KEYCLOAK-3620
This commit is contained in:
parent
d354aa1f62
commit
6587cd2478
6 changed files with 194 additions and 20 deletions
|
@ -1749,14 +1749,28 @@ public class RealmAdapter implements RealmModel, JpaModel<RealmEntity> {
|
||||||
return model;
|
return model;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This just exists for testing purposes
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
public static final String COMPONENT_PROVIDER_EXISTS_DISABLED = "component.provider.exists.disabled";
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public ComponentModel importComponentModel(ComponentModel model) {
|
public ComponentModel importComponentModel(ComponentModel model) {
|
||||||
ComponentFactory componentFactory = ComponentUtil.getComponentFactory(session, model);
|
ComponentFactory componentFactory = null;
|
||||||
if (componentFactory == null) {
|
try {
|
||||||
throw new IllegalArgumentException("Invalid component type");
|
componentFactory = ComponentUtil.getComponentFactory(session, model);
|
||||||
|
if (componentFactory == null && System.getProperty(COMPONENT_PROVIDER_EXISTS_DISABLED) == null) {
|
||||||
|
throw new IllegalArgumentException("Invalid component type");
|
||||||
|
}
|
||||||
|
componentFactory.validateConfiguration(session, this, model);
|
||||||
|
} catch (Exception e) {
|
||||||
|
if (System.getProperty(COMPONENT_PROVIDER_EXISTS_DISABLED) == null) {
|
||||||
|
throw e;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
componentFactory.validateConfiguration(session, this, model);
|
|
||||||
|
|
||||||
ComponentEntity c = new ComponentEntity();
|
ComponentEntity c = new ComponentEntity();
|
||||||
if (model.getId() == null) {
|
if (model.getId() == null) {
|
||||||
|
|
|
@ -21,6 +21,7 @@ import com.mongodb.DBObject;
|
||||||
import com.mongodb.QueryBuilder;
|
import com.mongodb.QueryBuilder;
|
||||||
import org.keycloak.common.enums.SslRequired;
|
import org.keycloak.common.enums.SslRequired;
|
||||||
import org.keycloak.common.util.MultivaluedHashMap;
|
import org.keycloak.common.util.MultivaluedHashMap;
|
||||||
|
import org.keycloak.component.ComponentFactory;
|
||||||
import org.keycloak.component.ComponentModel;
|
import org.keycloak.component.ComponentModel;
|
||||||
import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
|
import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
|
||||||
import org.keycloak.models.AuthenticationExecutionModel;
|
import org.keycloak.models.AuthenticationExecutionModel;
|
||||||
|
@ -1675,10 +1676,27 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
|
||||||
return model;
|
return model;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This just exists for testing purposes
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
public static final String COMPONENT_PROVIDER_EXISTS_DISABLED = "component.provider.exists.disabled";
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public ComponentModel importComponentModel(ComponentModel model) {
|
public ComponentModel importComponentModel(ComponentModel model) {
|
||||||
ComponentUtil.getComponentFactory(session, model).validateConfiguration(session, this, model);
|
ComponentFactory componentFactory = null;
|
||||||
|
try {
|
||||||
|
componentFactory = ComponentUtil.getComponentFactory(session, model);
|
||||||
|
if (componentFactory == null && System.getProperty(COMPONENT_PROVIDER_EXISTS_DISABLED) == null) {
|
||||||
|
throw new IllegalArgumentException("Invalid component type");
|
||||||
|
}
|
||||||
|
componentFactory.validateConfiguration(session, this, model);
|
||||||
|
} catch (Exception e) {
|
||||||
|
if (System.getProperty(COMPONENT_PROVIDER_EXISTS_DISABLED) == null) {
|
||||||
|
throw e;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
ComponentEntity entity = new ComponentEntity();
|
ComponentEntity entity = new ComponentEntity();
|
||||||
if (model.getId() == null) {
|
if (model.getId() == null) {
|
||||||
entity.setId(KeycloakModelUtils.generateId());
|
entity.setId(KeycloakModelUtils.generateId());
|
||||||
|
|
|
@ -750,6 +750,14 @@ public class ModelToRepresentation {
|
||||||
}
|
}
|
||||||
|
|
||||||
public static ComponentRepresentation toRepresentation(KeycloakSession session, ComponentModel component, boolean internal) {
|
public static ComponentRepresentation toRepresentation(KeycloakSession session, ComponentModel component, boolean internal) {
|
||||||
|
ComponentRepresentation rep = toRepresentationWithoutConfig(component);
|
||||||
|
if (!internal) {
|
||||||
|
rep = StripSecretsUtils.strip(session, rep);
|
||||||
|
}
|
||||||
|
return rep;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static ComponentRepresentation toRepresentationWithoutConfig(ComponentModel component) {
|
||||||
ComponentRepresentation rep = new ComponentRepresentation();
|
ComponentRepresentation rep = new ComponentRepresentation();
|
||||||
rep.setId(component.getId());
|
rep.setId(component.getId());
|
||||||
rep.setName(component.getName());
|
rep.setName(component.getName());
|
||||||
|
@ -758,9 +766,6 @@ public class ModelToRepresentation {
|
||||||
rep.setSubType(component.getSubType());
|
rep.setSubType(component.getSubType());
|
||||||
rep.setParentId(component.getParentId());
|
rep.setParentId(component.getParentId());
|
||||||
rep.setConfig(new MultivaluedHashMap<>(component.getConfig()));
|
rep.setConfig(new MultivaluedHashMap<>(component.getConfig()));
|
||||||
if (!internal) {
|
|
||||||
rep = StripSecretsUtils.strip(session, rep);
|
|
||||||
}
|
|
||||||
return rep;
|
return rep;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -118,7 +118,13 @@ public class ComponentResource {
|
||||||
List<ComponentRepresentation> reps = new LinkedList<>();
|
List<ComponentRepresentation> reps = new LinkedList<>();
|
||||||
for (ComponentModel component : components) {
|
for (ComponentModel component : components) {
|
||||||
if (name != null && !name.equals(component.getName())) continue;
|
if (name != null && !name.equals(component.getName())) continue;
|
||||||
ComponentRepresentation rep = ModelToRepresentation.toRepresentation(session, component, false);
|
ComponentRepresentation rep = null;
|
||||||
|
try {
|
||||||
|
rep = ModelToRepresentation.toRepresentation(session, component, false);
|
||||||
|
} catch (Exception e) {
|
||||||
|
logger.error("Failed to get component list for component model" + component.getName() + "of realm " + realm.getName());
|
||||||
|
rep = ModelToRepresentation.toRepresentationWithoutConfig(component);
|
||||||
|
}
|
||||||
reps.add(rep);
|
reps.add(rep);
|
||||||
}
|
}
|
||||||
return reps;
|
return reps;
|
||||||
|
|
|
@ -74,17 +74,6 @@ public class UserStorageManager implements UserProvider, OnUserCache {
|
||||||
return realm.getUserStorageProviders();
|
return realm.getUserStorageProviders();
|
||||||
}
|
}
|
||||||
|
|
||||||
public static <T> T getFirstStorageProvider(KeycloakSession session, RealmModel realm, Class<T> type) {
|
|
||||||
for (UserStorageProviderModel model : getStorageProviders(realm)) {
|
|
||||||
UserStorageProviderFactory factory = (UserStorageProviderFactory)session.getKeycloakSessionFactory().getProviderFactory(UserStorageProvider.class, model.getProviderId());
|
|
||||||
|
|
||||||
if (Types.supports(type, factory, UserStorageProviderFactory.class)) {
|
|
||||||
return type.cast(getStorageProviderInstance(session, model, factory));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
public static UserStorageProvider getStorageProviderInstance(KeycloakSession session, UserStorageProviderModel model, UserStorageProviderFactory factory) {
|
public static UserStorageProvider getStorageProviderInstance(KeycloakSession session, UserStorageProviderModel model, UserStorageProviderFactory factory) {
|
||||||
UserStorageProvider instance = (UserStorageProvider)session.getAttribute(model.getId());
|
UserStorageProvider instance = (UserStorageProvider)session.getAttribute(model.getId());
|
||||||
if (instance != null) return instance;
|
if (instance != null) return instance;
|
||||||
|
@ -99,6 +88,10 @@ public class UserStorageManager implements UserProvider, OnUserCache {
|
||||||
List<T> list = new LinkedList<>();
|
List<T> list = new LinkedList<>();
|
||||||
for (UserStorageProviderModel model : getStorageProviders(realm)) {
|
for (UserStorageProviderModel model : getStorageProviders(realm)) {
|
||||||
UserStorageProviderFactory factory = (UserStorageProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(UserStorageProvider.class, model.getProviderId());
|
UserStorageProviderFactory factory = (UserStorageProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(UserStorageProvider.class, model.getProviderId());
|
||||||
|
if (factory == null) {
|
||||||
|
logger.warnv("Configured UserStorageProvider {0} of provider id {1} does not exist in realm {2}", model.getName(), model.getProviderId(), realm.getName());
|
||||||
|
continue;
|
||||||
|
}
|
||||||
if (Types.supports(type, factory, UserStorageProviderFactory.class)) {
|
if (Types.supports(type, factory, UserStorageProviderFactory.class)) {
|
||||||
list.add(type.cast(getStorageProviderInstance(session, model, factory)));
|
list.add(type.cast(getStorageProviderInstance(session, model, factory)));
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,138 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||||
|
* and other contributors as indicated by the @author tags.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package org.keycloak.testsuite.federation.storage;
|
||||||
|
|
||||||
|
import org.junit.After;
|
||||||
|
import org.junit.Assert;
|
||||||
|
import org.junit.ClassRule;
|
||||||
|
import org.junit.Rule;
|
||||||
|
import org.junit.Test;
|
||||||
|
import org.keycloak.OAuth2Constants;
|
||||||
|
import org.keycloak.admin.client.Keycloak;
|
||||||
|
import org.keycloak.admin.client.resource.RealmResource;
|
||||||
|
import org.keycloak.common.util.Time;
|
||||||
|
import org.keycloak.component.ComponentModel;
|
||||||
|
import org.keycloak.models.Constants;
|
||||||
|
import org.keycloak.models.GroupModel;
|
||||||
|
import org.keycloak.models.KeycloakSession;
|
||||||
|
import org.keycloak.models.RealmModel;
|
||||||
|
import org.keycloak.models.RoleModel;
|
||||||
|
import org.keycloak.models.UserCredentialModel;
|
||||||
|
import org.keycloak.models.UserModel;
|
||||||
|
import org.keycloak.models.cache.CachedUserModel;
|
||||||
|
import org.keycloak.models.cache.infinispan.UserAdapter;
|
||||||
|
import org.keycloak.representations.idm.ComponentRepresentation;
|
||||||
|
import org.keycloak.services.managers.RealmManager;
|
||||||
|
import org.keycloak.storage.StorageId;
|
||||||
|
import org.keycloak.storage.UserStorageProvider;
|
||||||
|
import org.keycloak.storage.UserStorageProviderModel;
|
||||||
|
import org.keycloak.testsuite.ApplicationServlet;
|
||||||
|
import org.keycloak.testsuite.OAuthClient;
|
||||||
|
import org.keycloak.testsuite.pages.AppPage;
|
||||||
|
import org.keycloak.testsuite.pages.LoginPage;
|
||||||
|
import org.keycloak.testsuite.rule.KeycloakRule;
|
||||||
|
import org.keycloak.testsuite.rule.WebResource;
|
||||||
|
import org.keycloak.testsuite.rule.WebRule;
|
||||||
|
import org.openqa.selenium.WebDriver;
|
||||||
|
|
||||||
|
import java.util.Calendar;
|
||||||
|
import java.util.HashSet;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-3903 and KEYCLOAK-3620
|
||||||
|
*
|
||||||
|
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||||
|
* @version $Revision: 1 $
|
||||||
|
*/
|
||||||
|
public class BrokenUserStorageTest {
|
||||||
|
@ClassRule
|
||||||
|
public static KeycloakRule keycloakRule = new KeycloakRule();
|
||||||
|
|
||||||
|
@Rule
|
||||||
|
public WebRule webRule = new WebRule(this);
|
||||||
|
|
||||||
|
@WebResource
|
||||||
|
protected OAuthClient oauth;
|
||||||
|
|
||||||
|
@WebResource
|
||||||
|
protected WebDriver driver;
|
||||||
|
|
||||||
|
@WebResource
|
||||||
|
protected AppPage appPage;
|
||||||
|
|
||||||
|
@WebResource
|
||||||
|
protected LoginPage loginPage;
|
||||||
|
|
||||||
|
private void loginSuccessAndLogout(String username, String password) {
|
||||||
|
loginPage.open();
|
||||||
|
loginPage.login(username, password);
|
||||||
|
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
|
||||||
|
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
|
||||||
|
oauth.openLogout();
|
||||||
|
}
|
||||||
|
protected String AUTH_SERVER_URL = "http://localhost:8081/auth";
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testBootWithBadProviderId() throws Exception {
|
||||||
|
KeycloakSession session = keycloakRule.startSession();
|
||||||
|
// set this system property
|
||||||
|
System.setProperty("component.provider.exists.disabled", "true");
|
||||||
|
RealmModel realm = session.realms().getRealmByName("master");
|
||||||
|
String masterId = realm.getId();
|
||||||
|
UserStorageProviderModel model;
|
||||||
|
model = new UserStorageProviderModel();
|
||||||
|
model.setName("bad-provider-id");
|
||||||
|
model.setPriority(2);
|
||||||
|
model.setParentId(realm.getId());
|
||||||
|
model.setProviderId("error");
|
||||||
|
ComponentModel component = realm.importComponentModel(model);
|
||||||
|
|
||||||
|
keycloakRule.stopSession(session, true);
|
||||||
|
|
||||||
|
keycloakRule.restartServer();
|
||||||
|
keycloakRule.deployServlet("app", "/app", ApplicationServlet.class);
|
||||||
|
|
||||||
|
loginSuccessAndLogout("test-user@localhost", "password");
|
||||||
|
|
||||||
|
// make sure we can list components and delete provider as this is an admin console operation
|
||||||
|
|
||||||
|
Keycloak keycloakAdmin = Keycloak.getInstance(AUTH_SERVER_URL, "master", "admin", "admin", Constants.ADMIN_CLI_CLIENT_ID);
|
||||||
|
RealmResource master = keycloakAdmin.realms().realm("master");
|
||||||
|
List<ComponentRepresentation> components = master.components().query(masterId, UserStorageProvider.class.getName());
|
||||||
|
boolean found = false;
|
||||||
|
for (ComponentRepresentation rep : components) {
|
||||||
|
if (rep.getName().equals("bad-provider-id")) {
|
||||||
|
found = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Assert.assertTrue(found);
|
||||||
|
|
||||||
|
master.components().component(component.getId()).remove();
|
||||||
|
|
||||||
|
List<ComponentRepresentation> components2 = master.components().query(masterId, UserStorageProvider.class.getName());
|
||||||
|
Assert.assertEquals(components.size() - 1, components2.size());
|
||||||
|
}
|
||||||
|
|
||||||
|
@After
|
||||||
|
public void resetTimeoffset() {
|
||||||
|
Time.setOffset(0);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in a new issue