group mongo
This commit is contained in:
parent
41331111da
commit
4f00f6cceb
14 changed files with 311 additions and 11 deletions
|
@ -35,6 +35,7 @@ public class DefaultMongoConnectionFactoryProvider implements MongoConnectionPro
|
|||
"org.keycloak.models.mongo.keycloak.entities.MongoRealmEntity",
|
||||
"org.keycloak.models.mongo.keycloak.entities.MongoUserEntity",
|
||||
"org.keycloak.models.mongo.keycloak.entities.MongoRoleEntity",
|
||||
"org.keycloak.models.mongo.keycloak.entities.MongoGroupEntity",
|
||||
"org.keycloak.models.mongo.keycloak.entities.MongoClientEntity",
|
||||
"org.keycloak.models.mongo.keycloak.entities.MongoUserConsentEntity",
|
||||
"org.keycloak.models.mongo.keycloak.entities.MongoMigrationModelEntity",
|
||||
|
|
|
@ -97,6 +97,7 @@ public class JpaUserProvider implements UserProvider {
|
|||
private void removeUser(UserEntity user) {
|
||||
String id = user.getId();
|
||||
em.createNamedQuery("deleteUserRoleMappingsByUser").setParameter("user", user).executeUpdate();
|
||||
em.createNamedQuery("deleteUserGroupMembershipsByUser").setParameter("user", user).executeUpdate();
|
||||
em.createNamedQuery("deleteFederatedIdentityByUser").setParameter("user", user).executeUpdate();
|
||||
em.createNamedQuery("deleteUserConsentRolesByUser").setParameter("user", user).executeUpdate();
|
||||
em.createNamedQuery("deleteUserConsentProtMappersByUser").setParameter("user", user).executeUpdate();
|
||||
|
|
|
@ -1000,6 +1000,7 @@ public class RealmAdapter implements RealmModel {
|
|||
String compositeRoleTable = JpaUtils.getTableNameForNativeQuery("COMPOSITE_ROLE", em);
|
||||
em.createNativeQuery("delete from " + compositeRoleTable + " where CHILD_ROLE = :role").setParameter("role", roleEntity).executeUpdate();
|
||||
em.createNamedQuery("deleteScopeMappingByRole").setParameter("role", roleEntity).executeUpdate();
|
||||
em.createNamedQuery("deleteGroupRoleMappingsByRole").setParameter("roleId", roleEntity.getId()).executeUpdate();
|
||||
|
||||
em.remove(roleEntity);
|
||||
|
||||
|
|
|
@ -6,6 +6,7 @@ import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
|
|||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.GroupModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.ModelException;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RoleContainerModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
|
@ -20,6 +21,7 @@ import java.util.ArrayList;
|
|||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
@ -146,7 +148,11 @@ public class GroupAdapter extends AbstractMongoAdapter<MongoGroupEntity> impleme
|
|||
if (group.getRoleIds() == null || group.getRoleIds().isEmpty()) return Collections.EMPTY_SET;
|
||||
Set<RoleModel> roles = new HashSet<>();
|
||||
for (String id : group.getRoleIds()) {
|
||||
roles.add(realm.getRoleById(id));
|
||||
RoleModel roleById = realm.getRoleById(id);
|
||||
if (roleById == null) {
|
||||
throw new ModelException("role does not exist in group role mappings");
|
||||
}
|
||||
roles.add(roleById);
|
||||
}
|
||||
return roles;
|
||||
}
|
||||
|
@ -198,18 +204,28 @@ public class GroupAdapter extends AbstractMongoAdapter<MongoGroupEntity> impleme
|
|||
|
||||
@Override
|
||||
public Set<GroupModel> getSubGroups() {
|
||||
DBObject query = new QueryBuilder()
|
||||
.and("realmId").is(realm.getId())
|
||||
.and("parentId").is(getId())
|
||||
.get();
|
||||
List<MongoGroupEntity> groups = getMongoStore().loadEntities(MongoGroupEntity.class, query, invocationContext);
|
||||
|
||||
Set<GroupModel> subGroups = new HashSet<>();
|
||||
for (GroupModel groupModel : realm.getGroups()) {
|
||||
if (groupModel.getParent().equals(this)) {
|
||||
subGroups.add(groupModel);
|
||||
}
|
||||
|
||||
if (groups == null) return subGroups;
|
||||
for (MongoGroupEntity group : groups) {
|
||||
subGroups.add(realm.getGroupById(group.getId()));
|
||||
}
|
||||
|
||||
return subGroups;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setParent(GroupModel group) {
|
||||
this.group.setParentId(group.getId());
|
||||
public void setParent(GroupModel parent) {
|
||||
if (parent == null) group.setParentId(null);
|
||||
else {
|
||||
group.setParentId(parent.getId());
|
||||
}
|
||||
updateGroup();
|
||||
|
||||
}
|
||||
|
|
|
@ -660,7 +660,7 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
|
|||
|
||||
if (groups == null) return result;
|
||||
for (MongoGroupEntity group : groups) {
|
||||
result.add(new GroupAdapter(session, this, group, invocationContext));
|
||||
result.add(model.getGroupById(group.getId(), this));
|
||||
}
|
||||
|
||||
return result;
|
||||
|
@ -672,7 +672,7 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
|
|||
Iterator<GroupModel> it = all.iterator();
|
||||
while (it.hasNext()) {
|
||||
GroupModel group = it.next();
|
||||
if (group.getParent() != null) {
|
||||
if (group.getParentId() != null) {
|
||||
it.remove();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -19,6 +19,10 @@ public class MongoRealmEntity extends RealmEntity implements MongoIdentifiableEn
|
|||
.and("realmId").is(getId())
|
||||
.get();
|
||||
|
||||
// Remove all roles of this realm
|
||||
context.getMongoStore().removeEntities(MongoGroupEntity.class, query, true, context);
|
||||
|
||||
|
||||
// Remove all roles of this realm
|
||||
context.getMongoStore().removeEntities(MongoRoleEntity.class, query, true, context);
|
||||
|
||||
|
|
|
@ -41,6 +41,18 @@ public class MongoRoleEntity extends RoleEntity implements MongoIdentifiableEnti
|
|||
public void afterRemove(MongoStoreInvocationContext invContext) {
|
||||
MongoStore mongoStore = invContext.getMongoStore();
|
||||
|
||||
{
|
||||
DBObject query = new QueryBuilder()
|
||||
.and("roleIds").is(getId())
|
||||
.get();
|
||||
|
||||
List<MongoGroupEntity> groups = mongoStore.loadEntities(MongoGroupEntity.class, query, invContext);
|
||||
for (MongoGroupEntity group : groups) {
|
||||
mongoStore.pullItemFromList(group, "roleIds", getId(), invContext);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// Remove this scope from all clients, which has it
|
||||
DBObject query = new QueryBuilder()
|
||||
.and("scopeIds").is(getId())
|
||||
|
|
|
@ -163,8 +163,9 @@ public class ExportImportTest {
|
|||
|
||||
testRealmExportImport();
|
||||
|
||||
// There should be 3 files in target directory (1 realm, 2 user, 1 version)
|
||||
Assert.assertEquals(4, new File(targetDirPath).listFiles().length);
|
||||
// There should be 3 files in target directory (1 realm, 3 user, 1 version)
|
||||
File[] files = new File(targetDirPath).listFiles();
|
||||
Assert.assertEquals(5, files.length);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
@ -40,6 +40,30 @@
|
|||
{ "type" : "password",
|
||||
"value" : "password" }
|
||||
]
|
||||
},
|
||||
{
|
||||
"username" : "topGroupUser",
|
||||
"enabled": true,
|
||||
"email" : "top@redhat.com",
|
||||
"credentials" : [
|
||||
{ "type" : "password",
|
||||
"value" : "password" }
|
||||
],
|
||||
"groups": [
|
||||
"/top"
|
||||
]
|
||||
},
|
||||
{
|
||||
"username" : "level2GroupUser",
|
||||
"enabled": true,
|
||||
"email" : "level2@redhat.com",
|
||||
"credentials" : [
|
||||
{ "type" : "password",
|
||||
"value" : "password" }
|
||||
],
|
||||
"groups": [
|
||||
"/top/level2"
|
||||
]
|
||||
}
|
||||
],
|
||||
"applications": [
|
||||
|
@ -347,6 +371,26 @@
|
|||
}
|
||||
}
|
||||
],
|
||||
"groups" : [
|
||||
{
|
||||
"name": "top",
|
||||
"attributes": {
|
||||
"topAttribute": ["true"]
|
||||
|
||||
},
|
||||
"realmRoles": ["manager"],
|
||||
"subGroups": [
|
||||
{
|
||||
"name": "level2",
|
||||
"realmRoles": ["user"],
|
||||
"attributes": {
|
||||
"level2Attribute": ["true"]
|
||||
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"roles" : {
|
||||
"realm" : [
|
||||
{
|
||||
|
|
|
@ -40,6 +40,30 @@
|
|||
{ "type" : "password",
|
||||
"value" : "password" }
|
||||
]
|
||||
},
|
||||
{
|
||||
"username" : "topGroupUser",
|
||||
"enabled": true,
|
||||
"email" : "top@redhat.com",
|
||||
"credentials" : [
|
||||
{ "type" : "password",
|
||||
"value" : "password" }
|
||||
],
|
||||
"groups": [
|
||||
"/top"
|
||||
]
|
||||
},
|
||||
{
|
||||
"username" : "level2GroupUser",
|
||||
"enabled": true,
|
||||
"email" : "level2@redhat.com",
|
||||
"credentials" : [
|
||||
{ "type" : "password",
|
||||
"value" : "password" }
|
||||
],
|
||||
"groups": [
|
||||
"/top/level2"
|
||||
]
|
||||
}
|
||||
],
|
||||
"applications": [
|
||||
|
@ -347,6 +371,26 @@
|
|||
}
|
||||
}
|
||||
],
|
||||
"groups" : [
|
||||
{
|
||||
"name": "top",
|
||||
"attributes": {
|
||||
"topAttribute": ["true"]
|
||||
|
||||
},
|
||||
"realmRoles": ["manager"],
|
||||
"subGroups": [
|
||||
{
|
||||
"name": "level2",
|
||||
"realmRoles": ["user"],
|
||||
"attributes": {
|
||||
"level2Attribute": ["true"]
|
||||
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"roles" : {
|
||||
"realm" : [
|
||||
{
|
||||
|
|
|
@ -40,6 +40,30 @@
|
|||
{ "type" : "password",
|
||||
"value" : "password" }
|
||||
]
|
||||
},
|
||||
{
|
||||
"username" : "topGroupUser",
|
||||
"enabled": true,
|
||||
"email" : "top@redhat.com",
|
||||
"credentials" : [
|
||||
{ "type" : "password",
|
||||
"value" : "password" }
|
||||
],
|
||||
"groups": [
|
||||
"/top"
|
||||
]
|
||||
},
|
||||
{
|
||||
"username" : "level2GroupUser",
|
||||
"enabled": true,
|
||||
"email" : "level2@redhat.com",
|
||||
"credentials" : [
|
||||
{ "type" : "password",
|
||||
"value" : "password" }
|
||||
],
|
||||
"groups": [
|
||||
"/top/level2"
|
||||
]
|
||||
}
|
||||
],
|
||||
"applications": [
|
||||
|
@ -347,6 +371,26 @@
|
|||
}
|
||||
}
|
||||
],
|
||||
"groups" : [
|
||||
{
|
||||
"name": "top",
|
||||
"attributes": {
|
||||
"topAttribute": ["true"]
|
||||
|
||||
},
|
||||
"realmRoles": ["manager"],
|
||||
"subGroups": [
|
||||
{
|
||||
"name": "level2",
|
||||
"realmRoles": ["user"],
|
||||
"attributes": {
|
||||
"level2Attribute": ["true"]
|
||||
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"roles" : {
|
||||
"realm" : [
|
||||
{
|
||||
|
|
|
@ -40,6 +40,30 @@
|
|||
{ "type" : "password",
|
||||
"value" : "password" }
|
||||
]
|
||||
},
|
||||
{
|
||||
"username" : "topGroupUser",
|
||||
"enabled": true,
|
||||
"email" : "top@redhat.com",
|
||||
"credentials" : [
|
||||
{ "type" : "password",
|
||||
"value" : "password" }
|
||||
],
|
||||
"groups": [
|
||||
"/top"
|
||||
]
|
||||
},
|
||||
{
|
||||
"username" : "level2GroupUser",
|
||||
"enabled": true,
|
||||
"email" : "level2@redhat.com",
|
||||
"credentials" : [
|
||||
{ "type" : "password",
|
||||
"value" : "password" }
|
||||
],
|
||||
"groups": [
|
||||
"/top/level2"
|
||||
]
|
||||
}
|
||||
],
|
||||
"applications": [
|
||||
|
@ -347,6 +371,26 @@
|
|||
}
|
||||
}
|
||||
],
|
||||
"groups" : [
|
||||
{
|
||||
"name": "top",
|
||||
"attributes": {
|
||||
"topAttribute": ["true"]
|
||||
|
||||
},
|
||||
"realmRoles": ["manager"],
|
||||
"subGroups": [
|
||||
{
|
||||
"name": "level2",
|
||||
"realmRoles": ["user"],
|
||||
"attributes": {
|
||||
"level2Attribute": ["true"]
|
||||
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"roles" : {
|
||||
"realm" : [
|
||||
{
|
||||
|
|
|
@ -40,6 +40,30 @@
|
|||
{ "type" : "password",
|
||||
"value" : "password" }
|
||||
]
|
||||
},
|
||||
{
|
||||
"username" : "topGroupUser",
|
||||
"enabled": true,
|
||||
"email" : "top@redhat.com",
|
||||
"credentials" : [
|
||||
{ "type" : "password",
|
||||
"value" : "password" }
|
||||
],
|
||||
"groups": [
|
||||
"/top"
|
||||
]
|
||||
},
|
||||
{
|
||||
"username" : "level2GroupUser",
|
||||
"enabled": true,
|
||||
"email" : "level2@redhat.com",
|
||||
"credentials" : [
|
||||
{ "type" : "password",
|
||||
"value" : "password" }
|
||||
],
|
||||
"groups": [
|
||||
"/top/level2"
|
||||
]
|
||||
}
|
||||
],
|
||||
"applications": [
|
||||
|
@ -347,6 +371,26 @@
|
|||
}
|
||||
}
|
||||
],
|
||||
"groups" : [
|
||||
{
|
||||
"name": "top",
|
||||
"attributes": {
|
||||
"topAttribute": ["true"]
|
||||
|
||||
},
|
||||
"realmRoles": ["manager"],
|
||||
"subGroups": [
|
||||
{
|
||||
"name": "level2",
|
||||
"realmRoles": ["user"],
|
||||
"attributes": {
|
||||
"level2Attribute": ["true"]
|
||||
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"roles" : {
|
||||
"realm" : [
|
||||
{
|
||||
|
|
|
@ -40,6 +40,30 @@
|
|||
{ "type" : "password",
|
||||
"value" : "password" }
|
||||
]
|
||||
},
|
||||
{
|
||||
"username" : "topGroupUser",
|
||||
"enabled": true,
|
||||
"email" : "top@redhat.com",
|
||||
"credentials" : [
|
||||
{ "type" : "password",
|
||||
"value" : "password" }
|
||||
],
|
||||
"groups": [
|
||||
"/top"
|
||||
]
|
||||
},
|
||||
{
|
||||
"username" : "level2GroupUser",
|
||||
"enabled": true,
|
||||
"email" : "level2@redhat.com",
|
||||
"credentials" : [
|
||||
{ "type" : "password",
|
||||
"value" : "password" }
|
||||
],
|
||||
"groups": [
|
||||
"/top/level2"
|
||||
]
|
||||
}
|
||||
],
|
||||
"applications": [
|
||||
|
@ -347,6 +371,26 @@
|
|||
}
|
||||
}
|
||||
],
|
||||
"groups" : [
|
||||
{
|
||||
"name": "top",
|
||||
"attributes": {
|
||||
"topAttribute": ["true"]
|
||||
|
||||
},
|
||||
"realmRoles": ["manager"],
|
||||
"subGroups": [
|
||||
{
|
||||
"name": "level2",
|
||||
"realmRoles": ["user"],
|
||||
"attributes": {
|
||||
"level2Attribute": ["true"]
|
||||
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"roles" : {
|
||||
"realm" : [
|
||||
{
|
||||
|
|
Loading…
Reference in a new issue