Merge pull request #3732 from patriot1burke/master

KEYCLOAK-3617 KEYCLOAK-4117 KEYCLOAK-4118

model/jpa/src/main/java/org/keycloak/connections/jpa/JpaExceptionConverter.java

@@ -14,24 +14,25 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.keycloak.transaction;
+package org.keycloak.connections.jpa;
 
-import org.keycloak.models.KeycloakSession;
+import org.keycloak.provider.ExceptionConverter;
 
-import javax.transaction.TransactionManager;
+import javax.persistence.PersistenceException;
 
 /**
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
  * @version $Revision: 1 $
  */
-public class JtaRegistration {
+public class JpaExceptionConverter implements ExceptionConverter {
+    @Override
+    public Throwable convert(Throwable e) {
+        if (!(e instanceof PersistenceException)) return null;
+        return PersistenceExceptionConverter.convert(e.getCause() != null ? e.getCause() : e);
+    }
 
-
-
-    public void begin(KeycloakSession session) {
-        TransactionManager tm = session.getProvider(JtaTransactionManagerLookup.class).getTransactionManager();
-        if (tm == null) return;
-
-        session.getTransactionManager().enlist(new JtaTransactionWrapper(tm));
+    @Override
+    public String getId() {
+        return "jpa";
     }
 }

model/jpa/src/main/resources/META-INF/services/org.keycloak.provider.ExceptionConverter

@@ -0,0 +1 @@
+org.keycloak.connections.jpa.JpaExceptionConverter

server-spi-private/src/main/java/org/keycloak/provider/ExceptionConverter.java

@@ -0,0 +1,61 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.provider;
+
+import org.keycloak.Config;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.KeycloakSessionFactory;
+
+/**
+ * Use to unwrap exceptions specifically if there is an exception at JTA commit
+ *
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public interface ExceptionConverter extends Provider, ProviderFactory<ExceptionConverter> {
+
+    /**
+     * Return null if the provider doesn't handle this type
+     *
+     * @param t
+     * @return
+     */
+    Throwable convert(Throwable t);
+
+    @Override
+    default ExceptionConverter create(KeycloakSession session) {
+        return this;
+    }
+
+    @Override
+    default void init(Config.Scope config) {
+
+    }
+
+    @Override
+    default void postInit(KeycloakSessionFactory factory) {
+
+    }
+
+    @Override
+    default void close() {
+
+    }
+
+
+
+}

server-spi-private/src/main/java/org/keycloak/provider/ExceptionConverterSpi.java

@@ -0,0 +1,46 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.provider;
+
+
+/**
+ * @author <a href="mailto:bburke@redhat.com">Bill Burke</a>
+ */
+public class ExceptionConverterSpi implements Spi {
+
+    @Override
+    public boolean isInternal() {
+        return true;
+    }
+
+    @Override
+    public String getName() {
+        return "exception-converter";
+    }
+
+    @Override
+    public Class<? extends Provider> getProviderClass() {
+        return ExceptionConverter.class;
+    }
+
+    @Override
+    public Class<? extends ProviderFactory> getProviderFactoryClass() {
+        return ExceptionConverter.class;
+    }
+
+}

server-spi-private/src/main/resources/META-INF/services/org.keycloak.provider.Spi

@@ -15,6 +15,7 @@
 # limitations under the License.
 #
 
+org.keycloak.provider.ExceptionConverterSpi
 org.keycloak.storage.UserStorageProviderSpi
 org.keycloak.storage.federated.UserFederatedStorageProviderSpi
 org.keycloak.models.RealmSpi

server-spi/src/main/java/org/keycloak/storage/user/UserQueryProvider.java

@@ -85,7 +85,7 @@ public interface UserQueryProvider {
     List<UserModel> searchForUser(Map<String, String> params, RealmModel realm);
 
     /**
-     * Search for user by parameter.  Valid parameters are:
+     * Search for user by parameter.    Valid parameters are:
      * "first" - first name
      * "last" - last name
      * "email" - email

services/src/main/java/org/keycloak/credential/UserCredentialStoreManager.java

@@ -125,7 +125,7 @@ public class UserCredentialStoreManager implements UserCredentialManager, OnUser
 
         if (toValidate.isEmpty()) return true;
 
-        List<CredentialInputValidator> credentialProviders = getCredentialProviders(realm, CredentialInputValidator.class);
+        List<CredentialInputValidator> credentialProviders = getCredentialProviders(session, realm, CredentialInputValidator.class);
         for (CredentialInputValidator validator : credentialProviders) {
             validate(realm, user, toValidate, validator);
 
@@ -143,7 +143,7 @@ public class UserCredentialStoreManager implements UserCredentialManager, OnUser
         }
     }
 
-    protected <T> List<T> getCredentialProviders(RealmModel realm, Class<T> type) {
+    public static <T> List<T> getCredentialProviders(KeycloakSession session, RealmModel realm, Class<T> type) {
         List<T> list = new LinkedList<T>();
         for (ProviderFactory f : session.getKeycloakSessionFactory().getProviderFactories(CredentialProvider.class)) {
             if (!Types.supports(type, f, CredentialProviderFactory.class)) continue;
@@ -173,7 +173,7 @@ public class UserCredentialStoreManager implements UserCredentialManager, OnUser
             }
         }
 
-        List<CredentialInputUpdater> credentialProviders = getCredentialProviders(realm, CredentialInputUpdater.class);
+        List<CredentialInputUpdater> credentialProviders = getCredentialProviders(session, realm, CredentialInputUpdater.class);
         for (CredentialInputUpdater updater : credentialProviders) {
             if (!updater.supportsCredentialType(input.getType())) continue;
             if (updater.updateCredential(realm, user, input)) return;
@@ -201,7 +201,7 @@ public class UserCredentialStoreManager implements UserCredentialManager, OnUser
 
         }
 
-        List<CredentialInputUpdater> credentialProviders = getCredentialProviders(realm, CredentialInputUpdater.class);
+        List<CredentialInputUpdater> credentialProviders = getCredentialProviders(session, realm, CredentialInputUpdater.class);
         for (CredentialInputUpdater updater : credentialProviders) {
             if (!updater.supportsCredentialType(credentialType)) continue;
             updater.disableCredentialType(realm, user, credentialType);
@@ -231,7 +231,7 @@ public class UserCredentialStoreManager implements UserCredentialManager, OnUser
 
         }
 
-        List<CredentialInputUpdater> credentialProviders = getCredentialProviders(realm, CredentialInputUpdater.class);
+        List<CredentialInputUpdater> credentialProviders = getCredentialProviders(session, realm, CredentialInputUpdater.class);
         for (CredentialInputUpdater updater : credentialProviders) {
             types.addAll(updater.getDisableableCredentialTypes(realm, user));
         }
@@ -264,7 +264,7 @@ public class UserCredentialStoreManager implements UserCredentialManager, OnUser
 
     @Override
     public boolean isConfiguredLocally(RealmModel realm, UserModel user, String type) {
-        List<CredentialInputValidator> credentialProviders = getCredentialProviders(realm, CredentialInputValidator.class);
+        List<CredentialInputValidator> credentialProviders = getCredentialProviders(session, realm, CredentialInputValidator.class);
         for (CredentialInputValidator validator : credentialProviders) {
             if (validator.supportsCredentialType(type) && validator.isConfiguredFor(realm, user, type)) {
                 return true;
@@ -284,7 +284,7 @@ public class UserCredentialStoreManager implements UserCredentialManager, OnUser
             }
         }
 
-        list = getCredentialProviders(realm, CredentialAuthentication.class);
+        list = getCredentialProviders(session, realm, CredentialAuthentication.class);
         for (CredentialAuthentication auth : list) {
             if (auth.supportsCredentialAuthenticationFor(input.getType())) {
                 CredentialValidationOutput output = auth.authenticate(realm, input);
@@ -297,7 +297,7 @@ public class UserCredentialStoreManager implements UserCredentialManager, OnUser
 
     @Override
     public void onCache(RealmModel realm, CachedUserModel user, UserModel delegate) {
-        List<OnUserCache> credentialProviders = getCredentialProviders(realm, OnUserCache.class);
+        List<OnUserCache> credentialProviders = getCredentialProviders(session, realm, OnUserCache.class);
         for (OnUserCache validator : credentialProviders) {
             validator.onCache(realm, user, delegate);
         }

services/src/main/java/org/keycloak/partialimport/PartialImportManager.java

@@ -20,6 +20,7 @@ package org.keycloak.partialimport;
 import org.keycloak.events.admin.OperationType;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.ModelDuplicateException;
+import org.keycloak.models.ModelException;
 import org.keycloak.models.RealmModel;
 import org.keycloak.representations.idm.PartialImportRepresentation;
 import org.keycloak.services.ErrorResponse;
@@ -90,7 +91,7 @@ public class PartialImportManager {
         if (session.getTransactionManager().isActive()) {
             try {
                 session.getTransactionManager().commit();
-            } catch (ModelDuplicateException e) {
+            } catch (ModelException e) {
                 return ErrorResponse.exists(e.getLocalizedMessage());
             }
         }

services/src/main/java/org/keycloak/services/DefaultKeycloakTransactionManager.java

@@ -95,7 +95,7 @@ public class DefaultKeycloakTransactionManager implements KeycloakTransactionMan
             if (jtaLookup != null) {
                 TransactionManager tm = jtaLookup.getTransactionManager();
                 if (tm != null) {
-                   enlist(new JtaTransactionWrapper(tm));
+                   enlist(new JtaTransactionWrapper(session.getKeycloakSessionFactory(), tm));
                 }
             }
         }

services/src/main/java/org/keycloak/transaction/JtaTransactionWrapper.java

@@ -17,8 +17,12 @@
 package org.keycloak.transaction;
 
 import org.jboss.logging.Logger;
+import org.keycloak.models.KeycloakSessionFactory;
 import org.keycloak.models.KeycloakTransaction;
+import org.keycloak.provider.ExceptionConverter;
+import org.keycloak.provider.ProviderFactory;
 
+import javax.transaction.RollbackException;
 import javax.transaction.Status;
 import javax.transaction.Transaction;
 import javax.transaction.TransactionManager;
@@ -33,9 +37,11 @@ public class JtaTransactionWrapper implements KeycloakTransaction {
     protected Transaction ut;
     protected Transaction suspended;
     protected Exception ended;
+    protected KeycloakSessionFactory factory;
 
-    public JtaTransactionWrapper(TransactionManager tm) {
+    public JtaTransactionWrapper(KeycloakSessionFactory factory, TransactionManager tm) {
         this.tm = tm;
+        this.factory = factory;
         try {
 
             suspended = tm.suspend();
@@ -49,6 +55,32 @@ public class JtaTransactionWrapper implements KeycloakTransaction {
         }
     }
 
+    public void handleException(Throwable e) {
+        if (e instanceof RollbackException) {
+            e = e.getCause() != null ? e.getCause() : e;
+        }
+
+        for (ProviderFactory factory : this.factory.getProviderFactories(ExceptionConverter.class)) {
+            ExceptionConverter converter = (ExceptionConverter)factory;
+            Throwable throwable = converter.convert(e);
+            if (throwable == null) continue;
+            if (throwable instanceof RuntimeException) {
+                throw (RuntimeException)throwable;
+            } else {
+                throw new RuntimeException(throwable);
+            }
+        }
+
+        if (e instanceof RuntimeException) {
+            throw (RuntimeException)e;
+        } else {
+            throw new RuntimeException(e);
+        }
+
+
+
+    }
+
     @Override
     public void begin() {
     }
@@ -59,7 +91,7 @@ public class JtaTransactionWrapper implements KeycloakTransaction {
             logger.debug("JtaTransactionWrapper  commit");
             tm.commit();
         } catch (Exception e) {
-            throw new RuntimeException(e);
+            handleException(e);
         } finally {
             end();
         }
@@ -71,7 +103,7 @@ public class JtaTransactionWrapper implements KeycloakTransaction {
             logger.debug("JtaTransactionWrapper rollback");
             tm.rollback();
         } catch (Exception e) {
-            throw new RuntimeException(e);
+            handleException(e);
         } finally {
             end();
         }
@@ -83,7 +115,7 @@ public class JtaTransactionWrapper implements KeycloakTransaction {
         try {
             tm.setRollbackOnly();
         } catch (Exception e) {
-            throw new RuntimeException(e);
+            handleException(e);
         }
     }
 
@@ -92,8 +124,9 @@ public class JtaTransactionWrapper implements KeycloakTransaction {
         try {
             return tm.getStatus() == Status.STATUS_MARKED_ROLLBACK;
         } catch (Exception e) {
-            throw new RuntimeException(e);
+            handleException(e);
         }
+        return false;
     }
 
     @Override
@@ -101,8 +134,9 @@ public class JtaTransactionWrapper implements KeycloakTransaction {
         try {
             return tm.getStatus() == Status.STATUS_ACTIVE;
         } catch (Exception e) {
-            throw new RuntimeException(e);
+            handleException(e);
         }
+        return false;
     }
     /*
 

testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageTest.java

@@ -24,6 +24,8 @@ import org.junit.Test;
 import org.keycloak.OAuth2Constants;
 import org.keycloak.common.util.Time;
 import org.keycloak.component.ComponentModel;
+import org.keycloak.credential.CredentialAuthentication;
+import org.keycloak.credential.UserCredentialStoreManager;
 import org.keycloak.models.GroupModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
@@ -137,6 +139,19 @@ public class UserStorageTest {
         Thread.sleep(100000000);
     }
 
+    /**
+     * KEYCLOAK-4013
+     *
+     * @throws Exception
+     */
+    @Test
+    public void testCast() throws Exception {
+        KeycloakSession session = keycloakRule.startSession();
+        List<CredentialAuthentication> list = UserCredentialStoreManager.getCredentialProviders(session, null, CredentialAuthentication.class);
+        keycloakRule.stopSession(session, true);
+
+    }
+
     @Test
     public void testDailyEviction() {
         Calendar cal = Calendar.getInstance();