libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

KEYCLOAK-13303 NPE importing realm if authenticatorConfig has null alias

Browse source
This commit is contained in:
vramik 2020-04-02 14:31:24 +02:00 committed by Stian Thorgersen
parent 1f02f87a6e
commit 2b3810606e
3 changed files with 72 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
server-spi-private/src/main/java/org/keycloak/migration/MigrationModelManager.java
View file

@ -49,6 +49,7 @@ import org.keycloak.migration.migrators.MigrateTo6_0_0;
import org.keycloak.migration.migrators.MigrateTo8_0_0;
import org.keycloak.migration.migrators.MigrateTo8_0_2;
import org.keycloak.migration.migrators.MigrateTo9_0_0;
import org.keycloak.migration.migrators.MigrateTo9_0_4;
import org.keycloak.migration.migrators.Migration;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
@ -88,7 +89,8 @@ public class MigrationModelManager {
new MigrateTo6_0_0(),
new MigrateTo8_0_0(),
new MigrateTo8_0_2(),
new MigrateTo9_0_0()
new MigrateTo9_0_0(),
new MigrateTo9_0_4()
};
public static void migrate(KeycloakSession session) {

64
server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo9_0_4.java Normal file
View file

@ -0,0 +1,64 @@
/*
* Copyright 2020 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.migration.migrators;
import java.util.UUID;
import org.jboss.logging.Logger;
import org.keycloak.migration.ModelVersion;
import org.keycloak.models.AuthenticatorConfigModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.RealmRepresentation;
public class MigrateTo9_0_4 implements Migration {
public static final ModelVersion VERSION = new ModelVersion("9.0.4");
private static final Logger LOG = Logger.getLogger(MigrateTo9_0_4.class);
@Override
public ModelVersion getVersion() {
return VERSION;
}
@Override
public void migrate(KeycloakSession session) {
session.realms().getRealms().stream().forEach(this::checkAuthConfigNullAlias);
}
@Override
public void migrateImport(KeycloakSession session, RealmModel realm, RealmRepresentation rep, boolean skipUserDependent) {
}
protected void checkAuthConfigNullAlias(RealmModel realm) {
realm.getAuthenticatorConfigs().stream()
.filter(this::hasNullAlias)
.forEach((config) -> this.setRandomAlias(realm, config));
}
private boolean hasNullAlias(AuthenticatorConfigModel config) {
return config.getAlias() == null;
}
private void setRandomAlias(RealmModel realm, AuthenticatorConfigModel config) {
config.setAlias(UUID.randomUUID().toString());
realm.updateAuthenticatorConfig(config);
LOG.debugf("Generated random alias for authenticator config with id %s.", config.getId());
}
}

5
server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
View file

@ -714,6 +714,11 @@ public class RepresentationToModel {
DefaultAuthenticationFlows.migrateFlows(newRealm);
} else {
for (AuthenticatorConfigRepresentation configRep : rep.getAuthenticatorConfig()) {
if (configRep.getAlias() == null) {
// this can happen only during import json files from keycloak 3.4.0 and older
throw new IllegalStateException("Provided realm contains authenticator config with null alias. "
+ "It should be resolved by adding alias to the authenticator config before exporting the realm.");
}
AuthenticatorConfigModel model = toModel(configRep);
newRealm.addAuthenticatorConfig(model);
}