,10 +50,6 @@ public class TransactionMongoStoreInvocationContext implements MongoStoreInvocat
@Override
public void addUpdateTask(MongoIdentifiableEntity entityToUpdate, MongoTask task) {
if (!loadedObjects.containsValue(entityToUpdate)) {
throw new IllegalStateException("Entity " + entityToUpdate + " not found in loaded objects");
}
Set<MongoTask> currentObjectTasks = pendingUpdateTasks.get(entityToUpdate);
if (currentObjectTasks == null) {
currentObjectTasks = new LinkedHashSet<MongoTask>();
@ -106,6 +102,24 @@ public class TransactionMongoStoreInvocationContext implements MongoStoreInvocat
}
}
@Override
public void beforeDBBulkUpdateOrRemove(Class<? extends MongoIdentifiableEntity> entityType) {
beforeDBSearch(entityType);
Set<String> toRemove = new HashSet<String>();
for (Map.Entry<String, MongoIdentifiableEntity> entry : loadedObjects.entrySet()) {
MongoIdentifiableEntity entity = entry.getValue();
if (entity.getClass().equals(entityType)) {
toRemove.add(entry.getKey());
}
}
// Now remove all loadedObjects
for (String objectId : toRemove) {
loadedObjects.remove(objectId);
}
}
@Override
public void begin() {
loadedObjects.clear();

14
forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/AccessBean.java
View file

@ -5,7 +5,7 @@ import java.util.LinkedList;
import java.util.List;
import org.keycloak.models.ClientModel;
import org.keycloak.models.GrantedConsentModel;
import org.keycloak.models.UserConsentModel;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
@ -20,14 +20,13 @@ public class AccessBean {
private List<ClientGrantBean> clientGrants = new LinkedList<ClientGrantBean>();
public AccessBean(RealmModel realm, UserModel user, URI baseUri, String stateChecker) {
List<GrantedConsentModel> grantedConsents = user.getGrantedConsents();
for (GrantedConsentModel consent : grantedConsents) {
ClientModel client = realm.getClientById(consent.getClientId());
List<UserConsentModel> grantedConsents = user.getGrantedConsents();
for (UserConsentModel consent : grantedConsents) {
ClientModel client = consent.getClient();
List<RoleModel> realmRolesGranted = new LinkedList<RoleModel>();
MultivaluedHashMap<String, RoleModel> resourceRolesGranted = new MultivaluedHashMap<String, RoleModel>();
for (String roleId : consent.getGrantedRoles()) {
RoleModel role = realm.getRoleById(roleId);
for (RoleModel role : consent.getGrantedRoles()) {
if (role.getContainer() instanceof RealmModel) {
realmRolesGranted.add(role);
} else {
@ -36,8 +35,7 @@ public class AccessBean {
}
List<String> claimsGranted = new LinkedList<String>();
for (String protocolMapperId : consent.getGrantedProtocolMappers()) {
ProtocolMapperModel protocolMapper = client.getProtocolMapperById(protocolMapperId);
for (ProtocolMapperModel protocolMapper : consent.getGrantedProtocolMappers()) {
claimsGranted.add(protocolMapper.getConsentText());
}

47
model/api/src/main/java/org/keycloak/models/GrantedConsentModel.java
View file

@ -1,47 +0,0 @@
package org.keycloak.models;
import java.util.HashSet;
import java.util.Set;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class GrantedConsentModel {
private final String clientId;
private Set<String> protocolMapperIds = new HashSet<String>();
private Set<String> roleIds = new HashSet<String>();
public GrantedConsentModel(String clientId) {
this.clientId = clientId;
}
public String getClientId() {
return clientId;
}
public void addGrantedRole(String roleId) {
roleIds.add(roleId);
}
public Set<String> getGrantedRoles() {
return roleIds;
}
public boolean isRoleGranted(String roleId) {
return roleIds.contains(roleId);
}
public void addGrantedProtocolMapper(String protocolMapperId) {
protocolMapperIds.add(protocolMapperId);
}
public Set<String> getGrantedProtocolMappers() {
return protocolMapperIds;
}
public boolean isProtocolMapperGranted(String protocolMapperId) {
return protocolMapperIds.contains(protocolMapperId);
}
}

69
model/api/src/main/java/org/keycloak/models/UserConsentModel.java Normal file
View file

@ -0,0 +1,69 @@
package org.keycloak.models;
import java.util.HashSet;
import java.util.Set;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class UserConsentModel {
private final RealmModel realm;
private final ClientModel client;
private Set<ProtocolMapperModel> protocolMappers = new HashSet<ProtocolMapperModel>();
private Set<RoleModel> roles = new HashSet<RoleModel>();
public UserConsentModel(RealmModel realm, String clientId) {
this.realm = realm;
this.client = realm.getClientById(clientId);
if (client == null) {
throw new ModelException("Client with id [" + clientId + "] is not available");
}
}
public ClientModel getClient() {
return client;
}
public void addGrantedRole(String roleId) {
RoleModel role = realm.getRoleById(roleId);
// Chance that role was already deleted by other transaction and is not available anymore
if (role != null) {
roles.add(role);
}
}
public Set<RoleModel> getGrantedRoles() {
return roles;
}
public boolean isRoleGranted(RoleModel role) {
for (RoleModel currentRole : roles) {
if (currentRole.getId().equals(role.getId())) return true;
}
return false;
}
public void addGrantedProtocolMapper(String protocolMapperId) {
ProtocolMapperModel protocolMapper = client.getProtocolMapperById(protocolMapperId);
// Chance that protocolMapper was already deleted by other transaction and is not available anymore
if (protocolMapper != null) {
protocolMappers.add(protocolMapper);
}
}
public Set<ProtocolMapperModel> getGrantedProtocolMappers() {
return protocolMappers;
}
public boolean isProtocolMapperGranted(ProtocolMapperModel protocolMapper) {
for (ProtocolMapperModel currentProtMapper : protocolMappers) {
if (currentProtMapper.getId().equals(protocolMapper.getId())) return true;
}
return false;
}
}

8
model/api/src/main/java/org/keycloak/models/UserModel.java
View file

@ -75,10 +75,10 @@ public interface UserModel {
String getFederationLink();
void setFederationLink(String link);
GrantedConsentModel addGrantedConsent(GrantedConsentModel consent);
GrantedConsentModel getGrantedConsentByClient(String clientId);
List<GrantedConsentModel> getGrantedConsents();
void updateGrantedConsent(GrantedConsentModel consent);
void addGrantedConsent(UserConsentModel consent);
UserConsentModel getGrantedConsentByClient(String clientId);
List<UserConsentModel> getGrantedConsents();
void updateGrantedConsent(UserConsentModel consent);
boolean revokeGrantedConsentForClient(String clientId);
public static enum RequiredAction {

47
model/api/src/main/java/org/keycloak/models/entities/UserConsentEntity.java Normal file
View file

@ -0,0 +1,47 @@
package org.keycloak.models.entities;
import java.util.ArrayList;
import java.util.List;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class UserConsentEntity extends AbstractIdentifiableEntity {
private String userId;
private String clientId;
private List<String> grantedRoles = new ArrayList<String>();
private List<String> grantedProtocolMappers = new ArrayList<String>();
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
public String getClientId() {
return clientId;
}
public void setClientId(String clientId) {
this.clientId = clientId;
}
public List<String> getGrantedRoles() {
return grantedRoles;
}
public void setGrantedRoles(List<String> grantedRoles) {
this.grantedRoles = grantedRoles;
}
public List<String> getGrantedProtocolMappers() {
return grantedProtocolMappers;
}
public void setGrantedProtocolMappers(List<String> grantedProtocolMappers) {
this.grantedProtocolMappers = grantedProtocolMappers;
}
}

12
model/api/src/main/java/org/keycloak/models/utils/UserModelDelegate.java
View file

@ -1,7 +1,7 @@
package org.keycloak.models.utils;
import org.keycloak.models.ClientModel;
import org.keycloak.models.GrantedConsentModel;
import org.keycloak.models.UserConsentModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserCredentialValueModel;
@ -188,22 +188,22 @@ public class UserModelDelegate implements UserModel {
}
@Override
public GrantedConsentModel addGrantedConsent(GrantedConsentModel consent) {
return delegate.addGrantedConsent(consent);
public void addGrantedConsent(UserConsentModel consent) {
delegate.addGrantedConsent(consent);
}
@Override
public GrantedConsentModel getGrantedConsentByClient(String clientId) {
public UserConsentModel getGrantedConsentByClient(String clientId) {
return delegate.getGrantedConsentByClient(clientId);
}
@Override
public List<GrantedConsentModel> getGrantedConsents() {
public List<UserConsentModel> getGrantedConsents() {
return delegate.getGrantedConsents();
}
@Override
public void updateGrantedConsent(GrantedConsentModel consent) {
public void updateGrantedConsent(UserConsentModel consent) {
delegate.updateGrantedConsent(consent);
}

19
model/file/src/main/java/org/keycloak/models/file/adapter/UserAdapter.java
View file

@ -20,7 +20,7 @@ import org.keycloak.models.ClientModel;
import static org.keycloak.models.utils.Pbkdf2PasswordEncoder.getSalt;
import org.keycloak.models.GrantedConsentModel;
import org.keycloak.models.UserConsentModel;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
@ -432,25 +432,24 @@ public class UserAdapter implements UserModel, Comparable {
}
@Override
public GrantedConsentModel addGrantedConsent(GrantedConsentModel consent) {
public void addGrantedConsent(UserConsentModel consent) {
// TODO
}
@Override
public UserConsentModel getGrantedConsentByClient(String clientId) {
// TODO
return null;
}
@Override
public GrantedConsentModel getGrantedConsentByClient(String clientId) {
public List<UserConsentModel> getGrantedConsents() {
// TODO
return null;
}
@Override
public List<GrantedConsentModel> getGrantedConsents() {
// TODO
return null;
}
@Override
public void updateGrantedConsent(GrantedConsentModel consent) {
public void updateGrantedConsent(UserConsentModel consent) {
// TODO
}

12
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/UserAdapter.java vendored
View file

@ -1,7 +1,7 @@
package org.keycloak.models.cache;
import org.keycloak.models.ClientModel;
import org.keycloak.models.GrantedConsentModel;
import org.keycloak.models.UserConsentModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
@ -277,27 +277,27 @@ public class UserAdapter implements UserModel {
}
@Override
public GrantedConsentModel addGrantedConsent(GrantedConsentModel consent) {
public void addGrantedConsent(UserConsentModel consent) {
getDelegateForUpdate();
return updated.addGrantedConsent(consent);
updated.addGrantedConsent(consent);
}
@Override
public GrantedConsentModel getGrantedConsentByClient(String clientId) {
public UserConsentModel getGrantedConsentByClient(String clientId) {
// TODO: caching?
getDelegateForUpdate();
return updated.getGrantedConsentByClient(clientId);
}
@Override
public List<GrantedConsentModel> getGrantedConsents() {
public List<UserConsentModel> getGrantedConsents() {
// TODO: caching?
getDelegateForUpdate();
return updated.getGrantedConsents();
}
@Override
public void updateGrantedConsent(GrantedConsentModel consent) {
public void updateGrantedConsent(UserConsentModel consent) {
getDelegateForUpdate();
updated.updateGrantedConsent(consent);
}

22
model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java
View file

@ -88,9 +88,9 @@ public class JpaUserProvider implements UserProvider {
private void removeUser(UserEntity user) {
em.createNamedQuery("deleteUserRoleMappingsByUser").setParameter("user", user).executeUpdate();
em.createNamedQuery("deleteFederatedIdentityByUser").setParameter("user", user).executeUpdate();
em.createNamedQuery("deleteGrantedConsentRolesByUser").setParameter("user", user).executeUpdate();
em.createNamedQuery("deleteGrantedConsentProtMappersByUser").setParameter("user", user).executeUpdate();
em.createNamedQuery("deleteGrantedConsentsByUser").setParameter("user", user).executeUpdate();
em.createNamedQuery("deleteUserConsentRolesByUser").setParameter("user", user).executeUpdate();
em.createNamedQuery("deleteUserConsentProtMappersByUser").setParameter("user", user).executeUpdate();
em.createNamedQuery("deleteUserConsentsByUser").setParameter("user", user).executeUpdate();
em.remove(user);
}
@ -134,11 +134,11 @@ public class JpaUserProvider implements UserProvider {
@Override
public void preRemove(RealmModel realm) {
int num = em.createNamedQuery("deleteGrantedConsentRolesByRealm")
int num = em.createNamedQuery("deleteUserConsentRolesByRealm")
.setParameter("realmId", realm.getId()).executeUpdate();
num = em.createNamedQuery("deleteGrantedConsentProtMappersByRealm")
num = em.createNamedQuery("deleteUserConsentProtMappersByRealm")
.setParameter("realmId", realm.getId()).executeUpdate();
num = em.createNamedQuery("deleteGrantedConsentsByRealm")
num = em.createNamedQuery("deleteUserConsentsByRealm")
.setParameter("realmId", realm.getId()).executeUpdate();
num = em.createNamedQuery("deleteUserRoleMappingsByRealm")
.setParameter("realmId", realm.getId()).executeUpdate();
@ -184,20 +184,20 @@ public class JpaUserProvider implements UserProvider {
@Override
public void preRemove(RealmModel realm, RoleModel role) {
em.createNamedQuery("deleteGrantedConsentRolesByRole").setParameter("roleId", role.getId()).executeUpdate();
em.createNamedQuery("deleteUserConsentRolesByRole").setParameter("roleId", role.getId()).executeUpdate();
em.createNamedQuery("deleteUserRoleMappingsByRole").setParameter("roleId", role.getId()).executeUpdate();
}
@Override
public void preRemove(RealmModel realm, ClientModel client) {
em.createNamedQuery("deleteGrantedConsentProtMappersByClient").setParameter("clientId", client.getId()).executeUpdate();
em.createNamedQuery("deleteGrantedConsentRolesByClient").setParameter("clientId", client.getId()).executeUpdate();
em.createNamedQuery("deleteGrantedConsentsByClient").setParameter("clientId", client.getId()).executeUpdate();
em.createNamedQuery("deleteUserConsentProtMappersByClient").setParameter("clientId", client.getId()).executeUpdate();
em.createNamedQuery("deleteUserConsentRolesByClient").setParameter("clientId", client.getId()).executeUpdate();
em.createNamedQuery("deleteUserConsentsByClient").setParameter("clientId", client.getId()).executeUpdate();
}
@Override
public void preRemove(ClientModel client, ProtocolMapperModel protocolMapper) {
em.createNamedQuery("deleteGrantedConsentProtMappersByProtocolMapper")
em.createNamedQuery("deleteUserConsentProtMappersByProtocolMapper")
.setParameter("protocolMapperId", protocolMapper.getId())
.executeUpdate();
}

98
model/jpa/src/main/java/org/keycloak/models/jpa/UserAdapter.java
View file

@ -1,7 +1,8 @@
package org.keycloak.models.jpa;
import org.keycloak.models.ClientModel;
import org.keycloak.models.GrantedConsentModel;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.UserConsentModel;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.ModelException;
import org.keycloak.models.PasswordPolicy;
@ -12,9 +13,9 @@ import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserCredentialValueModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.jpa.entities.CredentialEntity;
import org.keycloak.models.jpa.entities.GrantedConsentEntity;
import org.keycloak.models.jpa.entities.GrantedConsentProtocolMapperEntity;
import org.keycloak.models.jpa.entities.GrantedConsentRoleEntity;
import org.keycloak.models.jpa.entities.UserConsentEntity;
import org.keycloak.models.jpa.entities.UserConsentProtocolMapperEntity;
import org.keycloak.models.jpa.entities.UserConsentRoleEntity;
import org.keycloak.models.jpa.entities.UserAttributeEntity;
import org.keycloak.models.jpa.entities.UserEntity;
import org.keycloak.models.jpa.entities.UserRequiredActionEntity;
@ -29,7 +30,6 @@ import javax.persistence.TypedQuery;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
@ -480,18 +480,15 @@ public class UserAdapter implements UserModel {
}
@Override
public GrantedConsentModel addGrantedConsent(GrantedConsentModel consent) {
String clientId = consent.getClientId();
if (clientId == null) {
throw new ModelException("clientId needs to be filled for newly added consent!");
}
public void addGrantedConsent(UserConsentModel consent) {
String clientId = consent.getClient().getId();
GrantedConsentEntity consentEntity = getGrantedConsentEntity(clientId);
UserConsentEntity consentEntity = getGrantedConsentEntity(clientId);
if (consentEntity != null) {
throw new ModelDuplicateException("Consent already exists for client [" + clientId + "] and user [" + user.getId() + "]");
}
consentEntity = new GrantedConsentEntity();
consentEntity = new UserConsentEntity();
consentEntity.setId(KeycloakModelUtils.generateId());
consentEntity.setUser(user);
consentEntity.setClientId(clientId);
@ -499,38 +496,33 @@ public class UserAdapter implements UserModel {
em.flush();
updateGrantedConsentEntity(consentEntity, consent);
return consent;
}
@Override
public GrantedConsentModel getGrantedConsentByClient(String clientId) {
GrantedConsentEntity entity = getGrantedConsentEntity(clientId);
public UserConsentModel getGrantedConsentByClient(String clientId) {
UserConsentEntity entity = getGrantedConsentEntity(clientId);
return toConsentModel(entity);
}
@Override
public List<GrantedConsentModel> getGrantedConsents() {
TypedQuery<GrantedConsentEntity> query = em.createNamedQuery("grantedConsentsByUser", GrantedConsentEntity.class);
public List<UserConsentModel> getGrantedConsents() {
TypedQuery<UserConsentEntity> query = em.createNamedQuery("userConsentsByUser", UserConsentEntity.class);
query.setParameter("userId", getId());
List<GrantedConsentEntity> results = query.getResultList();
List<UserConsentEntity> results = query.getResultList();
List<GrantedConsentModel> consents = new ArrayList<GrantedConsentModel>();
for (GrantedConsentEntity entity : results) {
GrantedConsentModel model = toConsentModel(entity);
List<UserConsentModel> consents = new ArrayList<UserConsentModel>();
for (UserConsentEntity entity : results) {
UserConsentModel model = toConsentModel(entity);
consents.add(model);
}
return consents;
}
@Override
public void updateGrantedConsent(GrantedConsentModel consent) {
String clientId = consent.getClientId();
if (clientId == null) {
throw new ModelException("clientId needs to be for newly added consent!");
}
public void updateGrantedConsent(UserConsentModel consent) {
String clientId = consent.getClient().getId();
GrantedConsentEntity consentEntity = getGrantedConsentEntity(clientId);
UserConsentEntity consentEntity = getGrantedConsentEntity(clientId);
if (consentEntity == null) {
throw new ModelException("Consent not found for client [" + clientId + "] and user [" + user.getId() + "]");
}
@ -540,7 +532,7 @@ public class UserAdapter implements UserModel {
@Override
public boolean revokeGrantedConsentForClient(String clientId) {
GrantedConsentEntity consentEntity = getGrantedConsentEntity(clientId);
UserConsentEntity consentEntity = getGrantedConsentEntity(clientId);
if (consentEntity == null) return false;
em.remove(consentEntity);
@ -549,11 +541,11 @@ public class UserAdapter implements UserModel {
}
private GrantedConsentEntity getGrantedConsentEntity(String clientId) {
TypedQuery<GrantedConsentEntity> query = em.createNamedQuery("grantedConsentByUserAndClient", GrantedConsentEntity.class);
private UserConsentEntity getGrantedConsentEntity(String clientId) {
TypedQuery<UserConsentEntity> query = em.createNamedQuery("userConsentByUserAndClient", UserConsentEntity.class);
query.setParameter("userId", getId());
query.setParameter("clientId", clientId);
List<GrantedConsentEntity> results = query.getResultList();
List<UserConsentEntity> results = query.getResultList();
if (results.size() > 1) {
throw new ModelException("More results found for user [" + getUsername() + "] and client [" + clientId + "]");
} else if (results.size() == 1) {
@ -563,23 +555,23 @@ public class UserAdapter implements UserModel {
}
}
private GrantedConsentModel toConsentModel(GrantedConsentEntity entity) {
private UserConsentModel toConsentModel(UserConsentEntity entity) {
if (entity == null) {
return null;
}
GrantedConsentModel model = new GrantedConsentModel(entity.getClientId());
UserConsentModel model = new UserConsentModel(realm, entity.getClientId());
Collection<GrantedConsentRoleEntity> grantedRoleEntities = entity.getGrantedRoles();
Collection<UserConsentRoleEntity> grantedRoleEntities = entity.getGrantedRoles();
if (grantedRoleEntities != null) {
for (GrantedConsentRoleEntity grantedRole : grantedRoleEntities) {
for (UserConsentRoleEntity grantedRole : grantedRoleEntities) {
model.addGrantedRole(grantedRole.getRoleId());
}
}
Collection<GrantedConsentProtocolMapperEntity> grantedProtocolMapperEntities = entity.getGrantedProtocolMappers();
Collection<UserConsentProtocolMapperEntity> grantedProtocolMapperEntities = entity.getGrantedProtocolMappers();
if (grantedProtocolMapperEntities != null) {
for (GrantedConsentProtocolMapperEntity grantedProtMapper : grantedProtocolMapperEntities) {
for (UserConsentProtocolMapperEntity grantedProtMapper : grantedProtocolMapperEntities) {
model.addGrantedProtocolMapper(grantedProtMapper.getProtocolMapperId());
}
}
@ -588,14 +580,14 @@ public class UserAdapter implements UserModel {
}
// Update roles and protocolMappers to given consentEntity from the consentModel
private void updateGrantedConsentEntity(GrantedConsentEntity consentEntity, GrantedConsentModel consentModel) {
Collection<GrantedConsentProtocolMapperEntity> grantedProtocolMapperEntities = consentEntity.getGrantedProtocolMappers();
Collection<GrantedConsentProtocolMapperEntity> mappersToRemove = new HashSet<GrantedConsentProtocolMapperEntity>(grantedProtocolMapperEntities);
private void updateGrantedConsentEntity(UserConsentEntity consentEntity, UserConsentModel consentModel) {
Collection<UserConsentProtocolMapperEntity> grantedProtocolMapperEntities = consentEntity.getGrantedProtocolMappers();
Collection<UserConsentProtocolMapperEntity> mappersToRemove = new HashSet<UserConsentProtocolMapperEntity>(grantedProtocolMapperEntities);
for (String protocolMapperId : consentModel.getGrantedProtocolMappers()) {
GrantedConsentProtocolMapperEntity grantedProtocolMapperEntity = new GrantedConsentProtocolMapperEntity();
grantedProtocolMapperEntity.setGrantedConsent(consentEntity);
grantedProtocolMapperEntity.setProtocolMapperId(protocolMapperId);
for (ProtocolMapperModel protocolMapper : consentModel.getGrantedProtocolMappers()) {
UserConsentProtocolMapperEntity grantedProtocolMapperEntity = new UserConsentProtocolMapperEntity();
grantedProtocolMapperEntity.setUserConsent(consentEntity);
grantedProtocolMapperEntity.setProtocolMapperId(protocolMapper.getId());
// Check if it's already there
if (!grantedProtocolMapperEntities.contains(grantedProtocolMapperEntity)) {
@ -607,17 +599,17 @@ public class UserAdapter implements UserModel {
}
}
// Those mappers were no longer on consentModel and will be removed
for (GrantedConsentProtocolMapperEntity toRemove : mappersToRemove) {
for (UserConsentProtocolMapperEntity toRemove : mappersToRemove) {
grantedProtocolMapperEntities.remove(toRemove);
em.remove(toRemove);
}
Collection<GrantedConsentRoleEntity> grantedRoleEntities = consentEntity.getGrantedRoles();
Set<GrantedConsentRoleEntity> rolesToRemove = new HashSet<GrantedConsentRoleEntity>(grantedRoleEntities);
for (String roleId : consentModel.getGrantedRoles()) {
GrantedConsentRoleEntity consentRoleEntity = new GrantedConsentRoleEntity();
consentRoleEntity.setGrantedConsent(consentEntity);
consentRoleEntity.setRoleId(roleId);
Collection<UserConsentRoleEntity> grantedRoleEntities = consentEntity.getGrantedRoles();
Set<UserConsentRoleEntity> rolesToRemove = new HashSet<UserConsentRoleEntity>(grantedRoleEntities);
for (RoleModel role : consentModel.getGrantedRoles()) {
UserConsentRoleEntity consentRoleEntity = new UserConsentRoleEntity();
consentRoleEntity.setUserConsent(consentEntity);
consentRoleEntity.setRoleId(role.getId());
// Check if it's already there
if (!grantedRoleEntities.contains(consentRoleEntity)) {
@ -629,7 +621,7 @@ public class UserAdapter implements UserModel {
}
}
// Those roles were no longer on consentModel and will be removed
for (GrantedConsentRoleEntity toRemove : rolesToRemove) {
for (UserConsentRoleEntity toRemove : rolesToRemove) {
grantedRoleEntities.remove(toRemove);
em.remove(toRemove);
}

96
model/jpa/src/main/java/org/keycloak/models/jpa/entities/GrantedConsentEntity.java
View file

@ -1,96 +0,0 @@
package org.keycloak.models.jpa.entities;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import javax.persistence.CascadeType;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
import javax.persistence.ElementCollection;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.JoinTable;
import javax.persistence.ManyToOne;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.OneToMany;
import javax.persistence.Table;
import javax.persistence.UniqueConstraint;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
@Entity
@Table(name="GRANTED_CONSENT", uniqueConstraints = {
@UniqueConstraint(columnNames = {"USER_ID", "CLIENT_ID"})
})
@NamedQueries({
@NamedQuery(name="grantedConsentByUserAndClient", query="select consent from GrantedConsentEntity consent where consent.user.id = :userId and consent.clientId = :clientId"),
@NamedQuery(name="grantedConsentsByUser", query="select consent from GrantedConsentEntity consent where consent.user.id = :userId"),
@NamedQuery(name="deleteGrantedConsentsByRealm", query="delete from GrantedConsentEntity consent where consent.user IN (select user from UserEntity user where user.realmId = :realmId)"),
@NamedQuery(name="deleteGrantedConsentsByUser", query="delete from GrantedConsentEntity consent where consent.user = :user"),
@NamedQuery(name="deleteGrantedConsentsByClient", query="delete from GrantedConsentEntity consent where consent.clientId = :clientId"),
})
public class GrantedConsentEntity {
@Id
@Column(name="ID", length = 36)
protected String id;
@ManyToOne(fetch= FetchType.LAZY)
@JoinColumn(name="USER_ID")
protected UserEntity user;
@Column(name="CLIENT_ID")
protected String clientId;
@OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "grantedConsent")
Collection<GrantedConsentRoleEntity> grantedRoles = new ArrayList<GrantedConsentRoleEntity>();
@OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "grantedConsent")
Collection<GrantedConsentProtocolMapperEntity> grantedProtocolMappers = new ArrayList<GrantedConsentProtocolMapperEntity>();
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public UserEntity getUser() {
return user;
}
public void setUser(UserEntity user) {
this.user = user;
}
public String getClientId() {
return clientId;
}
public void setClientId(String clientId) {
this.clientId = clientId;
}
public Collection<GrantedConsentRoleEntity> getGrantedRoles() {
return grantedRoles;
}
public void setGrantedRoles(Collection<GrantedConsentRoleEntity> grantedRoles) {
this.grantedRoles = grantedRoles;
}
public Collection<GrantedConsentProtocolMapperEntity> getGrantedProtocolMappers() {
return grantedProtocolMappers;
}
public void setGrantedProtocolMappers(Collection<GrantedConsentProtocolMapperEntity> grantedProtocolMappers) {
this.grantedProtocolMappers = grantedProtocolMappers;
}
}

115
model/jpa/src/main/java/org/keycloak/models/jpa/entities/GrantedConsentProtocolMapperEntity.java
View file

@ -1,115 +0,0 @@
package org.keycloak.models.jpa.entities;
import java.io.Serializable;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.Id;
import javax.persistence.IdClass;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.Table;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
@NamedQueries({
@NamedQuery(name="deleteGrantedConsentProtMappersByRealm", query=
"delete from GrantedConsentProtocolMapperEntity csm where csm.grantedConsent IN (select consent from GrantedConsentEntity consent where consent.user IN (select user from UserEntity user where user.realmId = :realmId))"),
@NamedQuery(name="deleteGrantedConsentProtMappersByUser", query="delete from GrantedConsentProtocolMapperEntity csm where csm.grantedConsent IN (select consent from GrantedConsentEntity consent where consent.user = :user)"),
@NamedQuery(name="deleteGrantedConsentProtMappersByProtocolMapper", query="delete from GrantedConsentProtocolMapperEntity csm where csm.protocolMapperId = :protocolMapperId)"),
@NamedQuery(name="deleteGrantedConsentProtMappersByClient", query="delete from GrantedConsentProtocolMapperEntity csm where csm.grantedConsent IN (select consent from GrantedConsentEntity consent where consent.clientId = :clientId))"),
})
@Entity
@Table(name="GRANTED_CONSENT_PROT_MAPPER")
@IdClass(GrantedConsentProtocolMapperEntity.Key.class)
public class GrantedConsentProtocolMapperEntity {
@Id
@ManyToOne(fetch= FetchType.LAZY)
@JoinColumn(name = "GRANTED_CONSENT_ID")
protected GrantedConsentEntity grantedConsent;
@Id
@Column(name="PROTOCOL_MAPPER_ID")
protected String protocolMapperId;
public GrantedConsentEntity getGrantedConsent() {
return grantedConsent;
}
public void setGrantedConsent(GrantedConsentEntity grantedConsent) {
this.grantedConsent = grantedConsent;
}
public String getProtocolMapperId() {
return protocolMapperId;
}
public void setProtocolMapperId(String protocolMapperId) {
this.protocolMapperId = protocolMapperId;
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
GrantedConsentProtocolMapperEntity that = (GrantedConsentProtocolMapperEntity)o;
Key myKey = new Key(this.grantedConsent, this.protocolMapperId);
Key hisKey = new Key(that.grantedConsent, that.protocolMapperId);
return myKey.equals(hisKey);
}
@Override
public int hashCode() {
Key myKey = new Key(this.grantedConsent, this.protocolMapperId);
return myKey.hashCode();
}
public static class Key implements Serializable {
protected GrantedConsentEntity grantedConsent;
protected String protocolMapperId;
public Key() {
}
public Key(GrantedConsentEntity grantedConsent, String protocolMapperId) {
this.grantedConsent = grantedConsent;
this.protocolMapperId = protocolMapperId;
}
public GrantedConsentEntity getGrantedConsent() {
return grantedConsent;
}
public String getProtocolMapperId() {
return protocolMapperId;
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
Key key = (Key) o;
if (grantedConsent != null ? !grantedConsent.getId().equals(key.grantedConsent != null ? key.grantedConsent.getId() : null) : key.grantedConsent != null) return false;
if (protocolMapperId != null ? !protocolMapperId.equals(key.protocolMapperId) : key.protocolMapperId != null) return false;
return true;
}
@Override
public int hashCode() {
int result = grantedConsent != null ? grantedConsent.getId().hashCode() : 0;
result = 31 * result + (protocolMapperId != null ? protocolMapperId.hashCode() : 0);
return result;
}
}
}

115
model/jpa/src/main/java/org/keycloak/models/jpa/entities/GrantedConsentRoleEntity.java
View file

@ -1,115 +0,0 @@
package org.keycloak.models.jpa.entities;
import java.io.Serializable;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.Id;
import javax.persistence.IdClass;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.Table;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
@NamedQueries({
@NamedQuery(name="deleteGrantedConsentRolesByRealm", query="delete from GrantedConsentRoleEntity grantedRole where grantedRole.grantedConsent IN (select consent from GrantedConsentEntity consent where consent.user IN (select user from UserEntity user where user.realmId = :realmId))"),
@NamedQuery(name="deleteGrantedConsentRolesByUser", query="delete from GrantedConsentRoleEntity grantedRole where grantedRole.grantedConsent IN (select consent from GrantedConsentEntity consent where consent.user = :user)"),
@NamedQuery(name="deleteGrantedConsentRolesByRole", query="delete from GrantedConsentRoleEntity grantedRole where grantedRole.roleId = :roleId)"),
@NamedQuery(name="deleteGrantedConsentRolesByClient", query="delete from GrantedConsentRoleEntity grantedRole where grantedRole.grantedConsent IN (select consent from GrantedConsentEntity consent where consent.clientId = :clientId)"),
})
@Entity
@Table(name="GRANTED_CONSENT_ROLE")
@IdClass(GrantedConsentRoleEntity.Key.class)
public class GrantedConsentRoleEntity {
@Id
@ManyToOne(fetch= FetchType.LAZY)
@JoinColumn(name = "GRANTED_CONSENT_ID")
protected GrantedConsentEntity grantedConsent;
@Id
@Column(name="ROLE_ID")
protected String roleId;
public GrantedConsentEntity getGrantedConsent() {
return grantedConsent;
}
public void setGrantedConsent(GrantedConsentEntity grantedConsent) {
this.grantedConsent = grantedConsent;
}
public String getRoleId() {
return roleId;
}
public void setRoleId(String roleId) {
this.roleId = roleId;
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
GrantedConsentRoleEntity that = (GrantedConsentRoleEntity)o;
Key myKey = new Key(this.grantedConsent, this.roleId);
Key hisKey = new Key(that.grantedConsent, that.roleId);
return myKey.equals(hisKey);
}
@Override
public int hashCode() {
Key myKey = new Key(this.grantedConsent, this.roleId);
return myKey.hashCode();
}
public static class Key implements Serializable {
protected GrantedConsentEntity grantedConsent;
protected String roleId;
public Key() {
}
public Key(GrantedConsentEntity grantedConsent, String roleId) {
this.grantedConsent = grantedConsent;
this.roleId = roleId;
}
public GrantedConsentEntity getGrantedConsent() {
return grantedConsent;
}
public String getRoleId() {
return roleId;
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
Key key = (Key) o;
if (grantedConsent != null ? !grantedConsent.getId().equals(key.grantedConsent != null ? key.grantedConsent.getId() : null) : key.grantedConsent != null) return false;
if (roleId != null ? !roleId.equals(key.roleId) : key.roleId != null) return false;
return true;
}
@Override
public int hashCode() {
int result = grantedConsent != null ? grantedConsent.getId().hashCode() : 0;
result = 31 * result + (roleId != null ? roleId.hashCode() : 0);
return result;
}
}
}

91
model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserConsentEntity.java Normal file
View file

@ -0,0 +1,91 @@
package org.keycloak.models.jpa.entities;
import java.util.ArrayList;
import java.util.Collection;
import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.OneToMany;
import javax.persistence.Table;
import javax.persistence.UniqueConstraint;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
@Entity
@Table(name="USER_CONSENT", uniqueConstraints = {
@UniqueConstraint(columnNames = {"USER_ID", "CLIENT_ID"})
})
@NamedQueries({
@NamedQuery(name="userConsentByUserAndClient", query="select consent from UserConsentEntity consent where consent.user.id = :userId and consent.clientId = :clientId"),
@NamedQuery(name="userConsentsByUser", query="select consent from UserConsentEntity consent where consent.user.id = :userId"),
@NamedQuery(name="deleteUserConsentsByRealm", query="delete from UserConsentEntity consent where consent.user IN (select user from UserEntity user where user.realmId = :realmId)"),
@NamedQuery(name="deleteUserConsentsByUser", query="delete from UserConsentEntity consent where consent.user = :user"),
@NamedQuery(name="deleteUserConsentsByClient", query="delete from UserConsentEntity consent where consent.clientId = :clientId"),
})
public class UserConsentEntity {
@Id
@Column(name="ID", length = 36)
protected String id;
@ManyToOne(fetch= FetchType.LAZY)
@JoinColumn(name="USER_ID")
protected UserEntity user;
@Column(name="CLIENT_ID")
protected String clientId;
@OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "userConsent")
Collection<UserConsentRoleEntity> grantedRoles = new ArrayList<UserConsentRoleEntity>();
@OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "userConsent")
Collection<UserConsentProtocolMapperEntity> grantedProtocolMappers = new ArrayList<UserConsentProtocolMapperEntity>();
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public UserEntity getUser() {
return user;
}
public void setUser(UserEntity user) {
this.user = user;
}
public String getClientId() {
return clientId;
}
public void setClientId(String clientId) {
this.clientId = clientId;
}
public Collection<UserConsentRoleEntity> getGrantedRoles() {
return grantedRoles;
}
public void setGrantedRoles(Collection<UserConsentRoleEntity> grantedRoles) {
this.grantedRoles = grantedRoles;
}
public Collection<UserConsentProtocolMapperEntity> getGrantedProtocolMappers() {
return grantedProtocolMappers;
}
public void setGrantedProtocolMappers(Collection<UserConsentProtocolMapperEntity> grantedProtocolMappers) {
this.grantedProtocolMappers = grantedProtocolMappers;
}
}

115
model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserConsentProtocolMapperEntity.java Normal file
View file

@ -0,0 +1,115 @@
package org.keycloak.models.jpa.entities;
import java.io.Serializable;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.Id;
import javax.persistence.IdClass;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.Table;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
@NamedQueries({
@NamedQuery(name="deleteUserConsentProtMappersByRealm", query=
"delete from UserConsentProtocolMapperEntity csm where csm.userConsent IN (select consent from UserConsentEntity consent where consent.user IN (select user from UserEntity user where user.realmId = :realmId))"),
@NamedQuery(name="deleteUserConsentProtMappersByUser", query="delete from UserConsentProtocolMapperEntity csm where csm.userConsent IN (select consent from UserConsentEntity consent where consent.user = :user)"),
@NamedQuery(name="deleteUserConsentProtMappersByProtocolMapper", query="delete from UserConsentProtocolMapperEntity csm where csm.protocolMapperId = :protocolMapperId)"),
@NamedQuery(name="deleteUserConsentProtMappersByClient", query="delete from UserConsentProtocolMapperEntity csm where csm.userConsent IN (select consent from UserConsentEntity consent where consent.clientId = :clientId))"),
})
@Entity
@Table(name="USER_CONSENT_PROT_MAPPER")
@IdClass(UserConsentProtocolMapperEntity.Key.class)
public class UserConsentProtocolMapperEntity {
@Id
@ManyToOne(fetch= FetchType.LAZY)
@JoinColumn(name = "USER_CONSENT_ID")
protected UserConsentEntity userConsent;
@Id
@Column(name="PROTOCOL_MAPPER_ID")
protected String protocolMapperId;
public UserConsentEntity getUserConsent() {
return userConsent;
}
public void setUserConsent(UserConsentEntity userConsent) {
this.userConsent = userConsent;
}
public String getProtocolMapperId() {
return protocolMapperId;
}
public void setProtocolMapperId(String protocolMapperId) {
this.protocolMapperId = protocolMapperId;
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
UserConsentProtocolMapperEntity that = (UserConsentProtocolMapperEntity)o;
Key myKey = new Key(this.userConsent, this.protocolMapperId);
Key hisKey = new Key(that.userConsent, that.protocolMapperId);
return myKey.equals(hisKey);
}
@Override
public int hashCode() {
Key myKey = new Key(this.userConsent, this.protocolMapperId);
return myKey.hashCode();
}
public static class Key implements Serializable {
protected UserConsentEntity userConsent;
protected String protocolMapperId;
public Key() {
}
public Key(UserConsentEntity userConsent, String protocolMapperId) {
this.userConsent = userConsent;
this.protocolMapperId = protocolMapperId;
}
public UserConsentEntity getUserConsent() {
return userConsent;
}
public String getProtocolMapperId() {
return protocolMapperId;
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
Key key = (Key) o;
if (userConsent != null ? !userConsent.getId().equals(key.userConsent != null ? key.userConsent.getId() : null) : key.userConsent != null) return false;
if (protocolMapperId != null ? !protocolMapperId.equals(key.protocolMapperId) : key.protocolMapperId != null) return false;
return true;
}
@Override
public int hashCode() {
int result = userConsent != null ? userConsent.getId().hashCode() : 0;
result = 31 * result + (protocolMapperId != null ? protocolMapperId.hashCode() : 0);
return result;
}
}
}

115
model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserConsentRoleEntity.java Normal file
View file

@ -0,0 +1,115 @@
package org.keycloak.models.jpa.entities;
import java.io.Serializable;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.Id;
import javax.persistence.IdClass;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.Table;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
@NamedQueries({
@NamedQuery(name="deleteUserConsentRolesByRealm", query="delete from UserConsentRoleEntity grantedRole where grantedRole.userConsent IN (select consent from UserConsentEntity consent where consent.user IN (select user from UserEntity user where user.realmId = :realmId))"),
@NamedQuery(name="deleteUserConsentRolesByUser", query="delete from UserConsentRoleEntity grantedRole where grantedRole.userConsent IN (select consent from UserConsentEntity consent where consent.user = :user)"),
@NamedQuery(name="deleteUserConsentRolesByRole", query="delete from UserConsentRoleEntity grantedRole where grantedRole.roleId = :roleId)"),
@NamedQuery(name="deleteUserConsentRolesByClient", query="delete from UserConsentRoleEntity grantedRole where grantedRole.userConsent IN (select consent from UserConsentEntity consent where consent.clientId = :clientId)"),
})
@Entity
@Table(name="USER_CONSENT_ROLE")
@IdClass(UserConsentRoleEntity.Key.class)
public class UserConsentRoleEntity {
@Id
@ManyToOne(fetch= FetchType.LAZY)
@JoinColumn(name = "USER_CONSENT_ID")
protected UserConsentEntity userConsent;
@Id
@Column(name="ROLE_ID")
protected String roleId;
public UserConsentEntity getUserConsent() {
return userConsent;
}
public void setUserConsent(UserConsentEntity userConsent) {
this.userConsent = userConsent;
}
public String getRoleId() {
return roleId;
}
public void setRoleId(String roleId) {
this.roleId = roleId;
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
UserConsentRoleEntity that = (UserConsentRoleEntity)o;
Key myKey = new Key(this.userConsent, this.roleId);
Key hisKey = new Key(that.userConsent, that.roleId);
return myKey.equals(hisKey);
}
@Override
public int hashCode() {
Key myKey = new Key(this.userConsent, this.roleId);
return myKey.hashCode();
}
public static class Key implements Serializable {
protected UserConsentEntity userConsent;
protected String roleId;
public Key() {
}
public Key(UserConsentEntity userConsent, String roleId) {
this.userConsent = userConsent;
this.roleId = roleId;
}
public UserConsentEntity getUserConsent() {
return userConsent;
}
public String getRoleId() {
return roleId;
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
Key key = (Key) o;
if (userConsent != null ? !userConsent.getId().equals(key.userConsent != null ? key.userConsent.getId() : null) : key.userConsent != null) return false;
if (roleId != null ? !roleId.equals(key.roleId) : key.roleId != null) return false;
return true;
}
@Override
public int hashCode() {
int result = userConsent != null ? userConsent.getId().hashCode() : 0;
result = 31 * result + (roleId != null ? roleId.hashCode() : 0);
return result;
}
}
}

46
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/MongoUserProvider.java
View file

@ -17,6 +17,7 @@ import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserProvider;
import org.keycloak.models.entities.FederatedIdentityEntity;
import org.keycloak.models.mongo.keycloak.entities.MongoUserConsentEntity;
import org.keycloak.models.mongo.keycloak.entities.MongoUserEntity;
import org.keycloak.models.utils.CredentialValidation;
@ -43,7 +44,6 @@ public class MongoUserProvider implements UserProvider {
@Override
public void close() {
// TODO
}
@Override
@ -274,11 +274,7 @@ public class MongoUserProvider implements UserProvider {
@Override
public boolean removeUser(RealmModel realm, UserModel user) {
DBObject query = new QueryBuilder()
.and("_id").is(user.getId())
.and("realmId").is(realm.getId())
.get();
return getMongoStore().removeEntities(MongoUserEntity.class, query, invocationContext);
return getMongoStore().removeEntity(MongoUserEntity.class, user.getId(), invocationContext);
}
@ -339,32 +335,60 @@ public class MongoUserProvider implements UserProvider {
DBObject query = new QueryBuilder()
.and("realmId").is(realm.getId())
.get();
getMongoStore().removeEntities(MongoUserEntity.class, query, invocationContext);
getMongoStore().removeEntities(MongoUserEntity.class, query, true, invocationContext);
}
@Override
public void preRemove(RealmModel realm, UserFederationProviderModel link) {
// Remove all users linked with federationProvider and their consents
DBObject query = new QueryBuilder()
.and("realmId").is(realm.getId())
.and("federationLink").is(link.getId())
.get();
getMongoStore().removeEntities(MongoUserEntity.class, query, invocationContext);
getMongoStore().removeEntities(MongoUserEntity.class, query, true, invocationContext);
}
@Override
public void preRemove(RealmModel realm, ClientModel client) {
// TODO
// Remove all role mappings and consents mapped to all roles of this client
for (RoleModel role : client.getRoles()) {
preRemove(realm, role);
}
// Finally remove all consents of this client
DBObject query = new QueryBuilder()
.and("clientId").is(client.getId())
.get();
getMongoStore().removeEntities(MongoUserConsentEntity.class, query, false, invocationContext);
}
@Override
public void preRemove(ClientModel client, ProtocolMapperModel protocolMapper) {
// TODO
// Remove this protocol mapper from all consents, which has it
DBObject query = new QueryBuilder()
.and("grantedProtocolMappers").is(protocolMapper.getId())
.get();
DBObject pull = new BasicDBObject("$pull", query);
getMongoStore().updateEntities(MongoUserEntity.class, query, pull, invocationContext);
}
@Override
public void preRemove(RealmModel realm, RoleModel role) {
// todo not sure what to do for this
// Remove this role from all users, which has it
DBObject query = new QueryBuilder()
.and("roleIds").is(role.getId())
.get();
DBObject pull = new BasicDBObject("$pull", query);
getMongoStore().updateEntities(MongoUserEntity.class, query, pull, invocationContext);
// Remove this role from all consents, which has it
query = new QueryBuilder()
.and("grantedRoles").is(role.getId())
.get();
pull = new BasicDBObject("$pull", query);
getMongoStore().updateEntities(MongoUserConsentEntity.class, query, pull, invocationContext);
}
@Override

129
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/UserAdapter.java
View file

@ -2,10 +2,15 @@ package org.keycloak.models.mongo.keycloak.adapters;
import static org.keycloak.models.utils.Pbkdf2PasswordEncoder.getSalt;
import com.mongodb.DBObject;
import com.mongodb.QueryBuilder;
import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
import org.keycloak.models.ClientModel;
import org.keycloak.models.GrantedConsentModel;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.UserConsentModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.ModelException;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
@ -13,7 +18,9 @@ import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserCredentialValueModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.entities.CredentialEntity;
import org.keycloak.models.entities.UserConsentEntity;
import org.keycloak.models.mongo.keycloak.entities.MongoRoleEntity;
import org.keycloak.models.mongo.keycloak.entities.MongoUserConsentEntity;
import org.keycloak.models.mongo.keycloak.entities.MongoUserEntity;
import org.keycloak.models.mongo.utils.MongoModelUtils;
import org.keycloak.models.utils.Pbkdf2PasswordEncoder;
@ -22,9 +29,9 @@ import org.keycloak.util.Time;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
@ -360,30 +367,18 @@ public class UserAdapter extends AbstractMongoAdapter<MongoUserEntity> implement
@Override
public Set<RoleModel> getRoleMappings() {
Set<RoleModel> result = new HashSet<RoleModel>();
List<MongoRoleEntity> roles = MongoModelUtils.getAllRolesOfUser(this, invocationContext);
for (MongoRoleEntity role : roles) {
if (realm.getId().equals(role.getRealmId())) {
result.add(new RoleAdapter(session, realm, role, realm, invocationContext));
} else {
// Likely applicationRole, but we don't have this application yet
result.add(new RoleAdapter(session, realm, role, invocationContext));
}
}
return result;
List<RoleModel> roles = MongoModelUtils.getAllRolesOfUser(realm, this);
return new HashSet<RoleModel>(roles);
}
@Override
public Set<RoleModel> getRealmRoleMappings() {
Set<RoleModel> allRoles = getRoleMappings();
// Filter to retrieve just realm roles TODO: Maybe improve to avoid filter programmatically... Maybe have separate fields for realmRoles and appRoles on user?
// Filter to retrieve just realm roles
Set<RoleModel> realmRoles = new HashSet<RoleModel>();
for (RoleModel role : allRoles) {
MongoRoleEntity roleEntity = ((RoleAdapter) role).getRole();
if (realm.getId().equals(roleEntity.getRealmId())) {
if (role.getContainer() instanceof RealmModel) {
realmRoles.add(role);
}
}
@ -400,11 +395,11 @@ public class UserAdapter extends AbstractMongoAdapter<MongoUserEntity> implement
@Override
public Set<RoleModel> getClientRoleMappings(ClientModel app) {
Set<RoleModel> result = new HashSet<RoleModel>();
List<MongoRoleEntity> roles = MongoModelUtils.getAllRolesOfUser(this, invocationContext);
List<RoleModel> roles = MongoModelUtils.getAllRolesOfUser(realm, this);
for (MongoRoleEntity role : roles) {
if (app.getId().equals(role.getClientId())) {
result.add(new RoleAdapter(session, realm, role, app, invocationContext));
for (RoleModel role : roles) {
if (app.equals(role.getContainer())) {
result.add(role);
}
}
return result;
@ -422,32 +417,96 @@ public class UserAdapter extends AbstractMongoAdapter<MongoUserEntity> implement
}
@Override
public GrantedConsentModel addGrantedConsent(GrantedConsentModel consent) {
// TODO
return null;
public void addGrantedConsent(UserConsentModel consent) {
String clientId = consent.getClient().getId();
if (getConsentEntityByClientId(clientId) != null) {
throw new ModelDuplicateException("Consent already exists for client [" + clientId + "] and user [" + user.getId() + "]");
}
MongoUserConsentEntity consentEntity = new MongoUserConsentEntity();
consentEntity.setUserId(getId());
consentEntity.setClientId(clientId);
fillEntityFromModel(consent, consentEntity);
getMongoStore().insertEntity(consentEntity, invocationContext);
}
@Override
public GrantedConsentModel getGrantedConsentByClient(String clientId) {
// TODO
return null;
public UserConsentModel getGrantedConsentByClient(String clientId) {
UserConsentEntity consentEntity = getConsentEntityByClientId(clientId);
return consentEntity!=null ? toConsentModel(consentEntity) : null;
}
@Override
public List<GrantedConsentModel> getGrantedConsents() {
// TODO
return null;
public List<UserConsentModel> getGrantedConsents() {
List<UserConsentModel> result = new ArrayList<UserConsentModel>();
DBObject query = new QueryBuilder()
.and("userId").is(getId())
.get();
List<MongoUserConsentEntity> grantedConsents = getMongoStore().loadEntities(MongoUserConsentEntity.class, query, invocationContext);
for (UserConsentEntity consentEntity : grantedConsents) {
UserConsentModel model = toConsentModel(consentEntity);
result.add(model);
}
return result;
}
private MongoUserConsentEntity getConsentEntityByClientId(String clientId) {
DBObject query = new QueryBuilder()
.and("userId").is(getId())
.and("clientId").is(clientId)
.get();
return getMongoStore().loadSingleEntity(MongoUserConsentEntity.class, query, invocationContext);
}
private UserConsentModel toConsentModel(UserConsentEntity entity) {
UserConsentModel model = new UserConsentModel(realm, entity.getClientId());
for (String roleId : entity.getGrantedRoles()) {
model.addGrantedRole(roleId);
}
for (String protMapperId : entity.getGrantedProtocolMappers()) {
model.addGrantedProtocolMapper(protMapperId);
}
return model;
}
// Fill roles and protocolMappers to entity
private void fillEntityFromModel(UserConsentModel consent, MongoUserConsentEntity consentEntity) {
List<String> roleIds = new LinkedList<String>();
for (RoleModel role : consent.getGrantedRoles()) {
roleIds.add(role.getId());
}
consentEntity.setGrantedRoles(roleIds);
List<String> protMapperIds = new LinkedList<String>();
for (ProtocolMapperModel protMapperModel : consent.getGrantedProtocolMappers()) {
protMapperIds.add(protMapperModel.getId());
}
consentEntity.setGrantedProtocolMappers(protMapperIds);
}
@Override
public void updateGrantedConsent(GrantedConsentModel consent) {
// TODO
public void updateGrantedConsent(UserConsentModel consent) {
String clientId = consent.getClient().getId();
MongoUserConsentEntity consentEntity = getConsentEntityByClientId(clientId);
if (consentEntity == null) {
throw new ModelException("Consent not found for client [" + clientId + "] and user [" + user.getId() + "]");
} else {
fillEntityFromModel(consent, consentEntity);
getMongoStore().updateEntity(consentEntity, invocationContext);
}
}
@Override
public boolean revokeGrantedConsentForClient(String clientId) {
// TODO
return false;
MongoUserConsentEntity entity = getConsentEntityByClientId(clientId);
if (entity == null) {
return false;
}
return getMongoStore().removeEntity(entity, invocationContext);
}
@Override

2
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/MongoClientEntity.java
View file

@ -19,6 +19,6 @@ public class MongoClientEntity extends ClientEntity implements MongoIdentifiable
DBObject query = new QueryBuilder()
.and("clientId").is(getId())
.get();
context.getMongoStore().removeEntities(MongoRoleEntity.class, query, context);
context.getMongoStore().removeEntities(MongoRoleEntity.class, query, true, context);
}
}

9
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/MongoRealmEntity.java
View file

@ -19,13 +19,10 @@ public class MongoRealmEntity extends RealmEntity implements MongoIdentifiableEn
.and("realmId").is(getId())
.get();
// Remove all users of this realm
context.getMongoStore().removeEntities(MongoUserEntity.class, query, context);
// Remove all roles of this realm
context.getMongoStore().removeEntities(MongoRoleEntity.class, query, context);
context.getMongoStore().removeEntities(MongoRoleEntity.class, query, true, context);
// Remove all applications of this realm
context.getMongoStore().removeEntities(MongoClientEntity.class, query, context);
// Remove all clients of this realm
context.getMongoStore().removeEntities(MongoClientEntity.class, query, true, context);
}
}

19
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/MongoRoleEntity.java
View file

@ -41,26 +41,15 @@ public class MongoRoleEntity extends RoleEntity implements MongoIdentifiableEnti
public void afterRemove(MongoStoreInvocationContext invContext) {
MongoStore mongoStore = invContext.getMongoStore();
// Remove this role from all users, which has it
// Remove this scope from all clients, which has it
DBObject query = new QueryBuilder()
.and("roleIds").is(getId())
.get();
List<MongoUserEntity> users = mongoStore.loadEntities(MongoUserEntity.class, query, invContext);
for (MongoUserEntity user : users) {
//logger.info("Removing role " + getName() + " from user " + user.getUsername());
mongoStore.pullItemFromList(user, "roleIds", getId(), invContext);
}
// Remove this scope from all users, which has it
query = new QueryBuilder()
.and("scopeIds").is(getId())
.get();
users = mongoStore.loadEntities(MongoUserEntity.class, query, invContext);
for (MongoUserEntity user : users) {
List<MongoClientEntity> clients = mongoStore.loadEntities(MongoClientEntity.class, query, invContext);
for (MongoClientEntity client : clients) {
//logger.info("Removing scope " + getName() + " from user " + user.getUsername());
mongoStore.pullItemFromList(user, "scopeIds", getId(), invContext);
mongoStore.pullItemFromList(client, "scopeIds", getId(), invContext);
}
// Remove defaultRoles from realm

17
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/MongoUserConsentEntity.java Normal file
View file

@ -0,0 +1,17 @@
package org.keycloak.models.mongo.keycloak.entities;
import org.keycloak.connections.mongo.api.MongoCollection;
import org.keycloak.connections.mongo.api.MongoIdentifiableEntity;
import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
import org.keycloak.models.entities.UserConsentEntity;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
@MongoCollection(collectionName = "userConsents")
public class MongoUserConsentEntity extends UserConsentEntity implements MongoIdentifiableEntity {
@Override
public void afterRemove(MongoStoreInvocationContext invocationContext) {
}
}

10
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/MongoUserEntity.java
View file

@ -1,5 +1,7 @@
package org.keycloak.models.mongo.keycloak.entities;
import com.mongodb.DBObject;
import com.mongodb.QueryBuilder;
import org.keycloak.connections.mongo.api.MongoCollection;
import org.keycloak.connections.mongo.api.MongoIdentifiableEntity;
import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
@ -19,6 +21,12 @@ public class MongoUserEntity extends UserEntity implements MongoIdentifiableEnti
}
@Override
public void afterRemove(MongoStoreInvocationContext invocationContext) {
public void afterRemove(MongoStoreInvocationContext context) {
// Remove all consents of this user
DBObject query = new QueryBuilder()
.and("userId").is(getId())
.get();
context.getMongoStore().removeEntities(MongoUserConsentEntity.class, query, true, context);
}
}

21
model/mongo/src/main/java/org/keycloak/models/mongo/utils/MongoModelUtils.java
View file

@ -4,6 +4,8 @@ import com.mongodb.DBObject;
import com.mongodb.QueryBuilder;
import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.entities.ClientEntity;
import org.keycloak.models.mongo.keycloak.adapters.ClientAdapter;
@ -12,6 +14,7 @@ import org.keycloak.models.mongo.keycloak.entities.MongoRoleEntity;
import org.keycloak.models.mongo.keycloak.entities.MongoUserEntity;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
/**
@ -20,18 +23,22 @@ import java.util.List;
public class MongoModelUtils {
// Get everything including both application and realm roles
public static List<MongoRoleEntity> getAllRolesOfUser(UserModel user, MongoStoreInvocationContext invContext) {
public static List<RoleModel> getAllRolesOfUser(RealmModel realm, UserModel user) {
MongoUserEntity userEntity = ((UserAdapter)user).getUser();
List<String> roleIds = userEntity.getRoleIds();
if (roleIds == null || roleIds.isEmpty()) {
return Collections.EMPTY_LIST;
return Collections.emptyList();
}
DBObject query = new QueryBuilder()
.and("_id").in(roleIds)
.get();
return invContext.getMongoStore().loadEntities(MongoRoleEntity.class, query, invContext);
List<RoleModel> roles = new LinkedList<RoleModel>();
for (String roleId : roleIds) {
RoleModel role = realm.getRoleById(roleId);
if (role != null) {
roles.add(role);
}
}
return roles;
}
// Get everything including both application and realm scopes
@ -40,7 +47,7 @@ public class MongoModelUtils {
List<String> scopeIds = scopedEntity.getScopeIds();
if (scopeIds == null || scopeIds.isEmpty()) {
return Collections.EMPTY_LIST;
return Collections.emptyList();
}
DBObject query = new QueryBuilder()

18
model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/MongoUserSessionProvider.java
View file

@ -194,18 +194,14 @@ public class MongoUserSessionProvider implements UserSessionProvider {
@Override
public void removeUserSessions(RealmModel realm, UserModel user) {
DBObject query = new BasicDBObject("user", user.getId());
mongoStore.removeEntities(MongoUserSessionEntity.class, query, invocationContext);
mongoStore.removeEntities(MongoUserSessionEntity.class, query, true, invocationContext);
}
@Override
public void removeUserSessions(RealmModel realm) {
DBObject query = new BasicDBObject("realmId", realm.getId());
mongoStore.removeEntities(MongoUserSessionEntity.class, query, invocationContext);
query = new QueryBuilder()
.and("realmId").is(realm.getId())
.get();
mongoStore.removeEntities(MongoClientSessionEntity.class, query, invocationContext);
mongoStore.removeEntities(MongoUserSessionEntity.class, query, false, invocationContext);
mongoStore.removeEntities(MongoClientSessionEntity.class, query, false, invocationContext);
}
@Override
@ -216,20 +212,20 @@ public class MongoUserSessionProvider implements UserSessionProvider {
.and("started").lessThan(currentTime - realm.getSsoSessionMaxLifespan())
.get();
mongoStore.removeEntities(MongoUserSessionEntity.class, query, invocationContext);
mongoStore.removeEntities(MongoUserSessionEntity.class, query, true, invocationContext);
query = new QueryBuilder()
.and("realmId").is(realm.getId())
.and("lastSessionRefresh").lessThan(currentTime - realm.getSsoSessionIdleTimeout())
.get();
mongoStore.removeEntities(MongoUserSessionEntity.class, query, invocationContext);
mongoStore.removeEntities(MongoUserSessionEntity.class, query, true, invocationContext);
query = new QueryBuilder()
.and("sessionId").is(null)
.and("realmId").is(realm.getId())
.and("timestamp").lessThan(currentTime - RealmInfoUtil.getDettachedClientSessionLifespan(realm))
.get();
mongoStore.removeEntities(MongoClientSessionEntity.class, query, invocationContext);
mongoStore.removeEntities(MongoClientSessionEntity.class, query, false, invocationContext);
}
@Override
@ -291,7 +287,7 @@ public class MongoUserSessionProvider implements UserSessionProvider {
.or(new BasicDBObject("username", user.getUsername()), new BasicDBObject("username", user.getEmail()))
.and("realmId").is(realm.getId())
.get();
mongoStore.removeEntities(MongoUsernameLoginFailureEntity.class, query, invocationContext);
mongoStore.removeEntities(MongoUsernameLoginFailureEntity.class, query, true, invocationContext);
}
@Override

2
model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/entities/MongoUserSessionEntity.java
View file

@ -121,7 +121,7 @@ public class MongoUserSessionEntity extends AbstractIdentifiableEntity implement
DBObject query = new QueryBuilder()
.and("sessionId").is(getId())
.get();
context.getMongoStore().removeEntities(MongoClientSessionEntity.class, query, context);
context.getMongoStore().removeEntities(MongoClientSessionEntity.class, query, true, context);
}
public Map<String, String> getNotes() {

14
services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
View file

@ -14,7 +14,7 @@ import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.login.LoginFormsProvider;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.GrantedConsentModel;
import org.keycloak.models.UserConsentModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
@ -420,14 +420,14 @@ public class AuthenticationManager {
if (client.isConsentRequired()) {
accessCode.setAction(ClientSessionModel.Action.OAUTH_GRANT);
GrantedConsentModel grantedConsent = user.getGrantedConsentByClient(client.getId());
UserConsentModel grantedConsent = user.getGrantedConsentByClient(client.getId());
List<RoleModel> realmRoles = new LinkedList<RoleModel>();
MultivaluedMap<String, RoleModel> resourceRoles = new MultivaluedMapImpl<String, RoleModel>();
for (RoleModel r : accessCode.getRequestedRoles()) {
// Consent already granted by user
if (grantedConsent != null && grantedConsent.getGrantedRoles().contains(r.getId())) {
if (grantedConsent != null && grantedConsent.isRoleGranted(r)) {
continue;
}
@ -439,10 +439,10 @@ public class AuthenticationManager {
}
List<ProtocolMapperModel> protocolMappers = new LinkedList<ProtocolMapperModel>();
for (ProtocolMapperModel model : client.getProtocolMappers()) {
if (model.isConsentRequired() && model.getProtocol().equals(clientSession.getAuthMethod()) && model.getConsentText() != null) {
if (grantedConsent == null || !grantedConsent.getGrantedProtocolMappers().contains(model.getId())) {
protocolMappers.add(model);
for (ProtocolMapperModel protocolMapper : client.getProtocolMappers()) {
if (protocolMapper.isConsentRequired() && protocolMapper.getProtocol().equals(clientSession.getAuthMethod()) && protocolMapper.getConsentText() != null) {
if (grantedConsent == null || !grantedConsent.isProtocolMapperGranted(protocolMapper)) {
protocolMappers.add(protocolMapper);
}
}
}

7
services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
View file

@ -34,7 +34,7 @@ import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.login.LoginFormsProvider;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.GrantedConsentModel;
import org.keycloak.models.UserConsentModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelException;
import org.keycloak.models.ProtocolMapperModel;
@ -609,9 +609,10 @@ public class LoginActionsService {
return protocol.consentDenied(clientSession);
}
GrantedConsentModel grantedConsent = user.getGrantedConsentByClient(client.getId());
UserConsentModel grantedConsent = user.getGrantedConsentByClient(client.getId());
if (grantedConsent == null) {
grantedConsent = user.addGrantedConsent(new GrantedConsentModel(client.getId()));
grantedConsent = new UserConsentModel(realm, client.getId());
user.addGrantedConsent(grantedConsent);
}
for (String roleId : clientSession.getRoles()) {
grantedConsent.addGrantedRole(roleId);

4
testsuite/integration/src/test/java/org/keycloak/testsuite/model/AdapterTest.java
View file

@ -258,6 +258,7 @@ public class AdapterTest extends AbstractModelTest {
commit();
realmModel = model.getRealm("JUGGLER");
app = realmModel.getClientByClientId("test-app");
user = realmManager.getSession().users().getUserByUsername("bburke", realmModel);
Assert.assertTrue(realmModel.removeRoleById(realmRole.getId()));
Assert.assertFalse(realmModel.removeRoleById(realmRole.getId()));
@ -266,6 +267,9 @@ public class AdapterTest extends AbstractModelTest {
Assert.assertTrue(realmModel.removeRoleById(appRole.getId()));
Assert.assertFalse(realmModel.removeRoleById(appRole.getId()));
assertNull(app.getRole(appRole.getName()));
user = realmManager.getSession().users().getUserByUsername("bburke", realmModel);
}
@Test

82
testsuite/integration/src/test/java/org/keycloak/testsuite/model/GrantedConsentModelTest.java → testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserConsentModelTest.java
View file

@ -1,13 +1,12 @@
package org.keycloak.testsuite.model;
import java.util.List;
import java.util.Map;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.models.ClientModel;
import org.keycloak.models.GrantedConsentModel;
import org.keycloak.models.UserConsentModel;
import org.keycloak.models.ModelException;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
@ -20,7 +19,7 @@ import org.keycloak.protocol.oidc.mappers.UserPropertyMapper;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class GrantedConsentModelTest extends AbstractModelTest {
public class UserConsentModelTest extends AbstractModelTest {
@Before
public void setupEnv() {
@ -47,13 +46,13 @@ public class GrantedConsentModelTest extends AbstractModelTest {
UserModel john = session.users().addUser(realm, "john");
UserModel mary = session.users().addUser(realm, "mary");
GrantedConsentModel johnFooGrant = new GrantedConsentModel(fooClient.getId());
UserConsentModel johnFooGrant = new UserConsentModel(realm, fooClient.getId());
johnFooGrant.addGrantedRole(realmRole.getId());
johnFooGrant.addGrantedRole(barClientRole.getId());
johnFooGrant.addGrantedProtocolMapper(fooMapper.getId());
john.addGrantedConsent(johnFooGrant);
GrantedConsentModel johnBarGrant = new GrantedConsentModel(barClient.getId());
UserConsentModel johnBarGrant = new UserConsentModel(realm, barClient.getId());
johnBarGrant.addGrantedProtocolMapper(barMapper.getId());
johnBarGrant.addGrantedRole(realmRole.getId());
@ -66,7 +65,7 @@ public class GrantedConsentModelTest extends AbstractModelTest {
john.addGrantedConsent(johnBarGrant);
GrantedConsentModel maryFooGrant = new GrantedConsentModel(fooClient.getId());
UserConsentModel maryFooGrant = new UserConsentModel(realm, fooClient.getId());
maryFooGrant.addGrantedRole(realmRole.getId());
maryFooGrant.addGrantedProtocolMapper(fooMapper.getId());
mary.addGrantedConsent(maryFooGrant);
@ -77,27 +76,26 @@ public class GrantedConsentModelTest extends AbstractModelTest {
@Test
public void basicConsentTest() {
RealmModel realm = realmManager.getRealm("original");
Map<String, ClientModel> clients = realm.getClientNameMap();
ClientModel fooClient = clients.get("foo-client");
ClientModel barClient = clients.get("bar-client");
ClientModel fooClient = realm.getClientByClientId("foo-client");
ClientModel barClient = realm.getClientByClientId("bar-client");
UserModel john = session.users().getUserByUsername("john", realm);
UserModel mary = session.users().getUserByUsername("mary", realm);
GrantedConsentModel johnFooConsent = john.getGrantedConsentByClient(fooClient.getId());
UserConsentModel johnFooConsent = john.getGrantedConsentByClient(fooClient.getId());
Assert.assertEquals(johnFooConsent.getGrantedRoles().size(), 2);
Assert.assertEquals(johnFooConsent.getGrantedProtocolMappers().size(), 1);
Assert.assertTrue(isRoleGranted(realm, "realm-role", johnFooConsent));
Assert.assertTrue(isRoleGranted(barClient, "bar-client-role", johnFooConsent));
Assert.assertTrue(isMapperGranted(fooClient, "foo", johnFooConsent));
GrantedConsentModel johnBarConsent = john.getGrantedConsentByClient(barClient.getId());
UserConsentModel johnBarConsent = john.getGrantedConsentByClient(barClient.getId());
Assert.assertEquals(johnBarConsent.getGrantedRoles().size(), 1);
Assert.assertEquals(johnBarConsent.getGrantedProtocolMappers().size(), 1);
Assert.assertTrue(isRoleGranted(realm, "realm-role", johnBarConsent));
Assert.assertTrue(isMapperGranted(barClient, "bar", johnBarConsent));
GrantedConsentModel maryConsent = mary.getGrantedConsentByClient(fooClient.getId());
UserConsentModel maryConsent = mary.getGrantedConsentByClient(fooClient.getId());
Assert.assertEquals(maryConsent.getGrantedRoles().size(), 1);
Assert.assertEquals(maryConsent.getGrantedProtocolMappers().size(), 1);
Assert.assertTrue(isRoleGranted(realm, "realm-role", maryConsent));
@ -110,19 +108,18 @@ public class GrantedConsentModelTest extends AbstractModelTest {
@Test
public void getAllConsentTest() {
RealmModel realm = realmManager.getRealm("original");
Map<String, ClientModel> clients = realm.getClientNameMap();
ClientModel fooClient = clients.get("foo-client");
ClientModel fooClient = realm.getClientByClientId("foo-client");
UserModel john = session.users().getUserByUsername("john", realm);
UserModel mary = session.users().getUserByUsername("mary", realm);
List<GrantedConsentModel> johnConsents = john.getGrantedConsents();
List<UserConsentModel> johnConsents = john.getGrantedConsents();
Assert.assertEquals(2, johnConsents.size());
List<GrantedConsentModel> maryConsents = mary.getGrantedConsents();
List<UserConsentModel> maryConsents = mary.getGrantedConsents();
Assert.assertEquals(1, maryConsents.size());
GrantedConsentModel maryConsent = maryConsents.get(0);
Assert.assertEquals(maryConsent.getClientId(), fooClient.getId());
UserConsentModel maryConsent = maryConsents.get(0);
Assert.assertEquals(maryConsent.getClient().getId(), fooClient.getId());
Assert.assertEquals(maryConsent.getGrantedRoles().size(), 1);
Assert.assertEquals(maryConsent.getGrantedProtocolMappers().size(), 1);
Assert.assertTrue(isRoleGranted(realm, "realm-role", maryConsent));
@ -132,18 +129,18 @@ public class GrantedConsentModelTest extends AbstractModelTest {
@Test
public void updateWithRoleRemovalTest() {
RealmModel realm = realmManager.getRealm("original");
ClientModel fooClient = realm.getClientNameMap().get("foo-client");
ClientModel fooClient = realm.getClientByClientId("foo-client");
UserModel john = session.users().getUserByUsername("john", realm);
GrantedConsentModel johnConsent = john.getGrantedConsentByClient(fooClient.getId());
UserConsentModel johnConsent = john.getGrantedConsentByClient(fooClient.getId());
// Remove foo protocol mapper from johnConsent
ProtocolMapperModel protMapperModel = fooClient.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, "foo");
johnConsent.getGrantedProtocolMappers().remove(protMapperModel.getId());
johnConsent.getGrantedProtocolMappers().remove(protMapperModel);
// Remove realm-role and add new-realm-role to johnConsent
RoleModel realmRole = realm.getRole("realm-role");
johnConsent.getGrantedRoles().remove(realmRole.getId());
johnConsent.getGrantedRoles().remove(realmRole);
RoleModel newRealmRole = realm.addRole("new-realm-role");
johnConsent.addGrantedRole(newRealmRole.getId());
@ -153,7 +150,7 @@ public class GrantedConsentModelTest extends AbstractModelTest {
commit();
realm = realmManager.getRealm("original");
fooClient = realm.getClientNameMap().get("foo-client");
fooClient = realm.getClientByClientId("foo-client");
john = session.users().getUserByUsername("john", realm);
johnConsent = john.getGrantedConsentByClient(fooClient.getId());
@ -167,7 +164,7 @@ public class GrantedConsentModelTest extends AbstractModelTest {
@Test
public void revokeTest() {
RealmModel realm = realmManager.getRealm("original");
ClientModel fooClient = realm.getClientNameMap().get("foo-client");
ClientModel fooClient = realm.getClientByClientId("foo-client");
UserModel john = session.users().getUserByUsername("john", realm);
john.revokeGrantedConsentForClient(fooClient.getId());
@ -190,62 +187,57 @@ public class GrantedConsentModelTest extends AbstractModelTest {
@Test
public void deleteProtocolMapperTest() {
RealmModel realm = realmManager.getRealm("original");
ClientModel fooClient = realm.getClientNameMap().get("foo-client");
ClientModel fooClient = realm.getClientByClientId("foo-client");
ProtocolMapperModel fooMapper = fooClient.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, "foo");
String fooMapperId = fooMapper.getId();
fooClient.removeProtocolMapper(fooMapper);
commit();
realm = realmManager.getRealm("original");
fooClient = realm.getClientNameMap().get("foo-client");
fooClient = realm.getClientByClientId("foo-client");
UserModel john = session.users().getUserByUsername("john", realm);
GrantedConsentModel johnConsent = john.getGrantedConsentByClient(fooClient.getId());
UserConsentModel johnConsent = john.getGrantedConsentByClient(fooClient.getId());
Assert.assertEquals(johnConsent.getGrantedRoles().size(), 2);
Assert.assertEquals(johnConsent.getGrantedProtocolMappers().size(), 0);
Assert.assertFalse(johnConsent.isProtocolMapperGranted(fooMapperId));
Assert.assertFalse(johnConsent.isProtocolMapperGranted(fooMapper));
}
@Test
public void deleteRoleTest() {
RealmModel realm = realmManager.getRealm("original");
RoleModel realmRole = realm.getRole("realm-role");
String realmRoleId = realmRole.getId();
realm.removeRole(realmRole);
commit();
realm = realmManager.getRealm("original");
Map<String, ClientModel> clients = realm.getClientNameMap();
ClientModel fooClient = clients.get("foo-client");
ClientModel barClient = clients.get("bar-client");
ClientModel fooClient = realm.getClientByClientId("foo-client");
ClientModel barClient = realm.getClientByClientId("bar-client");
UserModel john = session.users().getUserByUsername("john", realm);
GrantedConsentModel johnConsent = john.getGrantedConsentByClient(fooClient.getId());
UserConsentModel johnConsent = john.getGrantedConsentByClient(fooClient.getId());
Assert.assertEquals(johnConsent.getGrantedRoles().size(), 1);
Assert.assertEquals(johnConsent.getGrantedProtocolMappers().size(), 1);
Assert.assertFalse(johnConsent.isRoleGranted(realmRoleId));
Assert.assertFalse(johnConsent.isRoleGranted(realmRole));
Assert.assertTrue(isRoleGranted(barClient, "bar-client-role", johnConsent));
}
@Test
public void deleteClientTest() {
RealmModel realm = realmManager.getRealm("original");
Map<String, ClientModel> clients = realm.getClientNameMap();
ClientModel barClient = clients.get("bar-client");
ClientModel barClient = realm.getClientByClientId("bar-client");
realm.removeClient(barClient.getId());
commit();
realm = realmManager.getRealm("original");
clients = realm.getClientNameMap();
ClientModel fooClient = clients.get("foo-client");
Assert.assertNull(clients.get("bar-client"));
ClientModel fooClient = realm.getClientByClientId("foo-client");
Assert.assertNull(realm.getClientByClientId("bar-client"));
UserModel john = session.users().getUserByUsername("john", realm);
GrantedConsentModel johnFooConsent = john.getGrantedConsentByClient(fooClient.getId());
UserConsentModel johnFooConsent = john.getGrantedConsentByClient(fooClient.getId());
Assert.assertEquals(johnFooConsent.getGrantedRoles().size(), 1);
Assert.assertEquals(johnFooConsent.getGrantedProtocolMappers().size(), 1);
Assert.assertTrue(isRoleGranted(realm, "realm-role", johnFooConsent));
@ -254,13 +246,13 @@ public class GrantedConsentModelTest extends AbstractModelTest {
Assert.assertNull(john.getGrantedConsentByClient(barClient.getId()));
}
private boolean isRoleGranted(RoleContainerModel roleContainer, String roleName, GrantedConsentModel consentModel) {
private boolean isRoleGranted(RoleContainerModel roleContainer, String roleName, UserConsentModel consentModel) {
RoleModel role = roleContainer.getRole(roleName);
return consentModel.isRoleGranted(role.getId());
return consentModel.isRoleGranted(role);
}
private boolean isMapperGranted(ClientModel client, String protocolMapperName, GrantedConsentModel consentModel) {
private boolean isMapperGranted(ClientModel client, String protocolMapperName, UserConsentModel consentModel) {
ProtocolMapperModel protocolMapper = client.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, protocolMapperName);
return consentModel.isProtocolMapperGranted(protocolMapper.getId());
return consentModel.isProtocolMapperGranted(protocolMapper);
}
}