Extract attachDevice outside of storage layer

Closes #17336
This commit is contained in:
Michal Hajas 2023-03-02 11:11:13 +01:00 committed by Marek Posolda
parent fb5a7f654b
commit 465019bec4
28 changed files with 112 additions and 79 deletions

View file

@ -213,15 +213,13 @@ public class InfinispanUserSessionProvider implements UserSessionProvider {
return adapter;
}
@Override
public UserSessionModel createUserSession(RealmModel realm, UserModel user, String loginUsername, String ipAddress, String authMethod, boolean rememberMe, String brokerSessionId, String brokerUserId) {
final String userSessionId = keyGenerator.generateKeyString(session, sessionCache);
return createUserSession(userSessionId, realm, user, loginUsername, ipAddress, authMethod, rememberMe, brokerSessionId, brokerUserId, UserSessionModel.SessionPersistenceState.PERSISTENT);
}
@Override
public UserSessionModel createUserSession(String id, RealmModel realm, UserModel user, String loginUsername, String ipAddress,
String authMethod, boolean rememberMe, String brokerSessionId, String brokerUserId, UserSessionModel.SessionPersistenceState persistenceState) {
if (id == null) {
id = keyGenerator.generateKeyString(session, sessionCache);
}
UserSessionEntity entity = new UserSessionEntity();
entity.setId(id);
updateSessionEntity(entity, realm, user, loginUsername, ipAddress, authMethod, rememberMe, brokerSessionId, brokerUserId);
@ -231,11 +229,6 @@ public class InfinispanUserSessionProvider implements UserSessionProvider {
UserSessionAdapter adapter = wrap(realm, entity, false);
adapter.setPersistenceState(persistenceState);
if (adapter != null) {
DeviceActivityManager.attachDevice(adapter, session);
}
return adapter;
}

View file

@ -146,13 +146,6 @@ public class MapUserSessionProvider implements UserSessionProvider {
return userSession.getAuthenticatedClientSessionByClient(client.getId());
}
@Override
public UserSessionModel createUserSession(RealmModel realm, UserModel user, String loginUsername, String ipAddress,
String authMethod, boolean rememberMe, String brokerSessionId, String brokerUserId) {
return createUserSession(null, realm, user, loginUsername, ipAddress, authMethod, rememberMe, brokerSessionId,
brokerUserId, UserSessionModel.SessionPersistenceState.PERSISTENT);
}
@Override
public UserSessionModel createUserSession(String id, RealmModel realm, UserModel user, String loginUsername,
String ipAddress, String authMethod, boolean rememberMe, String brokerSessionId,
@ -178,10 +171,6 @@ public class MapUserSessionProvider implements UserSessionProvider {
setUserSessionExpiration(entity, realm);
UserSessionModel userSession = userEntityToAdapterFunc(realm).apply(entity);
if (userSession != null) {
DeviceActivityManager.attachDevice(userSession, session);
}
return userSession;
}

View file

@ -47,8 +47,29 @@ public interface UserSessionProvider extends Provider {
}
AuthenticatedClientSessionModel getClientSession(UserSessionModel userSession, ClientModel client, String clientSessionId, boolean offline);
UserSessionModel createUserSession(RealmModel realm, UserModel user, String loginUsername, String ipAddress, String authMethod, boolean rememberMe, String brokerSessionId, String brokerUserId);
/**
* @deprecated Use {@link #createUserSession(String, RealmModel, UserModel, String, String, String, boolean, String, String, UserSessionModel.SessionPersistenceState)} instead.
*/
default UserSessionModel createUserSession(RealmModel realm, UserModel user, String loginUsername, String ipAddress, String authMethod, boolean rememberMe, String brokerSessionId, String brokerUserId) {
return createUserSession(null, realm, user, loginUsername, ipAddress, authMethod, rememberMe, brokerSessionId,
brokerUserId, UserSessionModel.SessionPersistenceState.PERSISTENT);
}
/**
* Creates a new user session with the given parameters.
*
* @param id identifier. Is generated if {@code null}
* @param realm the realm
* @param user user associated with the created user session
* @param loginUsername
* @param ipAddress
* @param authMethod
* @param rememberMe
* @param brokerSessionId
* @param brokerUserId
* @param persistenceState
* @return Model of the created user session
*/
UserSessionModel createUserSession(String id, RealmModel realm, UserModel user, String loginUsername, String ipAddress,
String authMethod, boolean rememberMe, String brokerSessionId, String brokerUserId, UserSessionModel.SessionPersistenceState persistenceState);

View file

@ -49,6 +49,7 @@ import org.keycloak.services.ServicesLogger;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.BruteForceProtector;
import org.keycloak.services.managers.ClientSessionCode;
import org.keycloak.services.managers.UserSessionManager;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.resources.LoginActionsService;
import org.keycloak.services.util.CacheControlUtil;
@ -1065,7 +1066,7 @@ public class AuthenticationProcessor {
if (userSession == null) {
UserSessionModel.SessionPersistenceState persistenceState = UserSessionModel.SessionPersistenceState.fromString(authSession.getClientNote(AuthenticationManager.USER_SESSION_PERSISTENT_STATE));
userSession = session.sessions().createUserSession(authSession.getParentSession().getId(), realm, authSession.getAuthenticatedUser(), username, connection.getRemoteAddr(), authSession.getProtocol()
userSession = new UserSessionManager(session).createUserSession(authSession.getParentSession().getId(), realm, authSession.getAuthenticatedUser(), username, connection.getRemoteAddr(), authSession.getProtocol()
, remember, brokerSessionId, brokerUserId, persistenceState);
} else if (userSession.getUser() == null || !AuthenticationManager.isSessionValid(realm, userSession)) {
userSession.restartSession(realm, authSession.getAuthenticatedUser(), username, connection.getRemoteAddr(), authSession.getProtocol()

View file

@ -70,6 +70,7 @@ import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.services.ErrorResponseException;
import org.keycloak.services.Urls;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.UserSessionManager;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.sessions.AuthenticationSessionModel;
@ -263,7 +264,7 @@ public class PolicyEvaluationService {
.createAuthenticationSession(clientModel);
authSession.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
authSession.setAuthenticatedUser(userModel);
userSession = keycloakSession.sessions().createUserSession(authSession.getParentSession().getId(), realm, userModel,
userSession = new UserSessionManager(keycloakSession).createUserSession(authSession.getParentSession().getId(), realm, userModel,
userModel.getUsername(), "127.0.0.1", "passwd", false, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
AuthenticationManager.setClientScopesInSession(authSession);

View file

@ -89,6 +89,7 @@ import org.keycloak.services.ErrorResponseException;
import org.keycloak.services.Urls;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.AuthenticationSessionManager;
import org.keycloak.services.managers.UserSessionManager;
import org.keycloak.services.resources.Cors;
import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.sessions.RootAuthenticationSessionModel;
@ -310,7 +311,7 @@ public class AuthorizationTokenService {
if (accessToken.getSessionState() == null) {
// Create temporary (request-scoped) transient session
UserModel user = TokenManager.lookupUserFromStatelessToken(keycloakSession, realm, accessToken);
userSessionModel = sessions.createUserSession(KeycloakModelUtils.generateId(), realm, user, user.getUsername(), request.getClientConnection().getRemoteAddr(),
userSessionModel = new UserSessionManager(keycloakSession).createUserSession(KeycloakModelUtils.generateId(), realm, user, user.getUsername(), request.getClientConnection().getRemoteAddr(),
ServiceAccountConstants.CLIENT_AUTH, false, null, null, UserSessionModel.SessionPersistenceState.TRANSIENT);
} else {
userSessionModel = lockUserSessionsForModification(keycloakSession, () -> sessions.getUserSession(realm, accessToken.getSessionState()));

View file

@ -60,6 +60,7 @@ import org.keycloak.services.Urls;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.AuthenticationSessionManager;
import org.keycloak.services.managers.BruteForceProtector;
import org.keycloak.services.managers.UserSessionManager;
import org.keycloak.services.resources.Cors;
import org.keycloak.services.resources.IdentityBrokerService;
import org.keycloak.services.resources.admin.AdminAuth;
@ -225,7 +226,7 @@ public class DefaultTokenExchangeProvider implements TokenExchangeProvider {
disallowOnHolderOfTokenMismatch = false;
}
tokenSession = session.sessions().createUserSession(realm, requestedUser, requestedUser.getUsername(), clientConnection.getRemoteAddr(), "impersonate", false, null, null);
tokenSession = new UserSessionManager(session).createUserSession(realm, requestedUser, requestedUser.getUsername(), clientConnection.getRemoteAddr(), "impersonate", false, null, null);
if (tokenUser != null) {
tokenSession.setNote(IMPERSONATOR_ID.toString(), tokenUser.getId());
tokenSession.setNote(IMPERSONATOR_USERNAME.toString(), tokenUser.getUsername());
@ -374,7 +375,7 @@ public class DefaultTokenExchangeProvider implements TokenExchangeProvider {
if (targetUserSession == null) {
// if no session is associated with a subject_token, a stateless session is created to only allow building a token to the audience
targetUserSession = session.sessions().createUserSession(authSession.getParentSession().getId(), realm, targetUser, targetUser.getUsername(),
targetUserSession = new UserSessionManager(session).createUserSession(authSession.getParentSession().getId(), realm, targetUser, targetUser.getUsername(),
clientConnection.getRemoteAddr(), ServiceAccountConstants.CLIENT_AUTH, false, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
}
@ -505,7 +506,7 @@ public class DefaultTokenExchangeProvider implements TokenExchangeProvider {
UserModel user = importUserFromExternalIdentity(context);
UserSessionModel userSession = session.sessions().createUserSession(realm, user, user.getUsername(), clientConnection.getRemoteAddr(), "external-exchange", false, null, null);
UserSessionModel userSession = new UserSessionManager(session).createUserSession(realm, user, user.getUsername(), clientConnection.getRemoteAddr(), "external-exchange", false, null, null);
externalIdp.get().exchangeExternalComplete(userSession, context, formParams);
// this must exist so that we can obtain access token from user session if idp's store tokens is off

View file

@ -90,6 +90,7 @@ import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.AuthenticationSessionManager;
import org.keycloak.services.managers.ClientManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.UserSessionManager;
import org.keycloak.services.resources.Cors;
import org.keycloak.services.util.AuthorizationContextUtil;
import org.keycloak.services.util.DefaultClientSessionContext;
@ -739,7 +740,7 @@ public class TokenEndpoint {
sessionPersistenceState = UserSessionModel.SessionPersistenceState.TRANSIENT;
}
UserSessionModel userSession = session.sessions().createUserSession(authSession.getParentSession().getId(), realm, clientUser, clientUsername,
UserSessionModel userSession = new UserSessionManager(session).createUserSession(authSession.getParentSession().getId(), realm, clientUser, clientUsername,
clientConnection.getRemoteAddr(), ServiceAccountConstants.CLIENT_AUTH, false, null, null, sessionPersistenceState);
event.session(userSession);

View file

@ -59,6 +59,7 @@ import org.keycloak.services.clientpolicy.context.UserInfoRequestContext;
import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.UserSessionCrossDCManager;
import org.keycloak.services.managers.UserSessionManager;
import org.keycloak.services.resources.Cors;
import org.keycloak.services.util.DefaultClientSessionContext;
import org.keycloak.services.util.MtlsHoKTokenUtil;
@ -336,7 +337,7 @@ public class UserInfoEndpoint {
if (user == null) {
throw error.invalidToken("User not found");
}
UserSessionModel userSession = session.sessions().createUserSession(KeycloakModelUtils.generateId(), realm, user, user.getUsername(), clientConnection.getRemoteAddr(),
UserSessionModel userSession = new UserSessionManager(session).createUserSession(KeycloakModelUtils.generateId(), realm, user, user.getUsername(), clientConnection.getRemoteAddr(),
ServiceAccountConstants.CLIENT_AUTH, false, null, null, UserSessionModel.SessionPersistenceState.TRANSIENT);
// attach an auth session for the client
RootAuthenticationSessionModel rootAuthSession = session.authenticationSessions().createRootAuthenticationSession(realm);

View file

@ -18,6 +18,7 @@ package org.keycloak.services.managers;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Time;
import org.keycloak.device.DeviceActivityManager;
import org.keycloak.models.AuthenticatedClientSessionModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionContext;
@ -160,4 +161,23 @@ public class UserSessionManager {
}
kcSession.sessions().removeOfflineUserSession(realm, userSession);
}
public UserSessionModel createUserSession(RealmModel realm, UserModel user, String loginUsername, String ipAddress,
String authMethod, boolean rememberMe, String brokerSessionId, String brokerUserId) {
return createUserSession(null, realm, user, loginUsername, ipAddress, authMethod, rememberMe, brokerSessionId, brokerUserId, UserSessionModel.SessionPersistenceState.PERSISTENT);
}
public UserSessionModel createUserSession(String id, RealmModel realm, UserModel user, String loginUsername, String ipAddress,
String authMethod, boolean rememberMe, String brokerSessionId, String brokerUserId,
UserSessionModel.SessionPersistenceState persistenceState) {
// Create user session in store
UserSessionModel userSession = kcSession.sessions().createUserSession(id, realm, user, loginUsername, ipAddress, authMethod, rememberMe, brokerSessionId, brokerUserId, persistenceState);
// Attach device info into user session notes
if (userSession != null) {
DeviceActivityManager.attachDevice(userSession, kcSession);
}
return userSession;
}
}

View file

@ -53,6 +53,7 @@ import org.keycloak.representations.IDToken;
import org.keycloak.services.Urls;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.AuthenticationSessionManager;
import org.keycloak.services.managers.UserSessionManager;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.sessions.RootAuthenticationSessionModel;
@ -233,7 +234,7 @@ public class ClientScopeEvaluateResource {
authSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName()));
authSession.setClientNote(OIDCLoginProtocol.SCOPE_PARAM, scopeParam);
UserSessionModel userSession = session.sessions().createUserSession(authSession.getParentSession().getId(), realm, user, user.getUsername(),
UserSessionModel userSession = new UserSessionManager(session).createUserSession(authSession.getParentSession().getId(), realm, user, user.getUsername(),
clientConnection.getRemoteAddr(), "example-auth", false, null, null, UserSessionModel.SessionPersistenceState.TRANSIENT);
AuthenticationManager.setClientScopesInSession(authSession);

View file

@ -337,7 +337,7 @@ public class UserResource {
}
EventBuilder event = new EventBuilder(realm, session, clientConnection);
UserSessionModel userSession = session.sessions().createUserSession(realm, user, user.getUsername(), clientConnection.getRemoteAddr(), "impersonate", false, null, null);
UserSessionModel userSession = new UserSessionManager(session).createUserSession(realm, user, user.getUsername(), clientConnection.getRemoteAddr(), "impersonate", false, null, null);
UserModel adminUser = auth.adminAuth().getUser();
String impersonatorId = adminUser.getId();

View file

@ -72,10 +72,10 @@ public class LoginTimeoutValidationTest extends AbstractTestRealmKeycloakTest {
RealmModel realm = keycloakSession.realms().getRealmByName("test");
UserSessionModel userSession =
keycloakSession.sessions().createUserSession(
realm,
null, realm,
keycloakSession.users().getUserByUsername(realm, "user1"),
"user1", "127.0.0.1", "form", true, null, null
);
"user1", "127.0.0.1", "form", true, null, null,
UserSessionModel.SessionPersistenceState.PERSISTENT);
ClientModel client = realm.getClientByClientId("account");
AuthenticationSessionModel authSession = keycloakSession.authenticationSessions().createRootAuthenticationSession(realm)
.createAuthenticationSession(client);

View file

@ -425,7 +425,7 @@ public class OwnerReplacementTest extends AbstractKeycloakTest {
((session, realm1) -> {
UserModel user = session.users().getUserByUsername(realm1, "test-user@localhost");
UserSessionModel userSession = session.sessions().createUserSession(realm1, user, user.getUsername(), "1.2.3.4", "bar", false, null, null);
UserSessionModel userSession = session.sessions().createUserSession(null, realm1, user, user.getUsername(), "1.2.3.4", "bar", false, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
return userSession.getId();
}),

View file

@ -217,7 +217,7 @@ public class UserSessionProviderOfflineTest extends AbstractTestRealmKeycloakTes
fooRealm.addClient("foo-app");
currentSession.users().addUser(fooRealm, "user3");
UserSessionModel userSession = currentSession.sessions().createUserSession(fooRealm, currentSession.users().getUserByUsername(fooRealm, "user3"), "user3", "127.0.0.1", "form", true, null, null);
UserSessionModel userSession = currentSession.sessions().createUserSession(null, fooRealm, currentSession.users().getUserByUsername(fooRealm, "user3"), "user3", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
userSessionID.set(userSession.getId());
createClientSession(currentSession, fooRealm.getClientByClientId("foo-app"), userSession, "http://redirect", "state");
@ -288,7 +288,7 @@ public class UserSessionProviderOfflineTest extends AbstractTestRealmKeycloakTes
fooRealm.addClient("bar-app");
currentSession.users().addUser(fooRealm, "user3");
UserSessionModel userSession = currentSession.sessions().createUserSession(fooRealm, currentSession.users().getUserByUsername(fooRealm, "user3"), "user3", "127.0.0.1", "form", true, null, null);
UserSessionModel userSession = currentSession.sessions().createUserSession(null, fooRealm, currentSession.users().getUserByUsername(fooRealm, "user3"), "user3", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
userSessionID.set(userSession.getId());
createClientSession(currentSession, fooRealm.getClientByClientId("foo-app"), userSession, "http://redirect", "state");
@ -384,7 +384,7 @@ public class UserSessionProviderOfflineTest extends AbstractTestRealmKeycloakTes
fooRealm.addClient("foo-app");
currentSession.users().addUser(fooRealm, "user3");
UserSessionModel userSession = currentSession.sessions().createUserSession(fooRealm, currentSession.users().getUserByUsername(fooRealm, "user3"), "user3", "127.0.0.1", "form", true, null, null);
UserSessionModel userSession = currentSession.sessions().createUserSession(null, fooRealm, currentSession.users().getUserByUsername(fooRealm, "user3"), "user3", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
userSessionID.set(userSession.getId());
createClientSession(currentSession, fooRealm.getClientByClientId("foo-app"), userSession, "http://redirect", "state");
@ -475,7 +475,7 @@ public class UserSessionProviderOfflineTest extends AbstractTestRealmKeycloakTes
private static UserSessionModel[] createSessions(KeycloakSession session) {
UserSessionModel[] sessions = new UserSessionModel[3];
sessions[0] = session.sessions().createUserSession(realm, currentSession.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null);
sessions[0] = session.sessions().createUserSession(null, realm, currentSession.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
Set<String> roles = new HashSet<String>();
roles.add("one");
@ -488,10 +488,10 @@ public class UserSessionProviderOfflineTest extends AbstractTestRealmKeycloakTes
createClientSession(session, realm.getClientByClientId("test-app"), sessions[0], "http://redirect", "state");
createClientSession(session, realm.getClientByClientId("third-party"), sessions[0], "http://redirect", "state");
sessions[1] = session.sessions().createUserSession(realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.2", "form", true, null, null);
sessions[1] = session.sessions().createUserSession(null, realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.2", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
createClientSession(session, realm.getClientByClientId("test-app"), sessions[1], "http://redirect", "state");
sessions[2] = session.sessions().createUserSession(realm, session.users().getUserByUsername(realm, "user2"), "user2", "127.0.0.3", "form", true, null, null);
sessions[2] = session.sessions().createUserSession(null, realm, session.users().getUserByUsername(realm, "user2"), "user2", "127.0.0.3", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
createClientSession(session, realm.getClientByClientId("test-app"), sessions[2], "http://redirect", "state");
return sessions;

View file

@ -373,7 +373,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
// create an user session that is older than the max lifespan timeout.
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> {
Time.setOffset(-(realm.getSsoSessionMaxLifespan() + 1));
UserSessionModel userSession = session1.sessions().createUserSession(realm, session1.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", false, null, null);
UserSessionModel userSession = session1.sessions().createUserSession(null, realm, session1.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", false, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
expiredUserSessions.add(userSession.getId());
AuthenticatedClientSessionModel clientSession = session1.sessions().createClientSession(realm, client, userSession);
assertEquals(userSession, clientSession.getUserSession());
@ -382,7 +382,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
// create an user session whose last refresh exceeds the max session idle timeout.
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> {
Time.setOffset(-(realm.getSsoSessionIdleTimeout() + SessionTimeoutHelper.PERIODIC_CLEANER_IDLE_TIMEOUT_WINDOW_SECONDS + 1));
UserSessionModel s = session1.sessions().createUserSession(realm, session1.users().getUserByUsername(realm, "user2"), "user2", "127.0.0.1", "form", false, null, null);
UserSessionModel s = session1.sessions().createUserSession(null, realm, session1.users().getUserByUsername(realm, "user2"), "user2", "127.0.0.1", "form", false, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
// no need to explicitly set the last refresh time - it is the same as the creation time.
expiredUserSessions.add(s.getId());
});
@ -390,7 +390,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
// create an user session and associated client session that conforms to the max lifespan and max idle timeouts.
Time.setOffset(0);
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> {
UserSessionModel userSession = session1.sessions().createUserSession(realm, session1.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", false, null, null);
UserSessionModel userSession = session1.sessions().createUserSession(null, realm, session1.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", false, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
validUserSessions.add(userSession.getId());
validClientSessions.add(session1.sessions().createClientSession(realm, client, userSession).getId());
});
@ -481,7 +481,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
RealmModel realm = kcSession.realms().getRealmByName("test");
Time.setOffset(-(realm.getSsoSessionMaxLifespan() * 2));
UserSessionModel userSession = kcSession.sessions().createUserSession(realm, kcSession.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null);
UserSessionModel userSession = kcSession.sessions().createUserSession(null, realm, kcSession.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
AuthenticatedClientSessionModel clientSession = kcSession.sessions().createClientSession(realm, client, userSession);
assertEquals(userSession, clientSession.getUserSession());
Time.setOffset(-(realm.getSsoSessionIdleTimeout() * 2));
@ -495,7 +495,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
RealmModel realm = kcSession.realms().getRealmByName("test");
Time.setOffset(-(realm.getSsoSessionMaxLifespanRememberMe() + 1));
UserSessionModel userSession = kcSession.sessions().createUserSession(realm, kcSession.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null);
UserSessionModel userSession = kcSession.sessions().createUserSession(null, realm, kcSession.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
expiredUserSessions.add(userSession.getId());
});
@ -503,7 +503,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
RealmModel realm = kcSession.realms().getRealmByName("test");
Time.setOffset(-(realm.getSsoSessionIdleTimeoutRememberMe() + SessionTimeoutHelper.PERIODIC_CLEANER_IDLE_TIMEOUT_WINDOW_SECONDS + 1));
UserSessionModel userSession = kcSession.sessions().createUserSession(realm, kcSession.users().getUserByUsername(realm, "user2"), "user2", "127.0.0.1", "form", true, null, null);
UserSessionModel userSession = kcSession.sessions().createUserSession(null, realm, kcSession.users().getUserByUsername(realm, "user2"), "user2", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
// no need to explicitly set the last refresh time - it is the same as the creation time.
expiredUserSessions.add(userSession.getId());
});
@ -582,7 +582,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
try {
for (int i = 0; i < 25; i++) {
Time.setOffset(i);
UserSessionModel userSession = kcSession.sessions().createUserSession(realm, kcSession.users().getUserByUsername(realm, "user1"), "user1", "127.0.0." + i, "form", false, null, null);
UserSessionModel userSession = kcSession.sessions().createUserSession(null, realm, kcSession.users().getUserByUsername(realm, "user1"), "user1", "127.0.0." + i, "form", false, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
AuthenticatedClientSessionModel clientSession = kcSession.sessions().createClientSession(realm, realm.getClientByClientId("test-app"), userSession);
assertNotNull(clientSession);
clientSession.setRedirectUri("http://redirect");
@ -609,7 +609,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
public void testCreateAndGetInSameTransaction(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("test");
ClientModel client = realm.getClientByClientId("test-app");
UserSessionModel userSession = session.sessions().createUserSession(realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.2", "form", true, null, null);
UserSessionModel userSession = session.sessions().createUserSession(null, realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.2", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
AuthenticatedClientSessionModel clientSession = createClientSession(session, client, userSession, "http://redirect", "state");
UserSessionModel userSessionLoaded = session.sessions().getUserSession(realm, userSession.getId());
@ -627,7 +627,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
RealmModel realm = session.realms().getRealmByName("test");
realm.setSsoSessionIdleTimeout(1800);
realm.setSsoSessionMaxLifespan(36000);
UserSessionModel userSession = session.sessions().createUserSession(realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.2", "form", true, null, null);
UserSessionModel userSession = session.sessions().createUserSession(null, realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.2", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
ClientModel client1 = realm.getClientByClientId("test-app");
ClientModel client2 = realm.getClientByClientId("third-party");
@ -803,15 +803,15 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession kcSession) -> {
RealmModel realm = kcSession.realms().getRealmByName("test");
sessions[0] = kcSession.sessions().createUserSession(realm, kcSession.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null);
sessions[0] = kcSession.sessions().createUserSession(null, realm, kcSession.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
createClientSession(kcSession, realm.getClientByClientId("test-app"), sessions[0], "http://redirect", "state");
createClientSession(kcSession, realm.getClientByClientId("third-party"), sessions[0], "http://redirect", "state");
sessions[1] = kcSession.sessions().createUserSession(realm, kcSession.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.2", "form", true, null, null);
sessions[1] = kcSession.sessions().createUserSession(null, realm, kcSession.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.2", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
createClientSession(kcSession, realm.getClientByClientId("test-app"), sessions[1], "http://redirect", "state");
sessions[2] = kcSession.sessions().createUserSession(realm, kcSession.users().getUserByUsername(realm, "user2"), "user2", "127.0.0.3", "form", true, null, null);
sessions[2] = kcSession.sessions().createUserSession(null, realm, kcSession.users().getUserByUsername(realm, "user2"), "user2", "127.0.0.3", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
createClientSession(kcSession, realm.getClientByClientId("test-app"), sessions[2], "http://redirect", "state");
});

View file

@ -73,10 +73,10 @@ public class SessionTimeoutValidationTest extends AbstractTestRealmKeycloakTest
int ssoSessionMaxLifespanOrig = realm.getSsoSessionMaxLifespan();
UserSessionModel userSessionModel =
session.sessions().createUserSession(
realm,
null, realm,
session.users().getUserByUsername(realm, "user1"),
"user1", "127.0.0.1", "form", true, null, null
);
"user1", "127.0.0.1", "form", true, null, null,
UserSessionModel.SessionPersistenceState.PERSISTENT);
realm.setSsoSessionIdleTimeout(Integer.MAX_VALUE);
Assert.assertTrue("Session validataion with large SsoSessionIdleTimeout failed",

View file

@ -254,7 +254,6 @@ public abstract class KeycloakModelTest {
.add(UserSessionSpi.class)
.add(UserSpi.class)
.add(DatastoreSpi.class)
.add(DeviceRepresentationSpi.class)
.build();
private static final Set<Class<? extends ProviderFactory>> ALLOWED_FACTORIES = ImmutableSet.<Class<? extends ProviderFactory>>builder()
@ -264,7 +263,6 @@ public abstract class KeycloakModelTest {
.add(DefaultExecutorsProviderFactory.class)
.add(DeploymentStateProviderFactory.class)
.add(DatastoreProviderFactory.class)
.add(DeviceRepresentationProviderFactoryImpl.class)
.build();
protected static final List<KeycloakModelParameters> MODEL_PARAMETERS;

View file

@ -125,7 +125,7 @@ public class HotRodUserSessionClientSessionRelationshipTest extends KeycloakMode
private void prepareSessions(AtomicReference<String> uSessionId, AtomicReference<String> cSessionId) {
withRealm(realmId, (session, realm) -> {
UserSessionModel uSession = session.sessions().createUserSession(realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null);
UserSessionModel uSession = session.sessions().createUserSession(null, realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
ClientModel client = realm.getClientByClientId(CLIENT0_CLIENT_ID);
AuthenticatedClientSessionModel cSession = session.sessions().createClientSession(realm, client, uSession);

View file

@ -419,7 +419,7 @@ public class OfflineSessionPersistenceTest extends KeycloakModelTest {
private UserSessionModel createOfflineSession(KeycloakSession session, RealmModel realm, String userId, int sessionIndex) {
final UserModel user = session.users().getUserById(realm, userId);
UserSessionModel us = session.sessions().createUserSession(realm, user, "un" + sessionIndex, "ip1", "auth", false, null, null);
UserSessionModel us = session.sessions().createUserSession(null, realm, user, "un" + sessionIndex, "ip1", "auth", false, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
return session.sessions().createOfflineUserSession(us);
}

View file

@ -99,7 +99,7 @@ public class UserSessionConcurrencyTest extends KeycloakModelTest {
(evMapStorageProvider == null || FileMapStorageProviderFactory.PROVIDER_ID.equals(evMapStorageProvider)));
// Create user session
String uId = withRealm(this.realmId, (session, realm) -> session.sessions().createUserSession(realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null)).getId();
String uId = withRealm(this.realmId, (session, realm) -> session.sessions().createUserSession(null, realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT)).getId();
// Create/Update client session's notes concurrently
CountDownLatch cdl = new CountDownLatch(200 * CLIENTS_COUNT);

View file

@ -22,6 +22,7 @@ import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RealmProvider;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.UserSessionProvider;
import org.keycloak.models.map.userSession.MapUserSessionProviderFactory;
import org.keycloak.testsuite.model.KeycloakModelTest;
@ -62,7 +63,7 @@ public class UserSessionExpirationTest extends KeycloakModelTest {
return null;
});
String uSId= withRealm(realmId, (session, realm) -> session.sessions().createUserSession(realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null).getId());
String uSId= withRealm(realmId, (session, realm) -> session.sessions().createUserSession(null, realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT).getId());
assertThat(withRealm(realmId, (session, realm) -> session.sessions().getUserSession(realm, uSId)), notNullValue());

View file

@ -38,7 +38,6 @@ import org.keycloak.models.sessions.infinispan.InfinispanUserSessionProviderFact
import java.util.LinkedList;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicReference;
import java.util.stream.Collectors;
@ -172,7 +171,7 @@ public class UserSessionInitializerTest extends KeycloakModelTest {
// create a user session in the first node
UserSessionModel userSessionModel = withRealm(realmId, (session, realm) -> {
final UserModel user = session.users().getUserByUsername(realm, "user1");
return session.sessions().createUserSession(realm, user, "un1", "ip1", "auth", false, null, null);
return session.sessions().createUserSession(null, realm, user, "un1", "ip1", "auth", false, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
});
userSessionId.set(userSessionModel.getId());
} else {

View file

@ -259,7 +259,7 @@ public class UserSessionPersisterProviderTest extends KeycloakModelTest {
fooRealm.addClient("foo-app");
session.users().addUser(fooRealm, "user3");
UserSessionModel userSession = session.sessions().createUserSession(fooRealm, session.users().getUserByUsername(fooRealm, "user3"), "user3", "127.0.0.1", "form", true, null, null);
UserSessionModel userSession = session.sessions().createUserSession(null, fooRealm, session.users().getUserByUsername(fooRealm, "user3"), "user3", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
userSessionID.set(userSession.getId());
createClientSession(session, realmId, fooRealm.getClientByClientId("foo-app"), userSession, "http://redirect", "state");
@ -300,7 +300,7 @@ public class UserSessionPersisterProviderTest extends KeycloakModelTest {
fooRealm.addClient("bar-app");
session.users().addUser(fooRealm, "user3");
UserSessionModel userSession = session.sessions().createUserSession(fooRealm, session.users().getUserByUsername(fooRealm, "user3"), "user3", "127.0.0.1", "form", true, null, null);
UserSessionModel userSession = session.sessions().createUserSession(null, fooRealm, session.users().getUserByUsername(fooRealm, "user3"), "user3", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
userSessionID.set(userSession.getId());
createClientSession(session, realmId, fooRealm.getClientByClientId("foo-app"), userSession, "http://redirect", "state");
@ -434,7 +434,7 @@ public class UserSessionPersisterProviderTest extends KeycloakModelTest {
// Having different offsets for each session (to ensure that lastSessionRefresh is also different)
setTimeOffset(i);
UserSessionModel userSession = session.sessions().createUserSession(realm, user, "user1", "127.0.0.1", "form", true, null, null);
UserSessionModel userSession = session.sessions().createUserSession(null, realm, user, "user1", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
createClientSession(session, realmId, realm.getClientByClientId("test-app"), userSession, "http://redirect", "state");
userSessionsInner.add(userSession.getId());
}
@ -528,7 +528,7 @@ public class UserSessionPersisterProviderTest extends KeycloakModelTest {
// Create session in infinispan
RealmModel realm = session.realms().getRealm(realmId);
UserSessionModel userSession = session.sessions().createUserSession(realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null);
UserSessionModel userSession = session.sessions().createUserSession(null, realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
createClientSession(session, realmId, realm.getClientByClientId("test-app"), userSession, "http://redirect", "state");
createClientSession(session, realmId, realm.getClientByClientId("external-storage-client"), userSession, "http://redirect", "state");
@ -587,15 +587,15 @@ public class UserSessionPersisterProviderTest extends KeycloakModelTest {
protected static UserSessionModel[] createSessions(KeycloakSession session, String realmId) {
RealmModel realm = session.realms().getRealm(realmId);
UserSessionModel[] sessions = new UserSessionModel[3];
sessions[0] = session.sessions().createUserSession(realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null);
sessions[0] = session.sessions().createUserSession(null, realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
createClientSession(session, realmId, realm.getClientByClientId("test-app"), sessions[0], "http://redirect", "state");
createClientSession(session, realmId, realm.getClientByClientId("third-party"), sessions[0], "http://redirect", "state");
sessions[1] = session.sessions().createUserSession(realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.2", "form", true, null, null);
sessions[1] = session.sessions().createUserSession(null, realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.2", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
createClientSession(session, realmId, realm.getClientByClientId("test-app"), sessions[1], "http://redirect", "state");
sessions[2] = session.sessions().createUserSession(realm, session.users().getUserByUsername(realm, "user2"), "user2", "127.0.0.3", "form", true, null, null);
sessions[2] = session.sessions().createUserSession(null, realm, session.users().getUserByUsername(realm, "user2"), "user2", "127.0.0.3", "form", true, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
createClientSession(session, realmId, realm.getClientByClientId("test-app"), sessions[2], "http://redirect", "state");
return sessions;

View file

@ -301,7 +301,7 @@ public class UserSessionProviderModelTest extends KeycloakModelTest {
inIndependentFactories(4, 30, () -> {
withRealm(realmId, (session, realm) -> {
UserModel user = session.users().getUserByUsername(realm, "user1");
UserSessionModel userSession = session.sessions().createUserSession(realm, user, "user1", "", "", false, null, null);
UserSessionModel userSession = session.sessions().createUserSession(null, realm, user, "user1", "", "", false, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
userSessionIds.add(userSession.getId());
latch.countDown();

View file

@ -288,7 +288,7 @@ public class UserSessionProviderOfflineModelTest extends KeycloakModelTest {
Assert.assertEquals(0, persister.getUserSessionsCount(true));
// create two offline user sessions
UserSessionModel userSession = session.sessions().createUserSession(realm, session.users().getUserByUsername(realm, "user1"), "user1", "ip1", null, false, null, null);
UserSessionModel userSession = session.sessions().createUserSession(null, realm, session.users().getUserByUsername(realm, "user1"), "user1", "ip1", null, false, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT);
session.sessions().createOfflineUserSession(userSession);
session.sessions().createOfflineUserSession(origSessions[0]);
@ -392,7 +392,7 @@ public class UserSessionProviderOfflineModelTest extends KeycloakModelTest {
ClientModel thirdPartyClient = realm.getClientByClientId("third-party");
IntStream.range(0, sessionsPerUser)
.mapToObj(index -> session.sessions().createUserSession(realm, user, username + index, "ip" + index, "auth", false, null, null))
.mapToObj(index -> session.sessions().createUserSession(null, realm, user, username + index, "ip" + index, "auth", false, null, null, UserSessionModel.SessionPersistenceState.PERSISTENT))
.forEach(userSession -> {
AuthenticatedClientSessionModel testAppClientSession = session.sessions().createClientSession(realm, testAppClient, userSession);
AuthenticatedClientSessionModel thirdPartyClientSession = session.sessions().createClientSession(realm, thirdPartyClient, userSession);

View file

@ -31,6 +31,8 @@ import org.keycloak.models.sessions.infinispan.changes.SessionEntityWrapper;
import org.keycloak.models.sessions.infinispan.entities.SessionEntity;
import org.keycloak.models.sessions.infinispan.entities.UserSessionEntity;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.services.managers.UserSessionManager;
import java.util.Arrays;
import java.util.Set;
import java.util.TreeSet;
@ -337,8 +339,9 @@ public abstract class AbstractSessionCacheCommand extends AbstractCommand {
ClientModel client = realm.getClientByClientId(clientId);
UserModel user = batchSession.users().getUserByUsername(realm, username);
UserSessionManager userSessionManager = new UserSessionManager(session);
for (int i=0 ; i<countInIteration ; i++) {
UserSessionModel userSession = session.sessions().createUserSession(realm, user, username, "127.0.0.1", "form", false, null, null);
UserSessionModel userSession = userSessionManager.createUserSession(realm, user, username, "127.0.0.1", "form", false, null, null);
session.sessions().createClientSession(userSession.getRealm(), client, userSession);
}

View file

@ -30,6 +30,7 @@ import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.session.UserSessionPersisterProvider;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.services.managers.UserSessionManager;
/**
@ -81,6 +82,7 @@ public class PersistSessionsCommand extends AbstractCommand {
ClientModel testApp = realm.getClientByClientId("security-admin-console");
UserSessionPersisterProvider persister = session.getProvider(UserSessionPersisterProvider.class);
UserSessionManager userSessionManager = new UserSessionManager(session);
for (int i = 0; i < countInThisBatch; i++) {
String username = "john-" + userCounter.incrementAndGet();
@ -89,7 +91,7 @@ public class PersistSessionsCommand extends AbstractCommand {
john = session.users().addUser(realm, username);
}
UserSessionModel userSession = session.sessions().createUserSession(realm, john, username, "127.0.0.2", "form", true, null, null);
UserSessionModel userSession = userSessionManager.createUserSession(realm, john, username, "127.0.0.2", "form", true, null, null);
AuthenticatedClientSessionModel clientSession = session.sessions().createClientSession(realm, testApp, userSession);
clientSession.setRedirectUri("http://redirect");
clientSession.setNote("foo", "bar-" + i);