libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Merge pull request #2401 from mposolda/master

Browse source 
Caching of user consents and serviceAccount links
This commit is contained in:
Marek Posolda 2016-03-22 08:03:31 +01:00
commit 741fa16ec7
6 changed files with 157 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
common/src/main/java/org/keycloak/common/util/Base64.java
View file

@ -561,7 +561,7 @@ public class Base64
while( raw.hasRemaining() ){
int rem = Math.min(3,raw.remaining());
raw.get(raw3,0,rem);
Base64.encode3to4(enc4, raw3, rem, Base64.NO_OPTIONS );
Base64.encode3to4(enc4, raw3, rem, Base64.NO_OPTIONS);
encoded.put(enc4);
} // end input remaining
}
@ -1282,7 +1282,12 @@ public class Base64
} // end try
catch( java.io.IOException e ) {
e.printStackTrace();
if (e.getMessage().equals("Unsupported compression method")) {
System.out.println("Base64 decoding: Ignoring GZIP header and just returning originally-decoded bytes."); // Better to log as debug, but jboss logging not available in the module :/
} else {
e.printStackTrace();
}
// Just return originally-decoded bytes
} // end catch
finally {

66
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserAdapter.java vendored
View file

@ -17,12 +17,28 @@
package org.keycloak.models.cache.infinispan;
import org.keycloak.models.*;
import org.keycloak.models.cache.CacheUserProvider;
import org.keycloak.models.ClientModel;
import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserConsentModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserCredentialValueModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.cache.infinispan.entities.CachedUser;
import org.keycloak.models.cache.infinispan.entities.CachedUserConsent;
import org.keycloak.models.utils.KeycloakModelUtils;
import java.util.*;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@ -380,16 +396,28 @@ public class UserAdapter implements UserModel {
@Override
public UserConsentModel getConsentByClient(String clientId) {
// TODO: caching?
getDelegateForUpdate();
return updated.getConsentByClient(clientId);
if (updated != null) return updated.getConsentByClient(clientId);
CachedUserConsent cachedConsent = cached.getConsents().get(clientId);
if (cachedConsent == null) {
return null;
}
return toConsentModel(cachedConsent);
}
@Override
public List<UserConsentModel> getConsents() {
// TODO: caching?
getDelegateForUpdate();
return updated.getConsents();
if (updated != null) return updated.getConsents();
Collection<CachedUserConsent> cachedConsents = cached.getConsents().values();
List<UserConsentModel> result = new LinkedList<>();
for (CachedUserConsent cachedConsent : cachedConsents) {
UserConsentModel consent = toConsentModel(cachedConsent);
if (consent != null) {
result.add(consent);
}
}
return result;
}
@Override
@ -404,6 +432,26 @@ public class UserAdapter implements UserModel {
return updated.revokeConsentForClient(clientId);
}
private UserConsentModel toConsentModel(CachedUserConsent cachedConsent) {
ClientModel client = keycloakSession.realms().getClientById(cachedConsent.getClientDbId(), realm);
if (client == null) {
return null;
}
UserConsentModel consentModel = new UserConsentModel(client);
for (String roleId : cachedConsent.getRoleIds()) {
RoleModel role = keycloakSession.realms().getRoleById(roleId, realm);
if (role != null) {
consentModel.addGrantedRole(role);
}
}
for (ProtocolMapperModel protocolMapper : cachedConsent.getProtocolMappers()) {
consentModel.addGrantedProtocolMapper(protocolMapper);
}
return consentModel;
}
@Override
public boolean equals(Object o) {
if (this == o) return true;

22
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserCacheSession.java vendored
View file

@ -18,7 +18,20 @@
package org.keycloak.models.cache.infinispan;
import org.jboss.logging.Logger;
import org.keycloak.models.*;
import org.keycloak.common.constants.ServiceAccountConstants;
import org.keycloak.models.ClientModel;
import org.keycloak.models.CredentialValidationOutput;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakTransaction;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserProvider;
import org.keycloak.models.cache.CacheUserProvider;
import org.keycloak.models.cache.infinispan.entities.CachedUser;
import org.keycloak.models.cache.infinispan.entities.UserListQuery;
@ -281,6 +294,13 @@ public class UserCacheSession implements CacheUserProvider {
@Override
public UserModel getUserByServiceAccountClient(ClientModel client) {
// Just an attempt to find the user from cache by default serviceAccount username
String username = ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + client.getClientId();
UserModel user = getUserByUsername(username, client.getRealm());
if (user != null && user.getServiceAccountClientLink() != null && user.getServiceAccountClientLink().equals(client.getId())) {
return user;
}
return getDelegate().getUserByServiceAccountClient(client);
}

16
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedUser.java vendored
View file

@ -20,14 +20,16 @@ package org.keycloak.models.cache.infinispan.entities;
import org.keycloak.models.GroupModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserConsentModel;
import org.keycloak.models.UserCredentialValueModel;
import org.keycloak.models.UserModel;
import org.keycloak.common.util.MultivaluedHashMap;
import java.io.Serializable;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
@ -51,6 +53,7 @@ public class CachedUser extends AbstractRevisioned implements InRealm {
private Set<String> requiredActions = new HashSet<>();
private Set<String> roleMappings = new HashSet<>();
private Set<String> groups = new HashSet<>();
private Map<String, CachedUserConsent> consents = new HashMap<>(); // Key is client DB Id
@ -79,6 +82,13 @@ public class CachedUser extends AbstractRevisioned implements InRealm {
groups.add(group.getId());
}
}
List<UserConsentModel> consents = user.getConsents();
if (consents != null) {
for (UserConsentModel consent : consents) {
this.consents.put(consent.getClient().getId(), new CachedUserConsent(consent));
}
}
}
public String getRealm() {
@ -144,4 +154,8 @@ public class CachedUser extends AbstractRevisioned implements InRealm {
public Set<String> getGroups() {
return groups;
}
public Map<String, CachedUserConsent> getConsents() {
return consents;
}
}

55
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedUserConsent.java vendored Normal file
View file

@ -0,0 +1,55 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.models.cache.infinispan.entities;
import java.util.HashSet;
import java.util.Set;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserConsentModel;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class CachedUserConsent {
private final String clientDbId;
private final Set<ProtocolMapperModel> protocolMappers = new HashSet<>();
private final Set<String> roleIds = new HashSet<>();
public CachedUserConsent(UserConsentModel consentModel) {
this.clientDbId = consentModel.getClient().getId();
this.protocolMappers.addAll(consentModel.getGrantedProtocolMappers());
for (RoleModel role : consentModel.getGrantedRoles()) {
this.roleIds.add(role.getId());
}
}
public String getClientDbId() {
return clientDbId;
}
public Set<ProtocolMapperModel> getProtocolMappers() {
return protocolMappers;
}
public Set<String> getRoleIds() {
return roleIds;
}
}

3
services/src/main/java/org/keycloak/exportimport/dir/DirImportProvider.java
View file

@ -133,12 +133,13 @@ public class DirImportProvider implements ImportProvider {
if (realmImported.get()) {
// Import users
for (File userFile : userFiles) {
for (final File userFile : userFiles) {
final FileInputStream fis = new FileInputStream(userFile);
KeycloakModelUtils.runJobInTransaction(factory, new ExportImportSessionTask() {
@Override
protected void runExportImportTask(KeycloakSession session) throws IOException {
ImportUtils.importUsersFromStream(session, realmName, JsonSerialization.mapper, fis);
logger.infof("Imported users from %s", userFile.getAbsolutePath());
}
});
}