Temporary admin account notice logged to org.keycloak.events (#32307)

* removed the temporary admin accounts logging from JBossLoggingEventListenerProvider

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
This commit is contained in:
Peter Zaoral 2024-08-21 15:31:57 +02:00 committed by GitHub
parent e8840df0e0
commit 6ab3b98743
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -18,7 +18,6 @@
package org.keycloak.events.log; package org.keycloak.events.log;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.common.util.StackUtil; import org.keycloak.common.util.StackUtil;
import org.keycloak.events.Event; import org.keycloak.events.Event;
import org.keycloak.events.EventListenerProvider; import org.keycloak.events.EventListenerProvider;
@ -26,7 +25,6 @@ import org.keycloak.events.EventListenerTransaction;
import org.keycloak.events.admin.AdminEvent; import org.keycloak.events.admin.AdminEvent;
import org.keycloak.models.KeycloakContext; import org.keycloak.models.KeycloakContext;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.sessions.AuthenticationSessionModel; import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.utils.StringUtil; import org.keycloak.utils.StringUtil;
@ -34,9 +32,6 @@ import jakarta.ws.rs.core.Cookie;
import jakarta.ws.rs.core.HttpHeaders; import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.UriInfo; import jakarta.ws.rs.core.UriInfo;
import java.util.Map; import java.util.Map;
import java.util.function.Supplier;
import static org.keycloak.models.Constants.IS_TEMP_ADMIN_ATTR_NAME;
/** /**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a> * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@ -140,24 +135,6 @@ public class JBossLoggingEventListenerProvider implements EventListenerProvider
logger.log(logger.isTraceEnabled() ? Logger.Level.TRACE : level, sb.toString()); logger.log(logger.isTraceEnabled() ? Logger.Level.TRACE : level, sb.toString());
} }
if (event.getRealmName().equals(Config.getAdminRealm())) {
Supplier<RealmModel> getRealm = () -> session.realms().getRealm(event.getRealmId());
switch (event.getType()) {
case LOGIN:
var user = session.users().getUserById(getRealm.get(), event.getUserId());
if (Boolean.parseBoolean(user.getFirstAttribute(IS_TEMP_ADMIN_ATTR_NAME))) {
logger.warn(user.getUsername() + " is a temporary admin user account. To harden security, create a permanent account and delete the temporary one.");
}
break;
case CLIENT_LOGIN:
var client = session.clients().getClientByClientId(getRealm.get(), event.getClientId());
if (Boolean.parseBoolean(client.getAttribute(IS_TEMP_ADMIN_ATTR_NAME))) {
logger.warn(client.getClientId() + " is a temporary admin service account. To harden security, create a permanent account and delete the temporary one.");
}
break;
}
}
} }
private void logAdminEvent(AdminEvent adminEvent, boolean includeRepresentation) { private void logAdminEvent(AdminEvent adminEvent, boolean includeRepresentation) {