libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

KEYCLOAK-1789 KEYCLOAK-1759 Export/import fixes

Browse source
This commit is contained in:
mposolda 2015-09-02 11:55:56 +02:00
parent d9e330802c
commit 5b9d1286cc
14 changed files with 158 additions and 88 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

70
export-import/export-import-api/src/main/java/org/keycloak/exportimport/util/ImportUtils.java
View file

@ -14,6 +14,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.models.RealmProvider; import org.keycloak.models.RealmProvider;
import org.keycloak.models.RoleModel; import org.keycloak.models.RoleModel;
import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.RealmImporter;
import org.keycloak.models.utils.RepresentationToModel; import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
@ -76,11 +77,8 @@ public class ImportUtils {
} }
} }
realm = rep.getId() != null ? model.createRealm(rep.getId(), realmName) : model.createRealm(realmName); RealmImporter realmManager = session.getContext().getRealmManager();
realm = realmManager.importRealm(rep);
RepresentationToModel.importRealm(session, rep, realm);
refreshMasterAdminApps(model, realm);
if (System.getProperty(ExportImportConfig.ACTION) != null) { if (System.getProperty(ExportImportConfig.ACTION) != null) {
logger.infof("Realm '%s' imported", realmName); logger.infof("Realm '%s' imported", realmName);
@ -89,64 +87,6 @@ public class ImportUtils {
return; return;
} }
private static void refreshMasterAdminApps(RealmProvider model, RealmModel realm) {
String adminRealmId = Config.getAdminRealm();
if (adminRealmId.equals(realm.getId())) {
// We just imported master realm. All 'masterAdminApps' need to be refreshed
RealmModel adminRealm = realm;
for (RealmModel currentRealm : model.getRealms()) {
ClientModel masterApp = adminRealm.getClientByClientId(KeycloakModelUtils.getMasterRealmAdminApplicationClientId(currentRealm));
if (masterApp != null) {
currentRealm.setMasterAdminClient(masterApp);
} else {
setupMasterAdminManagement(model, currentRealm);
}
}
} else {
// Need to refresh masterApp for current realm
RealmModel adminRealm = model.getRealm(adminRealmId);
ClientModel masterApp = adminRealm.getClientByClientId(KeycloakModelUtils.getMasterRealmAdminApplicationClientId(realm));
if (masterApp != null) {
realm.setMasterAdminClient(masterApp);
} else {
setupMasterAdminManagement(model, realm);
}
}
}
// TODO: We need method here, so we are able to refresh masterAdmin applications after import. Should be RealmManager moved to model/api instead?
public static void setupMasterAdminManagement(RealmProvider model, RealmModel realm) {
RealmModel adminRealm;
RoleModel adminRole;
if (realm.getName().equals(Config.getAdminRealm())) {
adminRealm = realm;
adminRole = realm.addRole(AdminRoles.ADMIN);
RoleModel createRealmRole = realm.addRole(AdminRoles.CREATE_REALM);
adminRole.addCompositeRole(createRealmRole);
createRealmRole.setDescription("${role_"+AdminRoles.CREATE_REALM+"}");
} else {
adminRealm = model.getRealmByName(Config.getAdminRealm());
adminRole = adminRealm.getRole(AdminRoles.ADMIN);
}
adminRole.setDescription("${role_"+AdminRoles.ADMIN+"}");
ClientModel realmAdminApp = KeycloakModelUtils.createClient(adminRealm, KeycloakModelUtils.getMasterRealmAdminApplicationClientId(realm));
// No localized name for now
realmAdminApp.setName(realm.getName() + " Realm");
realmAdminApp.setBearerOnly(true);
realm.setMasterAdminClient(realmAdminApp);
for (String r : AdminRoles.ALL_REALM_ROLES) {
RoleModel role = realmAdminApp.addRole(r);
role.setDescription("${role_"+r+"}");
adminRole.addCompositeRole(role);
}
}
/** /**
* Fully import realm (or more realms from particular stream) * Fully import realm (or more realms from particular stream)
* *
@ -187,12 +127,12 @@ public class ImportUtils {
} }
for (RealmRepresentation realmRep : realmReps) { for (RealmRepresentation realmRep : realmReps) {
result.put(realmRep.getId(), realmRep); result.put(realmRep.getRealm(), realmRep);
} }
} else if (parser.getCurrentToken() == JsonToken.START_OBJECT) { } else if (parser.getCurrentToken() == JsonToken.START_OBJECT) {
// Case with single realm in stream // Case with single realm in stream
RealmRepresentation realmRep = parser.readValueAs(RealmRepresentation.class); RealmRepresentation realmRep = parser.readValueAs(RealmRepresentation.class);
result.put(realmRep.getId(), realmRep); result.put(realmRep.getRealm(), realmRep);
} }
} finally { } finally {
parser.close(); parser.close();

2
model/api/src/main/java/org/keycloak/models/ImpersonationConstants.java
View file

@ -22,7 +22,7 @@ public class ImpersonationConstants {
adminRealm = model.getRealmByName(Config.getAdminRealm()); adminRealm = model.getRealmByName(Config.getAdminRealm());
adminRole = adminRealm.getRole(AdminRoles.ADMIN); adminRole = adminRealm.getRole(AdminRoles.ADMIN);
} }
ClientModel realmAdminApp = adminRealm.getClientByClientId(KeycloakModelUtils.getMasterRealmAdminApplicationClientId(realm)); ClientModel realmAdminApp = adminRealm.getClientByClientId(KeycloakModelUtils.getMasterRealmAdminApplicationClientId(realm.getName()));
if (realmAdminApp.getRole(IMPERSONATION_ROLE) != null) return; if (realmAdminApp.getRole(IMPERSONATION_ROLE) != null) return;
RoleModel impersonationRole = realmAdminApp.addRole(IMPERSONATION_ROLE); RoleModel impersonationRole = realmAdminApp.addRole(IMPERSONATION_ROLE);
impersonationRole.setDescription("${role_" + IMPERSONATION_ROLE + "}"); impersonationRole.setDescription("${role_" + IMPERSONATION_ROLE + "}");

3
model/api/src/main/java/org/keycloak/models/KeycloakContext.java
View file

@ -1,6 +1,7 @@
package org.keycloak.models; package org.keycloak.models;
import org.keycloak.ClientConnection; import org.keycloak.ClientConnection;
import org.keycloak.models.utils.RealmImporter;
import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.UriInfo; import javax.ws.rs.core.UriInfo;
@ -30,4 +31,6 @@ public interface KeycloakContext {
void setConnection(ClientConnection connection); void setConnection(ClientConnection connection);
RealmImporter getRealmManager();
} }

4
model/api/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java
View file

@ -257,8 +257,8 @@ public final class KeycloakModelUtils {
} }
} }
public static String getMasterRealmAdminApplicationClientId(RealmModel realm) { public static String getMasterRealmAdminApplicationClientId(String realmName) {
return realm.getName() + "-realm"; return realmName + "-realm";
} }
/** /**

14
model/api/src/main/java/org/keycloak/models/utils/RealmImporter.java Normal file
View file

@ -0,0 +1,14 @@
package org.keycloak.models.utils;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.RealmRepresentation;
/**
* Helper interface used just because RealmManager is in keycloak-services and not accessible for ImportUtils
*
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public interface RealmImporter {
RealmModel importRealm(RealmRepresentation rep);
}

2
model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmAdapter.java vendored
View file

@ -779,7 +779,7 @@ public class RealmAdapter implements RealmModel {
@Override @Override
public ClientModel getMasterAdminClient() { public ClientModel getMasterAdminClient() {
return cacheSession.getRealm(Config.getAdminRealm()).getClientById(cached.getMasterAdminClient()); return cached.getMasterAdminClient()==null ? null : cacheSession.getRealm(Config.getAdminRealm()).getClientById(cached.getMasterAdminClient());
} }
@Override @Override

3
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java vendored
View file

@ -187,7 +187,8 @@ public class CachedRealm implements Serializable {
adminEventsDetailsEnabled = model.isAdminEventsDetailsEnabled(); adminEventsDetailsEnabled = model.isAdminEventsDetailsEnabled();
defaultRoles.addAll(model.getDefaultRoles()); defaultRoles.addAll(model.getDefaultRoles());
masterAdminClient = model.getMasterAdminClient().getId(); ClientModel masterAdminClient = model.getMasterAdminClient();
this.masterAdminClient = (masterAdminClient != null) ? masterAdminClient.getId() : null;
for (RoleModel role : model.getRoles()) { for (RoleModel role : model.getRoles()) {
realmRoles.put(role.getName(), role.getId()); realmRoles.put(role.getName(), role.getId());

3
model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
View file

@ -1171,7 +1171,8 @@ public class RealmAdapter implements RealmModel {
@Override @Override
public ClientModel getMasterAdminClient() { public ClientModel getMasterAdminClient() {
return new ClientAdapter(this, em, session, realm.getMasterAdminClient()); ClientEntity client = realm.getMasterAdminClient();
return client!=null ? new ClientAdapter(this, em, session, realm.getMasterAdminClient()) : null;
} }
@Override @Override

4
services/src/main/java/org/keycloak/exportimport/ExportImportManager.java
View file

@ -35,6 +35,9 @@ public class ExportImportManager {
if (export) { if (export) {
ExportProvider exportProvider = session.getProvider(ExportProvider.class, exportImportProviderId); ExportProvider exportProvider = session.getProvider(ExportProvider.class, exportImportProviderId);
if (exportProvider == null) {
logger.errorf("Invalid Export Provider %s", exportImportProviderId);
} else {
if (realmName == null) { if (realmName == null) {
logger.info("Full model export requested"); logger.info("Full model export requested");
exportProvider.exportModel(sessionFactory); exportProvider.exportModel(sessionFactory);
@ -43,6 +46,7 @@ public class ExportImportManager {
exportProvider.exportRealm(sessionFactory, realmName); exportProvider.exportRealm(sessionFactory, realmName);
} }
logger.info("Export finished successfully"); logger.info("Export finished successfully");
}
} else { } else {
ImportProvider importProvider = session.getProvider(ImportProvider.class, exportImportProviderId); ImportProvider importProvider = session.getProvider(ImportProvider.class, exportImportProviderId);

16
services/src/main/java/org/keycloak/services/DefaultKeycloakContext.java
View file

@ -4,7 +4,10 @@ import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.ClientConnection; import org.keycloak.ClientConnection;
import org.keycloak.models.ClientModel; import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakContext; import org.keycloak.models.KeycloakContext;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.RealmImporter;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.resources.KeycloakApplication; import org.keycloak.services.resources.KeycloakApplication;
import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.HttpHeaders;
@ -21,6 +24,12 @@ public class DefaultKeycloakContext implements KeycloakContext {
private ClientConnection connection; private ClientConnection connection;
private KeycloakSession session;
public DefaultKeycloakContext(KeycloakSession session) {
this.session = session;
}
@Override @Override
public String getContextPath() { public String getContextPath() {
KeycloakApplication app = getContextObject(KeycloakApplication.class); KeycloakApplication app = getContextObject(KeycloakApplication.class);
@ -71,4 +80,11 @@ public class DefaultKeycloakContext implements KeycloakContext {
public void setConnection(ClientConnection connection) { public void setConnection(ClientConnection connection) {
this.connection = connection; this.connection = connection;
} }
@Override
public RealmImporter getRealmManager() {
RealmManager manager = new RealmManager(session);
manager.setContextPath(getContextPath());
return manager;
}
} }

2
services/src/main/java/org/keycloak/services/DefaultKeycloakSession.java
View file

@ -46,7 +46,7 @@ public class DefaultKeycloakSession implements KeycloakSession {
this.factory = factory; this.factory = factory;
this.transactionManager = new DefaultKeycloakTransactionManager(); this.transactionManager = new DefaultKeycloakTransactionManager();
federationManager = new UserFederationManager(this); federationManager = new UserFederationManager(this);
context = new DefaultKeycloakContext(); context = new DefaultKeycloakContext(this);
} }
@Override @Override

68
services/src/main/java/org/keycloak/services/managers/RealmManager.java
View file

@ -3,7 +3,7 @@ package org.keycloak.services.managers;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import org.keycloak.Config; import org.keycloak.Config;
import org.keycloak.enums.SslRequired; import org.keycloak.enums.SslRequired;
import org.keycloak.exportimport.util.ImportUtils; import org.keycloak.models.utils.RealmImporter;
import org.keycloak.models.AccountRoles; import org.keycloak.models.AccountRoles;
import org.keycloak.models.AdminRoles; import org.keycloak.models.AdminRoles;
import org.keycloak.models.ClientModel; import org.keycloak.models.ClientModel;
@ -39,7 +39,7 @@ import java.util.List;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
public class RealmManager { public class RealmManager implements RealmImporter {
protected static final Logger logger = Logger.getLogger(RealmManager.class); protected static final Logger logger = Logger.getLogger(RealmManager.class);
protected KeycloakSession session; protected KeycloakSession session;
@ -161,7 +161,9 @@ public class RealmManager {
boolean removed = model.removeRealm(realm.getId()); boolean removed = model.removeRealm(realm.getId());
if (removed) { if (removed) {
if (realm.getMasterAdminClient() != null) {
new ClientManager(this).removeClient(getKeycloakAdminstrationRealm(), realm.getMasterAdminClient()); new ClientManager(this).removeClient(getKeycloakAdminstrationRealm(), realm.getMasterAdminClient());
}
UserSessionProvider sessions = session.sessions(); UserSessionProvider sessions = session.sessions();
if (sessions != null) { if (sessions != null) {
@ -191,9 +193,47 @@ public class RealmManager {
realm.setAdminEventsDetailsEnabled(rep.isAdminEventsDetailsEnabled()); realm.setAdminEventsDetailsEnabled(rep.isAdminEventsDetailsEnabled());
} }
// Should be RealmManager moved to model/api instead of referencing methods this way?
private void setupMasterAdminManagement(RealmModel realm) { private void setupMasterAdminManagement(RealmModel realm) {
ImportUtils.setupMasterAdminManagement(model, realm); // Need to refresh masterApp for current realm
String adminRealmId = Config.getAdminRealm();
RealmModel adminRealm = model.getRealm(adminRealmId);
ClientModel masterApp = adminRealm.getClientByClientId(KeycloakModelUtils.getMasterRealmAdminApplicationClientId(realm.getName()));
if (masterApp != null) {
realm.setMasterAdminClient(masterApp);
} else {
createMasterAdminManagement(model, realm);
}
}
private void createMasterAdminManagement(RealmProvider model, RealmModel realm) {
RealmModel adminRealm;
RoleModel adminRole;
if (realm.getName().equals(Config.getAdminRealm())) {
adminRealm = realm;
adminRole = realm.addRole(AdminRoles.ADMIN);
RoleModel createRealmRole = realm.addRole(AdminRoles.CREATE_REALM);
adminRole.addCompositeRole(createRealmRole);
createRealmRole.setDescription("${role_"+AdminRoles.CREATE_REALM+"}");
} else {
adminRealm = model.getRealmByName(Config.getAdminRealm());
adminRole = adminRealm.getRole(AdminRoles.ADMIN);
}
adminRole.setDescription("${role_"+AdminRoles.ADMIN+"}");
ClientModel realmAdminApp = KeycloakModelUtils.createClient(adminRealm, KeycloakModelUtils.getMasterRealmAdminApplicationClientId(realm.getName()));
// No localized name for now
realmAdminApp.setName(realm.getName() + " Realm");
realmAdminApp.setBearerOnly(true);
realm.setMasterAdminClient(realmAdminApp);
for (String r : AdminRoles.ALL_REALM_ROLES) {
RoleModel role = realmAdminApp.addRole(r);
role.setDescription("${role_"+r+"}");
adminRole.addCompositeRole(role);
}
} }
private void setupRealmAdminManagement(RealmModel realm) { private void setupRealmAdminManagement(RealmModel realm) {
@ -257,6 +297,7 @@ public class RealmManager {
} }
} }
@Override
public RealmModel importRealm(RealmRepresentation rep) { public RealmModel importRealm(RealmRepresentation rep) {
String id = rep.getId(); String id = rep.getId();
if (id == null) { if (id == null) {
@ -268,7 +309,12 @@ public class RealmManager {
// setup defaults // setup defaults
setupRealmDefaults(realm); setupRealmDefaults(realm);
boolean postponeMasterClientSetup = postponeMasterClientSetup(rep);
if (!postponeMasterClientSetup) {
setupMasterAdminManagement(realm); setupMasterAdminManagement(realm);
}
if (!hasRealmAdminManagementClient(rep)) setupRealmAdminManagement(realm); if (!hasRealmAdminManagementClient(rep)) setupRealmAdminManagement(realm);
if (!hasAccountManagementClient(rep)) setupAccountManagement(realm); if (!hasAccountManagementClient(rep)) setupAccountManagement(realm);
@ -286,6 +332,10 @@ public class RealmManager {
RepresentationToModel.importRealm(session, rep, realm); RepresentationToModel.importRealm(session, rep, realm);
if (postponeMasterClientSetup) {
setupMasterAdminManagement(realm);
}
// Could happen when migrating from older version and I have exported JSON file, which contains "realm-management" client but not "impersonation" client // Could happen when migrating from older version and I have exported JSON file, which contains "realm-management" client but not "impersonation" client
// I need to postpone impersonation because it needs "realm-management" client and it's roles set // I need to postpone impersonation because it needs "realm-management" client and it's roles set
if (postponeImpersonationSetup) { if (postponeImpersonationSetup) {
@ -304,8 +354,16 @@ public class RealmManager {
return realm; return realm;
} }
private boolean postponeMasterClientSetup(RealmRepresentation rep) {
if (!Config.getAdminRealm().equals(rep.getRealm())) {
return false;
}
return hasRealmAdminManagementClient(rep);
}
private boolean hasRealmAdminManagementClient(RealmRepresentation rep) { private boolean hasRealmAdminManagementClient(RealmRepresentation rep) {
String realmAdminClientId = getRealmAdminClientId(rep); String realmAdminClientId = Config.getAdminRealm().equals(rep.getRealm()) ? KeycloakModelUtils.getMasterRealmAdminApplicationClientId(rep.getRealm()) : getRealmAdminClientId(rep);
return hasClient(rep, realmAdminClientId); return hasClient(rep, realmAdminClientId);
} }

2
testsuite/integration/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java
View file

@ -77,7 +77,7 @@ public class ImpersonationTest {
{ {
UserModel masterImpersonator = manager.getSession().users().addUser(adminstrationRealm, "master-impersonator"); UserModel masterImpersonator = manager.getSession().users().addUser(adminstrationRealm, "master-impersonator");
masterImpersonator.setEnabled(true); masterImpersonator.setEnabled(true);
ClientModel adminRealmClient = adminstrationRealm.getClientByClientId(KeycloakModelUtils.getMasterRealmAdminApplicationClientId(appRealm)); ClientModel adminRealmClient = adminstrationRealm.getClientByClientId(KeycloakModelUtils.getMasterRealmAdminApplicationClientId(appRealm.getName()));
RoleModel masterImpersonatorRole = adminRealmClient.getRole(ImpersonationConstants.IMPERSONATION_ROLE); RoleModel masterImpersonatorRole = adminRealmClient.getRole(ImpersonationConstants.IMPERSONATION_ROLE);
masterImpersonator.grantRole(masterImpersonatorRole); masterImpersonator.grantRole(masterImpersonatorRole);
} }

37
testsuite/integration/src/test/java/org/keycloak/testsuite/exportimport/ExportImportTest.java
View file

@ -26,6 +26,7 @@ import org.keycloak.testsuite.rule.KeycloakRule;
import java.io.File; import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.net.URL;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.Map; import java.util.Map;
@ -185,6 +186,37 @@ public class ExportImportTest {
testRealmExportImport(); testRealmExportImport();
} }
@Test
public void testSingleFileRealmWithoutBuiltinsImport() throws Throwable {
// Remove test realm
KeycloakSession session = keycloakRule.startSession();
try {
new RealmManager(session).removeRealm(session.realms().getRealmByName("test-realm"));
} finally {
keycloakRule.stopSession(session, true);
}
// Set the realm, which doesn't have builtin clients/roles inside JSON
ExportImportConfig.setProvider(SingleFileExportProviderFactory.PROVIDER_ID);
URL url = ExportImportTest.class.getResource("/model/testrealm.json");
String targetFilePath = new File(url.getFile()).getAbsolutePath();
ExportImportConfig.setFile(targetFilePath);
ExportImportConfig.setAction(ExportImportConfig.ACTION_IMPORT);
// Restart server to trigger import
keycloakRule.restartServer();
// Ensure realm imported
session = keycloakRule.startSession();
try {
RealmModel testRealmRealm = session.realms().getRealmByName("test-realm");
ImportTest.assertDataImportedInRealm(session, testRealmRealm);
} finally {
keycloakRule.stopSession(session, true);
}
}
@Test @Test
public void testZipFullExportImport() throws Throwable { public void testZipFullExportImport() throws Throwable {
ExportImportConfig.setProvider(ZipExportProviderFactory.PROVIDER_ID); ExportImportConfig.setProvider(ZipExportProviderFactory.PROVIDER_ID);
@ -222,7 +254,8 @@ public class ExportImportTest {
RealmProvider realmProvider = session.realms(); RealmProvider realmProvider = session.realms();
UserProvider userProvider = session.users(); UserProvider userProvider = session.users();
new RealmManager(session).removeRealm(realmProvider.getRealmByName("test")); new RealmManager(session).removeRealm(realmProvider.getRealmByName("test"));
Assert.assertEquals(2, realmProvider.getRealms().size()); new RealmManager(session).removeRealm(realmProvider.getRealmByName("test-realm"));
Assert.assertEquals(1, realmProvider.getRealms().size());
assertNotAuthenticated(userProvider, realmProvider, "test", "test-user@localhost", "password"); assertNotAuthenticated(userProvider, realmProvider, "test", "test-user@localhost", "password");
assertNotAuthenticated(userProvider, realmProvider, "test", "user1", "password"); assertNotAuthenticated(userProvider, realmProvider, "test", "user1", "password");
@ -250,7 +283,7 @@ public class ExportImportTest {
assertAuthenticated(userProvider, model, "test", "user2", "password"); assertAuthenticated(userProvider, model, "test", "user2", "password");
assertAuthenticated(userProvider, model, "test", "user3", "password"); assertAuthenticated(userProvider, model, "test", "user3", "password");
RealmModel testRealmRealm = model.getRealm("test-realm"); RealmModel testRealmRealm = model.getRealmByName("test-realm");
ImportTest.assertDataImportedInRealm(session, testRealmRealm); ImportTest.assertDataImportedInRealm(session, testRealmRealm);
} finally { } finally {
keycloakRule.stopSession(session, true); keycloakRule.stopSession(session, true);