diff --git a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java index 6c39849fe9..7f3b9f9541 100644 --- a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java +++ b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java @@ -244,7 +244,7 @@ public class KerberosFederationProvider implements UserFederationProvider { // Just guessing email from kerberos realm String email = username + "@" + kerberosConfig.getKerberosRealm().toLowerCase(); - logger.info("Creating kerberos user: " + username + ", email: " + email + " to local Keycloak storage"); + logger.debugf("Creating kerberos user: %s, email: %s to local Keycloak storage", username, email); UserModel user = session.userStorage().addUser(realm, username); user.setEnabled(true); user.setEmail(email); diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/RoleLDAPFederationMapper.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/RoleLDAPFederationMapper.java index e29ab6f9a0..09375fc888 100644 --- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/RoleLDAPFederationMapper.java +++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/RoleLDAPFederationMapper.java @@ -106,7 +106,7 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper { String roleName = ldapRole.getAttributeAsString(rolesRdnAttr); if (roleContainer.getRole(roleName) == null) { - logger.infof("Syncing role [%s] from LDAP to keycloak DB", roleName); + logger.debugf("Syncing role [%s] from LDAP to keycloak DB", roleName); roleContainer.addRole(roleName); } } @@ -208,7 +208,7 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper { roleDn.addFirst(roleNameAttribute, roleName); ldapObject.setDn(roleDn); - logger.infof("Creating role [%s] to LDAP with DN [%s]", roleName, roleDn.toString()); + logger.debugf("Creating role [%s] to LDAP with DN [%s]", roleName, roleDn.toString()); ldapProvider.getLdapIdentityStore().add(ldapObject); return ldapObject; } diff --git a/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_6_0.java b/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_6_0.java index e2db902c7e..ecb5482e41 100644 --- a/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_6_0.java +++ b/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_6_0.java @@ -4,9 +4,11 @@ import java.util.List; import org.keycloak.migration.ModelVersion; import org.keycloak.models.ClientModel; +import org.keycloak.models.Constants; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.RoleModel; +import org.keycloak.models.UserModel; import org.keycloak.models.utils.KeycloakModelUtils; /** @@ -19,17 +21,24 @@ public class MigrateTo1_6_0 { public void migrate(KeycloakSession session) { List realms = session.realms().getRealms(); for (RealmModel realm : realms) { + if (realm.getRole(Constants.OFFLINE_ACCESS_ROLE) == null) { + for (RoleModel realmRole : realm.getRoles()) { + realmRole.setScopeParamRequired(false); + } + for (ClientModel client : realm.getClients()) { + for (RoleModel clientRole : client.getRoles()) { + clientRole.setScopeParamRequired(false); + } + } - for (RoleModel realmRole : realm.getRoles()) { - realmRole.setScopeParamRequired(false); - } - for (ClientModel client : realm.getClients()) { - for (RoleModel clientRole : client.getRoles()) { - clientRole.setScopeParamRequired(false); + KeycloakModelUtils.setupOfflineTokens(realm); + RoleModel role = realm.getRole(Constants.OFFLINE_ACCESS_ROLE); + + // Check if possible to avoid iterating over users + for (UserModel user : session.userStorage().getUsers(realm, true)) { + user.grantRole(role); } } - - KeycloakModelUtils.setupOfflineTokens(realm); } } diff --git a/model/api/src/main/java/org/keycloak/models/UserFederationManager.java b/model/api/src/main/java/org/keycloak/models/UserFederationManager.java index 05003080cc..b5020844f3 100755 --- a/model/api/src/main/java/org/keycloak/models/UserFederationManager.java +++ b/model/api/src/main/java/org/keycloak/models/UserFederationManager.java @@ -111,7 +111,7 @@ public class UserFederationManager implements UserProvider { if (realmModel == null) return; UserModel deletedUser = tx.userStorage().getUserById(user.getId(), realmModel); tx.userStorage().removeUser(realmModel, deletedUser); - logger.infof("Removed invalid user '%s'", user.getUsername()); + logger.debugf("Removed invalid user '%s'", user.getUsername()); tx.getTransaction().commit(); } finally { tx.close(); diff --git a/pom.xml b/pom.xml index 906de7e967..916454b21b 100755 --- a/pom.xml +++ b/pom.xml @@ -68,7 +68,7 @@ 20140925 1.4.5 6.0.2.Final - 3.3.5 + 3.4.1 9.1.0.v20131115 4.2.0 3.1.2 diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java index 00970e2e1f..d836abd930 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java @@ -399,7 +399,7 @@ public class TokenEndpoint { if (clientUser == null || client.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, ServiceAccountConstants.CLIENT_ID_PROTOCOL_MAPPER) == null) { // May need to handle bootstrap here as well - logger.infof("Service account user for client '%s' not found or default protocol mapper for service account not found. Creating now", client.getClientId()); + logger.debugf("Service account user for client '%s' not found or default protocol mapper for service account not found. Creating now", client.getClientId()); new ClientManager(new RealmManager(session)).enableServiceAccount(client); clientUser = session.users().getUserByServiceAccountClient(client); } diff --git a/services/src/main/java/org/keycloak/services/managers/ClientManager.java b/services/src/main/java/org/keycloak/services/managers/ClientManager.java index fa715576c4..afe2bdd740 100755 --- a/services/src/main/java/org/keycloak/services/managers/ClientManager.java +++ b/services/src/main/java/org/keycloak/services/managers/ClientManager.java @@ -103,7 +103,7 @@ public class ClientManager { // Add dedicated user for this service account if (realmManager.getSession().users().getUserByServiceAccountClient(client) == null) { String username = ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + client.getClientId(); - logger.infof("Creating service account user '%s'", username); + logger.debugf("Creating service account user '%s'", username); // Don't use federation for service account user UserModel user = realmManager.getSession().userStorage().addUser(client.getRealm(), username); diff --git a/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java b/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java index d2014d5215..fd8b4c30ff 100755 --- a/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java +++ b/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java @@ -280,7 +280,7 @@ public class ResourceAdminManager { protected boolean sendPushRevocationPolicyRequest(RealmModel realm, ClientModel resource, int notBefore, String managementUrl) { PushNotBeforeAction adminAction = new PushNotBeforeAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, resource.getClientId(), notBefore); String token = new TokenManager().encodeToken(realm, adminAction); - logger.infov("pushRevocation resource: {0} url: {1}", resource.getClientId(), managementUrl); + logger.debugv("pushRevocation resource: {0} url: {1}", resource.getClientId(), managementUrl); URI target = UriBuilder.fromUri(managementUrl).path(AdapterConstants.K_PUSH_NOT_BEFORE).build(); try { int status = session.getProvider(HttpClientProvider.class).postText(target.toString(), token);