group mongo

This commit is contained in:
Bill Burke 2015-11-18 15:24:27 -05:00
parent 41331111da
commit 4f00f6cceb
14 changed files with 311 additions and 11 deletions

View file

@ -35,6 +35,7 @@ public class DefaultMongoConnectionFactoryProvider implements MongoConnectionPro
"org.keycloak.models.mongo.keycloak.entities.MongoRealmEntity",
"org.keycloak.models.mongo.keycloak.entities.MongoUserEntity",
"org.keycloak.models.mongo.keycloak.entities.MongoRoleEntity",
"org.keycloak.models.mongo.keycloak.entities.MongoGroupEntity",
"org.keycloak.models.mongo.keycloak.entities.MongoClientEntity",
"org.keycloak.models.mongo.keycloak.entities.MongoUserConsentEntity",
"org.keycloak.models.mongo.keycloak.entities.MongoMigrationModelEntity",

View file

@ -97,6 +97,7 @@ public class JpaUserProvider implements UserProvider {
private void removeUser(UserEntity user) {
String id = user.getId();
em.createNamedQuery("deleteUserRoleMappingsByUser").setParameter("user", user).executeUpdate();
em.createNamedQuery("deleteUserGroupMembershipsByUser").setParameter("user", user).executeUpdate();
em.createNamedQuery("deleteFederatedIdentityByUser").setParameter("user", user).executeUpdate();
em.createNamedQuery("deleteUserConsentRolesByUser").setParameter("user", user).executeUpdate();
em.createNamedQuery("deleteUserConsentProtMappersByUser").setParameter("user", user).executeUpdate();

View file

@ -1000,6 +1000,7 @@ public class RealmAdapter implements RealmModel {
String compositeRoleTable = JpaUtils.getTableNameForNativeQuery("COMPOSITE_ROLE", em);
em.createNativeQuery("delete from " + compositeRoleTable + " where CHILD_ROLE = :role").setParameter("role", roleEntity).executeUpdate();
em.createNamedQuery("deleteScopeMappingByRole").setParameter("role", roleEntity).executeUpdate();
em.createNamedQuery("deleteGroupRoleMappingsByRole").setParameter("roleId", roleEntity.getId()).executeUpdate();
em.remove(roleEntity);

View file

@ -6,6 +6,7 @@ import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
import org.keycloak.models.ClientModel;
import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
@ -20,6 +21,7 @@ import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
@ -146,7 +148,11 @@ public class GroupAdapter extends AbstractMongoAdapter<MongoGroupEntity> impleme
if (group.getRoleIds() == null || group.getRoleIds().isEmpty()) return Collections.EMPTY_SET;
Set<RoleModel> roles = new HashSet<>();
for (String id : group.getRoleIds()) {
roles.add(realm.getRoleById(id));
RoleModel roleById = realm.getRoleById(id);
if (roleById == null) {
throw new ModelException("role does not exist in group role mappings");
}
roles.add(roleById);
}
return roles;
}
@ -198,18 +204,28 @@ public class GroupAdapter extends AbstractMongoAdapter<MongoGroupEntity> impleme
@Override
public Set<GroupModel> getSubGroups() {
DBObject query = new QueryBuilder()
.and("realmId").is(realm.getId())
.and("parentId").is(getId())
.get();
List<MongoGroupEntity> groups = getMongoStore().loadEntities(MongoGroupEntity.class, query, invocationContext);
Set<GroupModel> subGroups = new HashSet<>();
for (GroupModel groupModel : realm.getGroups()) {
if (groupModel.getParent().equals(this)) {
subGroups.add(groupModel);
}
if (groups == null) return subGroups;
for (MongoGroupEntity group : groups) {
subGroups.add(realm.getGroupById(group.getId()));
}
return subGroups;
}
@Override
public void setParent(GroupModel group) {
this.group.setParentId(group.getId());
public void setParent(GroupModel parent) {
if (parent == null) group.setParentId(null);
else {
group.setParentId(parent.getId());
}
updateGroup();
}

View file

@ -660,7 +660,7 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
if (groups == null) return result;
for (MongoGroupEntity group : groups) {
result.add(new GroupAdapter(session, this, group, invocationContext));
result.add(model.getGroupById(group.getId(), this));
}
return result;
@ -672,7 +672,7 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
Iterator<GroupModel> it = all.iterator();
while (it.hasNext()) {
GroupModel group = it.next();
if (group.getParent() != null) {
if (group.getParentId() != null) {
it.remove();
}
}

View file

@ -19,6 +19,10 @@ public class MongoRealmEntity extends RealmEntity implements MongoIdentifiableEn
.and("realmId").is(getId())
.get();
// Remove all roles of this realm
context.getMongoStore().removeEntities(MongoGroupEntity.class, query, true, context);
// Remove all roles of this realm
context.getMongoStore().removeEntities(MongoRoleEntity.class, query, true, context);

View file

@ -41,6 +41,18 @@ public class MongoRoleEntity extends RoleEntity implements MongoIdentifiableEnti
public void afterRemove(MongoStoreInvocationContext invContext) {
MongoStore mongoStore = invContext.getMongoStore();
{
DBObject query = new QueryBuilder()
.and("roleIds").is(getId())
.get();
List<MongoGroupEntity> groups = mongoStore.loadEntities(MongoGroupEntity.class, query, invContext);
for (MongoGroupEntity group : groups) {
mongoStore.pullItemFromList(group, "roleIds", getId(), invContext);
}
}
// Remove this scope from all clients, which has it
DBObject query = new QueryBuilder()
.and("scopeIds").is(getId())

View file

@ -163,8 +163,9 @@ public class ExportImportTest {
testRealmExportImport();
// There should be 3 files in target directory (1 realm, 2 user, 1 version)
Assert.assertEquals(4, new File(targetDirPath).listFiles().length);
// There should be 3 files in target directory (1 realm, 3 user, 1 version)
File[] files = new File(targetDirPath).listFiles();
Assert.assertEquals(5, files.length);
}
@Test

View file

@ -40,6 +40,30 @@
{ "type" : "password",
"value" : "password" }
]
},
{
"username" : "topGroupUser",
"enabled": true,
"email" : "top@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"groups": [
"/top"
]
},
{
"username" : "level2GroupUser",
"enabled": true,
"email" : "level2@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"groups": [
"/top/level2"
]
}
],
"applications": [
@ -347,6 +371,26 @@
}
}
],
"groups" : [
{
"name": "top",
"attributes": {
"topAttribute": ["true"]
},
"realmRoles": ["manager"],
"subGroups": [
{
"name": "level2",
"realmRoles": ["user"],
"attributes": {
"level2Attribute": ["true"]
}
}
]
}
],
"roles" : {
"realm" : [
{

View file

@ -40,6 +40,30 @@
{ "type" : "password",
"value" : "password" }
]
},
{
"username" : "topGroupUser",
"enabled": true,
"email" : "top@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"groups": [
"/top"
]
},
{
"username" : "level2GroupUser",
"enabled": true,
"email" : "level2@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"groups": [
"/top/level2"
]
}
],
"applications": [
@ -347,6 +371,26 @@
}
}
],
"groups" : [
{
"name": "top",
"attributes": {
"topAttribute": ["true"]
},
"realmRoles": ["manager"],
"subGroups": [
{
"name": "level2",
"realmRoles": ["user"],
"attributes": {
"level2Attribute": ["true"]
}
}
]
}
],
"roles" : {
"realm" : [
{

View file

@ -40,6 +40,30 @@
{ "type" : "password",
"value" : "password" }
]
},
{
"username" : "topGroupUser",
"enabled": true,
"email" : "top@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"groups": [
"/top"
]
},
{
"username" : "level2GroupUser",
"enabled": true,
"email" : "level2@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"groups": [
"/top/level2"
]
}
],
"applications": [
@ -347,6 +371,26 @@
}
}
],
"groups" : [
{
"name": "top",
"attributes": {
"topAttribute": ["true"]
},
"realmRoles": ["manager"],
"subGroups": [
{
"name": "level2",
"realmRoles": ["user"],
"attributes": {
"level2Attribute": ["true"]
}
}
]
}
],
"roles" : {
"realm" : [
{

View file

@ -40,6 +40,30 @@
{ "type" : "password",
"value" : "password" }
]
},
{
"username" : "topGroupUser",
"enabled": true,
"email" : "top@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"groups": [
"/top"
]
},
{
"username" : "level2GroupUser",
"enabled": true,
"email" : "level2@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"groups": [
"/top/level2"
]
}
],
"applications": [
@ -347,6 +371,26 @@
}
}
],
"groups" : [
{
"name": "top",
"attributes": {
"topAttribute": ["true"]
},
"realmRoles": ["manager"],
"subGroups": [
{
"name": "level2",
"realmRoles": ["user"],
"attributes": {
"level2Attribute": ["true"]
}
}
]
}
],
"roles" : {
"realm" : [
{

View file

@ -40,6 +40,30 @@
{ "type" : "password",
"value" : "password" }
]
},
{
"username" : "topGroupUser",
"enabled": true,
"email" : "top@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"groups": [
"/top"
]
},
{
"username" : "level2GroupUser",
"enabled": true,
"email" : "level2@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"groups": [
"/top/level2"
]
}
],
"applications": [
@ -347,6 +371,26 @@
}
}
],
"groups" : [
{
"name": "top",
"attributes": {
"topAttribute": ["true"]
},
"realmRoles": ["manager"],
"subGroups": [
{
"name": "level2",
"realmRoles": ["user"],
"attributes": {
"level2Attribute": ["true"]
}
}
]
}
],
"roles" : {
"realm" : [
{

View file

@ -40,6 +40,30 @@
{ "type" : "password",
"value" : "password" }
]
},
{
"username" : "topGroupUser",
"enabled": true,
"email" : "top@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"groups": [
"/top"
]
},
{
"username" : "level2GroupUser",
"enabled": true,
"email" : "level2@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"groups": [
"/top/level2"
]
}
],
"applications": [
@ -347,6 +371,26 @@
}
}
],
"groups" : [
{
"name": "top",
"attributes": {
"topAttribute": ["true"]
},
"realmRoles": ["manager"],
"subGroups": [
{
"name": "level2",
"realmRoles": ["user"],
"attributes": {
"level2Attribute": ["true"]
}
}
]
}
],
"roles" : {
"realm" : [
{