KEYCLOAK-3620

This commit is contained in:
Bill Burke 2016-12-05 17:51:06 -05:00
parent d354aa1f62
commit 6587cd2478
6 changed files with 194 additions and 20 deletions

View file

@ -1749,14 +1749,28 @@ public class RealmAdapter implements RealmModel, JpaModel<RealmEntity> {
return model; return model;
} }
/**
* This just exists for testing purposes
*
*/
public static final String COMPONENT_PROVIDER_EXISTS_DISABLED = "component.provider.exists.disabled";
@Override @Override
public ComponentModel importComponentModel(ComponentModel model) { public ComponentModel importComponentModel(ComponentModel model) {
ComponentFactory componentFactory = ComponentUtil.getComponentFactory(session, model); ComponentFactory componentFactory = null;
if (componentFactory == null) { try {
throw new IllegalArgumentException("Invalid component type"); componentFactory = ComponentUtil.getComponentFactory(session, model);
if (componentFactory == null && System.getProperty(COMPONENT_PROVIDER_EXISTS_DISABLED) == null) {
throw new IllegalArgumentException("Invalid component type");
}
componentFactory.validateConfiguration(session, this, model);
} catch (Exception e) {
if (System.getProperty(COMPONENT_PROVIDER_EXISTS_DISABLED) == null) {
throw e;
}
} }
componentFactory.validateConfiguration(session, this, model);
ComponentEntity c = new ComponentEntity(); ComponentEntity c = new ComponentEntity();
if (model.getId() == null) { if (model.getId() == null) {

View file

@ -21,6 +21,7 @@ import com.mongodb.DBObject;
import com.mongodb.QueryBuilder; import com.mongodb.QueryBuilder;
import org.keycloak.common.enums.SslRequired; import org.keycloak.common.enums.SslRequired;
import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.component.ComponentFactory;
import org.keycloak.component.ComponentModel; import org.keycloak.component.ComponentModel;
import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext; import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
import org.keycloak.models.AuthenticationExecutionModel; import org.keycloak.models.AuthenticationExecutionModel;
@ -1675,10 +1676,27 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
return model; return model;
} }
/**
* This just exists for testing purposes
*
*/
public static final String COMPONENT_PROVIDER_EXISTS_DISABLED = "component.provider.exists.disabled";
@Override @Override
public ComponentModel importComponentModel(ComponentModel model) { public ComponentModel importComponentModel(ComponentModel model) {
ComponentUtil.getComponentFactory(session, model).validateConfiguration(session, this, model); ComponentFactory componentFactory = null;
try {
componentFactory = ComponentUtil.getComponentFactory(session, model);
if (componentFactory == null && System.getProperty(COMPONENT_PROVIDER_EXISTS_DISABLED) == null) {
throw new IllegalArgumentException("Invalid component type");
}
componentFactory.validateConfiguration(session, this, model);
} catch (Exception e) {
if (System.getProperty(COMPONENT_PROVIDER_EXISTS_DISABLED) == null) {
throw e;
}
}
ComponentEntity entity = new ComponentEntity(); ComponentEntity entity = new ComponentEntity();
if (model.getId() == null) { if (model.getId() == null) {
entity.setId(KeycloakModelUtils.generateId()); entity.setId(KeycloakModelUtils.generateId());

View file

@ -750,6 +750,14 @@ public class ModelToRepresentation {
} }
public static ComponentRepresentation toRepresentation(KeycloakSession session, ComponentModel component, boolean internal) { public static ComponentRepresentation toRepresentation(KeycloakSession session, ComponentModel component, boolean internal) {
ComponentRepresentation rep = toRepresentationWithoutConfig(component);
if (!internal) {
rep = StripSecretsUtils.strip(session, rep);
}
return rep;
}
public static ComponentRepresentation toRepresentationWithoutConfig(ComponentModel component) {
ComponentRepresentation rep = new ComponentRepresentation(); ComponentRepresentation rep = new ComponentRepresentation();
rep.setId(component.getId()); rep.setId(component.getId());
rep.setName(component.getName()); rep.setName(component.getName());
@ -758,9 +766,6 @@ public class ModelToRepresentation {
rep.setSubType(component.getSubType()); rep.setSubType(component.getSubType());
rep.setParentId(component.getParentId()); rep.setParentId(component.getParentId());
rep.setConfig(new MultivaluedHashMap<>(component.getConfig())); rep.setConfig(new MultivaluedHashMap<>(component.getConfig()));
if (!internal) {
rep = StripSecretsUtils.strip(session, rep);
}
return rep; return rep;
} }

View file

@ -118,7 +118,13 @@ public class ComponentResource {
List<ComponentRepresentation> reps = new LinkedList<>(); List<ComponentRepresentation> reps = new LinkedList<>();
for (ComponentModel component : components) { for (ComponentModel component : components) {
if (name != null && !name.equals(component.getName())) continue; if (name != null && !name.equals(component.getName())) continue;
ComponentRepresentation rep = ModelToRepresentation.toRepresentation(session, component, false); ComponentRepresentation rep = null;
try {
rep = ModelToRepresentation.toRepresentation(session, component, false);
} catch (Exception e) {
logger.error("Failed to get component list for component model" + component.getName() + "of realm " + realm.getName());
rep = ModelToRepresentation.toRepresentationWithoutConfig(component);
}
reps.add(rep); reps.add(rep);
} }
return reps; return reps;

View file

@ -74,17 +74,6 @@ public class UserStorageManager implements UserProvider, OnUserCache {
return realm.getUserStorageProviders(); return realm.getUserStorageProviders();
} }
public static <T> T getFirstStorageProvider(KeycloakSession session, RealmModel realm, Class<T> type) {
for (UserStorageProviderModel model : getStorageProviders(realm)) {
UserStorageProviderFactory factory = (UserStorageProviderFactory)session.getKeycloakSessionFactory().getProviderFactory(UserStorageProvider.class, model.getProviderId());
if (Types.supports(type, factory, UserStorageProviderFactory.class)) {
return type.cast(getStorageProviderInstance(session, model, factory));
}
}
return null;
}
public static UserStorageProvider getStorageProviderInstance(KeycloakSession session, UserStorageProviderModel model, UserStorageProviderFactory factory) { public static UserStorageProvider getStorageProviderInstance(KeycloakSession session, UserStorageProviderModel model, UserStorageProviderFactory factory) {
UserStorageProvider instance = (UserStorageProvider)session.getAttribute(model.getId()); UserStorageProvider instance = (UserStorageProvider)session.getAttribute(model.getId());
if (instance != null) return instance; if (instance != null) return instance;
@ -99,6 +88,10 @@ public class UserStorageManager implements UserProvider, OnUserCache {
List<T> list = new LinkedList<>(); List<T> list = new LinkedList<>();
for (UserStorageProviderModel model : getStorageProviders(realm)) { for (UserStorageProviderModel model : getStorageProviders(realm)) {
UserStorageProviderFactory factory = (UserStorageProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(UserStorageProvider.class, model.getProviderId()); UserStorageProviderFactory factory = (UserStorageProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(UserStorageProvider.class, model.getProviderId());
if (factory == null) {
logger.warnv("Configured UserStorageProvider {0} of provider id {1} does not exist in realm {2}", model.getName(), model.getProviderId(), realm.getName());
continue;
}
if (Types.supports(type, factory, UserStorageProviderFactory.class)) { if (Types.supports(type, factory, UserStorageProviderFactory.class)) {
list.add(type.cast(getStorageProviderInstance(session, model, factory))); list.add(type.cast(getStorageProviderInstance(session, model, factory)));
} }

View file

@ -0,0 +1,138 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.federation.storage;
import org.junit.After;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.common.util.Time;
import org.keycloak.component.ComponentModel;
import org.keycloak.models.Constants;
import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.cache.CachedUserModel;
import org.keycloak.models.cache.infinispan.UserAdapter;
import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.storage.StorageId;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.UserStorageProviderModel;
import org.keycloak.testsuite.ApplicationServlet;
import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.rule.KeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule;
import org.openqa.selenium.WebDriver;
import java.util.Calendar;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
/**
* KEYCLOAK-3903 and KEYCLOAK-3620
*
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class BrokenUserStorageTest {
@ClassRule
public static KeycloakRule keycloakRule = new KeycloakRule();
@Rule
public WebRule webRule = new WebRule(this);
@WebResource
protected OAuthClient oauth;
@WebResource
protected WebDriver driver;
@WebResource
protected AppPage appPage;
@WebResource
protected LoginPage loginPage;
private void loginSuccessAndLogout(String username, String password) {
loginPage.open();
loginPage.login(username, password);
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
oauth.openLogout();
}
protected String AUTH_SERVER_URL = "http://localhost:8081/auth";
@Test
public void testBootWithBadProviderId() throws Exception {
KeycloakSession session = keycloakRule.startSession();
// set this system property
System.setProperty("component.provider.exists.disabled", "true");
RealmModel realm = session.realms().getRealmByName("master");
String masterId = realm.getId();
UserStorageProviderModel model;
model = new UserStorageProviderModel();
model.setName("bad-provider-id");
model.setPriority(2);
model.setParentId(realm.getId());
model.setProviderId("error");
ComponentModel component = realm.importComponentModel(model);
keycloakRule.stopSession(session, true);
keycloakRule.restartServer();
keycloakRule.deployServlet("app", "/app", ApplicationServlet.class);
loginSuccessAndLogout("test-user@localhost", "password");
// make sure we can list components and delete provider as this is an admin console operation
Keycloak keycloakAdmin = Keycloak.getInstance(AUTH_SERVER_URL, "master", "admin", "admin", Constants.ADMIN_CLI_CLIENT_ID);
RealmResource master = keycloakAdmin.realms().realm("master");
List<ComponentRepresentation> components = master.components().query(masterId, UserStorageProvider.class.getName());
boolean found = false;
for (ComponentRepresentation rep : components) {
if (rep.getName().equals("bad-provider-id")) {
found = true;
}
}
Assert.assertTrue(found);
master.components().component(component.getId()).remove();
List<ComponentRepresentation> components2 = master.components().query(masterId, UserStorageProvider.class.getName());
Assert.assertEquals(components.size() - 1, components2.size());
}
@After
public void resetTimeoffset() {
Time.setOffset(0);
}
}