From 6b8890f5ddcc26b51580e6ad360e7073d6b17d9c Mon Sep 17 00:00:00 2001 From: vramik Date: Mon, 8 Nov 2021 14:09:22 +0100 Subject: [PATCH] KEYCLOAK-19525 Inconsistent creation of default-roles- --- .../JpaUpdate13_0_0_MigrateDefaultRoles.java | 34 +++++++++---------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/model/jpa/src/main/java/org/keycloak/connections/jpa/updater/liquibase/custom/JpaUpdate13_0_0_MigrateDefaultRoles.java b/model/jpa/src/main/java/org/keycloak/connections/jpa/updater/liquibase/custom/JpaUpdate13_0_0_MigrateDefaultRoles.java index a61c88b649..8bcec48da5 100644 --- a/model/jpa/src/main/java/org/keycloak/connections/jpa/updater/liquibase/custom/JpaUpdate13_0_0_MigrateDefaultRoles.java +++ b/model/jpa/src/main/java/org/keycloak/connections/jpa/updater/liquibase/custom/JpaUpdate13_0_0_MigrateDefaultRoles.java @@ -18,8 +18,8 @@ package org.keycloak.connections.jpa.updater.liquibase.custom; import java.sql.PreparedStatement; import java.sql.ResultSet; -import java.util.HashSet; -import java.util.Set; +import java.util.HashMap; +import java.util.Map; import java.util.UUID; import liquibase.exception.CustomChangeException; import liquibase.statement.core.InsertStatement; @@ -30,44 +30,44 @@ import org.keycloak.models.Constants; public class JpaUpdate13_0_0_MigrateDefaultRoles extends CustomKeycloakTask { - private final Set realmIds = new HashSet<>(); + private final Map realmIdsAndNames = new HashMap<>(); @Override protected void generateStatementsImpl() throws CustomChangeException { - extractRealmIds("SELECT ID FROM " + getTableName("REALM")); + extractRealmIdsAndNames("SELECT ID,NAME FROM " + getTableName("REALM")); String clientTable = getTableName("CLIENT"); String clientDefaultRolesTable = getTableName("CLIENT_DEFAULT_ROLES"); String compositeRoleTable = getTableName("COMPOSITE_ROLE"); - for (String realmId : realmIds) { + for (Map.Entry entry : realmIdsAndNames.entrySet()) { String id = UUID.randomUUID().toString(); - String roleName = determineDefaultRoleName(realmId); + String roleName = determineDefaultRoleName(entry.getKey(), entry.getValue()); statements.add( // create new default role new InsertStatement(null, null, database.correctObjectName("KEYCLOAK_ROLE", Table.class)) .addColumnValue("ID", id) - .addColumnValue("CLIENT_REALM_CONSTRAINT", realmId) + .addColumnValue("CLIENT_REALM_CONSTRAINT", entry.getValue()) .addColumnValue("CLIENT_ROLE", Boolean.FALSE) .addColumnValue("DESCRIPTION", "${role_" + roleName + "}") .addColumnValue("NAME", roleName) - .addColumnValue("REALM_ID", realmId) - .addColumnValue("REALM", realmId) + .addColumnValue("REALM_ID", entry.getValue()) + .addColumnValue("REALM", entry.getValue()) ); statements.add( // assign the role to the realm new UpdateStatement(null, null, database.correctObjectName("REALM", Table.class)) .addNewColumnValue("DEFAULT_ROLE", id) .setWhereClause("REALM.ID=?") - .addWhereParameter(realmId) + .addWhereParameter(entry.getValue()) ); statements.add( // copy data from REALM_DEFAULT_ROLES to COMPOSITE_ROLE new RawSqlStatement("INSERT INTO " + compositeRoleTable + " (COMPOSITE, CHILD_ROLE) " + "SELECT '" + id + "', ROLE_ID FROM " + getTableName("REALM_DEFAULT_ROLES") + - " WHERE REALM_ID = '" + database.escapeStringForDatabase(realmId) + "'") + " WHERE REALM_ID = '" + database.escapeStringForDatabase(entry.getValue()) + "'") ); statements.add( // copy data from CLIENT_DEFAULT_ROLES to COMPOSITE_ROLE @@ -75,17 +75,17 @@ public class JpaUpdate13_0_0_MigrateDefaultRoles extends CustomKeycloakTask { "SELECT '" + id + "', " + clientDefaultRolesTable + ".ROLE_ID FROM " + clientDefaultRolesTable + " INNER JOIN " + clientTable + " ON " + clientTable + ".ID = " + clientDefaultRolesTable + ".CLIENT_ID AND " + - clientTable + ".REALM_ID = '" + database.escapeStringForDatabase(realmId) + "'") + clientTable + ".REALM_ID = '" + database.escapeStringForDatabase(entry.getValue()) + "'") ); } } - private void extractRealmIds(String sql) throws CustomChangeException { + private void extractRealmIdsAndNames(String sql) throws CustomChangeException { try (PreparedStatement statement = jdbcConnection.prepareStatement(sql); ResultSet rs = statement.executeQuery()) { while (rs.next()) { - realmIds.add(rs.getString(1)); + realmIdsAndNames.put(rs.getString(1), rs.getString(2)); } } catch (Exception e) { @@ -93,13 +93,13 @@ public class JpaUpdate13_0_0_MigrateDefaultRoles extends CustomKeycloakTask { } } - private String determineDefaultRoleName(String realmId) throws CustomChangeException { - String roleName = Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + realmId.toLowerCase(); + private String determineDefaultRoleName(String realmId, String realmName) throws CustomChangeException { + String roleName = Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + realmName.toLowerCase(); if (isRoleNameAvailable(realmId, roleName)) { return roleName; } else { for (int i = 1; i < Integer.MAX_VALUE; i++) { - roleName = Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + realmId.toLowerCase() + "-" + i; + roleName = Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + realmName.toLowerCase() + "-" + i; if (isRoleNameAvailable(realmId, roleName)) return roleName; } }