libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

group mongo

Browse source
This commit is contained in:
Bill Burke 2015-11-18 15:24:27 -05:00
parent 41331111da
commit 4f00f6cceb
14 changed files with 311 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
connections/mongo/src/main/java/org/keycloak/connections/mongo/DefaultMongoConnectionFactoryProvider.java
View file

@ -35,6 +35,7 @@ public class DefaultMongoConnectionFactoryProvider implements MongoConnectionPro
"org.keycloak.models.mongo.keycloak.entities.MongoRealmEntity", "org.keycloak.models.mongo.keycloak.entities.MongoRealmEntity",
"org.keycloak.models.mongo.keycloak.entities.MongoUserEntity", "org.keycloak.models.mongo.keycloak.entities.MongoUserEntity",
"org.keycloak.models.mongo.keycloak.entities.MongoRoleEntity", "org.keycloak.models.mongo.keycloak.entities.MongoRoleEntity",
"org.keycloak.models.mongo.keycloak.entities.MongoGroupEntity",
"org.keycloak.models.mongo.keycloak.entities.MongoClientEntity", "org.keycloak.models.mongo.keycloak.entities.MongoClientEntity",
"org.keycloak.models.mongo.keycloak.entities.MongoUserConsentEntity", "org.keycloak.models.mongo.keycloak.entities.MongoUserConsentEntity",
"org.keycloak.models.mongo.keycloak.entities.MongoMigrationModelEntity", "org.keycloak.models.mongo.keycloak.entities.MongoMigrationModelEntity",

1
model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java
View file

@ -97,6 +97,7 @@ public class JpaUserProvider implements UserProvider {
private void removeUser(UserEntity user) { private void removeUser(UserEntity user) {
String id = user.getId(); String id = user.getId();
em.createNamedQuery("deleteUserRoleMappingsByUser").setParameter("user", user).executeUpdate(); em.createNamedQuery("deleteUserRoleMappingsByUser").setParameter("user", user).executeUpdate();
em.createNamedQuery("deleteUserGroupMembershipsByUser").setParameter("user", user).executeUpdate();
em.createNamedQuery("deleteFederatedIdentityByUser").setParameter("user", user).executeUpdate(); em.createNamedQuery("deleteFederatedIdentityByUser").setParameter("user", user).executeUpdate();
em.createNamedQuery("deleteUserConsentRolesByUser").setParameter("user", user).executeUpdate(); em.createNamedQuery("deleteUserConsentRolesByUser").setParameter("user", user).executeUpdate();
em.createNamedQuery("deleteUserConsentProtMappersByUser").setParameter("user", user).executeUpdate(); em.createNamedQuery("deleteUserConsentProtMappersByUser").setParameter("user", user).executeUpdate();

1
model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
View file

@ -1000,6 +1000,7 @@ public class RealmAdapter implements RealmModel {
String compositeRoleTable = JpaUtils.getTableNameForNativeQuery("COMPOSITE_ROLE", em); String compositeRoleTable = JpaUtils.getTableNameForNativeQuery("COMPOSITE_ROLE", em);
em.createNativeQuery("delete from " + compositeRoleTable + " where CHILD_ROLE = :role").setParameter("role", roleEntity).executeUpdate(); em.createNativeQuery("delete from " + compositeRoleTable + " where CHILD_ROLE = :role").setParameter("role", roleEntity).executeUpdate();
em.createNamedQuery("deleteScopeMappingByRole").setParameter("role", roleEntity).executeUpdate(); em.createNamedQuery("deleteScopeMappingByRole").setParameter("role", roleEntity).executeUpdate();
em.createNamedQuery("deleteGroupRoleMappingsByRole").setParameter("roleId", roleEntity.getId()).executeUpdate();
em.remove(roleEntity); em.remove(roleEntity);

30
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/GroupAdapter.java
View file

@ -6,6 +6,7 @@ import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
import org.keycloak.models.ClientModel; import org.keycloak.models.ClientModel;
import org.keycloak.models.GroupModel; import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelException;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel; import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel; import org.keycloak.models.RoleModel;
@ -20,6 +21,7 @@ import java.util.ArrayList;
import java.util.Collections; import java.util.Collections;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.LinkedList;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
@ -146,7 +148,11 @@ public class GroupAdapter extends AbstractMongoAdapter<MongoGroupEntity> impleme
if (group.getRoleIds() == null || group.getRoleIds().isEmpty()) return Collections.EMPTY_SET; if (group.getRoleIds() == null || group.getRoleIds().isEmpty()) return Collections.EMPTY_SET;
Set<RoleModel> roles = new HashSet<>(); Set<RoleModel> roles = new HashSet<>();
for (String id : group.getRoleIds()) { for (String id : group.getRoleIds()) {
roles.add(realm.getRoleById(id)); RoleModel roleById = realm.getRoleById(id);
if (roleById == null) {
throw new ModelException("role does not exist in group role mappings");
}
roles.add(roleById);
} }
return roles; return roles;
} }
@ -198,18 +204,28 @@ public class GroupAdapter extends AbstractMongoAdapter<MongoGroupEntity> impleme
@Override @Override
public Set<GroupModel> getSubGroups() { public Set<GroupModel> getSubGroups() {
DBObject query = new QueryBuilder()
.and("realmId").is(realm.getId())
.and("parentId").is(getId())
.get();
List<MongoGroupEntity> groups = getMongoStore().loadEntities(MongoGroupEntity.class, query, invocationContext);
Set<GroupModel> subGroups = new HashSet<>(); Set<GroupModel> subGroups = new HashSet<>();
for (GroupModel groupModel : realm.getGroups()) {
if (groupModel.getParent().equals(this)) { if (groups == null) return subGroups;
subGroups.add(groupModel); for (MongoGroupEntity group : groups) {
} subGroups.add(realm.getGroupById(group.getId()));
} }
return subGroups; return subGroups;
} }
@Override @Override
public void setParent(GroupModel group) { public void setParent(GroupModel parent) {
this.group.setParentId(group.getId()); if (parent == null) group.setParentId(null);
else {
group.setParentId(parent.getId());
}
updateGroup(); updateGroup();
} }

4
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
View file

@ -660,7 +660,7 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
if (groups == null) return result; if (groups == null) return result;
for (MongoGroupEntity group : groups) { for (MongoGroupEntity group : groups) {
result.add(new GroupAdapter(session, this, group, invocationContext)); result.add(model.getGroupById(group.getId(), this));
} }
return result; return result;
@ -672,7 +672,7 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
Iterator<GroupModel> it = all.iterator(); Iterator<GroupModel> it = all.iterator();
while (it.hasNext()) { while (it.hasNext()) {
GroupModel group = it.next(); GroupModel group = it.next();
if (group.getParent() != null) { if (group.getParentId() != null) {
it.remove(); it.remove();
} }
} }

4
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/MongoRealmEntity.java
View file

@ -19,6 +19,10 @@ public class MongoRealmEntity extends RealmEntity implements MongoIdentifiableEn
.and("realmId").is(getId()) .and("realmId").is(getId())
.get(); .get();
// Remove all roles of this realm
context.getMongoStore().removeEntities(MongoGroupEntity.class, query, true, context);
// Remove all roles of this realm // Remove all roles of this realm
context.getMongoStore().removeEntities(MongoRoleEntity.class, query, true, context); context.getMongoStore().removeEntities(MongoRoleEntity.class, query, true, context);

12
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/MongoRoleEntity.java
View file

@ -41,6 +41,18 @@ public class MongoRoleEntity extends RoleEntity implements MongoIdentifiableEnti
public void afterRemove(MongoStoreInvocationContext invContext) { public void afterRemove(MongoStoreInvocationContext invContext) {
MongoStore mongoStore = invContext.getMongoStore(); MongoStore mongoStore = invContext.getMongoStore();
{
DBObject query = new QueryBuilder()
.and("roleIds").is(getId())
.get();
List<MongoGroupEntity> groups = mongoStore.loadEntities(MongoGroupEntity.class, query, invContext);
for (MongoGroupEntity group : groups) {
mongoStore.pullItemFromList(group, "roleIds", getId(), invContext);
}
}
// Remove this scope from all clients, which has it // Remove this scope from all clients, which has it
DBObject query = new QueryBuilder() DBObject query = new QueryBuilder()
.and("scopeIds").is(getId()) .and("scopeIds").is(getId())

5
testsuite/integration/src/test/java/org/keycloak/testsuite/exportimport/ExportImportTest.java
View file

@ -163,8 +163,9 @@ public class ExportImportTest {
testRealmExportImport(); testRealmExportImport();
// There should be 3 files in target directory (1 realm, 2 user, 1 version) // There should be 3 files in target directory (1 realm, 3 user, 1 version)
Assert.assertEquals(4, new File(targetDirPath).listFiles().length); File[] files = new File(targetDirPath).listFiles();
Assert.assertEquals(5, files.length);
} }
@Test @Test

44
testsuite/jetty/jetty81/src/test/resources/keycloak-saml/testsaml.json
View file

@ -40,6 +40,30 @@
{ "type" : "password", { "type" : "password",
"value" : "password" } "value" : "password" }
] ]
},
{
"username" : "topGroupUser",
"enabled": true,
"email" : "top@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"groups": [
"/top"
]
},
{
"username" : "level2GroupUser",
"enabled": true,
"email" : "level2@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"groups": [
"/top/level2"
]
} }
], ],
"applications": [ "applications": [
@ -347,6 +371,26 @@
} }
} }
], ],
"groups" : [
{
"name": "top",
"attributes": {
"topAttribute": ["true"]
},
"realmRoles": ["manager"],
"subGroups": [
{
"name": "level2",
"realmRoles": ["user"],
"attributes": {
"level2Attribute": ["true"]
}
}
]
}
],
"roles" : { "roles" : {
"realm" : [ "realm" : [
{ {

44
testsuite/jetty/jetty91/src/test/resources/keycloak-saml/testsaml.json
View file

@ -40,6 +40,30 @@
{ "type" : "password", { "type" : "password",
"value" : "password" } "value" : "password" }
] ]
},
{
"username" : "topGroupUser",
"enabled": true,
"email" : "top@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"groups": [
"/top"
]
},
{
"username" : "level2GroupUser",
"enabled": true,
"email" : "level2@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"groups": [
"/top/level2"
]
} }
], ],
"applications": [ "applications": [
@ -347,6 +371,26 @@
} }
} }
], ],
"groups" : [
{
"name": "top",
"attributes": {
"topAttribute": ["true"]
},
"realmRoles": ["manager"],
"subGroups": [
{
"name": "level2",
"realmRoles": ["user"],
"attributes": {
"level2Attribute": ["true"]
}
}
]
}
],
"roles" : { "roles" : {
"realm" : [ "realm" : [
{ {

44
testsuite/jetty/jetty92/src/test/resources/keycloak-saml/testsaml.json
View file

@ -40,6 +40,30 @@
{ "type" : "password", { "type" : "password",
"value" : "password" } "value" : "password" }
] ]
},
{
"username" : "topGroupUser",
"enabled": true,
"email" : "top@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"groups": [
"/top"
]
},
{
"username" : "level2GroupUser",
"enabled": true,
"email" : "level2@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"groups": [
"/top/level2"
]
} }
], ],
"applications": [ "applications": [
@ -347,6 +371,26 @@
} }
} }
], ],
"groups" : [
{
"name": "top",
"attributes": {
"topAttribute": ["true"]
},
"realmRoles": ["manager"],
"subGroups": [
{
"name": "level2",
"realmRoles": ["user"],
"attributes": {
"level2Attribute": ["true"]
}
}
]
}
],
"roles" : { "roles" : {
"realm" : [ "realm" : [
{ {

44
testsuite/tomcat6/src/test/resources/keycloak-saml/testsaml.json
View file

@ -40,6 +40,30 @@
{ "type" : "password", { "type" : "password",
"value" : "password" } "value" : "password" }
] ]
},
{
"username" : "topGroupUser",
"enabled": true,
"email" : "top@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"groups": [
"/top"
]
},
{
"username" : "level2GroupUser",
"enabled": true,
"email" : "level2@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"groups": [
"/top/level2"
]
} }
], ],
"applications": [ "applications": [
@ -347,6 +371,26 @@
} }
} }
], ],
"groups" : [
{
"name": "top",
"attributes": {
"topAttribute": ["true"]
},
"realmRoles": ["manager"],
"subGroups": [
{
"name": "level2",
"realmRoles": ["user"],
"attributes": {
"level2Attribute": ["true"]
}
}
]
}
],
"roles" : { "roles" : {
"realm" : [ "realm" : [
{ {

44
testsuite/tomcat7/src/test/resources/keycloak-saml/testsaml.json
View file

@ -40,6 +40,30 @@
{ "type" : "password", { "type" : "password",
"value" : "password" } "value" : "password" }
] ]
},
{
"username" : "topGroupUser",
"enabled": true,
"email" : "top@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"groups": [
"/top"
]
},
{
"username" : "level2GroupUser",
"enabled": true,
"email" : "level2@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"groups": [
"/top/level2"
]
} }
], ],
"applications": [ "applications": [
@ -347,6 +371,26 @@
} }
} }
], ],
"groups" : [
{
"name": "top",
"attributes": {
"topAttribute": ["true"]
},
"realmRoles": ["manager"],
"subGroups": [
{
"name": "level2",
"realmRoles": ["user"],
"attributes": {
"level2Attribute": ["true"]
}
}
]
}
],
"roles" : { "roles" : {
"realm" : [ "realm" : [
{ {

44
testsuite/tomcat8/src/test/resources/keycloak-saml/testsaml.json
View file

@ -40,6 +40,30 @@
{ "type" : "password", { "type" : "password",
"value" : "password" } "value" : "password" }
] ]
},
{
"username" : "topGroupUser",
"enabled": true,
"email" : "top@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"groups": [
"/top"
]
},
{
"username" : "level2GroupUser",
"enabled": true,
"email" : "level2@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"groups": [
"/top/level2"
]
} }
], ],
"applications": [ "applications": [
@ -347,6 +371,26 @@
} }
} }
], ],
"groups" : [
{
"name": "top",
"attributes": {
"topAttribute": ["true"]
},
"realmRoles": ["manager"],
"subGroups": [
{
"name": "level2",
"realmRoles": ["user"],
"attributes": {
"level2Attribute": ["true"]
}
}
]
}
],
"roles" : { "roles" : {
"realm" : [ "realm" : [
{ {