libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Moving the UserCache interface to the legacy module

Browse source 
Co-Authored-By: hmlnarik@redhat.com
This commit is contained in:
Alexander Schwartz 2022-06-15 10:45:03 +02:00 committed by Hynek Mlnařík
parent 6376db0f9c
commit 7855b93390
16 changed files with 176 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-model-infinispan/main/module.xml
View file

@ -31,6 +31,7 @@
<module name="org.keycloak.keycloak-server-spi-private"/>
<module name="org.keycloak.keycloak-wildfly-extensions" export="true" services="import"/>
<module name="org.keycloak.keycloak-model-legacy"/>
<module name="org.keycloak.keycloak-model-legacy-private"/>
<module name="org.infinispan"/>
<module name="org.infinispan.commons"/>
<module name="org.infinispan.persistence.remote"/>

4
model/infinispan/pom.xml
View file

@ -42,6 +42,10 @@
<groupId>org.keycloak</groupId>
<artifactId>keycloak-model-legacy</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-model-legacy-private</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-server-spi-private</artifactId>

16
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanUserCacheProviderFactory.java vendored
View file

@ -29,11 +29,14 @@ import org.keycloak.models.cache.UserCache;
import org.keycloak.models.cache.UserCacheProviderFactory;
import org.keycloak.models.cache.infinispan.entities.Revisioned;
import org.keycloak.models.cache.infinispan.events.InvalidationEvent;
import org.keycloak.provider.InvalidationHandler;
import org.keycloak.provider.InvalidationHandler.InvalidableObjectType;;
import org.keycloak.provider.InvalidationHandler.ObjectType;;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class InfinispanUserCacheProviderFactory implements UserCacheProviderFactory {
public class InfinispanUserCacheProviderFactory implements UserCacheProviderFactory, InvalidationHandler {
private static final Logger log = Logger.getLogger(InfinispanUserCacheProviderFactory.class);
public static final String USER_CLEAR_CACHE_EVENTS = "USER_CLEAR_CACHE_EVENTS";
@ -78,6 +81,15 @@ public class InfinispanUserCacheProviderFactory implements UserCacheProviderFact
}
}
@Override
public void invalidate(KeycloakSession session, InvalidableObjectType type, Object... params) {
if (type == ObjectType.REALM || type == ObjectType.USER) {
if (this.userCache != null) {
this.userCache.clear();
}
}
}
@Override
public void init(Config.Scope config) {
}
@ -95,6 +107,4 @@ public class InfinispanUserCacheProviderFactory implements UserCacheProviderFact
public String getId() {
return "default";
}
}

0
server-spi-private/src/main/java/org/keycloak/models/cache/CacheUserProviderSpi.java → model/legacy-private/src/main/java/org/keycloak/models/cache/CacheUserProviderSpi.java vendored
View file

0
server-spi-private/src/main/java/org/keycloak/models/cache/UserCacheProviderFactory.java → model/legacy-private/src/main/java/org/keycloak/models/cache/UserCacheProviderFactory.java vendored
View file

18
model/legacy-private/src/main/resources/META-INF/services/org.keycloak.provider.Spi Normal file
View file

@ -0,0 +1,18 @@
#
# Copyright 2022 Red Hat, Inc. and/or its affiliates
# and other contributors as indicated by the @author tags.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
org.keycloak.models.cache.CacheUserProviderSpi

6
model/legacy-services/src/main/java/org/keycloak/services/legacysessionsupport/LegacySessionSupportProviderImpl.java
View file

@ -21,6 +21,7 @@ import org.keycloak.credential.UserCredentialStoreManager;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.UserCredentialManager;
import org.keycloak.models.LegacySessionSupportProvider;
import org.keycloak.models.cache.UserCache;
/**
* @author Alexander Schwartz
@ -45,4 +46,9 @@ public class LegacySessionSupportProviderImpl implements LegacySessionSupportPro
return new UserCredentialStoreManager(session);
}
@Override
public UserCache userCache() {
return session.getProvider(UserCache.class);
}
}

57
model/legacy-services/src/main/java/org/keycloak/services/resources/admin/ClearUserCacheRealmAdminProvider.java Normal file
View file

@ -0,0 +1,57 @@
/*
* Copyright 2022 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.services.resources.admin;
import org.keycloak.Config.Scope;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.services.resources.admin.ext.AdminRealmResourceProvider;
import org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
public class ClearUserCacheRealmAdminProvider implements AdminRealmResourceProviderFactory, AdminRealmResourceProvider {
@Override
public AdminRealmResourceProvider create(KeycloakSession session) {
return this;
}
@Override
public void init(Scope config) {
}
@Override
public void postInit(KeycloakSessionFactory factory) {
}
@Override
public void close() {
}
@Override
public String getId() {
return "clear-user-cache";
}
@Override
public Object getResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
return new ClearUserCacheResource(realm, auth, adminEvent);
}
}

62
model/legacy-services/src/main/java/org/keycloak/services/resources/admin/ClearUserCacheResource.java Normal file
View file

@ -0,0 +1,62 @@
/*
* Copyright 2022 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.services.resources.admin;
import org.keycloak.events.admin.OperationType;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.cache.UserCache;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import javax.ws.rs.POST;
import javax.ws.rs.core.Context;
/**
* Clear user cache.
*/
public class ClearUserCacheResource {
protected RealmModel realm;
protected AdminPermissionEvaluator auth;
protected AdminEventBuilder adminEvent;
@Context
protected KeycloakSession session;
public ClearUserCacheResource(RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
this.auth = auth;
this.realm = realm;
this.adminEvent = adminEvent;
}
/**
* Clear user cache
*/
@POST
public void clearUserCache() {
auth.realm().requireManageRealm();
UserCache cache = session.getProvider(UserCache.class);
if (cache != null) {
cache.clear();
}
adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success();
}
}

1
model/legacy-services/src/main/resources/META-INF/services/org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory
View file

@ -16,3 +16,4 @@
#
org.keycloak.services.resources.admin.UserStorageProviderRealmAdminProvider
org.keycloak.services.resources.admin.ClearUserCacheRealmAdminProvider

0
server-spi/src/main/java/org/keycloak/models/cache/UserCache.java → model/legacy/src/main/java/org/keycloak/models/cache/UserCache.java vendored
View file

3
server-spi-private/src/main/java/org/keycloak/models/LegacySessionSupportProvider.java
View file

@ -29,4 +29,7 @@ public interface LegacySessionSupportProvider extends Provider {
@Deprecated
UserCredentialManager userCredentialManager();
@Deprecated
UserProvider userCache();
}

1
server-spi-private/src/main/resources/META-INF/services/org.keycloak.provider.Spi
View file

@ -58,7 +58,6 @@ org.keycloak.theme.ThemeSpi
org.keycloak.truststore.TruststoreSpi
org.keycloak.connections.httpclient.HttpClientSpi
org.keycloak.models.cache.CacheRealmProviderSpi
org.keycloak.models.cache.CacheUserProviderSpi
org.keycloak.authentication.AuthenticatorSpi
org.keycloak.authentication.ClientAuthenticatorSpi
org.keycloak.authentication.RequiredActionSpi

3
server-spi/src/main/java/org/keycloak/models/KeycloakSession.java
View file

@ -18,7 +18,6 @@
package org.keycloak.models;
import org.keycloak.component.ComponentModel;
import org.keycloak.models.cache.UserCache;
import org.keycloak.provider.InvalidationHandler.InvalidableObjectType;
import org.keycloak.provider.Provider;
import org.keycloak.services.clientpolicy.ClientPolicyManager;
@ -210,7 +209,7 @@ public interface KeycloakSession {
* @return may be null if cache is disabled
*/
@Deprecated
UserCache userCache();
UserProvider userCache();
/**
* A cached view of all users in system including users loaded by UserStorageProviders

11
services/src/main/java/org/keycloak/services/DefaultKeycloakSession.java
View file

@ -39,7 +39,6 @@ import org.keycloak.models.UserCredentialManager;
import org.keycloak.models.UserLoginFailureProvider;
import org.keycloak.models.UserProvider;
import org.keycloak.models.UserSessionProvider;
import org.keycloak.models.cache.UserCache;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.provider.Provider;
import org.keycloak.provider.ProviderFactory;
@ -111,9 +110,13 @@ public class DefaultKeycloakSession implements KeycloakSession {
}
@Override
public UserCache userCache() {
return getProvider(UserCache.class);
@Deprecated
public UserProvider userCache() {
LegacySessionSupportProvider provider = this.getProvider(LegacySessionSupportProvider.class);
if (provider == null) {
throw new IllegalStateException("legacy support for userCache is not enabled");
}
return provider.userCache();
}
@Override

23
services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
View file

@ -78,6 +78,7 @@ import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.Constants;
import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.LegacySessionSupportProvider;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.ModelException;
import org.keycloak.models.RealmModel;
@ -85,13 +86,13 @@ import org.keycloak.models.RequiredActionProviderModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.cache.CacheRealmProvider;
import org.keycloak.models.cache.UserCache;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.models.utils.StripSecretsUtils;
import org.keycloak.partialimport.PartialImportManager;
import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.provider.InvalidationHandler;
import org.keycloak.representations.adapters.action.GlobalRequestResult;
import org.keycloak.representations.idm.AdminEventRepresentation;
import org.keycloak.representations.idm.ClientRepresentation;
@ -440,8 +441,7 @@ public class RealmAdminResource {
adminEvent.operation(OperationType.UPDATE).representation(StripSecretsUtils.strip(rep)).success();
if (rep.isDuplicateEmailsAllowed() != null && rep.isDuplicateEmailsAllowed() != wasDuplicateEmailsAllowed) {
UserCache cache = session.getProvider(UserCache.class);
if (cache != null) cache.clear();
session.invalidate(InvalidationHandler.ObjectType.REALM, realm.getId());
}
return Response.noContent().build();
@ -1097,23 +1097,6 @@ public class RealmAdminResource {
adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success();
}
/**
* Clear user cache
*
*/
@Path("clear-user-cache")
@POST
public void clearUserCache() {
auth.realm().requireManageRealm();
UserCache cache = session.getProvider(UserCache.class);
if (cache != null) {
cache.clear();
}
adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).success();
}
/**
* Clear cache of external public keys (Public keys of clients or Identity providers)
*