libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Merge pull request #3732 from patriot1burke/master

Browse source 
KEYCLOAK-3617 KEYCLOAK-4117 KEYCLOAK-4118
This commit is contained in:
Bill Burke 2017-01-09 18:14:11 -05:00 committed by GitHub
commit 1495f4881e
11 changed files with 188 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
services/src/main/java/org/keycloak/transaction/JtaRegistration.java → model/jpa/src/main/java/org/keycloak/connections/jpa/JpaExceptionConverter.java
View file

@ -14,24 +14,25 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.transaction;
package org.keycloak.connections.jpa;
import org.keycloak.models.KeycloakSession;
import org.keycloak.provider.ExceptionConverter;
import javax.transaction.TransactionManager;
import javax.persistence.PersistenceException;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class JtaRegistration {
public class JpaExceptionConverter implements ExceptionConverter {
@Override
public Throwable convert(Throwable e) {
if (!(e instanceof PersistenceException)) return null;
return PersistenceExceptionConverter.convert(e.getCause() != null ? e.getCause() : e);
}
public void begin(KeycloakSession session) {
TransactionManager tm = session.getProvider(JtaTransactionManagerLookup.class).getTransactionManager();
if (tm == null) return;
session.getTransactionManager().enlist(new JtaTransactionWrapper(tm));
@Override
public String getId() {
return "jpa";
}
}

1
model/jpa/src/main/resources/META-INF/services/org.keycloak.provider.ExceptionConverter Normal file
View file

@ -0,0 +1 @@
org.keycloak.connections.jpa.JpaExceptionConverter

61
server-spi-private/src/main/java/org/keycloak/provider/ExceptionConverter.java Normal file
View file

@ -0,0 +1,61 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.provider;
import org.keycloak.Config;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
/**
* Use to unwrap exceptions specifically if there is an exception at JTA commit
*
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface ExceptionConverter extends Provider, ProviderFactory<ExceptionConverter> {
/**
* Return null if the provider doesn't handle this type
*
* @param t
* @return
*/
Throwable convert(Throwable t);
@Override
default ExceptionConverter create(KeycloakSession session) {
return this;
}
@Override
default void init(Config.Scope config) {
}
@Override
default void postInit(KeycloakSessionFactory factory) {
}
@Override
default void close() {
}
}

46
server-spi-private/src/main/java/org/keycloak/provider/ExceptionConverterSpi.java Executable file
View file

@ -0,0 +1,46 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.provider;
/**
* @author <a href="mailto:bburke@redhat.com">Bill Burke</a>
*/
public class ExceptionConverterSpi implements Spi {
@Override
public boolean isInternal() {
return true;
}
@Override
public String getName() {
return "exception-converter";
}
@Override
public Class<? extends Provider> getProviderClass() {
return ExceptionConverter.class;
}
@Override
public Class<? extends ProviderFactory> getProviderFactoryClass() {
return ExceptionConverter.class;
}
}

1
server-spi-private/src/main/resources/META-INF/services/org.keycloak.provider.Spi
View file

@ -15,6 +15,7 @@
# limitations under the License.
#
org.keycloak.provider.ExceptionConverterSpi
org.keycloak.storage.UserStorageProviderSpi
org.keycloak.storage.federated.UserFederatedStorageProviderSpi
org.keycloak.models.RealmSpi

16
services/src/main/java/org/keycloak/credential/UserCredentialStoreManager.java
View file

@ -125,7 +125,7 @@ public class UserCredentialStoreManager implements UserCredentialManager, OnUser
if (toValidate.isEmpty()) return true;
List<CredentialInputValidator> credentialProviders = getCredentialProviders(realm, CredentialInputValidator.class);
List<CredentialInputValidator> credentialProviders = getCredentialProviders(session, realm, CredentialInputValidator.class);
for (CredentialInputValidator validator : credentialProviders) {
validate(realm, user, toValidate, validator);
@ -143,7 +143,7 @@ public class UserCredentialStoreManager implements UserCredentialManager, OnUser
}
}
protected <T> List<T> getCredentialProviders(RealmModel realm, Class<T> type) {
public static <T> List<T> getCredentialProviders(KeycloakSession session, RealmModel realm, Class<T> type) {
List<T> list = new LinkedList<T>();
for (ProviderFactory f : session.getKeycloakSessionFactory().getProviderFactories(CredentialProvider.class)) {
if (!Types.supports(type, f, CredentialProviderFactory.class)) continue;
@ -173,7 +173,7 @@ public class UserCredentialStoreManager implements UserCredentialManager, OnUser
}
}
List<CredentialInputUpdater> credentialProviders = getCredentialProviders(realm, CredentialInputUpdater.class);
List<CredentialInputUpdater> credentialProviders = getCredentialProviders(session, realm, CredentialInputUpdater.class);
for (CredentialInputUpdater updater : credentialProviders) {
if (!updater.supportsCredentialType(input.getType())) continue;
if (updater.updateCredential(realm, user, input)) return;
@ -201,7 +201,7 @@ public class UserCredentialStoreManager implements UserCredentialManager, OnUser
}
List<CredentialInputUpdater> credentialProviders = getCredentialProviders(realm, CredentialInputUpdater.class);
List<CredentialInputUpdater> credentialProviders = getCredentialProviders(session, realm, CredentialInputUpdater.class);
for (CredentialInputUpdater updater : credentialProviders) {
if (!updater.supportsCredentialType(credentialType)) continue;
updater.disableCredentialType(realm, user, credentialType);
@ -231,7 +231,7 @@ public class UserCredentialStoreManager implements UserCredentialManager, OnUser
}
List<CredentialInputUpdater> credentialProviders = getCredentialProviders(realm, CredentialInputUpdater.class);
List<CredentialInputUpdater> credentialProviders = getCredentialProviders(session, realm, CredentialInputUpdater.class);
for (CredentialInputUpdater updater : credentialProviders) {
types.addAll(updater.getDisableableCredentialTypes(realm, user));
}
@ -264,7 +264,7 @@ public class UserCredentialStoreManager implements UserCredentialManager, OnUser
@Override
public boolean isConfiguredLocally(RealmModel realm, UserModel user, String type) {
List<CredentialInputValidator> credentialProviders = getCredentialProviders(realm, CredentialInputValidator.class);
List<CredentialInputValidator> credentialProviders = getCredentialProviders(session, realm, CredentialInputValidator.class);
for (CredentialInputValidator validator : credentialProviders) {
if (validator.supportsCredentialType(type) && validator.isConfiguredFor(realm, user, type)) {
return true;
@ -284,7 +284,7 @@ public class UserCredentialStoreManager implements UserCredentialManager, OnUser
}
}
list = getCredentialProviders(realm, CredentialAuthentication.class);
list = getCredentialProviders(session, realm, CredentialAuthentication.class);
for (CredentialAuthentication auth : list) {
if (auth.supportsCredentialAuthenticationFor(input.getType())) {
CredentialValidationOutput output = auth.authenticate(realm, input);
@ -297,7 +297,7 @@ public class UserCredentialStoreManager implements UserCredentialManager, OnUser
@Override
public void onCache(RealmModel realm, CachedUserModel user, UserModel delegate) {
List<OnUserCache> credentialProviders = getCredentialProviders(realm, OnUserCache.class);
List<OnUserCache> credentialProviders = getCredentialProviders(session, realm, OnUserCache.class);
for (OnUserCache validator : credentialProviders) {
validator.onCache(realm, user, delegate);
}

3
services/src/main/java/org/keycloak/partialimport/PartialImportManager.java
View file

@ -20,6 +20,7 @@ package org.keycloak.partialimport;
import org.keycloak.events.admin.OperationType;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.ModelException;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.PartialImportRepresentation;
import org.keycloak.services.ErrorResponse;
@ -90,7 +91,7 @@ public class PartialImportManager {
if (session.getTransactionManager().isActive()) {
try {
session.getTransactionManager().commit();
} catch (ModelDuplicateException e) {
} catch (ModelException e) {
return ErrorResponse.exists(e.getLocalizedMessage());
}
}

2
services/src/main/java/org/keycloak/services/DefaultKeycloakTransactionManager.java
View file

@ -95,7 +95,7 @@ public class DefaultKeycloakTransactionManager implements KeycloakTransactionMan
if (jtaLookup != null) {
TransactionManager tm = jtaLookup.getTransactionManager();
if (tm != null) {
enlist(new JtaTransactionWrapper(tm));
enlist(new JtaTransactionWrapper(session.getKeycloakSessionFactory(), tm));
}
}
}

46
services/src/main/java/org/keycloak/transaction/JtaTransactionWrapper.java
View file

@ -17,8 +17,12 @@
package org.keycloak.transaction;
import org.jboss.logging.Logger;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.KeycloakTransaction;
import org.keycloak.provider.ExceptionConverter;
import org.keycloak.provider.ProviderFactory;
import javax.transaction.RollbackException;
import javax.transaction.Status;
import javax.transaction.Transaction;
import javax.transaction.TransactionManager;
@ -33,9 +37,11 @@ public class JtaTransactionWrapper implements KeycloakTransaction {
protected Transaction ut;
protected Transaction suspended;
protected Exception ended;
protected KeycloakSessionFactory factory;
public JtaTransactionWrapper(TransactionManager tm) {
public JtaTransactionWrapper(KeycloakSessionFactory factory, TransactionManager tm) {
this.tm = tm;
this.factory = factory;
try {
suspended = tm.suspend();
@ -49,6 +55,32 @@ public class JtaTransactionWrapper implements KeycloakTransaction {
}
}
public void handleException(Throwable e) {
if (e instanceof RollbackException) {
e = e.getCause() != null ? e.getCause() : e;
}
for (ProviderFactory factory : this.factory.getProviderFactories(ExceptionConverter.class)) {
ExceptionConverter converter = (ExceptionConverter)factory;
Throwable throwable = converter.convert(e);
if (throwable == null) continue;
if (throwable instanceof RuntimeException) {
throw (RuntimeException)throwable;
} else {
throw new RuntimeException(throwable);
}
}
if (e instanceof RuntimeException) {
throw (RuntimeException)e;
} else {
throw new RuntimeException(e);
}
}
@Override
public void begin() {
}
@ -59,7 +91,7 @@ public class JtaTransactionWrapper implements KeycloakTransaction {
logger.debug("JtaTransactionWrapper commit");
tm.commit();
} catch (Exception e) {
throw new RuntimeException(e);
handleException(e);
} finally {
end();
}
@ -71,7 +103,7 @@ public class JtaTransactionWrapper implements KeycloakTransaction {
logger.debug("JtaTransactionWrapper rollback");
tm.rollback();
} catch (Exception e) {
throw new RuntimeException(e);
handleException(e);
} finally {
end();
}
@ -83,7 +115,7 @@ public class JtaTransactionWrapper implements KeycloakTransaction {
try {
tm.setRollbackOnly();
} catch (Exception e) {
throw new RuntimeException(e);
handleException(e);
}
}
@ -92,8 +124,9 @@ public class JtaTransactionWrapper implements KeycloakTransaction {
try {
return tm.getStatus() == Status.STATUS_MARKED_ROLLBACK;
} catch (Exception e) {
throw new RuntimeException(e);
handleException(e);
}
return false;
}
@Override
@ -101,8 +134,9 @@ public class JtaTransactionWrapper implements KeycloakTransaction {
try {
return tm.getStatus() == Status.STATUS_ACTIVE;
} catch (Exception e) {
throw new RuntimeException(e);
handleException(e);
}
return false;
}
/*

15
testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageTest.java
View file

@ -24,6 +24,8 @@ import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.common.util.Time;
import org.keycloak.component.ComponentModel;
import org.keycloak.credential.CredentialAuthentication;
import org.keycloak.credential.UserCredentialStoreManager;
import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
@ -137,6 +139,19 @@ public class UserStorageTest {
Thread.sleep(100000000);
}
/**
* KEYCLOAK-4013
*
* @throws Exception
*/
@Test
public void testCast() throws Exception {
KeycloakSession session = keycloakRule.startSession();
List<CredentialAuthentication> list = UserCredentialStoreManager.getCredentialProviders(session, null, CredentialAuthentication.class);
keycloakRule.stopSession(session, true);
}
@Test
public void testDailyEviction() {
Calendar cal = Calendar.getInstance();