libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Use new findGroupByPath implementation and remove the old one

Browse source 
Closes #23344

Signed-off-by: Michal Hajas <mhajas@redhat.com>
This commit is contained in:
Michal Hajas 2023-09-21 10:32:00 +02:00 committed by Alexander Schwartz
parent dc1f138453
commit 496c5ad989
24 changed files with 173 additions and 206 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/HardcodedLDAPGroupStorageMapper.java
View file

@ -97,7 +97,7 @@ public class HardcodedLDAPGroupStorageMapper extends AbstractLDAPStorageMapper {
private GroupModel getGroup(RealmModel realm) {
String groupName = mapperModel.getConfig().getFirst(HardcodedLDAPGroupStorageMapper.GROUP);
GroupModel group = KeycloakModelUtils.findGroupByPath(realm, groupName);
GroupModel group = KeycloakModelUtils.findGroupByPath(session, realm, groupName);
if (group == null) {
logger.warnf("Hardcoded group '%s' configured in mapper '%s' is not available anymore");
}

2
federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/HardcodedLDAPGroupStorageMapperFactory.java
View file

@ -66,7 +66,7 @@ public class HardcodedLDAPGroupStorageMapperFactory extends AbstractLDAPStorageM
if (groupName == null) {
throw new ComponentValidationException("Group can't be null");
}
GroupModel group = KeycloakModelUtils.findGroupByPath(realm, groupName);
GroupModel group = KeycloakModelUtils.findGroupByPath(session, realm, groupName);
if (group == null) {
throw new ComponentValidationException("There is no group corresponding to configured value");
}

2
federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/group/GroupLDAPStorageMapper.java
View file

@ -790,7 +790,7 @@ public class GroupLDAPStorageMapper extends AbstractLDAPStorageMapper implements
* Provides KC group defined as groups path or null (top-level group) if corresponding group is not available.
*/
protected GroupModel getKcGroupsPathGroup(RealmModel realm) {
return config.isTopLevelGroupsPath() ? null : KeycloakModelUtils.findGroupByPath(session.groups(), realm, config.getGroupsPath());
return config.isTopLevelGroupsPath() ? null : KeycloakModelUtils.findGroupByPath(session, realm, config.getGroupsPath());
}
/**

2
federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/group/GroupLDAPStorageMapperFactory.java
View file

@ -304,7 +304,7 @@ public class GroupLDAPStorageMapperFactory extends AbstractLDAPStorageMapperFact
LDAPUtils.validateCustomLdapFilter(config.getConfig().getFirst(GroupMapperConfig.GROUPS_LDAP_FILTER));
String group = new GroupMapperConfig(config).getGroupsPath();
if (!GroupMapperConfig.DEFAULT_LDAP_GROUPS_PATH.equals(group) && KeycloakModelUtils.findGroupByPath(session.groups(), realm, group) == null) {
if (!GroupMapperConfig.DEFAULT_LDAP_GROUPS_PATH.equals(group) && KeycloakModelUtils.findGroupByPath(session, realm, group) == null) {
throw new ComponentValidationException("ldapErrorMissingGroupsPathGroup");
}
}

2
federation/sssd/src/main/java/org/keycloak/federation/sssd/SSSDFederationProvider.java
View file

@ -125,7 +125,7 @@ public class SSSDFederationProvider implements UserStorageProvider,
user.setFirstName(sssdUser.getFirstName());
user.setLastName(sssdUser.getLastName());
for (String s : sssd.getGroups()) {
GroupModel group = KeycloakModelUtils.findGroupByPath(realm, "/" + s);
GroupModel group = KeycloakModelUtils.findGroupByPath(session, realm, "/" + s);
if (group == null) {
group = session.groups().createGroup(realm, s);
}

6
model/legacy-private/src/main/java/org/keycloak/storage/datastore/LegacyExportImportManager.java
View file

@ -410,7 +410,7 @@ public class LegacyExportImportManager implements ExportImportManager {
importGroups(newRealm, rep);
if (rep.getDefaultGroups() != null) {
for (String path : rep.getDefaultGroups()) {
GroupModel found = KeycloakModelUtils.findGroupByPath(newRealm, path);
GroupModel found = KeycloakModelUtils.findGroupByPath(session, newRealm, path);
if (found == null) throw new RuntimeException("default group in realm rep doesn't exist: " + path);
newRealm.addDefaultGroup(found);
}
@ -914,7 +914,7 @@ public class LegacyExportImportManager implements ExportImportManager {
}
user.setServiceAccountClientLink(client.getId());
}
createGroups(userRep, newRealm, user);
createGroups(session, userRep, newRealm, user);
return user;
}
@ -1486,7 +1486,7 @@ public class LegacyExportImportManager implements ExportImportManager {
if (userRep.getGroups() != null) {
for (String path : userRep.getGroups()) {
GroupModel group = KeycloakModelUtils.findGroupByPath(newRealm, path);
GroupModel group = KeycloakModelUtils.findGroupByPath(session, newRealm, path);
if (group == null) {
throw new RuntimeException("Unable to find group specified by path: " + path);

4
model/map/src/main/java/org/keycloak/models/map/datastore/MapExportImportManager.java
View file

@ -415,7 +415,7 @@ public class MapExportImportManager implements ExportImportManager {
importGroups(newRealm, rep);
if (rep.getDefaultGroups() != null) {
for (String path : rep.getDefaultGroups()) {
GroupModel found = KeycloakModelUtils.findGroupByPath(newRealm, path);
GroupModel found = KeycloakModelUtils.findGroupByPath(session, newRealm, path);
if (found == null) throw new RuntimeException("default group in realm rep doesn't exist: " + path);
newRealm.addDefaultGroup(found);
}
@ -1204,7 +1204,7 @@ public class MapExportImportManager implements ExportImportManager {
}
user.setServiceAccountClientLink(client.getId());
}
createGroups(userRep, newRealm, user);
createGroups(session, userRep, newRealm, user);
return user;
}

4
server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultEvaluation.java
View file

@ -150,7 +150,7 @@ public class DefaultEvaluation implements Evaluation {
}
RealmModel realm = session.getContext().getRealm();
GroupModel group = KeycloakModelUtils.findGroupByPath(realm, groupId);
GroupModel group = KeycloakModelUtils.findGroupByPath(session, realm, groupId);
if (Objects.isNull(group)) {
return false;
@ -226,7 +226,7 @@ public class DefaultEvaluation implements Evaluation {
public boolean isGroupInRole(String id, String role) {
KeycloakSession session = authorizationProvider.getKeycloakSession();
RealmModel realm = session.getContext().getRealm();
GroupModel group = KeycloakModelUtils.findGroupByPath(realm, id);
GroupModel group = KeycloakModelUtils.findGroupByPath(session, realm, id);
return RoleUtils.hasRoleFromGroup(group, realm.getRole(role), false);
}

52
server-spi-private/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java
View file

@ -764,7 +764,18 @@ public final class KeycloakModelUtils {
return segments;
}
public static GroupModel findGroupByPath(GroupProvider groupProvider, RealmModel realm, String path) {
/**
* Finds group by path. Path is separated by '/' character. For example: /group/subgroup/subsubgroup
* <p />
* The method takes into consideration also groups with '/' in their name. For example: /group/sub/group/subgroup
*
* @param session Keycloak session
* @param realm The realm
* @param path Path that will be searched among groups
*
* @return {@code GroupModel} corresponding to the given {@code path} or {@code null} if no group was found
*/
public static GroupModel findGroupByPath(KeycloakSession session, RealmModel realm, String path) {
if (path == null) {
return null;
}
@ -776,7 +787,7 @@ public final class KeycloakModelUtils {
}
String[] split = path.split(GROUP_PATH_SEPARATOR);
if (split.length == 0) return null;
return getGroupModel(groupProvider, realm, null, split, 0);
return getGroupModel(session.groups(), realm, null, split, 0);
}
private static GroupModel getGroupModel(GroupProvider groupProvider, RealmModel realm, GroupModel parent, String[] split, int index) {
@ -796,43 +807,6 @@ public final class KeycloakModelUtils {
return null;
}
/**
*
* @deprecated please use {@link #findGroupByPath(GroupProvider, RealmModel, String)} instead
*/
@Deprecated
public static GroupModel findGroupByPath(RealmModel realm, String path) {
if (path == null) {
return null;
}
if (path.startsWith(GROUP_PATH_SEPARATOR)) {
path = path.substring(1);
}
if (path.endsWith(GROUP_PATH_SEPARATOR)) {
path = path.substring(0, path.length() - 1);
}
String[] split = path.split(GROUP_PATH_SEPARATOR);
if (split.length == 0) return null;
return realm.getTopLevelGroupsStream().map(group -> {
String groupName = group.getName();
String[] pathSegments = formatPathSegments(split, 0, groupName);
if (groupName.equals(pathSegments[0])) {
if (pathSegments.length == 1) {
return group;
} else {
if (pathSegments.length > 1) {
GroupModel subGroup = findSubGroup(pathSegments, 1, group);
if (subGroup != null) return subGroup;
}
}
}
return null;
}).filter(Objects::nonNull).findFirst().orElse(null);
}
private static void buildGroupPath(StringBuilder sb, String groupName, GroupModel parent) {
if (parent != null) {
buildGroupPath(sb, parent.getName(), parent.getParent());

7
server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
View file

@ -18,11 +18,9 @@
package org.keycloak.models.utils;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.ListIterator;
import java.util.Map;
@ -100,7 +98,6 @@ import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.RolesRepresentation;
import org.keycloak.representations.idm.SocialLinkRepresentation;
import org.keycloak.representations.idm.UserConsentRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
@ -711,10 +708,10 @@ public class RepresentationToModel {
return session.getProvider(DatastoreProvider.class).getExportImportManager().createUser(newRealm, userRep);
}
public static void createGroups(UserRepresentation userRep, RealmModel newRealm, UserModel user) {
public static void createGroups(KeycloakSession session, UserRepresentation userRep, RealmModel newRealm, UserModel user) {
if (userRep.getGroups() != null) {
for (String path : userRep.getGroups()) {
GroupModel group = KeycloakModelUtils.findGroupByPath(newRealm, path);
GroupModel group = KeycloakModelUtils.findGroupByPath(session, newRealm, path);
if (group == null) {
throw new RuntimeException("Unable to find group specified by path: " + path);

8
services/src/main/java/org/keycloak/broker/oidc/mappers/AbstractClaimToGroupMapper.java
View file

@ -40,7 +40,7 @@ public abstract class AbstractClaimToGroupMapper extends AbstractClaimMapper {
public void importNewUser(KeycloakSession session, RealmModel realm, UserModel user,
IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
GroupModel group = this.getGroup(realm, mapperModel);
GroupModel group = this.getGroup(session, realm, mapperModel);
if (group == null) {
return;
}
@ -54,7 +54,7 @@ public abstract class AbstractClaimToGroupMapper extends AbstractClaimMapper {
public void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user,
IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
GroupModel group = this.getGroup(realm, mapperModel);
GroupModel group = this.getGroup(session, realm, mapperModel);
if (group == null) {
return;
}
@ -81,9 +81,9 @@ public abstract class AbstractClaimToGroupMapper extends AbstractClaimMapper {
protected abstract boolean applies(final IdentityProviderMapperModel mapperModel,
final BrokeredIdentityContext context);
private GroupModel getGroup(final RealmModel realm, final IdentityProviderMapperModel mapperModel) {
private GroupModel getGroup(KeycloakSession session, final RealmModel realm, final IdentityProviderMapperModel mapperModel) {
String groupPath = mapperModel.getConfig().get(ConfigConstants.GROUP);
GroupModel group = KeycloakModelUtils.findGroupByPath(realm, groupPath);
GroupModel group = KeycloakModelUtils.findGroupByPath(session, realm, groupPath);
if (group == null) {
LOG.warnf("Unable to find group by path '%s' referenced by mapper '%s' on realm '%s'.", groupPath,

11
services/src/main/java/org/keycloak/broker/saml/mappers/AbstractAttributeToGroupMapper.java
View file

@ -40,7 +40,7 @@ public abstract class AbstractAttributeToGroupMapper extends AbstractIdentityPro
@Override
public void importNewUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
GroupModel group = this.getGroup(realm, mapperModel);
GroupModel group = this.getGroup(session, realm, mapperModel);
if (group == null) {
return;
}
@ -52,7 +52,7 @@ public abstract class AbstractAttributeToGroupMapper extends AbstractIdentityPro
@Override
public void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
GroupModel group = this.getGroup(realm, mapperModel);
GroupModel group = this.getGroup(session, realm, mapperModel);
if (group == null) {
return;
}
@ -84,14 +84,15 @@ public abstract class AbstractAttributeToGroupMapper extends AbstractIdentityPro
* If the group doesn't correspond to one of the realm's client group or to one of the realm's group, this method
* returns {@code null}.
*
* @param realm a reference to the realm.
* @param session
* @param realm a reference to the realm.
* @param mapperModel a reference to the {@link IdentityProviderMapperModel} containing the configured group.
* @return the {@link GroupModel} that corresponds to the mapper model group or {@code null}, if the group could not be found
*/
private GroupModel getGroup(final RealmModel realm, final IdentityProviderMapperModel mapperModel) {
private GroupModel getGroup(KeycloakSession session, final RealmModel realm, final IdentityProviderMapperModel mapperModel) {
String groupPath = mapperModel.getConfig().get(ConfigConstants.GROUP);
GroupModel group = KeycloakModelUtils.findGroupByPath(realm, groupPath);
GroupModel group = KeycloakModelUtils.findGroupByPath(session, realm, groupPath);
if (group == null) {
LOG.warnf("Unable to find group by path '%s' referenced by mapper '%s' on realm '%s'.", groupPath, mapperModel.getName(), realm.getName());

8
services/src/main/java/org/keycloak/partialimport/GroupsPartialImport.java
View file

@ -44,18 +44,18 @@ public class GroupsPartialImport extends AbstractPartialImport<GroupRepresentati
return group.getName();
}
private GroupModel findGroupModel(RealmModel realm, GroupRepresentation groupRep) {
return KeycloakModelUtils.findGroupByPath(realm, groupRep.getPath());
private GroupModel findGroupModel(KeycloakSession session, RealmModel realm, GroupRepresentation groupRep) {
return KeycloakModelUtils.findGroupByPath(session, realm, groupRep.getPath());
}
@Override
public String getModelId(RealmModel realm, KeycloakSession session, GroupRepresentation groupRep) {
return findGroupModel(realm, groupRep).getId();
return findGroupModel(session, realm, groupRep).getId();
}
@Override
public boolean exists(RealmModel realm, KeycloakSession session, GroupRepresentation groupRep) {
return findGroupModel(realm, groupRep) != null;
return findGroupModel(session, realm, groupRep) != null;
}
@Override

3
services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
View file

@ -57,7 +57,6 @@ import com.fasterxml.jackson.core.type.TypeReference;
import org.eclipse.microprofile.openapi.annotations.tags.Tag;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.Config;
import org.keycloak.KeyPairVerifier;
import org.keycloak.authentication.CredentialRegistrator;
@ -1074,7 +1073,7 @@ public class RealmAdminResource {
@Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
@Operation()
public GroupRepresentation getGroupByPath(@PathParam("path") String path) {
GroupModel found = KeycloakModelUtils.findGroupByPath(realm, path);
GroupModel found = KeycloakModelUtils.findGroupByPath(session, realm, path);
if (found == null) {
throw new NotFoundException("Group path does not exist");

5
services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
View file

@ -36,7 +36,6 @@ import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.models.utils.StripSecretsUtils;
import org.keycloak.policy.PasswordPolicyNotMetException;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.ErrorResponse;
@ -164,7 +163,7 @@ public class UsersResource {
UserResource.updateUserFromRep(profile, user, rep, session, false);
RepresentationToModel.createFederatedIdentities(rep, session, realm, user);
RepresentationToModel.createGroups(rep, realm, user);
RepresentationToModel.createGroups(session, rep, realm, user);
RepresentationToModel.createCredentials(rep, session, realm, user, true);
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), user.getId()).representation(rep).success();
@ -200,7 +199,7 @@ public class UsersResource {
List<GroupModel> groups = Optional.ofNullable(rep.getGroups())
.orElse(Collections.emptyList())
.stream().map(path -> findGroupByPath(realm, path))
.stream().map(path -> findGroupByPath(session, realm, path))
.filter(Objects::nonNull)
.collect(Collectors.toList());

6
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/resource/TestLDAPResource.java
View file

@ -41,8 +41,6 @@ import org.keycloak.storage.ldap.LDAPStorageProvider;
import org.keycloak.storage.ldap.LDAPStorageProviderFactory;
import org.keycloak.storage.ldap.LDAPUtils;
import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.storage.ldap.mappers.HardcodedLDAPRoleStorageMapper;
import org.keycloak.storage.ldap.mappers.HardcodedLDAPRoleStorageMapperFactory;
import org.keycloak.storage.ldap.mappers.membership.LDAPGroupMapperMode;
import org.keycloak.storage.ldap.mappers.membership.MembershipType;
import org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory;
@ -164,8 +162,8 @@ public class TestLDAPResource {
ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ldapModel, "groupsMapper");
new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm);
realm.addDefaultGroup(KeycloakModelUtils.findGroupByPath(realm, "/defaultGroup1/defaultGroup11"));
realm.addDefaultGroup(KeycloakModelUtils.findGroupByPath(realm, "/defaultGroup1/defaultGroup12"));
realm.addDefaultGroup(KeycloakModelUtils.findGroupByPath(session, realm, "/defaultGroup1/defaultGroup11"));
realm.addDefaultGroup(KeycloakModelUtils.findGroupByPath(session, realm, "/defaultGroup1/defaultGroup12"));
// Delete all LDAP users
LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, realm);

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java
View file

@ -243,7 +243,7 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
// group management
AdminPermissionManagement permissions = AdminPermissions.management(session, realm);
GroupModel group = KeycloakModelUtils.findGroupByPath(realm, "top");
GroupModel group = KeycloakModelUtils.findGroupByPath(session, realm, "top");
UserModel groupMember = session.users().addUser(realm, "groupMember");
groupMember.joinGroup(group);
groupMember.setEnabled(true);
@ -820,7 +820,7 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
ClientModel client = realm.getClientByClientId("removedClient");
RoleModel removedClientRole = client.getRole("removedClientRole");
client.removeRole(removedClientRole);
GroupModel group = KeycloakModelUtils.findGroupByPath(realm, "removedGroup");
GroupModel group = KeycloakModelUtils.findGroupByPath(session, realm, "removedGroup");
realm.removeGroup(group);
byResourceServer = management.authz().getStoreFactory().getResourceStore().findByResourceServer(management.realmResourceServer());
Assert.assertEquals(2, byResourceServer.size());

28
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapper2WaySyncTest.java
View file

@ -119,9 +119,9 @@ public class LDAPGroupMapper2WaySyncTest extends AbstractLDAPTest {
// Delete all KC groups now
removeAllModelGroups(realm);
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group1"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group11"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group2"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group1"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group11"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group2"));
});
@ -145,10 +145,10 @@ public class LDAPGroupMapper2WaySyncTest extends AbstractLDAPTest {
ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ctx.getLdapModel(), "groupsMapper");
// Assert groups are imported to keycloak. All are at top level
GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, "/group1");
GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(realm, "/group11");
GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(realm, "/group12");
GroupModel kcGroup2 = KeycloakModelUtils.findGroupByPath(realm, "/group2");
GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(session, realm, "/group1");
GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(session, realm, "/group11");
GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(session, realm, "/group12");
GroupModel kcGroup2 = KeycloakModelUtils.findGroupByPath(session, realm, "/group2");
Assert.assertEquals(0, kcGroup1.getSubGroupsStream().count());
@ -187,9 +187,9 @@ public class LDAPGroupMapper2WaySyncTest extends AbstractLDAPTest {
// Delete all KC groups now
removeAllModelGroups(realm);
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group1"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group11"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group2"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group1"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group11"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group2"));
});
@ -207,10 +207,10 @@ public class LDAPGroupMapper2WaySyncTest extends AbstractLDAPTest {
LDAPTestAsserts.assertSyncEquals(syncResult, 4, 0, 0, 0);
// Assert groups are imported to keycloak. All are at top level
GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, "/group1");
GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(realm, "/group1/group11");
GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(realm, "/group1/group12");
GroupModel kcGroup2 = KeycloakModelUtils.findGroupByPath(realm, "/group2");
GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(session, realm, "/group1");
GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(session, realm, "/group1/group11");
GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(session, realm, "/group1/group12");
GroupModel kcGroup2 = KeycloakModelUtils.findGroupByPath(session, realm, "/group2");
Assert.assertEquals(2, kcGroup1.getSubGroupsStream().count());

54
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapperSyncTest.java
View file

@ -168,9 +168,9 @@ public class LDAPGroupMapperSyncTest extends AbstractLDAPTest {
GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, realm);
// Assert groups are imported to keycloak. All are at top level
GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, "/group1");
GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(realm, "/group11");
GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(realm, "/group12");
GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(session, realm, "/group1");
GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(session, realm, "/group11");
GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(session, realm, "/group12");
Assert.assertEquals(0, kcGroup1.getSubGroupsStream().count());
@ -218,11 +218,11 @@ public class LDAPGroupMapperSyncTest extends AbstractLDAPTest {
LDAPTestAsserts.assertSyncEquals(syncResult, 3, 0, 0, 0);
// Assert groups are imported to keycloak including their inheritance from LDAP
GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, "/group1");
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group11"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group12"));
GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(realm, "/group1/group11");
GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(realm, "/group1/group12");
GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(session, realm, "/group1");
Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group11"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group12"));
GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(session, realm, "/group1/group11");
GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(session, realm, "/group1/group12");
Assert.assertEquals(2, kcGroup1.getSubGroupsStream().count());
@ -244,8 +244,8 @@ public class LDAPGroupMapperSyncTest extends AbstractLDAPTest {
LDAPTestAsserts.assertSyncEquals(syncResult, 0, 3, 0, 0);
// Assert attributes changed in keycloak
kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, "/group1");
kcGroup12 = KeycloakModelUtils.findGroupByPath(realm, "/group1/group12");
kcGroup1 = KeycloakModelUtils.findGroupByPath(session, realm, "/group1");
kcGroup12 = KeycloakModelUtils.findGroupByPath(session, realm, "/group1/group12");
Assert.assertEquals("group1 - changed description", kcGroup1.getFirstAttribute(descriptionAttrName));
Assert.assertNull(kcGroup12.getFirstAttribute(descriptionAttrName));
});
@ -271,9 +271,9 @@ public class LDAPGroupMapperSyncTest extends AbstractLDAPTest {
LDAPTestAsserts.assertSyncEquals(syncResult, 3, 0, 0, 0);
// Assert groups are imported to keycloak including their inheritance from LDAP
GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, "/group1");
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/group11"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/group12"));
GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(session, realm, "/group1");
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group1/group11"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group1/group12"));
Assert.assertEquals(2, kcGroup1.getSubGroupsStream().count());
@ -285,10 +285,10 @@ public class LDAPGroupMapperSyncTest extends AbstractLDAPTest {
syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm);
LDAPTestAsserts.assertSyncEquals(syncResult, 0, 3, 0, 0);
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/group11"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/group12"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/model1"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/model2"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group1/group11"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group1/group12"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, "/model1"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group1/model2"));
// Update group mapper to drop non-existing groups during sync
LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.DROP_NON_EXISTING_GROUPS_DURING_SYNC, "true");
@ -300,10 +300,10 @@ public class LDAPGroupMapperSyncTest extends AbstractLDAPTest {
Assert.assertTrue(syncResult.getRemoved() == 2);
// Sync and assert groups updated
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/group11"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/group12"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/model1"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/model2"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group1/group11"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group1/group12"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, "/model1"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group1/model2"));
});
}
@ -338,18 +338,18 @@ public class LDAPGroupMapperSyncTest extends AbstractLDAPTest {
groupMapperConfig.getMembershipUserLdapAttribute(ldapProvider.getLdapIdentityStore().getConfig()), ldapGroup, johnLdap);
// Assert groups not yet imported to Keycloak DB
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group1"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group11"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group12"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group1"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group11"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group12"));
// Load user from LDAP to Keycloak DB
UserModel john = session.users().getUserByUsername(realm, "johnkeycloak");
Set<GroupModel> johnGroups = john.getGroupsStream().collect(Collectors.toSet());
// Assert just those groups, which john was memberOf exists because they were lazily created
GroupModel group1 = KeycloakModelUtils.findGroupByPath(realm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(realm, "/group11");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(realm, "/group12");
GroupModel group1 = KeycloakModelUtils.findGroupByPath(session, realm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(session, realm, "/group11");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(session, realm, "/group12");
Assert.assertNull(group1);
Assert.assertNotNull(group11);
Assert.assertNull(group12);

45
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapperSyncWithGroupsPathTest.java
View file

@ -44,7 +44,6 @@ import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.util.LDAPRule;
import org.keycloak.testsuite.util.LDAPTestUtils;
import java.util.Set;
import java.util.stream.Collectors;
@FixMethodOrder(MethodSorters.NAME_ASCENDING)
@ -94,7 +93,7 @@ public class LDAPGroupMapperSyncWithGroupsPathTest extends AbstractLDAPTest {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel realm = ctx.getRealm();
GroupModel groupsPathGroup = KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH);
GroupModel groupsPathGroup = KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH);
// Subgroup stream needs to be collected, because otherwise we can end up with finding group with id that is
// already removed
@ -125,11 +124,11 @@ public class LDAPGroupMapperSyncWithGroupsPathTest extends AbstractLDAPTest {
LDAPTestAsserts.assertSyncEquals(syncResult, 3, 0, 0, 0);
// Assert groups are imported to keycloak including their inheritance from LDAP
GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1");
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group11"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group12"));
GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/group11");
GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/group12");
GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1");
Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group11"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group12"));
GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1/group11");
GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1/group12");
Assert.assertEquals(2, kcGroup1.getSubGroupsStream().count());
@ -151,8 +150,8 @@ public class LDAPGroupMapperSyncWithGroupsPathTest extends AbstractLDAPTest {
LDAPTestAsserts.assertSyncEquals(syncResult, 0, 3, 0, 0);
// Assert attributes changed in keycloak
kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1");
kcGroup12 = KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/group12");
kcGroup1 = KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1");
kcGroup12 = KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1/group12");
Assert.assertEquals("group1 - changed description", kcGroup1.getFirstAttribute(descriptionAttrName));
Assert.assertNull(kcGroup12.getFirstAttribute(descriptionAttrName));
});
@ -176,14 +175,14 @@ public class LDAPGroupMapperSyncWithGroupsPathTest extends AbstractLDAPTest {
LDAPTestAsserts.assertSyncEquals(syncResult, 3, 0, 0, 0);
// Assert groups are imported to keycloak including their inheritance from LDAP
GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1");
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/group11"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/group12"));
GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1");
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1/group11"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1/group12"));
Assert.assertEquals(2, kcGroup1.getSubGroupsStream().count());
// Create some new groups in keycloak
GroupModel groupsPathGroup = KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH);
GroupModel groupsPathGroup = KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH);
realm.createGroup("model1", groupsPathGroup);
realm.createGroup("model2", kcGroup1);
realm.createGroup("outside");
@ -192,11 +191,11 @@ public class LDAPGroupMapperSyncWithGroupsPathTest extends AbstractLDAPTest {
syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm);
LDAPTestAsserts.assertSyncEquals(syncResult, 0, 3, 0, 0);
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/group11"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/group12"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/model1"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/model2"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/outside"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1/group11"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1/group12"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/model1"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1/model2"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, "/outside"));
// Update group mapper to drop non-existing groups during sync
LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.DROP_NON_EXISTING_GROUPS_DURING_SYNC, "true");
@ -208,11 +207,11 @@ public class LDAPGroupMapperSyncWithGroupsPathTest extends AbstractLDAPTest {
Assert.assertTrue(syncResult.getRemoved() == 2);
// Sync and assert groups updated
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/group11"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/group12"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/model1"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/model2"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/outside"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1/group11"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1/group12"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/model1"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1/model2"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, "/outside"));
});
}

106
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapperTest.java
View file

@ -94,31 +94,31 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
// 1 - Grant some groups in LDAP
// This group should already exists as it was imported from LDAP
GroupModel group1 = KeycloakModelUtils.findGroupByPath(session.groups(), appRealm, "/group1");
GroupModel group1 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1");
john.joinGroup(group1);
// This group should already exists as it was imported from LDAP
GroupModel group11 = KeycloakModelUtils.findGroupByPath(session.groups(), appRealm, "/group1/group11");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group11");
mary.joinGroup(group11);
// This group should already exists as it was imported from LDAP
GroupModel group12 = KeycloakModelUtils.findGroupByPath(session.groups(), appRealm, "/group1/group12");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group12");
john.joinGroup(group12);
mary.joinGroup(group12);
// This group should already exists as it was imported from LDAP
GroupModel groupWithSlashesInName = KeycloakModelUtils.findGroupByPath(session.groups(), appRealm, "Team 2016/2017");
GroupModel groupWithSlashesInName = KeycloakModelUtils.findGroupByPath(session, appRealm, "Team 2016/2017");
john.joinGroup(groupWithSlashesInName);
mary.joinGroup(groupWithSlashesInName);
// This group should already exists as it was imported from LDAP
GroupModel groupChildWithSlashesInName = KeycloakModelUtils.findGroupByPath(session.groups(), appRealm, "defaultGroup1/Team Child 2018/2019");
GroupModel groupChildWithSlashesInName = KeycloakModelUtils.findGroupByPath(session, appRealm, "defaultGroup1/Team Child 2018/2019");
john.joinGroup(groupChildWithSlashesInName);
mary.joinGroup(groupChildWithSlashesInName);
Assert.assertEquals("Team SubChild 2020/2021", KeycloakModelUtils.findGroupByPath(session.groups(), appRealm, "defaultGroup1/Team Child 2018/2019/Team SubChild 2020/2021").getName());
Assert.assertEquals("defaultGroup14", KeycloakModelUtils.findGroupByPath(session.groups(), appRealm, "defaultGroup13/Team SubChild 2022/2023/A/B/C/D/E/defaultGroup14").getName());
Assert.assertEquals("Team SubChild 2026/2027", KeycloakModelUtils.findGroupByPath(session.groups(), appRealm, "Team Root 2024/2025/A/B/C/D/defaultGroup15/Team SubChild 2026/2027").getName());
Assert.assertEquals("Team SubChild 2020/2021", KeycloakModelUtils.findGroupByPath(session, appRealm, "defaultGroup1/Team Child 2018/2019/Team SubChild 2020/2021").getName());
Assert.assertEquals("defaultGroup14", KeycloakModelUtils.findGroupByPath(session, appRealm, "defaultGroup13/Team SubChild 2022/2023/A/B/C/D/E/defaultGroup14").getName());
Assert.assertEquals("Team SubChild 2026/2027", KeycloakModelUtils.findGroupByPath(session, appRealm, "Team Root 2024/2025/A/B/C/D/defaultGroup15/Team SubChild 2026/2027").getName());
});
@ -146,11 +146,11 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
GroupModel group1 = KeycloakModelUtils.findGroupByPath(session.groups(), appRealm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(session.groups(), appRealm, "/group1/group11");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(session.groups(), appRealm, "/group1/group12");
GroupModel groupTeam20162017 = KeycloakModelUtils.findGroupByPath(session.groups(), appRealm, "Team 2016/2017");
GroupModel groupTeamChild20182019 = KeycloakModelUtils.findGroupByPath(session.groups(), appRealm, "defaultGroup1/Team Child 2018/2019");
GroupModel group1 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group11");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group12");
GroupModel groupTeam20162017 = KeycloakModelUtils.findGroupByPath(session, appRealm, "Team 2016/2017");
GroupModel groupTeamChild20182019 = KeycloakModelUtils.findGroupByPath(session, appRealm, "defaultGroup1/Team Child 2018/2019");
UserModel john = session.users().getUserByUsername(appRealm, "johnkeycloak");
UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
@ -224,8 +224,8 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.MODE, LDAPGroupMapperMode.READ_ONLY.toString());
appRealm.updateComponent(mapperModel);
GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group11");
GroupModel group1 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group11");
// Add some group mappings directly into LDAP
GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ctx.getLdapProvider(), appRealm);
@ -241,9 +241,9 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
RealmModel appRealm = ctx.getRealm();
UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group11");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12");
GroupModel group1 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group11");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group12");
// Add some group mapping to model
mary.joinGroup(group12);
@ -269,7 +269,7 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
RealmModel appRealm = ctx.getRealm();
UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group12");
// Add some group mapping to model. This should fail with no-import mode for LDAP provider READ_ONLY mode for the group mapper
// as it is not allowed to update group mappings in LDAP nor in the DB
@ -286,9 +286,9 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
RealmModel appRealm = ctx.getRealm();
UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group11");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12");
GroupModel group1 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group11");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group12");
// Assert that mary has both LDAP and DB mapped groups
Set<GroupModel> maryGroups = mary.getGroupsStream().collect(Collectors.toSet());
@ -313,9 +313,9 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group11");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12");
GroupModel group1 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group11");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group12");
UserModel maryDB = UserStoragePrivateUtil.userLocalStorage(session).getUserByUsername(appRealm, "marykeycloak");
@ -346,7 +346,7 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group12");
// Test the group mapping NOT available for group12
Stream<UserModel> group12Members = session.users().getGroupMembersStream(appRealm, group12, 0, 10);
@ -360,9 +360,9 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group11");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12");
GroupModel group1 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group11");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group12");
UserModel john = session.users().getUserByUsername(appRealm, "johnkeycloak");
UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
@ -409,9 +409,9 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, appRealm);
GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group11");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12");
GroupModel group1 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group11");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group12");
LDAPObject robLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "robkeycloak");
groupMapper.addGroupMappingInLDAP(appRealm, group11, robLdap);
@ -515,7 +515,7 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
// 4 - Check group members. Just existing user rob should be present
groupMapper.syncDataFromFederationProviderToKeycloak(appRealm);
GroupModel kcGroup2 = KeycloakModelUtils.findGroupByPath(appRealm, "/group2");
GroupModel kcGroup2 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group2");
List<UserModel> groupUsers = session.users().getGroupMembersStream(appRealm, kcGroup2, 0, 5)
.collect(Collectors.toList());
Assert.assertEquals(1, groupUsers.size());
@ -567,9 +567,9 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
UserModel carlos = session.users().getUserByUsername(appRealm, "carloskeycloak");
Set<GroupModel> carlosGroups = carlos.getGroupsStream().collect(Collectors.toSet());
GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group11");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12");
GroupModel group1 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group11");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group12");
Assert.assertTrue(carlosGroups.contains(group1));
Assert.assertFalse(carlosGroups.contains(group11));
@ -599,7 +599,7 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
GroupModel group4 = appRealm.createGroup("group4");
GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1");
GroupModel group1 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1");
GroupModel group14 = appRealm.createGroup("group14", group1);
});
@ -611,16 +611,16 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
UserModel john = session.users().getUserByUsername(appRealm, "johnkeycloak");
GroupModel group4 = KeycloakModelUtils.findGroupByPath(appRealm, "/group4");
GroupModel group4 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group4");
john.joinGroup(group4);
GroupModel group31 = KeycloakModelUtils.findGroupByPath(appRealm, "/group3/group31");
GroupModel group32 = KeycloakModelUtils.findGroupByPath(appRealm, "/group3/group32");
GroupModel group31 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group3/group31");
GroupModel group32 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group3/group32");
john.joinGroup(group31);
john.joinGroup(group32);
GroupModel group14 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group14");
GroupModel group14 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group14");
john.joinGroup(group14);
});
@ -631,11 +631,11 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
UserModel john = session.users().getUserByUsername(appRealm, "johnkeycloak");
GroupModel group14 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group14");
GroupModel group3 = KeycloakModelUtils.findGroupByPath(appRealm, "/group3");
GroupModel group31 = KeycloakModelUtils.findGroupByPath(appRealm, "/group3/group31");
GroupModel group32 = KeycloakModelUtils.findGroupByPath(appRealm, "/group3/group32");
GroupModel group4 = KeycloakModelUtils.findGroupByPath(appRealm, "/group4");
GroupModel group14 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group14");
GroupModel group3 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group3");
GroupModel group31 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group3/group31");
GroupModel group32 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group3/group32");
GroupModel group4 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group4");
Set<GroupModel> groups = john.getGroupsStream().collect(Collectors.toSet());
Assert.assertTrue(groups.contains(group14));
@ -670,17 +670,17 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
UserModel david = session.users().addUser(appRealm, "davidkeycloak");
GroupModel defaultGroup11 = KeycloakModelUtils.findGroupByPath(appRealm, "/defaultGroup1/defaultGroup11");
GroupModel defaultGroup11 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/defaultGroup1/defaultGroup11");
Assert.assertNotNull(defaultGroup11);
GroupModel defaultGroup12 = KeycloakModelUtils.findGroupByPath(appRealm, "/defaultGroup1/defaultGroup12");
GroupModel defaultGroup12 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/defaultGroup1/defaultGroup12");
Assert.assertNotNull(defaultGroup12);
GroupModel group31 = KeycloakModelUtils.findGroupByPath(appRealm, "/group3/group31");
GroupModel group31 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group3/group31");
Assert.assertNotNull(group31);
GroupModel group32 = KeycloakModelUtils.findGroupByPath(appRealm, "/group3/group32");
GroupModel group32 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group3/group32");
Assert.assertNotNull(group32);
GroupModel group4 = KeycloakModelUtils.findGroupByPath(appRealm, "/group4");
GroupModel group4 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group4");
Assert.assertNotNull(group4);
Set<GroupModel> groups = david.getGroupsStream().collect(Collectors.toSet());
@ -745,7 +745,7 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, appRealm);
groupMapper.syncDataFromFederationProviderToKeycloak(appRealm);
GroupModel kcBigGroup = KeycloakModelUtils.findGroupByPath(appRealm, "/biggroup");
GroupModel kcBigGroup = KeycloakModelUtils.findGroupByPath(session, appRealm, "/biggroup");
// check all the users have the group assigned
for (int i = 0; i < membersToTest; i++) {
UserModel kcUser = session.users().getUserByUsername(appRealm, String.format("user%02d", i));
@ -794,7 +794,7 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
groupMapper.syncDataFromFederationProviderToKeycloak(appRealm);
// check everything is OK
GroupModel kcDeleteGroup = KeycloakModelUtils.findGroupByPath(appRealm, "/deletegroup");
GroupModel kcDeleteGroup = KeycloakModelUtils.findGroupByPath(session, appRealm, "/deletegroup");
UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
List<UserModel> groupMembers = session.users().getGroupMembersStream(appRealm, kcDeleteGroup, 0, 5)
.collect(Collectors.toList());

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPSpecialCharsTest.java
View file

@ -159,12 +159,12 @@ public class LDAPSpecialCharsTest extends AbstractLDAPTest {
// 1 - Grant some groups in LDAP
// This group should already exists as it was imported from LDAP
GroupModel specialGroup = KeycloakModelUtils.findGroupByPath(appRealm, "/group-spec,ia*l_characžter)s");
GroupModel specialGroup = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group-spec,ia*l_characžter)s");
Assert.assertNotNull(specialGroup);
specialUser.joinGroup(specialGroup);
GroupModel groupWithSlashes = KeycloakModelUtils.findGroupByPath(appRealm, "/group/with/three/slashes");
GroupModel groupWithSlashes = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group/with/three/slashes");
Assert.assertNotNull(groupWithSlashes);
specialUser.joinGroup(groupWithSlashes);

6
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPSyncTest.java
View file

@ -466,7 +466,7 @@ public class LDAPSyncTest extends AbstractLDAPTest {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1");
GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1");
String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
Assert.assertEquals("group1 - description", kcGroup1.getFirstAttribute(descriptionAttrName));
@ -499,7 +499,7 @@ public class LDAPSyncTest extends AbstractLDAPTest {
RealmModel appRealm = ctx.getRealm();
// load previously synced group (a new group has been created in Keycloak)
GroupModel kcGroup5 = KeycloakModelUtils.findGroupByPath(appRealm, "/group5");
GroupModel kcGroup5 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group5");
String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
Assert.assertEquals("group5 - description", kcGroup5.getFirstAttribute(descriptionAttrName));
@ -587,7 +587,7 @@ public class LDAPSyncTest extends AbstractLDAPTest {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
GroupModel user8Group = KeycloakModelUtils.findGroupByPath(appRealm, "/user8group");
GroupModel user8Group = KeycloakModelUtils.findGroupByPath(session, appRealm, "/user8group");
Assert.assertNotNull(user8Group);
UserModel user8 = session.users().getUserByUsername(appRealm, "user8");
Assert.assertNotNull(user8);

8
testsuite/model/src/test/java/org/keycloak/testsuite/model/group/GroupModelTest.java
View file

@ -211,13 +211,13 @@ public class GroupModelTest extends KeycloakModelTest {
});
withRealm(realmId, (session, realm) -> {
GroupModel group1 = KeycloakModelUtils.findGroupByPath(session.groups(), realm, "/parent-1");
GroupModel group2 = KeycloakModelUtils.findGroupByPath(session.groups(), realm, "/parent-2");
GroupModel group1 = KeycloakModelUtils.findGroupByPath(session, realm, "/parent-1");
GroupModel group2 = KeycloakModelUtils.findGroupByPath(session, realm, "/parent-2");
assertThat(group1.getName(), equalTo("parent-1"));
assertThat(group2.getName(), equalTo("parent-2"));
GroupModel subGroup1 = KeycloakModelUtils.findGroupByPath(session.groups(), realm, "/parent-1/sub-group-1");
GroupModel subGroup2 = KeycloakModelUtils.findGroupByPath(session.groups(), realm, "/parent-2/sub-group/1");
GroupModel subGroup1 = KeycloakModelUtils.findGroupByPath(session, realm, "/parent-1/sub-group-1");
GroupModel subGroup2 = KeycloakModelUtils.findGroupByPath(session, realm, "/parent-2/sub-group/1");
assertThat(subGroup1.getId(), equalTo(subGroupId1));
assertThat(subGroup2.getId(), equalTo(subGroupIdWithSlash));
return null;