libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Use new findGroupByPath implementation and remove the old one

Browse source 
Closes #23344

Signed-off-by: Michal Hajas <mhajas@redhat.com>
This commit is contained in:
Michal Hajas 2023-09-21 10:32:00 +02:00 committed by Alexander Schwartz
parent dc1f138453
commit 496c5ad989
24 changed files with 173 additions and 206 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/HardcodedLDAPGroupStorageMapper.java
View file

@ -97,7 +97,7 @@ public class HardcodedLDAPGroupStorageMapper extends AbstractLDAPStorageMapper {
private GroupModel getGroup(RealmModel realm) { private GroupModel getGroup(RealmModel realm) {
String groupName = mapperModel.getConfig().getFirst(HardcodedLDAPGroupStorageMapper.GROUP); String groupName = mapperModel.getConfig().getFirst(HardcodedLDAPGroupStorageMapper.GROUP);
GroupModel group = KeycloakModelUtils.findGroupByPath(realm, groupName); GroupModel group = KeycloakModelUtils.findGroupByPath(session, realm, groupName);
if (group == null) { if (group == null) {
logger.warnf("Hardcoded group '%s' configured in mapper '%s' is not available anymore"); logger.warnf("Hardcoded group '%s' configured in mapper '%s' is not available anymore");
} }

2
federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/HardcodedLDAPGroupStorageMapperFactory.java
View file

@ -66,7 +66,7 @@ public class HardcodedLDAPGroupStorageMapperFactory extends AbstractLDAPStorageM
if (groupName == null) { if (groupName == null) {
throw new ComponentValidationException("Group can't be null"); throw new ComponentValidationException("Group can't be null");
} }
GroupModel group = KeycloakModelUtils.findGroupByPath(realm, groupName); GroupModel group = KeycloakModelUtils.findGroupByPath(session, realm, groupName);
if (group == null) { if (group == null) {
throw new ComponentValidationException("There is no group corresponding to configured value"); throw new ComponentValidationException("There is no group corresponding to configured value");
} }

2
federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/group/GroupLDAPStorageMapper.java
View file

@ -790,7 +790,7 @@ public class GroupLDAPStorageMapper extends AbstractLDAPStorageMapper implements
* Provides KC group defined as groups path or null (top-level group) if corresponding group is not available. * Provides KC group defined as groups path or null (top-level group) if corresponding group is not available.
*/ */
protected GroupModel getKcGroupsPathGroup(RealmModel realm) { protected GroupModel getKcGroupsPathGroup(RealmModel realm) {
return config.isTopLevelGroupsPath() ? null : KeycloakModelUtils.findGroupByPath(session.groups(), realm, config.getGroupsPath()); return config.isTopLevelGroupsPath() ? null : KeycloakModelUtils.findGroupByPath(session, realm, config.getGroupsPath());
} }
/** /**

2
federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/group/GroupLDAPStorageMapperFactory.java
View file

@ -304,7 +304,7 @@ public class GroupLDAPStorageMapperFactory extends AbstractLDAPStorageMapperFact
LDAPUtils.validateCustomLdapFilter(config.getConfig().getFirst(GroupMapperConfig.GROUPS_LDAP_FILTER)); LDAPUtils.validateCustomLdapFilter(config.getConfig().getFirst(GroupMapperConfig.GROUPS_LDAP_FILTER));
String group = new GroupMapperConfig(config).getGroupsPath(); String group = new GroupMapperConfig(config).getGroupsPath();
if (!GroupMapperConfig.DEFAULT_LDAP_GROUPS_PATH.equals(group) && KeycloakModelUtils.findGroupByPath(session.groups(), realm, group) == null) { if (!GroupMapperConfig.DEFAULT_LDAP_GROUPS_PATH.equals(group) && KeycloakModelUtils.findGroupByPath(session, realm, group) == null) {
throw new ComponentValidationException("ldapErrorMissingGroupsPathGroup"); throw new ComponentValidationException("ldapErrorMissingGroupsPathGroup");
} }
} }

2
federation/sssd/src/main/java/org/keycloak/federation/sssd/SSSDFederationProvider.java
View file

@ -125,7 +125,7 @@ public class SSSDFederationProvider implements UserStorageProvider,
user.setFirstName(sssdUser.getFirstName()); user.setFirstName(sssdUser.getFirstName());
user.setLastName(sssdUser.getLastName()); user.setLastName(sssdUser.getLastName());
for (String s : sssd.getGroups()) { for (String s : sssd.getGroups()) {
GroupModel group = KeycloakModelUtils.findGroupByPath(realm, "/" + s); GroupModel group = KeycloakModelUtils.findGroupByPath(session, realm, "/" + s);
if (group == null) { if (group == null) {
group = session.groups().createGroup(realm, s); group = session.groups().createGroup(realm, s);
} }

6
model/legacy-private/src/main/java/org/keycloak/storage/datastore/LegacyExportImportManager.java
View file

@ -410,7 +410,7 @@ public class LegacyExportImportManager implements ExportImportManager {
importGroups(newRealm, rep); importGroups(newRealm, rep);
if (rep.getDefaultGroups() != null) { if (rep.getDefaultGroups() != null) {
for (String path : rep.getDefaultGroups()) { for (String path : rep.getDefaultGroups()) {
GroupModel found = KeycloakModelUtils.findGroupByPath(newRealm, path); GroupModel found = KeycloakModelUtils.findGroupByPath(session, newRealm, path);
if (found == null) throw new RuntimeException("default group in realm rep doesn't exist: " + path); if (found == null) throw new RuntimeException("default group in realm rep doesn't exist: " + path);
newRealm.addDefaultGroup(found); newRealm.addDefaultGroup(found);
} }
@ -914,7 +914,7 @@ public class LegacyExportImportManager implements ExportImportManager {
} }
user.setServiceAccountClientLink(client.getId()); user.setServiceAccountClientLink(client.getId());
} }
createGroups(userRep, newRealm, user); createGroups(session, userRep, newRealm, user);
return user; return user;
} }
@ -1486,7 +1486,7 @@ public class LegacyExportImportManager implements ExportImportManager {
if (userRep.getGroups() != null) { if (userRep.getGroups() != null) {
for (String path : userRep.getGroups()) { for (String path : userRep.getGroups()) {
GroupModel group = KeycloakModelUtils.findGroupByPath(newRealm, path); GroupModel group = KeycloakModelUtils.findGroupByPath(session, newRealm, path);
if (group == null) { if (group == null) {
throw new RuntimeException("Unable to find group specified by path: " + path); throw new RuntimeException("Unable to find group specified by path: " + path);

4
model/map/src/main/java/org/keycloak/models/map/datastore/MapExportImportManager.java
View file

@ -415,7 +415,7 @@ public class MapExportImportManager implements ExportImportManager {
importGroups(newRealm, rep); importGroups(newRealm, rep);
if (rep.getDefaultGroups() != null) { if (rep.getDefaultGroups() != null) {
for (String path : rep.getDefaultGroups()) { for (String path : rep.getDefaultGroups()) {
GroupModel found = KeycloakModelUtils.findGroupByPath(newRealm, path); GroupModel found = KeycloakModelUtils.findGroupByPath(session, newRealm, path);
if (found == null) throw new RuntimeException("default group in realm rep doesn't exist: " + path); if (found == null) throw new RuntimeException("default group in realm rep doesn't exist: " + path);
newRealm.addDefaultGroup(found); newRealm.addDefaultGroup(found);
} }
@ -1204,7 +1204,7 @@ public class MapExportImportManager implements ExportImportManager {
} }
user.setServiceAccountClientLink(client.getId()); user.setServiceAccountClientLink(client.getId());
} }
createGroups(userRep, newRealm, user); createGroups(session, userRep, newRealm, user);
return user; return user;
} }

4
server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultEvaluation.java
View file

@ -150,7 +150,7 @@ public class DefaultEvaluation implements Evaluation {
} }
RealmModel realm = session.getContext().getRealm(); RealmModel realm = session.getContext().getRealm();
GroupModel group = KeycloakModelUtils.findGroupByPath(realm, groupId); GroupModel group = KeycloakModelUtils.findGroupByPath(session, realm, groupId);
if (Objects.isNull(group)) { if (Objects.isNull(group)) {
return false; return false;
@ -226,7 +226,7 @@ public class DefaultEvaluation implements Evaluation {
public boolean isGroupInRole(String id, String role) { public boolean isGroupInRole(String id, String role) {
KeycloakSession session = authorizationProvider.getKeycloakSession(); KeycloakSession session = authorizationProvider.getKeycloakSession();
RealmModel realm = session.getContext().getRealm(); RealmModel realm = session.getContext().getRealm();
GroupModel group = KeycloakModelUtils.findGroupByPath(realm, id); GroupModel group = KeycloakModelUtils.findGroupByPath(session, realm, id);
return RoleUtils.hasRoleFromGroup(group, realm.getRole(role), false); return RoleUtils.hasRoleFromGroup(group, realm.getRole(role), false);
} }

52
server-spi-private/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java
View file

@ -764,7 +764,18 @@ public final class KeycloakModelUtils {
return segments; return segments;
} }
public static GroupModel findGroupByPath(GroupProvider groupProvider, RealmModel realm, String path) { /**
* Finds group by path. Path is separated by '/' character. For example: /group/subgroup/subsubgroup
* <p />
* The method takes into consideration also groups with '/' in their name. For example: /group/sub/group/subgroup
*
* @param session Keycloak session
* @param realm The realm
* @param path Path that will be searched among groups
*
* @return {@code GroupModel} corresponding to the given {@code path} or {@code null} if no group was found
*/
public static GroupModel findGroupByPath(KeycloakSession session, RealmModel realm, String path) {
if (path == null) { if (path == null) {
return null; return null;
} }
@ -776,7 +787,7 @@ public final class KeycloakModelUtils {
} }
String[] split = path.split(GROUP_PATH_SEPARATOR); String[] split = path.split(GROUP_PATH_SEPARATOR);
if (split.length == 0) return null; if (split.length == 0) return null;
return getGroupModel(groupProvider, realm, null, split, 0); return getGroupModel(session.groups(), realm, null, split, 0);
} }
private static GroupModel getGroupModel(GroupProvider groupProvider, RealmModel realm, GroupModel parent, String[] split, int index) { private static GroupModel getGroupModel(GroupProvider groupProvider, RealmModel realm, GroupModel parent, String[] split, int index) {
@ -796,43 +807,6 @@ public final class KeycloakModelUtils {
return null; return null;
} }
/**
*
* @deprecated please use {@link #findGroupByPath(GroupProvider, RealmModel, String)} instead
*/
@Deprecated
public static GroupModel findGroupByPath(RealmModel realm, String path) {
if (path == null) {
return null;
}
if (path.startsWith(GROUP_PATH_SEPARATOR)) {
path = path.substring(1);
}
if (path.endsWith(GROUP_PATH_SEPARATOR)) {
path = path.substring(0, path.length() - 1);
}
String[] split = path.split(GROUP_PATH_SEPARATOR);
if (split.length == 0) return null;
return realm.getTopLevelGroupsStream().map(group -> {
String groupName = group.getName();
String[] pathSegments = formatPathSegments(split, 0, groupName);
if (groupName.equals(pathSegments[0])) {
if (pathSegments.length == 1) {
return group;
} else {
if (pathSegments.length > 1) {
GroupModel subGroup = findSubGroup(pathSegments, 1, group);
if (subGroup != null) return subGroup;
}
}
}
return null;
}).filter(Objects::nonNull).findFirst().orElse(null);
}
private static void buildGroupPath(StringBuilder sb, String groupName, GroupModel parent) { private static void buildGroupPath(StringBuilder sb, String groupName, GroupModel parent) {
if (parent != null) { if (parent != null) {
buildGroupPath(sb, parent.getName(), parent.getParent()); buildGroupPath(sb, parent.getName(), parent.getParent());

7
server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
View file

@ -18,11 +18,9 @@
package org.keycloak.models.utils; package org.keycloak.models.utils;
import java.io.IOException; import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.Iterator; import java.util.Iterator;
import java.util.LinkedList;
import java.util.List; import java.util.List;
import java.util.ListIterator; import java.util.ListIterator;
import java.util.Map; import java.util.Map;
@ -100,7 +98,6 @@ import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.RolesRepresentation; import org.keycloak.representations.idm.RolesRepresentation;
import org.keycloak.representations.idm.SocialLinkRepresentation;
import org.keycloak.representations.idm.UserConsentRepresentation; import org.keycloak.representations.idm.UserConsentRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation; import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
@ -711,10 +708,10 @@ public class RepresentationToModel {
return session.getProvider(DatastoreProvider.class).getExportImportManager().createUser(newRealm, userRep); return session.getProvider(DatastoreProvider.class).getExportImportManager().createUser(newRealm, userRep);
} }
public static void createGroups(UserRepresentation userRep, RealmModel newRealm, UserModel user) { public static void createGroups(KeycloakSession session, UserRepresentation userRep, RealmModel newRealm, UserModel user) {
if (userRep.getGroups() != null) { if (userRep.getGroups() != null) {
for (String path : userRep.getGroups()) { for (String path : userRep.getGroups()) {
GroupModel group = KeycloakModelUtils.findGroupByPath(newRealm, path); GroupModel group = KeycloakModelUtils.findGroupByPath(session, newRealm, path);
if (group == null) { if (group == null) {
throw new RuntimeException("Unable to find group specified by path: " + path); throw new RuntimeException("Unable to find group specified by path: " + path);

8
services/src/main/java/org/keycloak/broker/oidc/mappers/AbstractClaimToGroupMapper.java
View file

@ -40,7 +40,7 @@ public abstract class AbstractClaimToGroupMapper extends AbstractClaimMapper {
public void importNewUser(KeycloakSession session, RealmModel realm, UserModel user, public void importNewUser(KeycloakSession session, RealmModel realm, UserModel user,
IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) { IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
GroupModel group = this.getGroup(realm, mapperModel); GroupModel group = this.getGroup(session, realm, mapperModel);
if (group == null) { if (group == null) {
return; return;
} }
@ -54,7 +54,7 @@ public abstract class AbstractClaimToGroupMapper extends AbstractClaimMapper {
public void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, public void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user,
IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) { IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
GroupModel group = this.getGroup(realm, mapperModel); GroupModel group = this.getGroup(session, realm, mapperModel);
if (group == null) { if (group == null) {
return; return;
} }
@ -81,9 +81,9 @@ public abstract class AbstractClaimToGroupMapper extends AbstractClaimMapper {
protected abstract boolean applies(final IdentityProviderMapperModel mapperModel, protected abstract boolean applies(final IdentityProviderMapperModel mapperModel,
final BrokeredIdentityContext context); final BrokeredIdentityContext context);
private GroupModel getGroup(final RealmModel realm, final IdentityProviderMapperModel mapperModel) { private GroupModel getGroup(KeycloakSession session, final RealmModel realm, final IdentityProviderMapperModel mapperModel) {
String groupPath = mapperModel.getConfig().get(ConfigConstants.GROUP); String groupPath = mapperModel.getConfig().get(ConfigConstants.GROUP);
GroupModel group = KeycloakModelUtils.findGroupByPath(realm, groupPath); GroupModel group = KeycloakModelUtils.findGroupByPath(session, realm, groupPath);
if (group == null) { if (group == null) {
LOG.warnf("Unable to find group by path '%s' referenced by mapper '%s' on realm '%s'.", groupPath, LOG.warnf("Unable to find group by path '%s' referenced by mapper '%s' on realm '%s'.", groupPath,

11
services/src/main/java/org/keycloak/broker/saml/mappers/AbstractAttributeToGroupMapper.java
View file

@ -40,7 +40,7 @@ public abstract class AbstractAttributeToGroupMapper extends AbstractIdentityPro
@Override @Override
public void importNewUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) { public void importNewUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
GroupModel group = this.getGroup(realm, mapperModel); GroupModel group = this.getGroup(session, realm, mapperModel);
if (group == null) { if (group == null) {
return; return;
} }
@ -52,7 +52,7 @@ public abstract class AbstractAttributeToGroupMapper extends AbstractIdentityPro
@Override @Override
public void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) { public void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
GroupModel group = this.getGroup(realm, mapperModel); GroupModel group = this.getGroup(session, realm, mapperModel);
if (group == null) { if (group == null) {
return; return;
} }
@ -84,14 +84,15 @@ public abstract class AbstractAttributeToGroupMapper extends AbstractIdentityPro
* If the group doesn't correspond to one of the realm's client group or to one of the realm's group, this method * If the group doesn't correspond to one of the realm's client group or to one of the realm's group, this method
* returns {@code null}. * returns {@code null}.
* *
* @param realm a reference to the realm. * @param session
* @param realm a reference to the realm.
* @param mapperModel a reference to the {@link IdentityProviderMapperModel} containing the configured group. * @param mapperModel a reference to the {@link IdentityProviderMapperModel} containing the configured group.
* @return the {@link GroupModel} that corresponds to the mapper model group or {@code null}, if the group could not be found * @return the {@link GroupModel} that corresponds to the mapper model group or {@code null}, if the group could not be found
*/ */
private GroupModel getGroup(final RealmModel realm, final IdentityProviderMapperModel mapperModel) { private GroupModel getGroup(KeycloakSession session, final RealmModel realm, final IdentityProviderMapperModel mapperModel) {
String groupPath = mapperModel.getConfig().get(ConfigConstants.GROUP); String groupPath = mapperModel.getConfig().get(ConfigConstants.GROUP);
GroupModel group = KeycloakModelUtils.findGroupByPath(realm, groupPath); GroupModel group = KeycloakModelUtils.findGroupByPath(session, realm, groupPath);
if (group == null) { if (group == null) {
LOG.warnf("Unable to find group by path '%s' referenced by mapper '%s' on realm '%s'.", groupPath, mapperModel.getName(), realm.getName()); LOG.warnf("Unable to find group by path '%s' referenced by mapper '%s' on realm '%s'.", groupPath, mapperModel.getName(), realm.getName());

8
services/src/main/java/org/keycloak/partialimport/GroupsPartialImport.java
View file

@ -44,18 +44,18 @@ public class GroupsPartialImport extends AbstractPartialImport<GroupRepresentati
return group.getName(); return group.getName();
} }
private GroupModel findGroupModel(RealmModel realm, GroupRepresentation groupRep) { private GroupModel findGroupModel(KeycloakSession session, RealmModel realm, GroupRepresentation groupRep) {
return KeycloakModelUtils.findGroupByPath(realm, groupRep.getPath()); return KeycloakModelUtils.findGroupByPath(session, realm, groupRep.getPath());
} }
@Override @Override
public String getModelId(RealmModel realm, KeycloakSession session, GroupRepresentation groupRep) { public String getModelId(RealmModel realm, KeycloakSession session, GroupRepresentation groupRep) {
return findGroupModel(realm, groupRep).getId(); return findGroupModel(session, realm, groupRep).getId();
} }
@Override @Override
public boolean exists(RealmModel realm, KeycloakSession session, GroupRepresentation groupRep) { public boolean exists(RealmModel realm, KeycloakSession session, GroupRepresentation groupRep) {
return findGroupModel(realm, groupRep) != null; return findGroupModel(session, realm, groupRep) != null;
} }
@Override @Override

3
services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
View file

@ -57,7 +57,6 @@ import com.fasterxml.jackson.core.type.TypeReference;
import org.eclipse.microprofile.openapi.annotations.tags.Tag; import org.eclipse.microprofile.openapi.annotations.tags.Tag;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.Config; import org.keycloak.Config;
import org.keycloak.KeyPairVerifier; import org.keycloak.KeyPairVerifier;
import org.keycloak.authentication.CredentialRegistrator; import org.keycloak.authentication.CredentialRegistrator;
@ -1074,7 +1073,7 @@ public class RealmAdminResource {
@Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN) @Tag(name = KeycloakOpenAPI.Admin.Tags.REALMS_ADMIN)
@Operation() @Operation()
public GroupRepresentation getGroupByPath(@PathParam("path") String path) { public GroupRepresentation getGroupByPath(@PathParam("path") String path) {
GroupModel found = KeycloakModelUtils.findGroupByPath(realm, path); GroupModel found = KeycloakModelUtils.findGroupByPath(session, realm, path);
if (found == null) { if (found == null) {
throw new NotFoundException("Group path does not exist"); throw new NotFoundException("Group path does not exist");

5
services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
View file

@ -36,7 +36,6 @@ import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.models.utils.ModelToRepresentation; import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel; import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.models.utils.StripSecretsUtils;
import org.keycloak.policy.PasswordPolicyNotMetException; import org.keycloak.policy.PasswordPolicyNotMetException;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.ErrorResponse; import org.keycloak.services.ErrorResponse;
@ -164,7 +163,7 @@ public class UsersResource {
UserResource.updateUserFromRep(profile, user, rep, session, false); UserResource.updateUserFromRep(profile, user, rep, session, false);
RepresentationToModel.createFederatedIdentities(rep, session, realm, user); RepresentationToModel.createFederatedIdentities(rep, session, realm, user);
RepresentationToModel.createGroups(rep, realm, user); RepresentationToModel.createGroups(session, rep, realm, user);
RepresentationToModel.createCredentials(rep, session, realm, user, true); RepresentationToModel.createCredentials(rep, session, realm, user, true);
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), user.getId()).representation(rep).success(); adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), user.getId()).representation(rep).success();
@ -200,7 +199,7 @@ public class UsersResource {
List<GroupModel> groups = Optional.ofNullable(rep.getGroups()) List<GroupModel> groups = Optional.ofNullable(rep.getGroups())
.orElse(Collections.emptyList()) .orElse(Collections.emptyList())
.stream().map(path -> findGroupByPath(realm, path)) .stream().map(path -> findGroupByPath(session, realm, path))
.filter(Objects::nonNull) .filter(Objects::nonNull)
.collect(Collectors.toList()); .collect(Collectors.toList());

6
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/resource/TestLDAPResource.java
View file

@ -41,8 +41,6 @@ import org.keycloak.storage.ldap.LDAPStorageProvider;
import org.keycloak.storage.ldap.LDAPStorageProviderFactory; import org.keycloak.storage.ldap.LDAPStorageProviderFactory;
import org.keycloak.storage.ldap.LDAPUtils; import org.keycloak.storage.ldap.LDAPUtils;
import org.keycloak.storage.ldap.idm.model.LDAPObject; import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.storage.ldap.mappers.HardcodedLDAPRoleStorageMapper;
import org.keycloak.storage.ldap.mappers.HardcodedLDAPRoleStorageMapperFactory;
import org.keycloak.storage.ldap.mappers.membership.LDAPGroupMapperMode; import org.keycloak.storage.ldap.mappers.membership.LDAPGroupMapperMode;
import org.keycloak.storage.ldap.mappers.membership.MembershipType; import org.keycloak.storage.ldap.mappers.membership.MembershipType;
import org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory; import org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory;
@ -164,8 +162,8 @@ public class TestLDAPResource {
ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ldapModel, "groupsMapper"); ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ldapModel, "groupsMapper");
new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm); new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm);
realm.addDefaultGroup(KeycloakModelUtils.findGroupByPath(realm, "/defaultGroup1/defaultGroup11")); realm.addDefaultGroup(KeycloakModelUtils.findGroupByPath(session, realm, "/defaultGroup1/defaultGroup11"));
realm.addDefaultGroup(KeycloakModelUtils.findGroupByPath(realm, "/defaultGroup1/defaultGroup12")); realm.addDefaultGroup(KeycloakModelUtils.findGroupByPath(session, realm, "/defaultGroup1/defaultGroup12"));
// Delete all LDAP users // Delete all LDAP users
LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, realm); LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, realm);

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java
View file

@ -243,7 +243,7 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
// group management // group management
AdminPermissionManagement permissions = AdminPermissions.management(session, realm); AdminPermissionManagement permissions = AdminPermissions.management(session, realm);
GroupModel group = KeycloakModelUtils.findGroupByPath(realm, "top"); GroupModel group = KeycloakModelUtils.findGroupByPath(session, realm, "top");
UserModel groupMember = session.users().addUser(realm, "groupMember"); UserModel groupMember = session.users().addUser(realm, "groupMember");
groupMember.joinGroup(group); groupMember.joinGroup(group);
groupMember.setEnabled(true); groupMember.setEnabled(true);
@ -820,7 +820,7 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
ClientModel client = realm.getClientByClientId("removedClient"); ClientModel client = realm.getClientByClientId("removedClient");
RoleModel removedClientRole = client.getRole("removedClientRole"); RoleModel removedClientRole = client.getRole("removedClientRole");
client.removeRole(removedClientRole); client.removeRole(removedClientRole);
GroupModel group = KeycloakModelUtils.findGroupByPath(realm, "removedGroup"); GroupModel group = KeycloakModelUtils.findGroupByPath(session, realm, "removedGroup");
realm.removeGroup(group); realm.removeGroup(group);
byResourceServer = management.authz().getStoreFactory().getResourceStore().findByResourceServer(management.realmResourceServer()); byResourceServer = management.authz().getStoreFactory().getResourceStore().findByResourceServer(management.realmResourceServer());
Assert.assertEquals(2, byResourceServer.size()); Assert.assertEquals(2, byResourceServer.size());

28
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapper2WaySyncTest.java
View file

@ -119,9 +119,9 @@ public class LDAPGroupMapper2WaySyncTest extends AbstractLDAPTest {
// Delete all KC groups now // Delete all KC groups now
removeAllModelGroups(realm); removeAllModelGroups(realm);
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group1")); Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group1"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group11")); Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group11"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group2")); Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group2"));
}); });
@ -145,10 +145,10 @@ public class LDAPGroupMapper2WaySyncTest extends AbstractLDAPTest {
ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ctx.getLdapModel(), "groupsMapper"); ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ctx.getLdapModel(), "groupsMapper");
// Assert groups are imported to keycloak. All are at top level // Assert groups are imported to keycloak. All are at top level
GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, "/group1"); GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(session, realm, "/group1");
GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(realm, "/group11"); GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(session, realm, "/group11");
GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(realm, "/group12"); GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(session, realm, "/group12");
GroupModel kcGroup2 = KeycloakModelUtils.findGroupByPath(realm, "/group2"); GroupModel kcGroup2 = KeycloakModelUtils.findGroupByPath(session, realm, "/group2");
Assert.assertEquals(0, kcGroup1.getSubGroupsStream().count()); Assert.assertEquals(0, kcGroup1.getSubGroupsStream().count());
@ -187,9 +187,9 @@ public class LDAPGroupMapper2WaySyncTest extends AbstractLDAPTest {
// Delete all KC groups now // Delete all KC groups now
removeAllModelGroups(realm); removeAllModelGroups(realm);
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group1")); Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group1"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group11")); Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group11"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group2")); Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group2"));
}); });
@ -207,10 +207,10 @@ public class LDAPGroupMapper2WaySyncTest extends AbstractLDAPTest {
LDAPTestAsserts.assertSyncEquals(syncResult, 4, 0, 0, 0); LDAPTestAsserts.assertSyncEquals(syncResult, 4, 0, 0, 0);
// Assert groups are imported to keycloak. All are at top level // Assert groups are imported to keycloak. All are at top level
GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, "/group1"); GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(session, realm, "/group1");
GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(realm, "/group1/group11"); GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(session, realm, "/group1/group11");
GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(realm, "/group1/group12"); GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(session, realm, "/group1/group12");
GroupModel kcGroup2 = KeycloakModelUtils.findGroupByPath(realm, "/group2"); GroupModel kcGroup2 = KeycloakModelUtils.findGroupByPath(session, realm, "/group2");
Assert.assertEquals(2, kcGroup1.getSubGroupsStream().count()); Assert.assertEquals(2, kcGroup1.getSubGroupsStream().count());

54
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapperSyncTest.java
View file

@ -168,9 +168,9 @@ public class LDAPGroupMapperSyncTest extends AbstractLDAPTest {
GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, realm); GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, realm);
// Assert groups are imported to keycloak. All are at top level // Assert groups are imported to keycloak. All are at top level
GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, "/group1"); GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(session, realm, "/group1");
GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(realm, "/group11"); GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(session, realm, "/group11");
GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(realm, "/group12"); GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(session, realm, "/group12");
Assert.assertEquals(0, kcGroup1.getSubGroupsStream().count()); Assert.assertEquals(0, kcGroup1.getSubGroupsStream().count());
@ -218,11 +218,11 @@ public class LDAPGroupMapperSyncTest extends AbstractLDAPTest {
LDAPTestAsserts.assertSyncEquals(syncResult, 3, 0, 0, 0); LDAPTestAsserts.assertSyncEquals(syncResult, 3, 0, 0, 0);
// Assert groups are imported to keycloak including their inheritance from LDAP // Assert groups are imported to keycloak including their inheritance from LDAP
GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, "/group1"); GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(session, realm, "/group1");
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group11")); Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group11"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group12")); Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group12"));
GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(realm, "/group1/group11"); GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(session, realm, "/group1/group11");
GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(realm, "/group1/group12"); GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(session, realm, "/group1/group12");
Assert.assertEquals(2, kcGroup1.getSubGroupsStream().count()); Assert.assertEquals(2, kcGroup1.getSubGroupsStream().count());
@ -244,8 +244,8 @@ public class LDAPGroupMapperSyncTest extends AbstractLDAPTest {
LDAPTestAsserts.assertSyncEquals(syncResult, 0, 3, 0, 0); LDAPTestAsserts.assertSyncEquals(syncResult, 0, 3, 0, 0);
// Assert attributes changed in keycloak // Assert attributes changed in keycloak
kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, "/group1"); kcGroup1 = KeycloakModelUtils.findGroupByPath(session, realm, "/group1");
kcGroup12 = KeycloakModelUtils.findGroupByPath(realm, "/group1/group12"); kcGroup12 = KeycloakModelUtils.findGroupByPath(session, realm, "/group1/group12");
Assert.assertEquals("group1 - changed description", kcGroup1.getFirstAttribute(descriptionAttrName)); Assert.assertEquals("group1 - changed description", kcGroup1.getFirstAttribute(descriptionAttrName));
Assert.assertNull(kcGroup12.getFirstAttribute(descriptionAttrName)); Assert.assertNull(kcGroup12.getFirstAttribute(descriptionAttrName));
}); });
@ -271,9 +271,9 @@ public class LDAPGroupMapperSyncTest extends AbstractLDAPTest {
LDAPTestAsserts.assertSyncEquals(syncResult, 3, 0, 0, 0); LDAPTestAsserts.assertSyncEquals(syncResult, 3, 0, 0, 0);
// Assert groups are imported to keycloak including their inheritance from LDAP // Assert groups are imported to keycloak including their inheritance from LDAP
GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, "/group1"); GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(session, realm, "/group1");
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/group11")); Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group1/group11"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/group12")); Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group1/group12"));
Assert.assertEquals(2, kcGroup1.getSubGroupsStream().count()); Assert.assertEquals(2, kcGroup1.getSubGroupsStream().count());
@ -285,10 +285,10 @@ public class LDAPGroupMapperSyncTest extends AbstractLDAPTest {
syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm); syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm);
LDAPTestAsserts.assertSyncEquals(syncResult, 0, 3, 0, 0); LDAPTestAsserts.assertSyncEquals(syncResult, 0, 3, 0, 0);
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/group11")); Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group1/group11"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/group12")); Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group1/group12"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/model1")); Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, "/model1"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/model2")); Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group1/model2"));
// Update group mapper to drop non-existing groups during sync // Update group mapper to drop non-existing groups during sync
LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.DROP_NON_EXISTING_GROUPS_DURING_SYNC, "true"); LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.DROP_NON_EXISTING_GROUPS_DURING_SYNC, "true");
@ -300,10 +300,10 @@ public class LDAPGroupMapperSyncTest extends AbstractLDAPTest {
Assert.assertTrue(syncResult.getRemoved() == 2); Assert.assertTrue(syncResult.getRemoved() == 2);
// Sync and assert groups updated // Sync and assert groups updated
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/group11")); Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group1/group11"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/group12")); Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group1/group12"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/model1")); Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, "/model1"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/model2")); Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group1/model2"));
}); });
} }
@ -338,18 +338,18 @@ public class LDAPGroupMapperSyncTest extends AbstractLDAPTest {
groupMapperConfig.getMembershipUserLdapAttribute(ldapProvider.getLdapIdentityStore().getConfig()), ldapGroup, johnLdap); groupMapperConfig.getMembershipUserLdapAttribute(ldapProvider.getLdapIdentityStore().getConfig()), ldapGroup, johnLdap);
// Assert groups not yet imported to Keycloak DB // Assert groups not yet imported to Keycloak DB
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group1")); Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group1"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group11")); Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group11"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group12")); Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, "/group12"));
// Load user from LDAP to Keycloak DB // Load user from LDAP to Keycloak DB
UserModel john = session.users().getUserByUsername(realm, "johnkeycloak"); UserModel john = session.users().getUserByUsername(realm, "johnkeycloak");
Set<GroupModel> johnGroups = john.getGroupsStream().collect(Collectors.toSet()); Set<GroupModel> johnGroups = john.getGroupsStream().collect(Collectors.toSet());
// Assert just those groups, which john was memberOf exists because they were lazily created // Assert just those groups, which john was memberOf exists because they were lazily created
GroupModel group1 = KeycloakModelUtils.findGroupByPath(realm, "/group1"); GroupModel group1 = KeycloakModelUtils.findGroupByPath(session, realm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(realm, "/group11"); GroupModel group11 = KeycloakModelUtils.findGroupByPath(session, realm, "/group11");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(realm, "/group12"); GroupModel group12 = KeycloakModelUtils.findGroupByPath(session, realm, "/group12");
Assert.assertNull(group1); Assert.assertNull(group1);
Assert.assertNotNull(group11); Assert.assertNotNull(group11);
Assert.assertNull(group12); Assert.assertNull(group12);

45
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapperSyncWithGroupsPathTest.java
View file

@ -44,7 +44,6 @@ import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.util.LDAPRule; import org.keycloak.testsuite.util.LDAPRule;
import org.keycloak.testsuite.util.LDAPTestUtils; import org.keycloak.testsuite.util.LDAPTestUtils;
import java.util.Set;
import java.util.stream.Collectors; import java.util.stream.Collectors;
@FixMethodOrder(MethodSorters.NAME_ASCENDING) @FixMethodOrder(MethodSorters.NAME_ASCENDING)
@ -94,7 +93,7 @@ public class LDAPGroupMapperSyncWithGroupsPathTest extends AbstractLDAPTest {
LDAPTestContext ctx = LDAPTestContext.init(session); LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel realm = ctx.getRealm(); RealmModel realm = ctx.getRealm();
GroupModel groupsPathGroup = KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH); GroupModel groupsPathGroup = KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH);
// Subgroup stream needs to be collected, because otherwise we can end up with finding group with id that is // Subgroup stream needs to be collected, because otherwise we can end up with finding group with id that is
// already removed // already removed
@ -125,11 +124,11 @@ public class LDAPGroupMapperSyncWithGroupsPathTest extends AbstractLDAPTest {
LDAPTestAsserts.assertSyncEquals(syncResult, 3, 0, 0, 0); LDAPTestAsserts.assertSyncEquals(syncResult, 3, 0, 0, 0);
// Assert groups are imported to keycloak including their inheritance from LDAP // Assert groups are imported to keycloak including their inheritance from LDAP
GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1"); GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1");
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group11")); Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group11"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group12")); Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group12"));
GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/group11"); GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1/group11");
GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/group12"); GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1/group12");
Assert.assertEquals(2, kcGroup1.getSubGroupsStream().count()); Assert.assertEquals(2, kcGroup1.getSubGroupsStream().count());
@ -151,8 +150,8 @@ public class LDAPGroupMapperSyncWithGroupsPathTest extends AbstractLDAPTest {
LDAPTestAsserts.assertSyncEquals(syncResult, 0, 3, 0, 0); LDAPTestAsserts.assertSyncEquals(syncResult, 0, 3, 0, 0);
// Assert attributes changed in keycloak // Assert attributes changed in keycloak
kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1"); kcGroup1 = KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1");
kcGroup12 = KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/group12"); kcGroup12 = KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1/group12");
Assert.assertEquals("group1 - changed description", kcGroup1.getFirstAttribute(descriptionAttrName)); Assert.assertEquals("group1 - changed description", kcGroup1.getFirstAttribute(descriptionAttrName));
Assert.assertNull(kcGroup12.getFirstAttribute(descriptionAttrName)); Assert.assertNull(kcGroup12.getFirstAttribute(descriptionAttrName));
}); });
@ -176,14 +175,14 @@ public class LDAPGroupMapperSyncWithGroupsPathTest extends AbstractLDAPTest {
LDAPTestAsserts.assertSyncEquals(syncResult, 3, 0, 0, 0); LDAPTestAsserts.assertSyncEquals(syncResult, 3, 0, 0, 0);
// Assert groups are imported to keycloak including their inheritance from LDAP // Assert groups are imported to keycloak including their inheritance from LDAP
GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1"); GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1");
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/group11")); Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1/group11"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/group12")); Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1/group12"));
Assert.assertEquals(2, kcGroup1.getSubGroupsStream().count()); Assert.assertEquals(2, kcGroup1.getSubGroupsStream().count());
// Create some new groups in keycloak // Create some new groups in keycloak
GroupModel groupsPathGroup = KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH); GroupModel groupsPathGroup = KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH);
realm.createGroup("model1", groupsPathGroup); realm.createGroup("model1", groupsPathGroup);
realm.createGroup("model2", kcGroup1); realm.createGroup("model2", kcGroup1);
realm.createGroup("outside"); realm.createGroup("outside");
@ -192,11 +191,11 @@ public class LDAPGroupMapperSyncWithGroupsPathTest extends AbstractLDAPTest {
syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm); syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm);
LDAPTestAsserts.assertSyncEquals(syncResult, 0, 3, 0, 0); LDAPTestAsserts.assertSyncEquals(syncResult, 0, 3, 0, 0);
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/group11")); Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1/group11"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/group12")); Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1/group12"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/model1")); Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/model1"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/model2")); Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1/model2"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/outside")); Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, "/outside"));
// Update group mapper to drop non-existing groups during sync // Update group mapper to drop non-existing groups during sync
LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.DROP_NON_EXISTING_GROUPS_DURING_SYNC, "true"); LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.DROP_NON_EXISTING_GROUPS_DURING_SYNC, "true");
@ -208,11 +207,11 @@ public class LDAPGroupMapperSyncWithGroupsPathTest extends AbstractLDAPTest {
Assert.assertTrue(syncResult.getRemoved() == 2); Assert.assertTrue(syncResult.getRemoved() == 2);
// Sync and assert groups updated // Sync and assert groups updated
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/group11")); Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1/group11"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/group12")); Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1/group12"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/model1")); Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/model1"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/model2")); Assert.assertNull(KeycloakModelUtils.findGroupByPath(session, realm, LDAP_GROUPS_PATH + "/group1/model2"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/outside")); Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(session, realm, "/outside"));
}); });
} }

106
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapperTest.java
View file

@ -94,31 +94,31 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
// 1 - Grant some groups in LDAP // 1 - Grant some groups in LDAP
// This group should already exists as it was imported from LDAP // This group should already exists as it was imported from LDAP
GroupModel group1 = KeycloakModelUtils.findGroupByPath(session.groups(), appRealm, "/group1"); GroupModel group1 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1");
john.joinGroup(group1); john.joinGroup(group1);
// This group should already exists as it was imported from LDAP // This group should already exists as it was imported from LDAP
GroupModel group11 = KeycloakModelUtils.findGroupByPath(session.groups(), appRealm, "/group1/group11"); GroupModel group11 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group11");
mary.joinGroup(group11); mary.joinGroup(group11);
// This group should already exists as it was imported from LDAP // This group should already exists as it was imported from LDAP
GroupModel group12 = KeycloakModelUtils.findGroupByPath(session.groups(), appRealm, "/group1/group12"); GroupModel group12 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group12");
john.joinGroup(group12); john.joinGroup(group12);
mary.joinGroup(group12); mary.joinGroup(group12);
// This group should already exists as it was imported from LDAP // This group should already exists as it was imported from LDAP
GroupModel groupWithSlashesInName = KeycloakModelUtils.findGroupByPath(session.groups(), appRealm, "Team 2016/2017"); GroupModel groupWithSlashesInName = KeycloakModelUtils.findGroupByPath(session, appRealm, "Team 2016/2017");
john.joinGroup(groupWithSlashesInName); john.joinGroup(groupWithSlashesInName);
mary.joinGroup(groupWithSlashesInName); mary.joinGroup(groupWithSlashesInName);
// This group should already exists as it was imported from LDAP // This group should already exists as it was imported from LDAP
GroupModel groupChildWithSlashesInName = KeycloakModelUtils.findGroupByPath(session.groups(), appRealm, "defaultGroup1/Team Child 2018/2019"); GroupModel groupChildWithSlashesInName = KeycloakModelUtils.findGroupByPath(session, appRealm, "defaultGroup1/Team Child 2018/2019");
john.joinGroup(groupChildWithSlashesInName); john.joinGroup(groupChildWithSlashesInName);
mary.joinGroup(groupChildWithSlashesInName); mary.joinGroup(groupChildWithSlashesInName);
Assert.assertEquals("Team SubChild 2020/2021", KeycloakModelUtils.findGroupByPath(session.groups(), appRealm, "defaultGroup1/Team Child 2018/2019/Team SubChild 2020/2021").getName()); Assert.assertEquals("Team SubChild 2020/2021", KeycloakModelUtils.findGroupByPath(session, appRealm, "defaultGroup1/Team Child 2018/2019/Team SubChild 2020/2021").getName());
Assert.assertEquals("defaultGroup14", KeycloakModelUtils.findGroupByPath(session.groups(), appRealm, "defaultGroup13/Team SubChild 2022/2023/A/B/C/D/E/defaultGroup14").getName()); Assert.assertEquals("defaultGroup14", KeycloakModelUtils.findGroupByPath(session, appRealm, "defaultGroup13/Team SubChild 2022/2023/A/B/C/D/E/defaultGroup14").getName());
Assert.assertEquals("Team SubChild 2026/2027", KeycloakModelUtils.findGroupByPath(session.groups(), appRealm, "Team Root 2024/2025/A/B/C/D/defaultGroup15/Team SubChild 2026/2027").getName()); Assert.assertEquals("Team SubChild 2026/2027", KeycloakModelUtils.findGroupByPath(session, appRealm, "Team Root 2024/2025/A/B/C/D/defaultGroup15/Team SubChild 2026/2027").getName());
}); });
@ -146,11 +146,11 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
LDAPTestContext ctx = LDAPTestContext.init(session); LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm(); RealmModel appRealm = ctx.getRealm();
GroupModel group1 = KeycloakModelUtils.findGroupByPath(session.groups(), appRealm, "/group1"); GroupModel group1 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(session.groups(), appRealm, "/group1/group11"); GroupModel group11 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group11");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(session.groups(), appRealm, "/group1/group12"); GroupModel group12 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group12");
GroupModel groupTeam20162017 = KeycloakModelUtils.findGroupByPath(session.groups(), appRealm, "Team 2016/2017"); GroupModel groupTeam20162017 = KeycloakModelUtils.findGroupByPath(session, appRealm, "Team 2016/2017");
GroupModel groupTeamChild20182019 = KeycloakModelUtils.findGroupByPath(session.groups(), appRealm, "defaultGroup1/Team Child 2018/2019"); GroupModel groupTeamChild20182019 = KeycloakModelUtils.findGroupByPath(session, appRealm, "defaultGroup1/Team Child 2018/2019");
UserModel john = session.users().getUserByUsername(appRealm, "johnkeycloak"); UserModel john = session.users().getUserByUsername(appRealm, "johnkeycloak");
UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak"); UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
@ -224,8 +224,8 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.MODE, LDAPGroupMapperMode.READ_ONLY.toString()); LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.MODE, LDAPGroupMapperMode.READ_ONLY.toString());
appRealm.updateComponent(mapperModel); appRealm.updateComponent(mapperModel);
GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1"); GroupModel group1 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group11"); GroupModel group11 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group11");
// Add some group mappings directly into LDAP // Add some group mappings directly into LDAP
GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ctx.getLdapProvider(), appRealm); GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ctx.getLdapProvider(), appRealm);
@ -241,9 +241,9 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
RealmModel appRealm = ctx.getRealm(); RealmModel appRealm = ctx.getRealm();
UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak"); UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1"); GroupModel group1 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group11"); GroupModel group11 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group11");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12"); GroupModel group12 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group12");
// Add some group mapping to model // Add some group mapping to model
mary.joinGroup(group12); mary.joinGroup(group12);
@ -269,7 +269,7 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
RealmModel appRealm = ctx.getRealm(); RealmModel appRealm = ctx.getRealm();
UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak"); UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12"); GroupModel group12 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group12");
// Add some group mapping to model. This should fail with no-import mode for LDAP provider READ_ONLY mode for the group mapper // Add some group mapping to model. This should fail with no-import mode for LDAP provider READ_ONLY mode for the group mapper
// as it is not allowed to update group mappings in LDAP nor in the DB // as it is not allowed to update group mappings in LDAP nor in the DB
@ -286,9 +286,9 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
RealmModel appRealm = ctx.getRealm(); RealmModel appRealm = ctx.getRealm();
UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak"); UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1"); GroupModel group1 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group11"); GroupModel group11 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group11");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12"); GroupModel group12 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group12");
// Assert that mary has both LDAP and DB mapped groups // Assert that mary has both LDAP and DB mapped groups
Set<GroupModel> maryGroups = mary.getGroupsStream().collect(Collectors.toSet()); Set<GroupModel> maryGroups = mary.getGroupsStream().collect(Collectors.toSet());
@ -313,9 +313,9 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
LDAPTestContext ctx = LDAPTestContext.init(session); LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm(); RealmModel appRealm = ctx.getRealm();
GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1"); GroupModel group1 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group11"); GroupModel group11 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group11");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12"); GroupModel group12 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group12");
UserModel maryDB = UserStoragePrivateUtil.userLocalStorage(session).getUserByUsername(appRealm, "marykeycloak"); UserModel maryDB = UserStoragePrivateUtil.userLocalStorage(session).getUserByUsername(appRealm, "marykeycloak");
@ -346,7 +346,7 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
LDAPTestContext ctx = LDAPTestContext.init(session); LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm(); RealmModel appRealm = ctx.getRealm();
GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12"); GroupModel group12 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group12");
// Test the group mapping NOT available for group12 // Test the group mapping NOT available for group12
Stream<UserModel> group12Members = session.users().getGroupMembersStream(appRealm, group12, 0, 10); Stream<UserModel> group12Members = session.users().getGroupMembersStream(appRealm, group12, 0, 10);
@ -360,9 +360,9 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
LDAPTestContext ctx = LDAPTestContext.init(session); LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm(); RealmModel appRealm = ctx.getRealm();
GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1"); GroupModel group1 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group11"); GroupModel group11 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group11");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12"); GroupModel group12 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group12");
UserModel john = session.users().getUserByUsername(appRealm, "johnkeycloak"); UserModel john = session.users().getUserByUsername(appRealm, "johnkeycloak");
UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak"); UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
@ -409,9 +409,9 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel()); LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, appRealm); GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, appRealm);
GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1"); GroupModel group1 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group11"); GroupModel group11 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group11");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12"); GroupModel group12 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group12");
LDAPObject robLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "robkeycloak"); LDAPObject robLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "robkeycloak");
groupMapper.addGroupMappingInLDAP(appRealm, group11, robLdap); groupMapper.addGroupMappingInLDAP(appRealm, group11, robLdap);
@ -515,7 +515,7 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
// 4 - Check group members. Just existing user rob should be present // 4 - Check group members. Just existing user rob should be present
groupMapper.syncDataFromFederationProviderToKeycloak(appRealm); groupMapper.syncDataFromFederationProviderToKeycloak(appRealm);
GroupModel kcGroup2 = KeycloakModelUtils.findGroupByPath(appRealm, "/group2"); GroupModel kcGroup2 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group2");
List<UserModel> groupUsers = session.users().getGroupMembersStream(appRealm, kcGroup2, 0, 5) List<UserModel> groupUsers = session.users().getGroupMembersStream(appRealm, kcGroup2, 0, 5)
.collect(Collectors.toList()); .collect(Collectors.toList());
Assert.assertEquals(1, groupUsers.size()); Assert.assertEquals(1, groupUsers.size());
@ -567,9 +567,9 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
UserModel carlos = session.users().getUserByUsername(appRealm, "carloskeycloak"); UserModel carlos = session.users().getUserByUsername(appRealm, "carloskeycloak");
Set<GroupModel> carlosGroups = carlos.getGroupsStream().collect(Collectors.toSet()); Set<GroupModel> carlosGroups = carlos.getGroupsStream().collect(Collectors.toSet());
GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1"); GroupModel group1 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group11"); GroupModel group11 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group11");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12"); GroupModel group12 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group12");
Assert.assertTrue(carlosGroups.contains(group1)); Assert.assertTrue(carlosGroups.contains(group1));
Assert.assertFalse(carlosGroups.contains(group11)); Assert.assertFalse(carlosGroups.contains(group11));
@ -599,7 +599,7 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
GroupModel group4 = appRealm.createGroup("group4"); GroupModel group4 = appRealm.createGroup("group4");
GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1"); GroupModel group1 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1");
GroupModel group14 = appRealm.createGroup("group14", group1); GroupModel group14 = appRealm.createGroup("group14", group1);
}); });
@ -611,16 +611,16 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
UserModel john = session.users().getUserByUsername(appRealm, "johnkeycloak"); UserModel john = session.users().getUserByUsername(appRealm, "johnkeycloak");
GroupModel group4 = KeycloakModelUtils.findGroupByPath(appRealm, "/group4"); GroupModel group4 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group4");
john.joinGroup(group4); john.joinGroup(group4);
GroupModel group31 = KeycloakModelUtils.findGroupByPath(appRealm, "/group3/group31"); GroupModel group31 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group3/group31");
GroupModel group32 = KeycloakModelUtils.findGroupByPath(appRealm, "/group3/group32"); GroupModel group32 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group3/group32");
john.joinGroup(group31); john.joinGroup(group31);
john.joinGroup(group32); john.joinGroup(group32);
GroupModel group14 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group14"); GroupModel group14 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group14");
john.joinGroup(group14); john.joinGroup(group14);
}); });
@ -631,11 +631,11 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
UserModel john = session.users().getUserByUsername(appRealm, "johnkeycloak"); UserModel john = session.users().getUserByUsername(appRealm, "johnkeycloak");
GroupModel group14 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group14"); GroupModel group14 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1/group14");
GroupModel group3 = KeycloakModelUtils.findGroupByPath(appRealm, "/group3"); GroupModel group3 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group3");
GroupModel group31 = KeycloakModelUtils.findGroupByPath(appRealm, "/group3/group31"); GroupModel group31 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group3/group31");
GroupModel group32 = KeycloakModelUtils.findGroupByPath(appRealm, "/group3/group32"); GroupModel group32 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group3/group32");
GroupModel group4 = KeycloakModelUtils.findGroupByPath(appRealm, "/group4"); GroupModel group4 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group4");
Set<GroupModel> groups = john.getGroupsStream().collect(Collectors.toSet()); Set<GroupModel> groups = john.getGroupsStream().collect(Collectors.toSet());
Assert.assertTrue(groups.contains(group14)); Assert.assertTrue(groups.contains(group14));
@ -670,17 +670,17 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
UserModel david = session.users().addUser(appRealm, "davidkeycloak"); UserModel david = session.users().addUser(appRealm, "davidkeycloak");
GroupModel defaultGroup11 = KeycloakModelUtils.findGroupByPath(appRealm, "/defaultGroup1/defaultGroup11"); GroupModel defaultGroup11 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/defaultGroup1/defaultGroup11");
Assert.assertNotNull(defaultGroup11); Assert.assertNotNull(defaultGroup11);
GroupModel defaultGroup12 = KeycloakModelUtils.findGroupByPath(appRealm, "/defaultGroup1/defaultGroup12"); GroupModel defaultGroup12 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/defaultGroup1/defaultGroup12");
Assert.assertNotNull(defaultGroup12); Assert.assertNotNull(defaultGroup12);
GroupModel group31 = KeycloakModelUtils.findGroupByPath(appRealm, "/group3/group31"); GroupModel group31 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group3/group31");
Assert.assertNotNull(group31); Assert.assertNotNull(group31);
GroupModel group32 = KeycloakModelUtils.findGroupByPath(appRealm, "/group3/group32"); GroupModel group32 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group3/group32");
Assert.assertNotNull(group32); Assert.assertNotNull(group32);
GroupModel group4 = KeycloakModelUtils.findGroupByPath(appRealm, "/group4"); GroupModel group4 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group4");
Assert.assertNotNull(group4); Assert.assertNotNull(group4);
Set<GroupModel> groups = david.getGroupsStream().collect(Collectors.toSet()); Set<GroupModel> groups = david.getGroupsStream().collect(Collectors.toSet());
@ -745,7 +745,7 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, appRealm); GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, appRealm);
groupMapper.syncDataFromFederationProviderToKeycloak(appRealm); groupMapper.syncDataFromFederationProviderToKeycloak(appRealm);
GroupModel kcBigGroup = KeycloakModelUtils.findGroupByPath(appRealm, "/biggroup"); GroupModel kcBigGroup = KeycloakModelUtils.findGroupByPath(session, appRealm, "/biggroup");
// check all the users have the group assigned // check all the users have the group assigned
for (int i = 0; i < membersToTest; i++) { for (int i = 0; i < membersToTest; i++) {
UserModel kcUser = session.users().getUserByUsername(appRealm, String.format("user%02d", i)); UserModel kcUser = session.users().getUserByUsername(appRealm, String.format("user%02d", i));
@ -794,7 +794,7 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
groupMapper.syncDataFromFederationProviderToKeycloak(appRealm); groupMapper.syncDataFromFederationProviderToKeycloak(appRealm);
// check everything is OK // check everything is OK
GroupModel kcDeleteGroup = KeycloakModelUtils.findGroupByPath(appRealm, "/deletegroup"); GroupModel kcDeleteGroup = KeycloakModelUtils.findGroupByPath(session, appRealm, "/deletegroup");
UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak"); UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
List<UserModel> groupMembers = session.users().getGroupMembersStream(appRealm, kcDeleteGroup, 0, 5) List<UserModel> groupMembers = session.users().getGroupMembersStream(appRealm, kcDeleteGroup, 0, 5)
.collect(Collectors.toList()); .collect(Collectors.toList());

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPSpecialCharsTest.java
View file

@ -159,12 +159,12 @@ public class LDAPSpecialCharsTest extends AbstractLDAPTest {
// 1 - Grant some groups in LDAP // 1 - Grant some groups in LDAP
// This group should already exists as it was imported from LDAP // This group should already exists as it was imported from LDAP
GroupModel specialGroup = KeycloakModelUtils.findGroupByPath(appRealm, "/group-spec,ia*l_characžter)s"); GroupModel specialGroup = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group-spec,ia*l_characžter)s");
Assert.assertNotNull(specialGroup); Assert.assertNotNull(specialGroup);
specialUser.joinGroup(specialGroup); specialUser.joinGroup(specialGroup);
GroupModel groupWithSlashes = KeycloakModelUtils.findGroupByPath(appRealm, "/group/with/three/slashes"); GroupModel groupWithSlashes = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group/with/three/slashes");
Assert.assertNotNull(groupWithSlashes); Assert.assertNotNull(groupWithSlashes);
specialUser.joinGroup(groupWithSlashes); specialUser.joinGroup(groupWithSlashes);

6
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPSyncTest.java
View file

@ -466,7 +466,7 @@ public class LDAPSyncTest extends AbstractLDAPTest {
LDAPTestContext ctx = LDAPTestContext.init(session); LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm(); RealmModel appRealm = ctx.getRealm();
GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1"); GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group1");
String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider()); String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
Assert.assertEquals("group1 - description", kcGroup1.getFirstAttribute(descriptionAttrName)); Assert.assertEquals("group1 - description", kcGroup1.getFirstAttribute(descriptionAttrName));
@ -499,7 +499,7 @@ public class LDAPSyncTest extends AbstractLDAPTest {
RealmModel appRealm = ctx.getRealm(); RealmModel appRealm = ctx.getRealm();
// load previously synced group (a new group has been created in Keycloak) // load previously synced group (a new group has been created in Keycloak)
GroupModel kcGroup5 = KeycloakModelUtils.findGroupByPath(appRealm, "/group5"); GroupModel kcGroup5 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group5");
String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider()); String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
Assert.assertEquals("group5 - description", kcGroup5.getFirstAttribute(descriptionAttrName)); Assert.assertEquals("group5 - description", kcGroup5.getFirstAttribute(descriptionAttrName));
@ -587,7 +587,7 @@ public class LDAPSyncTest extends AbstractLDAPTest {
LDAPTestContext ctx = LDAPTestContext.init(session); LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm(); RealmModel appRealm = ctx.getRealm();
GroupModel user8Group = KeycloakModelUtils.findGroupByPath(appRealm, "/user8group"); GroupModel user8Group = KeycloakModelUtils.findGroupByPath(session, appRealm, "/user8group");
Assert.assertNotNull(user8Group); Assert.assertNotNull(user8Group);
UserModel user8 = session.users().getUserByUsername(appRealm, "user8"); UserModel user8 = session.users().getUserByUsername(appRealm, "user8");
Assert.assertNotNull(user8); Assert.assertNotNull(user8);

8
testsuite/model/src/test/java/org/keycloak/testsuite/model/group/GroupModelTest.java
View file

@ -211,13 +211,13 @@ public class GroupModelTest extends KeycloakModelTest {
}); });
withRealm(realmId, (session, realm) -> { withRealm(realmId, (session, realm) -> {
GroupModel group1 = KeycloakModelUtils.findGroupByPath(session.groups(), realm, "/parent-1"); GroupModel group1 = KeycloakModelUtils.findGroupByPath(session, realm, "/parent-1");
GroupModel group2 = KeycloakModelUtils.findGroupByPath(session.groups(), realm, "/parent-2"); GroupModel group2 = KeycloakModelUtils.findGroupByPath(session, realm, "/parent-2");
assertThat(group1.getName(), equalTo("parent-1")); assertThat(group1.getName(), equalTo("parent-1"));
assertThat(group2.getName(), equalTo("parent-2")); assertThat(group2.getName(), equalTo("parent-2"));
GroupModel subGroup1 = KeycloakModelUtils.findGroupByPath(session.groups(), realm, "/parent-1/sub-group-1"); GroupModel subGroup1 = KeycloakModelUtils.findGroupByPath(session, realm, "/parent-1/sub-group-1");
GroupModel subGroup2 = KeycloakModelUtils.findGroupByPath(session.groups(), realm, "/parent-2/sub-group/1"); GroupModel subGroup2 = KeycloakModelUtils.findGroupByPath(session, realm, "/parent-2/sub-group/1");
assertThat(subGroup1.getId(), equalTo(subGroupId1)); assertThat(subGroup1.getId(), equalTo(subGroupId1));
assertThat(subGroup2.getId(), equalTo(subGroupIdWithSlash)); assertThat(subGroup2.getId(), equalTo(subGroupIdWithSlash));
return null; return null;