Merge pull request #2401 from mposolda/master

Caching of user consents and serviceAccount links
2016-03-22 08:03:31 +01:00 · 2016-03-22 08:03:31 +01:00 · 741fa16ec7
commit 741fa16ec7
parent e56759a6c0 5c912d3501
6 changed files with 157 additions and 14 deletions
--- a/common/src/main/java/org/keycloak/common/util/Base64.java
+++ b/common/src/main/java/org/keycloak/common/util/Base64.java
@ -1282,7 +1282,12 @@ public class Base64

                }   // end try
                catch( java.io.IOException e ) {
+                    if (e.getMessage().equals("Unsupported compression method")) {
+                        System.out.println("Base64 decoding: Ignoring GZIP header and just returning originally-decoded bytes."); // Better to log as debug, but jboss logging not available in the module :/
+                    } else {
                        e.printStackTrace();
+                    }
+
                    // Just return originally-decoded bytes
                }   // end catch
                finally {
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserAdapter.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserAdapter.java
@ -17,12 +17,28 @@

 package org.keycloak.models.cache.infinispan;

-import org.keycloak.models.*;
-import org.keycloak.models.cache.CacheUserProvider;
+import org.keycloak.models.ClientModel;
+import org.keycloak.models.GroupModel;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.ProtocolMapperModel;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.RoleContainerModel;
+import org.keycloak.models.RoleModel;
+import org.keycloak.models.UserConsentModel;
+import org.keycloak.models.UserCredentialModel;
+import org.keycloak.models.UserCredentialValueModel;
+import org.keycloak.models.UserModel;
 import org.keycloak.models.cache.infinispan.entities.CachedUser;
+import org.keycloak.models.cache.infinispan.entities.CachedUserConsent;
 import org.keycloak.models.utils.KeycloakModelUtils;

-import java.util.*;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;

 /**
 * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@ -380,16 +396,28 @@ public class UserAdapter implements UserModel {

    @Override
    public UserConsentModel getConsentByClient(String clientId) {
-        // TODO: caching?
-        getDelegateForUpdate();
-        return updated.getConsentByClient(clientId);
+        if (updated != null) return updated.getConsentByClient(clientId);
+        CachedUserConsent cachedConsent = cached.getConsents().get(clientId);
+        if (cachedConsent == null) {
+            return null;
+        }
+
+        return toConsentModel(cachedConsent);
    }

    @Override
    public List<UserConsentModel> getConsents() {
-        // TODO: caching?
-        getDelegateForUpdate();
-        return updated.getConsents();
+        if (updated != null) return updated.getConsents();
+        Collection<CachedUserConsent> cachedConsents = cached.getConsents().values();
+
+        List<UserConsentModel> result = new LinkedList<>();
+        for (CachedUserConsent cachedConsent : cachedConsents) {
+            UserConsentModel consent = toConsentModel(cachedConsent);
+            if (consent != null) {
+                result.add(consent);
+            }
+        }
+        return result;
    }

    @Override
@ -404,6 +432,26 @@ public class UserAdapter implements UserModel {
        return updated.revokeConsentForClient(clientId);
    }

+    private UserConsentModel toConsentModel(CachedUserConsent cachedConsent) {
+        ClientModel client = keycloakSession.realms().getClientById(cachedConsent.getClientDbId(), realm);
+        if (client == null) {
+            return null;
+        }
+
+        UserConsentModel consentModel = new UserConsentModel(client);
+
+        for (String roleId : cachedConsent.getRoleIds()) {
+            RoleModel role = keycloakSession.realms().getRoleById(roleId, realm);
+            if (role != null) {
+                consentModel.addGrantedRole(role);
+            }
+        }
+        for (ProtocolMapperModel protocolMapper : cachedConsent.getProtocolMappers()) {
+            consentModel.addGrantedProtocolMapper(protocolMapper);
+        }
+        return consentModel;
+    }
+
    @Override
    public boolean equals(Object o) {
        if (this == o) return true;
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserCacheSession.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserCacheSession.java
@ -18,7 +18,20 @@
 package org.keycloak.models.cache.infinispan;

 import org.jboss.logging.Logger;
-import org.keycloak.models.*;
+import org.keycloak.common.constants.ServiceAccountConstants;
+import org.keycloak.models.ClientModel;
+import org.keycloak.models.CredentialValidationOutput;
+import org.keycloak.models.FederatedIdentityModel;
+import org.keycloak.models.GroupModel;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.KeycloakTransaction;
+import org.keycloak.models.ProtocolMapperModel;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.RoleModel;
+import org.keycloak.models.UserCredentialModel;
+import org.keycloak.models.UserFederationProviderModel;
+import org.keycloak.models.UserModel;
+import org.keycloak.models.UserProvider;
 import org.keycloak.models.cache.CacheUserProvider;
 import org.keycloak.models.cache.infinispan.entities.CachedUser;
 import org.keycloak.models.cache.infinispan.entities.UserListQuery;
@ -281,6 +294,13 @@ public class UserCacheSession implements CacheUserProvider {

    @Override
    public UserModel getUserByServiceAccountClient(ClientModel client) {
+        // Just an attempt to find the user from cache by default serviceAccount username
+        String username = ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + client.getClientId();
+        UserModel user = getUserByUsername(username, client.getRealm());
+        if (user != null && user.getServiceAccountClientLink() != null && user.getServiceAccountClientLink().equals(client.getId())) {
+            return user;
+        }
+
        return getDelegate().getUserByServiceAccountClient(client);
    }

--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedUser.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedUser.java
@ -20,14 +20,16 @@ package org.keycloak.models.cache.infinispan.entities;
 import org.keycloak.models.GroupModel;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RoleModel;
+import org.keycloak.models.UserConsentModel;
 import org.keycloak.models.UserCredentialValueModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.common.util.MultivaluedHashMap;

-import java.io.Serializable;
+import java.util.HashMap;
 import java.util.HashSet;
 import java.util.LinkedList;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;

 /**
@ -51,6 +53,7 @@ public class CachedUser extends AbstractRevisioned implements InRealm  {
    private Set<String> requiredActions = new HashSet<>();
    private Set<String> roleMappings = new HashSet<>();
    private Set<String> groups = new HashSet<>();
+    private Map<String, CachedUserConsent> consents = new HashMap<>(); // Key is client DB Id



@ -79,6 +82,13 @@ public class CachedUser extends AbstractRevisioned implements InRealm  {
                groups.add(group.getId());
            }
        }
+
+        List<UserConsentModel> consents = user.getConsents();
+        if (consents != null) {
+            for (UserConsentModel consent : consents) {
+                this.consents.put(consent.getClient().getId(), new CachedUserConsent(consent));
+            }
+        }
    }

    public String getRealm() {
@ -144,4 +154,8 @@ public class CachedUser extends AbstractRevisioned implements InRealm  {
    public Set<String> getGroups() {
        return groups;
    }
+
+    public Map<String, CachedUserConsent> getConsents() {
+        return consents;
+    }
 }
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedUserConsent.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedUserConsent.java
@ -0,0 +1,55 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.models.cache.infinispan.entities;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import org.keycloak.models.ProtocolMapperModel;
+import org.keycloak.models.RoleModel;
+import org.keycloak.models.UserConsentModel;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class CachedUserConsent {
+
+    private final String clientDbId;
+    private final Set<ProtocolMapperModel> protocolMappers = new HashSet<>();
+    private final Set<String> roleIds = new HashSet<>();
+
+    public CachedUserConsent(UserConsentModel consentModel) {
+        this.clientDbId = consentModel.getClient().getId();
+        this.protocolMappers.addAll(consentModel.getGrantedProtocolMappers());
+        for (RoleModel role : consentModel.getGrantedRoles()) {
+            this.roleIds.add(role.getId());
+        }
+    }
+
+    public String getClientDbId() {
+        return clientDbId;
+    }
+
+    public Set<ProtocolMapperModel> getProtocolMappers() {
+        return protocolMappers;
+    }
+
+    public Set<String> getRoleIds() {
+        return roleIds;
+    }
+}
--- a/services/src/main/java/org/keycloak/exportimport/dir/DirImportProvider.java
+++ b/services/src/main/java/org/keycloak/exportimport/dir/DirImportProvider.java
@ -133,12 +133,13 @@ public class DirImportProvider implements ImportProvider {

        if (realmImported.get()) {
            // Import users
-            for (File userFile : userFiles) {
+            for (final File userFile : userFiles) {
                final FileInputStream fis = new FileInputStream(userFile);
                KeycloakModelUtils.runJobInTransaction(factory, new ExportImportSessionTask() {
                    @Override
                    protected void runExportImportTask(KeycloakSession session) throws IOException {
                        ImportUtils.importUsersFromStream(session, realmName, JsonSerialization.mapper, fis);
+                        logger.infof("Imported users from %s", userFile.getAbsolutePath());
                    }
                });
            }