KEYCLOAK-16118 Replace MapStorage.entrySet() with search by criteria

* Add model class parameter to MapStorage
* Add shortcut read(id) method to MapKeycloakTransaction
This commit is contained in:
Hynek Mlnarik 2020-12-15 15:45:29 +01:00 committed by Hynek Mlnařík
parent 6c07679446
commit 78c05d2da2
33 changed files with 1687 additions and 608 deletions

View file

@ -31,7 +31,7 @@ public class StackUtil {
return getShortStackTrace("\n ");
}
private static final Pattern IGNORED = Pattern.compile("sun\\.|java\\.(lang|util|stream)\\.|org\\.jboss\\.logging.");
private static final Pattern IGNORED = Pattern.compile("sun\\.|java\\.(lang|util|stream)\\.|org\\.jboss\\.(arquillian|logging).|org.apache.maven.surefire");
private static final StringBuilder EMPTY = new StringBuilder(0);
/**

View file

@ -668,4 +668,9 @@ public class ClientAdapter implements ClientModel, CachedObject {
public int hashCode() {
return getId().hashCode();
}
@Override
public String toString() {
return String.format("%s@%08x", getClientId(), System.identityHashCode(this));
}
}

View file

@ -28,7 +28,7 @@ import java.util.function.Supplier;
public class DefaultLazyLoader<S, D> implements LazyLoader<S, D> {
private final Function<S, D> loader;
private Supplier<D> fallback;
private final Supplier<D> fallback;
private D data;
public DefaultLazyLoader(Function<S, D> loader, Supplier<D> fallback) {

View file

@ -753,8 +753,9 @@ public class ClientAdapter implements ClientModel, JpaModel<ClientEntity> {
return getId().hashCode();
}
@Override
public String toString() {
return getClientId();
return String.format("%s@%08x", getClientId(), System.identityHashCode(this));
}
}

View file

@ -23,7 +23,6 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.sessions.AuthenticationSessionProvider;
import java.util.Map;
import java.util.Objects;

View file

@ -26,18 +26,19 @@ import org.keycloak.models.RealmModel;
import org.keycloak.models.map.common.Serialization;
import org.keycloak.models.map.storage.MapKeycloakTransaction;
import org.keycloak.models.map.storage.MapStorage;
import org.keycloak.models.map.storage.ModelCriteriaBuilder;
import org.keycloak.models.map.storage.ModelCriteriaBuilder.Operator;
import org.keycloak.models.utils.RealmInfoUtil;
import org.keycloak.sessions.AuthenticationSessionCompoundId;
import org.keycloak.sessions.AuthenticationSessionProvider;
import org.keycloak.sessions.RootAuthenticationSessionModel;
import java.util.List;
import org.keycloak.sessions.RootAuthenticationSessionModel.SearchableFields;
import java.util.Map;
import java.util.Objects;
import java.util.UUID;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import static org.keycloak.common.util.StackUtil.getShortStackTrace;
@ -48,16 +49,16 @@ public class MapRootAuthenticationSessionProvider implements AuthenticationSessi
private static final Logger LOG = Logger.getLogger(MapRootAuthenticationSessionProvider.class);
private final KeycloakSession session;
protected final MapKeycloakTransaction<UUID, MapRootAuthenticationSessionEntity> tx;
private final MapStorage<UUID, MapRootAuthenticationSessionEntity> sessionStore;
protected final MapKeycloakTransaction<UUID, MapRootAuthenticationSessionEntity, RootAuthenticationSessionModel> tx;
private final MapStorage<UUID, MapRootAuthenticationSessionEntity, RootAuthenticationSessionModel> sessionStore;
private static final Predicate<MapRootAuthenticationSessionEntity> ALWAYS_FALSE = role -> false;
private static final String AUTHENTICATION_SESSION_EVENTS = "AUTHENTICATION_SESSION_EVENTS";
public MapRootAuthenticationSessionProvider(KeycloakSession session, MapStorage<UUID, MapRootAuthenticationSessionEntity> sessionStore) {
public MapRootAuthenticationSessionProvider(KeycloakSession session, MapStorage<UUID, MapRootAuthenticationSessionEntity, RootAuthenticationSessionModel> sessionStore) {
this.session = session;
this.sessionStore = sessionStore;
this.tx = new MapKeycloakTransaction<>(sessionStore);
this.tx = sessionStore.createTransaction();
session.getTransactionManager().enlistAfterCompletion(tx);
}
@ -100,7 +101,7 @@ public class MapRootAuthenticationSessionProvider implements AuthenticationSessi
entity.setRealmId(realm.getId());
entity.setTimestamp(Time.currentTime());
if (tx.read(entity.getId(), sessionStore::read) != null) {
if (tx.read(entity.getId()) != null) {
throw new ModelDuplicateException("Root authentication session exists: " + entity.getId());
}
@ -118,7 +119,7 @@ public class MapRootAuthenticationSessionProvider implements AuthenticationSessi
LOG.tracef("getRootAuthenticationSession(%s, %s)%s", realm.getName(), authenticationSessionId, getShortStackTrace());
MapRootAuthenticationSessionEntity entity = tx.read(UUID.fromString(authenticationSessionId), sessionStore::read);
MapRootAuthenticationSessionEntity entity = tx.read(UUID.fromString(authenticationSessionId));
return (entity == null || !entityRealmFilter(realm.getId()).test(entity))
? null
: entityToAdapterFunc(realm).apply(entity);
@ -137,25 +138,22 @@ public class MapRootAuthenticationSessionProvider implements AuthenticationSessi
int expired = Time.currentTime() - RealmInfoUtil.getDettachedClientSessionLifespan(realm);
List<UUID> sessionIds = sessionStore.entrySet().stream()
.filter(entity -> entityRealmFilter(realm.getId()).test(entity.getValue()))
.filter(entity -> entity.getValue().getTimestamp() < expired)
.map(Map.Entry::getKey)
.collect(Collectors.toList());
ModelCriteriaBuilder<RootAuthenticationSessionModel> mcb = sessionStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.TIMESTAMP, Operator.LT, expired);
LOG.debugf("Removed %d expired authentication sessions for realm '%s'", sessionIds.size(), realm.getName());
long deletedCount = tx.delete(UUID.randomUUID(), mcb);
sessionIds.forEach(tx::delete);
LOG.debugf("Removed %d expired authentication sessions for realm '%s'", deletedCount, realm.getName());
}
@Override
public void onRealmRemoved(RealmModel realm) {
Objects.requireNonNull(realm, "The provided realm can't be null!");
sessionStore.entrySet().stream()
.filter(entity -> entityRealmFilter(realm.getId()).test(entity.getValue()))
.map(Map.Entry::getKey)
.collect(Collectors.toList())
.forEach(tx::delete);
ModelCriteriaBuilder<RootAuthenticationSessionModel> mcb = sessionStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId());
sessionStore.delete(mcb);
}
@Override

View file

@ -24,6 +24,7 @@ import org.keycloak.models.map.storage.MapStorageProvider;
import org.keycloak.sessions.AuthenticationSessionProvider;
import org.keycloak.sessions.AuthenticationSessionProviderFactory;
import org.keycloak.sessions.RootAuthenticationSessionModel;
import java.util.UUID;
/**
@ -32,12 +33,12 @@ import java.util.UUID;
public class MapRootAuthenticationSessionProviderFactory extends AbstractMapProviderFactory<AuthenticationSessionProvider>
implements AuthenticationSessionProviderFactory {
private MapStorage<UUID, MapRootAuthenticationSessionEntity> store;
private MapStorage<UUID, MapRootAuthenticationSessionEntity, RootAuthenticationSessionModel> store;
@Override
public void postInit(KeycloakSessionFactory factory) {
MapStorageProvider sp = (MapStorageProvider) factory.getProviderFactory(MapStorageProvider.class);
this.store = sp.getStorage("sessions", UUID.class, MapRootAuthenticationSessionEntity.class);
this.store = sp.getStorage("sessions", UUID.class, MapRootAuthenticationSessionEntity.class, RootAuthenticationSessionModel.class);
}
@Override

View file

@ -541,4 +541,9 @@ public abstract class MapClientAdapter extends AbstractClientModel<MapClientEnti
.findAny()
.orElse(null);
}
@Override
public String toString() {
return String.format("%s@%08x", getClientId(), System.identityHashCode(this));
}
}

View file

@ -20,6 +20,7 @@ package org.keycloak.models.map.client;
import org.jboss.logging.Logger;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientModel.ClientUpdatedEvent;
import org.keycloak.models.ClientModel.SearchableFields;
import org.keycloak.models.ClientProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
@ -39,6 +40,8 @@ import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.keycloak.models.map.storage.MapStorage;
import org.keycloak.models.map.storage.ModelCriteriaBuilder;
import org.keycloak.models.map.storage.ModelCriteriaBuilder.Operator;
import static org.keycloak.common.util.StackUtil.getShortStackTrace;
import static org.keycloak.utils.StreamsUtil.paginatedStream;
@ -47,28 +50,17 @@ public class MapClientProvider implements ClientProvider {
private static final Logger LOG = Logger.getLogger(MapClientProvider.class);
private static final Predicate<MapClientEntity> ALWAYS_FALSE = c -> { return false; };
private final KeycloakSession session;
final MapKeycloakTransaction<UUID, MapClientEntity> tx;
private final MapStorage<UUID, MapClientEntity> clientStore;
final MapKeycloakTransaction<UUID, MapClientEntity, ClientModel> tx;
private final MapStorage<UUID, MapClientEntity, ClientModel> clientStore;
private final ConcurrentMap<UUID, ConcurrentMap<String, Integer>> clientRegisteredNodesStore;
private static final Comparator<MapClientEntity> COMPARE_BY_CLIENT_ID = new Comparator<MapClientEntity>() {
@Override
public int compare(MapClientEntity o1, MapClientEntity o2) {
String c1 = o1 == null ? null : o1.getClientId();
String c2 = o2 == null ? null : o2.getClientId();
return c1 == c2 ? 0
: c1 == null ? -1
: c2 == null ? 1
: c1.compareTo(c2);
private static final Comparator<MapClientEntity> COMPARE_BY_CLIENT_ID = Comparator.comparing(MapClientEntity::getClientId);
}
};
public MapClientProvider(KeycloakSession session, MapStorage<UUID, MapClientEntity> clientStore, ConcurrentMap<UUID, ConcurrentMap<String, Integer>> clientRegisteredNodesStore) {
public MapClientProvider(KeycloakSession session, MapStorage<UUID, MapClientEntity, ClientModel> clientStore, ConcurrentMap<UUID, ConcurrentMap<String, Integer>> clientRegisteredNodesStore) {
this.session = session;
this.clientStore = clientStore;
this.clientRegisteredNodesStore = clientRegisteredNodesStore;
this.tx = new MapKeycloakTransaction<>(clientStore);
this.tx = clientStore.createTransaction();
session.getTransactionManager().enlist(tx);
}
@ -135,17 +127,12 @@ public class MapClientProvider implements ClientProvider {
return paginatedStream(getClientsStream(realm), firstResult, maxResults);
}
private Stream<MapClientEntity> getNotRemovedUpdatedClientsStream() {
Stream<MapClientEntity> updatedAndNotRemovedClientsStream = clientStore.entrySet().stream()
.map(tx::getUpdated) // If the client has been removed, tx.get will return null, otherwise it will return me.getValue()
.filter(Objects::nonNull);
return Stream.concat(tx.createdValuesStream(), updatedAndNotRemovedClientsStream);
}
@Override
public Stream<ClientModel> getClientsStream(RealmModel realm) {
return getNotRemovedUpdatedClientsStream()
.filter(entityRealmFilter(realm))
ModelCriteriaBuilder<ClientModel> mcb = clientStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId());
return tx.getUpdatedNotRemoved(mcb)
.sorted(COMPARE_BY_CLIENT_ID)
.map(entityToAdapterFunc(realm))
;
@ -165,7 +152,7 @@ public class MapClientProvider implements ClientProvider {
entity.setClientId(clientId);
entity.setEnabled(true);
entity.setStandardFlowEnabled(true);
if (tx.read(entity.getId(), clientStore::read) != null) {
if (tx.read(entity.getId()) != null) {
throw new ModelDuplicateException("Client exists: " + id);
}
tx.create(entity.getId(), entity);
@ -228,9 +215,10 @@ public class MapClientProvider implements ClientProvider {
@Override
public long getClientsCount(RealmModel realm) {
return this.getNotRemovedUpdatedClientsStream()
.filter(entityRealmFilter(realm))
.count();
ModelCriteriaBuilder<ClientModel> mcb = clientStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId());
return this.clientStore.getCount(mcb);
}
@Override
@ -241,7 +229,7 @@ public class MapClientProvider implements ClientProvider {
LOG.tracef("getClientById(%s, %s)%s", realm, id, getShortStackTrace());
MapClientEntity entity = tx.read(UUID.fromString(id), clientStore::read);
MapClientEntity entity = tx.read(UUID.fromString(id));
return (entity == null || ! entityRealmFilter(realm).test(entity))
? null
: entityToAdapterFunc(realm).apply(entity);
@ -254,11 +242,11 @@ public class MapClientProvider implements ClientProvider {
}
LOG.tracef("getClientByClientId(%s, %s)%s", realm, clientId, getShortStackTrace());
String clientIdLower = clientId.toLowerCase();
ModelCriteriaBuilder<ClientModel> mcb = clientStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.CLIENT_ID, Operator.ILIKE, clientId);
return getNotRemovedUpdatedClientsStream()
.filter(entityRealmFilter(realm))
.filter(entity -> entity.getClientId() != null && Objects.equals(entity.getClientId().toLowerCase(), clientIdLower))
return tx.getUpdatedNotRemoved(mcb)
.map(entityToAdapterFunc(realm))
.findFirst()
.orElse(null)
@ -270,10 +258,12 @@ public class MapClientProvider implements ClientProvider {
if (clientId == null) {
return Stream.empty();
}
String clientIdLower = clientId.toLowerCase();
Stream<MapClientEntity> s = getNotRemovedUpdatedClientsStream()
.filter(entityRealmFilter(realm))
.filter(entity -> entity.getClientId() != null && entity.getClientId().toLowerCase().contains(clientIdLower))
ModelCriteriaBuilder<ClientModel> mcb = clientStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.CLIENT_ID, Operator.ILIKE, "%" + clientId + "%");
Stream<MapClientEntity> s = tx.getUpdatedNotRemoved(mcb)
.sorted(COMPARE_BY_CLIENT_ID);
return paginatedStream(s, firstResult, maxResults).map(entityToAdapterFunc(realm));

View file

@ -16,6 +16,7 @@
*/
package org.keycloak.models.map.client;
import org.keycloak.models.ClientModel;
import org.keycloak.models.map.common.AbstractMapProviderFactory;
import org.keycloak.models.ClientProvider;
import org.keycloak.models.ClientProviderFactory;
@ -35,12 +36,12 @@ public class MapClientProviderFactory extends AbstractMapProviderFactory<ClientP
private final ConcurrentHashMap<UUID, ConcurrentMap<String, Integer>> REGISTERED_NODES_STORE = new ConcurrentHashMap<>();
private MapStorage<UUID, MapClientEntity> store;
private MapStorage<UUID, MapClientEntity, ClientModel> store;
@Override
public void postInit(KeycloakSessionFactory factory) {
MapStorageProvider sp = (MapStorageProvider) factory.getProviderFactory(MapStorageProvider.class);
this.store = sp.getStorage("clients", UUID.class, MapClientEntity.class);
this.store = sp.getStorage("clients", UUID.class, MapClientEntity.class, ClientModel.class);
}

View file

@ -20,12 +20,17 @@ import com.fasterxml.jackson.annotation.JsonAutoDetect.Visibility;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.PropertyAccessor;
import com.fasterxml.jackson.databind.JavaType;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.ObjectReader;
import com.fasterxml.jackson.databind.ObjectWriter;
import com.fasterxml.jackson.databind.SerializationFeature;
import com.fasterxml.jackson.databind.module.SimpleModule;
import com.fasterxml.jackson.databind.type.TypeFactory;
import com.fasterxml.jackson.datatype.jdk8.StreamSerializer;
import java.io.IOException;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Stream;
/**
*
@ -33,20 +38,24 @@ import java.util.concurrent.ConcurrentHashMap;
*/
public class Serialization {
public static final ObjectMapper MAPPER = new ObjectMapper();
public static final ObjectMapper MAPPER = new ObjectMapper()
.configure(SerializationFeature.FAIL_ON_EMPTY_BEANS, false)
.enable(SerializationFeature.INDENT_OUTPUT)
.setSerializationInclusion(JsonInclude.Include.NON_NULL)
.setVisibility(PropertyAccessor.ALL, Visibility.NONE)
.setVisibility(PropertyAccessor.FIELD, Visibility.ANY)
.addMixIn(AbstractEntity.class, IgnoreUpdatedMixIn.class);
public static final ConcurrentHashMap<Class<?>, ObjectReader> READERS = new ConcurrentHashMap<>();
public static final ConcurrentHashMap<Class<?>, ObjectWriter> WRITERS = new ConcurrentHashMap<>();
abstract class IgnoreUpdatedMixIn { @JsonIgnore public abstract boolean isUpdated(); }
static {
MAPPER.configure(SerializationFeature.FAIL_ON_EMPTY_BEANS, false);
MAPPER.enable(SerializationFeature.INDENT_OUTPUT);
MAPPER.setSerializationInclusion(JsonInclude.Include.NON_NULL);
MAPPER.setVisibility(PropertyAccessor.ALL, Visibility.NONE);
MAPPER.setVisibility(PropertyAccessor.FIELD, Visibility.ANY);
MAPPER.addMixIn(AbstractEntity.class, IgnoreUpdatedMixIn.class);
JavaType type = TypeFactory.unknownType();
JavaType streamType = MAPPER.getTypeFactory().constructParametricType(Stream.class, type);
SimpleModule module = new SimpleModule().addSerializer(new StreamSerializer(streamType, type));
MAPPER.registerModule(module);
}

View file

@ -19,6 +19,7 @@ package org.keycloak.models.map.group;
import org.jboss.logging.Logger;
import org.keycloak.models.GroupModel;
import org.keycloak.models.GroupModel.SearchableFields;
import org.keycloak.models.GroupProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
@ -28,11 +29,13 @@ import org.keycloak.models.map.common.Serialization;
import org.keycloak.models.map.storage.MapKeycloakTransaction;
import org.keycloak.models.map.storage.MapStorage;
import org.keycloak.models.map.storage.ModelCriteriaBuilder;
import org.keycloak.models.map.storage.ModelCriteriaBuilder.Operator;
import java.util.Comparator;
import java.util.Objects;
import java.util.UUID;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.function.UnaryOperator;
import java.util.stream.Stream;
import static org.keycloak.common.util.StackUtil.getShortStackTrace;
@ -41,15 +44,14 @@ import static org.keycloak.utils.StreamsUtil.paginatedStream;
public class MapGroupProvider implements GroupProvider {
private static final Logger LOG = Logger.getLogger(MapGroupProvider.class);
private static final Predicate<MapGroupEntity> ALWAYS_FALSE = c -> { return false; };
private final KeycloakSession session;
final MapKeycloakTransaction<UUID, MapGroupEntity> tx;
private final MapStorage<UUID, MapGroupEntity> groupStore;
final MapKeycloakTransaction<UUID, MapGroupEntity, GroupModel> tx;
private final MapStorage<UUID, MapGroupEntity, GroupModel> groupStore;
public MapGroupProvider(KeycloakSession session, MapStorage<UUID, MapGroupEntity> groupStore) {
public MapGroupProvider(KeycloakSession session, MapStorage<UUID, MapGroupEntity, GroupModel> groupStore) {
this.session = session;
this.groupStore = groupStore;
this.tx = new MapKeycloakTransaction<>(groupStore);
this.tx = groupStore.createTransaction();
session.getTransactionManager().enlist(tx);
}
@ -64,14 +66,6 @@ public class MapGroupProvider implements GroupProvider {
return origEntity -> new MapGroupAdapter(session, realm, registerEntityForChanges(origEntity));
}
private Predicate<MapGroupEntity> entityRealmFilter(RealmModel realm) {
if (realm == null || realm.getId() == null) {
return MapGroupProvider.ALWAYS_FALSE;
}
String realmId = realm.getId();
return entity -> Objects.equals(realmId, entity.getRealmId());
}
@Override
public GroupModel getGroupById(RealmModel realm, String id) {
if (id == null) {
@ -88,28 +82,28 @@ public class MapGroupProvider implements GroupProvider {
return null;
}
MapGroupEntity entity = tx.read(uid, groupStore::read);
return (entity == null || ! entityRealmFilter(realm).test(entity))
MapGroupEntity entity = tx.read(uid);
String realmId = realm.getId();
return (entity == null || ! Objects.equals(realmId, entity.getRealmId()))
? null
: entityToAdapterFunc(realm).apply(entity);
}
private Stream<MapGroupEntity> getNotRemovedUpdatedGroupsStream() {
Stream<MapGroupEntity> updatedAndNotRemovedGroupsStream = groupStore.entrySet().stream()
.map(tx::getUpdated) // If the group has been removed, tx.get will return null, otherwise it will return me.getValue()
.filter(Objects::nonNull);
return Stream.concat(tx.createdValuesStream(), updatedAndNotRemovedGroupsStream);
}
private Stream<MapGroupEntity> getUnsortedGroupEntitiesStream(RealmModel realm) {
return getNotRemovedUpdatedGroupsStream()
.filter(entityRealmFilter(realm));
}
@Override
public Stream<GroupModel> getGroupsStream(RealmModel realm) {
return getGroupsStreamInternal(realm, null);
}
private Stream<GroupModel> getGroupsStreamInternal(RealmModel realm, UnaryOperator<ModelCriteriaBuilder<GroupModel>> modifier) {
LOG.tracef("getGroupsStream(%s)%s", realm, getShortStackTrace());
return getUnsortedGroupEntitiesStream(realm)
ModelCriteriaBuilder<GroupModel> mcb = groupStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId());
if (modifier != null) {
mcb = modifier.apply(mcb);
}
return tx.getUpdatedNotRemoved(mcb)
.map(entityToAdapterFunc(realm))
.sorted(GroupModel.COMPARE_BY_NAME)
;
@ -117,38 +111,49 @@ public class MapGroupProvider implements GroupProvider {
@Override
public Stream<GroupModel> getGroupsStream(RealmModel realm, Stream<String> ids, String search, Integer first, Integer max) {
Stream<GroupModel> groupModelStream = ids.map(id -> session.groups().getGroupById(realm, id))
.sorted(Comparator.comparing(GroupModel::getName));
ModelCriteriaBuilder<GroupModel> mcb = groupStore.createCriteriaBuilder()
.compare(SearchableFields.ID, Operator.IN, ids.map(UUID::fromString))
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId());
if (search != null) {
String s = search.toLowerCase();
groupModelStream = groupModelStream.filter(groupModel -> groupModel.getName().toLowerCase().contains(s));
mcb = mcb.compare(SearchableFields.NAME, Operator.ILIKE, "%" + search + "%");
}
Stream<GroupModel> groupModelStream = tx.getUpdatedNotRemoved(mcb)
.map(entityToAdapterFunc(realm))
.sorted(Comparator.comparing(GroupModel::getName));
return paginatedStream(groupModelStream, first, max);
}
@Override
public Long getGroupsCount(RealmModel realm, Boolean onlyTopGroups) {
LOG.tracef("getGroupsCount(%s, %s)%s", realm, onlyTopGroups, getShortStackTrace());
Stream<MapGroupEntity> groupModelStream = getUnsortedGroupEntitiesStream(realm);
ModelCriteriaBuilder<GroupModel> mcb = groupStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId());
if (onlyTopGroups) {
groupModelStream = groupModelStream.filter(groupEntity -> Objects.isNull(groupEntity.getParentId()));
if (Objects.equals(onlyTopGroups, Boolean.TRUE)) {
mcb = mcb.compare(SearchableFields.PARENT_ID, Operator.EQ, (Object) null);
}
return groupModelStream.count();
return tx.getCount(mcb);
}
@Override
public Long getGroupsCountByNameContaining(RealmModel realm, String search) {
return searchForGroupByNameStream(realm, search, null, null).count();
ModelCriteriaBuilder<GroupModel> mcb = groupStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.NAME, Operator.ILIKE, "%" + search + "%");
return tx.getCount(mcb);
}
@Override
public Stream<GroupModel> getGroupsByRoleStream(RealmModel realm, RoleModel role, Integer firstResult, Integer maxResults) {
LOG.tracef("getGroupsByRole(%s, %s, %d, %d)%s", realm, role, firstResult, maxResults, getShortStackTrace());
Stream<GroupModel> groupModelStream = getGroupsStream(realm).filter(groupModel -> groupModel.hasRole(role));
Stream<GroupModel> groupModelStream = getGroupsStreamInternal(realm,
(ModelCriteriaBuilder<GroupModel> mcb) -> mcb.compare(SearchableFields.ASSIGNED_ROLE, Operator.EQ, role.getId())
);
return paginatedStream(groupModelStream, firstResult, maxResults);
}
@ -156,8 +161,9 @@ public class MapGroupProvider implements GroupProvider {
@Override
public Stream<GroupModel> getTopLevelGroupsStream(RealmModel realm) {
LOG.tracef("getTopLevelGroupsStream(%s)%s", realm, getShortStackTrace());
return getGroupsStream(realm)
.filter(groupModel -> Objects.isNull(groupModel.getParentId()));
return getGroupsStreamInternal(realm,
(ModelCriteriaBuilder<GroupModel> mcb) -> mcb.compare(SearchableFields.PARENT_ID, Operator.EQ, (Object) null)
);
}
@Override
@ -171,8 +177,9 @@ public class MapGroupProvider implements GroupProvider {
@Override
public Stream<GroupModel> searchForGroupByNameStream(RealmModel realm, String search, Integer firstResult, Integer maxResults) {
LOG.tracef("searchForGroupByNameStream(%s, %s, %d, %d)%s", realm, search, firstResult, maxResults, getShortStackTrace());
Stream<GroupModel> groupModelStream = getGroupsStream(realm)
.filter(groupModel -> groupModel.getName().contains(search));
Stream<GroupModel> groupModelStream = getGroupsStreamInternal(realm,
(ModelCriteriaBuilder<GroupModel> mcb) -> mcb.compare(SearchableFields.NAME, Operator.ILIKE, "%" + search + "%")
);
return paginatedStream(groupModelStream, firstResult, maxResults);
@ -184,17 +191,20 @@ public class MapGroupProvider implements GroupProvider {
final UUID entityId = id == null ? UUID.randomUUID() : UUID.fromString(id);
// Check Db constraint: uniqueConstraints = { @UniqueConstraint(columnNames = {"REALM_ID", "PARENT_GROUP", "NAME"})}
if (getUnsortedGroupEntitiesStream(realm)
.anyMatch(groupEntity ->
Objects.equals(groupEntity.getParentId(), toParent == null ? null : toParent.getId()) &&
Objects.equals(groupEntity.getName(), name))) {
String parentId = toParent == null ? null : toParent.getId();
ModelCriteriaBuilder<GroupModel> mcb = groupStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.PARENT_ID, Operator.EQ, parentId)
.compare(SearchableFields.NAME, Operator.EQ, name);
if (tx.getCount(mcb) > 0) {
throw new ModelDuplicateException("Group with name '" + name + "' in realm " + realm.getName() + " already exists for requested parent" );
}
MapGroupEntity entity = new MapGroupEntity(entityId, realm.getId());
entity.setName(name);
entity.setParentId(toParent == null ? null : toParent.getId());
if (tx.read(entity.getId(), groupStore::read) != null) {
if (tx.read(entity.getId()) != null) {
throw new ModelDuplicateException("Group exists: " + entityId);
}
tx.create(entity.getId(), entity);
@ -249,11 +259,15 @@ public class MapGroupProvider implements GroupProvider {
}
String parentId = toParent == null ? null : toParent.getId();
Stream<MapGroupEntity> possibleSiblings = getUnsortedGroupEntitiesStream(realm)
.filter(mapGroupEntity -> Objects.equals(mapGroupEntity.getParentId(), parentId));
ModelCriteriaBuilder<GroupModel> mcb = groupStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.PARENT_ID, Operator.EQ, parentId)
.compare(SearchableFields.NAME, Operator.EQ, group.getName());
if (possibleSiblings.map(MapGroupEntity::getName).anyMatch(Predicate.isEqual(group.getName()))) {
throw new ModelDuplicateException("Parent already contains subgroup named '" + group.getName() + "'");
try (Stream<MapGroupEntity> possibleSiblings = tx.getUpdatedNotRemoved(mcb)) {
if (possibleSiblings.findAny().isPresent()) {
throw new ModelDuplicateException("Parent already contains subgroup named '" + group.getName() + "'");
}
}
if (group.getParentId() != null) {
@ -267,11 +281,15 @@ public class MapGroupProvider implements GroupProvider {
public void addTopLevelGroup(RealmModel realm, GroupModel subGroup) {
LOG.tracef("addTopLevelGroup(%s, %s)%s", realm, subGroup, getShortStackTrace());
Stream<MapGroupEntity> possibleSiblings = getUnsortedGroupEntitiesStream(realm)
.filter(mapGroupEntity -> mapGroupEntity.getParentId() == null);
ModelCriteriaBuilder<GroupModel> mcb = groupStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.PARENT_ID, Operator.EQ, (Object) null)
.compare(SearchableFields.NAME, Operator.EQ, subGroup.getName());
if (possibleSiblings.map(MapGroupEntity::getName).anyMatch(Predicate.isEqual(subGroup.getName()))) {
throw new ModelDuplicateException("There is already a top level group named '" + subGroup.getName() + "'");
try (Stream<MapGroupEntity> possibleSiblings = tx.getUpdatedNotRemoved(mcb)) {
if (possibleSiblings.findAny().isPresent()) {
throw new ModelDuplicateException("There is already a top level group named '" + subGroup.getName() + "'");
}
}
subGroup.setParent(null);
@ -280,11 +298,14 @@ public class MapGroupProvider implements GroupProvider {
@Override
public void preRemove(RealmModel realm, RoleModel role) {
LOG.tracef("preRemove(%s, %s)%s", realm, role, getShortStackTrace());
final String roleId = role.getId();
getUnsortedGroupEntitiesStream(realm)
.filter(groupEntity -> groupEntity.getGrantedRoles().contains(roleId))
ModelCriteriaBuilder<GroupModel> mcb = groupStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.ASSIGNED_ROLE, Operator.EQ, role.getId());
try (Stream<MapGroupEntity> toRemove = tx.getUpdatedNotRemoved(mcb)) {
toRemove
.map(groupEntity -> session.groups().getGroupById(realm, groupEntity.getId().toString()))
.forEach(groupModel -> groupModel.deleteRoleMapping(role));
}
}
@Override

View file

@ -17,6 +17,7 @@
package org.keycloak.models.map.group;
import org.keycloak.models.GroupModel;
import org.keycloak.models.GroupProvider;
import org.keycloak.models.GroupProviderFactory;
import org.keycloak.models.KeycloakSession;
@ -33,12 +34,12 @@ import java.util.UUID;
*/
public class MapGroupProviderFactory extends AbstractMapProviderFactory<GroupProvider> implements GroupProviderFactory {
private MapStorage<UUID, MapGroupEntity> store;
private MapStorage<UUID, MapGroupEntity, GroupModel> store;
@Override
public void postInit(KeycloakSessionFactory factory) {
MapStorageProvider sp = (MapStorageProvider) factory.getProviderFactory(MapStorageProvider.class);
this.store = sp.getStorage("groups", UUID.class, MapGroupEntity.class);
this.store = sp.getStorage("groups", UUID.class, MapGroupEntity.class, GroupModel.class);
}

View file

@ -38,16 +38,18 @@ import static org.keycloak.common.util.StackUtil.getShortStackTrace;
import static org.keycloak.utils.StreamsUtil.paginatedStream;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel.SearchableFields;
import org.keycloak.models.RoleProvider;
import org.keycloak.models.map.common.StreamUtils;
import org.keycloak.models.map.storage.ModelCriteriaBuilder;
import org.keycloak.models.map.storage.ModelCriteriaBuilder.Operator;
public class MapRoleProvider implements RoleProvider {
private static final Logger LOG = Logger.getLogger(MapRoleProvider.class);
private static final Predicate<MapRoleEntity> ALWAYS_FALSE = role -> { return false; };
private final KeycloakSession session;
final MapKeycloakTransaction<UUID, MapRoleEntity> tx;
private final MapStorage<UUID, MapRoleEntity> roleStore;
final MapKeycloakTransaction<UUID, MapRoleEntity, RoleModel> tx;
private final MapStorage<UUID, MapRoleEntity, RoleModel> roleStore;
private static final Comparator<MapRoleEntity> COMPARE_BY_NAME = new Comparator<MapRoleEntity>() {
@Override
@ -62,10 +64,10 @@ public class MapRoleProvider implements RoleProvider {
}
};
public MapRoleProvider(KeycloakSession session, MapStorage<UUID, MapRoleEntity> roleStore) {
public MapRoleProvider(KeycloakSession session, MapStorage<UUID, MapRoleEntity, RoleModel> roleStore) {
this.session = session;
this.roleStore = roleStore;
this.tx = new MapKeycloakTransaction<>(roleStore);
this.tx = roleStore.createTransaction();
session.getTransactionManager().enlist(tx);
}
@ -81,31 +83,6 @@ public class MapRoleProvider implements RoleProvider {
return res;
}
private Predicate<MapRoleEntity> entityRealmFilter(RealmModel realm) {
if (realm == null || realm.getId() == null) {
return MapRoleProvider.ALWAYS_FALSE;
}
String realmId = realm.getId();
return entity -> Objects.equals(realmId, entity.getRealmId());
}
private Predicate<MapRoleEntity> entityClientFilter(ClientModel client) {
if (client == null || client.getId() == null) {
return MapRoleProvider.ALWAYS_FALSE;
}
String clientId = client.getId();
return entity -> entity.isClientRole() &&
Objects.equals(clientId, entity.getClientId());
}
private Stream<MapRoleEntity> getNotRemovedUpdatedRolesStream(RealmModel realm) {
Stream<MapRoleEntity> updatedAndNotRemovedRolesStream = roleStore.entrySet().stream()
.map(tx::getUpdated) // If the role has been removed, tx.get will return null, otherwise it will return me.getValue()
.filter(Objects::nonNull);
return Stream.concat(tx.createdValuesStream(), updatedAndNotRemovedRolesStream)
.filter(entityRealmFilter(realm));
}
@Override
public RoleModel addRealmRole(RealmModel realm, String id, String name) {
if (getRealmRole(realm, name) != null) {
@ -114,12 +91,12 @@ public class MapRoleProvider implements RoleProvider {
final UUID entityId = id == null ? UUID.randomUUID() : UUID.fromString(id);
LOG.tracef("addRealmRole(%s, %s, %s)%s", realm.getName(), id, name, getShortStackTrace());
LOG.tracef("addRealmRole(%s, %s, %s)%s", realm, id, name, getShortStackTrace());
MapRoleEntity entity = new MapRoleEntity(entityId, realm.getId());
entity.setName(name);
entity.setRealmId(realm.getId());
if (tx.read(entity.getId(), roleStore::read) != null) {
if (tx.read(entity.getId()) != null) {
throw new ModelDuplicateException("Role exists: " + id);
}
tx.create(entity.getId(), entity);
@ -133,16 +110,15 @@ public class MapRoleProvider implements RoleProvider {
@Override
public Stream<RoleModel> getRealmRolesStream(RealmModel realm) {
return getNotRemovedUpdatedRolesStream(realm)
.filter(this::isRealmRole)
ModelCriteriaBuilder<RoleModel> mcb = roleStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.IS_CLIENT_ROLE, Operator.NE, true);
return tx.getUpdatedNotRemoved(mcb)
.sorted(COMPARE_BY_NAME)
.map(entityToAdapterFunc(realm));
}
private boolean isRealmRole(MapRoleEntity role) {
return ! role.isClientRole();
}
@Override
public RoleModel addClientRole(ClientModel client, String id, String name) {
if (getClientRole(client, name) != null) {
@ -151,13 +127,13 @@ public class MapRoleProvider implements RoleProvider {
final UUID entityId = id == null ? UUID.randomUUID() : UUID.fromString(id);
LOG.tracef("addClientRole(%s, %s, %s)%s", client.getClientId(), id, name, getShortStackTrace());
LOG.tracef("addClientRole(%s, %s, %s)%s", client, id, name, getShortStackTrace());
MapRoleEntity entity = new MapRoleEntity(entityId, client.getRealm().getId());
entity.setName(name);
entity.setClientRole(true);
entity.setClientId(client.getId());
if (tx.read(entity.getId(), roleStore::read) != null) {
if (tx.read(entity.getId()) != null) {
throw new ModelDuplicateException("Role exists: " + id);
}
tx.create(entity.getId(), entity);
@ -171,8 +147,11 @@ public class MapRoleProvider implements RoleProvider {
@Override
public Stream<RoleModel> getClientRolesStream(ClientModel client) {
return getNotRemovedUpdatedRolesStream(client.getRealm())
.filter(entityClientFilter(client))
ModelCriteriaBuilder<RoleModel> mcb = roleStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, client.getRealm().getId())
.compare(SearchableFields.CLIENT_ID, Operator.EQ, client.getId());
return tx.getUpdatedNotRemoved(mcb)
.sorted(COMPARE_BY_NAME)
.map(entityToAdapterFunc(client.getRealm()));
}
@ -184,16 +163,23 @@ public class MapRoleProvider implements RoleProvider {
session.users().preRemove(realm, role);
ModelCriteriaBuilder<RoleModel> mcb = roleStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.IS_CLIENT_ROLE, Operator.EQ, false)
.compare(SearchableFields.IS_COMPOSITE_ROLE, Operator.EQ, false);
//remove role from realm-roles composites
try (Stream<MapRoleEntity> baseStream = getNotRemovedUpdatedRolesStream(realm)
.filter(this::isRealmRole)
.filter(MapRoleEntity::isComposite)) {
try (Stream<MapRoleEntity> baseStream = tx.getUpdatedNotRemoved(mcb)) {
StreamUtils.leftInnerJoinIterable(baseStream, MapRoleEntity::getCompositeRoles)
.filter(pair -> role.getId().equals(pair.getV()))
.collect(Collectors.toSet())
.forEach(pair -> {
MapRoleEntity origEntity = pair.getK();
//
// TODO: Investigate what this is for - the return value is ignored
//
registerEntityForChanges(origEntity);
origEntity.removeCompositeRole(role.getId());
});
@ -202,15 +188,22 @@ public class MapRoleProvider implements RoleProvider {
//remove role from client-roles composites
session.clients().getClientsStream(realm).forEach(client -> {
client.deleteScopeMapping(role);
try (Stream<MapRoleEntity> baseStream = getNotRemovedUpdatedRolesStream(client.getRealm())
.filter(entityClientFilter(client))
.filter(MapRoleEntity::isComposite)) {
ModelCriteriaBuilder<RoleModel> mcbClient = roleStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.CLIENT_ID, Operator.EQ, client.getId())
.compare(SearchableFields.IS_COMPOSITE_ROLE, Operator.EQ, false);
try (Stream<MapRoleEntity> baseStream = tx.getUpdatedNotRemoved(mcbClient)) {
StreamUtils.leftInnerJoinIterable(baseStream, MapRoleEntity::getCompositeRoles)
.filter(pair -> role.getId().equals(pair.getV()))
.collect(Collectors.toSet())
.forEach(pair -> {
MapRoleEntity origEntity = pair.getK();
//
// TODO: Investigate what this is for - the return value is ignored
//
registerEntityForChanges(origEntity);
origEntity.removeCompositeRole(role.getId());
});
@ -253,12 +246,13 @@ public class MapRoleProvider implements RoleProvider {
if (name == null) {
return null;
}
LOG.tracef("getRealmRole(%s, %s)%s", realm.getName(), name, getShortStackTrace());
LOG.tracef("getRealmRole(%s, %s)%s", realm, name, getShortStackTrace());
String roleNameLower = name.toLowerCase();
ModelCriteriaBuilder<RoleModel> mcb = roleStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.NAME, Operator.ILIKE, name);
String roleId = getNotRemovedUpdatedRolesStream(realm)
.filter(entity -> entity.getName()!= null && Objects.equals(entity.getName().toLowerCase(), roleNameLower))
String roleId = tx.getUpdatedNotRemoved(mcb)
.map(entityToAdapterFunc(realm))
.map(RoleModel::getId)
.findFirst()
@ -272,13 +266,14 @@ public class MapRoleProvider implements RoleProvider {
if (name == null) {
return null;
}
LOG.tracef("getClientRole(%s, %s)%s", client.getClientId(), name, getShortStackTrace());
LOG.tracef("getClientRole(%s, %s)%s", client, name, getShortStackTrace());
String roleNameLower = name.toLowerCase();
ModelCriteriaBuilder<RoleModel> mcb = roleStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, client.getRealm().getId())
.compare(SearchableFields.CLIENT_ID, Operator.EQ, client.getId())
.compare(SearchableFields.NAME, Operator.ILIKE, name);
String roleId = getNotRemovedUpdatedRolesStream(client.getRealm())
.filter(entityClientFilter(client))
.filter(entity -> entity.getName()!= null && Objects.equals(entity.getName().toLowerCase(), roleNameLower))
String roleId = tx.getUpdatedNotRemoved(mcb)
.map(entityToAdapterFunc(client.getRealm()))
.map(RoleModel::getId)
.findFirst()
@ -289,14 +284,15 @@ public class MapRoleProvider implements RoleProvider {
@Override
public RoleModel getRoleById(RealmModel realm, String id) {
if (id == null) {
if (id == null || realm == null || realm.getId() == null) {
return null;
}
LOG.tracef("getRoleById(%s, %s)%s", realm.getName(), id, getShortStackTrace());
LOG.tracef("getRoleById(%s, %s)%s", realm, id, getShortStackTrace());
MapRoleEntity entity = tx.read(UUID.fromString(id), roleStore::read);
return (entity == null || ! entityRealmFilter(realm).test(entity))
MapRoleEntity entity = tx.read(UUID.fromString(id));
String realmId = realm.getId();
return (entity == null || ! Objects.equals(realmId, entity.getRealmId()))
? null
: entityToAdapterFunc(realm).apply(entity);
}
@ -306,12 +302,14 @@ public class MapRoleProvider implements RoleProvider {
if (search == null) {
return Stream.empty();
}
String searchLower = search.toLowerCase();
Stream<MapRoleEntity> s = getNotRemovedUpdatedRolesStream(realm)
.filter(entity ->
(entity.getName() != null && entity.getName().toLowerCase().contains(searchLower)) ||
(entity.getDescription() != null && entity.getDescription().toLowerCase().contains(searchLower))
)
ModelCriteriaBuilder<RoleModel> mcb = roleStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.or(
roleStore.createCriteriaBuilder().compare(SearchableFields.NAME, Operator.ILIKE, "%" + search + "%"),
roleStore.createCriteriaBuilder().compare(SearchableFields.DESCRIPTION, Operator.ILIKE, "%" + search + "%")
);
Stream<MapRoleEntity> s = tx.getUpdatedNotRemoved(mcb)
.sorted(COMPARE_BY_NAME);
return paginatedStream(s.map(entityToAdapterFunc(realm)), first, max);
@ -322,13 +320,14 @@ public class MapRoleProvider implements RoleProvider {
if (search == null) {
return Stream.empty();
}
String searchLower = search.toLowerCase();
Stream<MapRoleEntity> s = getNotRemovedUpdatedRolesStream(client.getRealm())
.filter(entityClientFilter(client))
.filter(entity ->
(entity.getName() != null && entity.getName().toLowerCase().contains(searchLower)) ||
(entity.getDescription() != null && entity.getDescription().toLowerCase().contains(searchLower))
)
ModelCriteriaBuilder<RoleModel> mcb = roleStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, client.getRealm().getId())
.compare(SearchableFields.CLIENT_ID, Operator.EQ, client.getId())
.or(
roleStore.createCriteriaBuilder().compare(SearchableFields.NAME, Operator.ILIKE, "%" + search + "%"),
roleStore.createCriteriaBuilder().compare(SearchableFields.DESCRIPTION, Operator.ILIKE, "%" + search + "%")
);
Stream<MapRoleEntity> s = tx.getUpdatedNotRemoved(mcb)
.sorted(COMPARE_BY_NAME);
return paginatedStream(s,first, max).map(entityToAdapterFunc(client.getRealm()));

View file

@ -20,6 +20,7 @@ import java.util.UUID;
import org.keycloak.models.map.common.AbstractMapProviderFactory;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RoleModel;
import org.keycloak.models.RoleProvider;
import org.keycloak.models.RoleProviderFactory;
import org.keycloak.models.map.storage.MapStorageProvider;
@ -27,12 +28,12 @@ import org.keycloak.models.map.storage.MapStorage;
public class MapRoleProviderFactory extends AbstractMapProviderFactory<RoleProvider> implements RoleProviderFactory {
private MapStorage<UUID, MapRoleEntity> store;
private MapStorage<UUID, MapRoleEntity, RoleModel> store;
@Override
public void postInit(KeycloakSessionFactory factory) {
MapStorageProvider sp = (MapStorageProvider) factory.getProviderFactory(MapStorageProvider.class);
this.store = sp.getStorage("roles", UUID.class, MapRoleEntity.class);
this.store = sp.getStorage("roles", UUID.class, MapRoleEntity.class, RoleModel.class);
}

View file

@ -0,0 +1,239 @@
/*
* Copyright 2021 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.models.map.storage;
import org.keycloak.models.map.storage.ModelCriteriaBuilder.Operator;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumMap;
import java.util.EnumSet;
import java.util.HashSet;
import java.util.Objects;
import java.util.Set;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
/**
*
* @author hmlnarik
*/
class CriteriaOperator {
private static final EnumMap<Operator, Function<Object[], Predicate<Object>>> OPERATORS = new EnumMap<>(Operator.class);
private static final Logger LOG = Logger.getLogger(CriteriaOperator.class.getSimpleName());
private static final Predicate<Object> ALWAYS_FALSE = o -> false;
static {
OPERATORS.put(Operator.EQ, CriteriaOperator::eq);
OPERATORS.put(Operator.NE, CriteriaOperator::ne);
OPERATORS.put(Operator.EXISTS, CriteriaOperator::exists);
OPERATORS.put(Operator.NOT_EXISTS, CriteriaOperator::notExists);
OPERATORS.put(Operator.LT, CriteriaOperator::lt);
OPERATORS.put(Operator.LE, CriteriaOperator::le);
OPERATORS.put(Operator.GT, CriteriaOperator::gt);
OPERATORS.put(Operator.GE, CriteriaOperator::ge);
OPERATORS.put(Operator.IN, CriteriaOperator::in);
OPERATORS.put(Operator.LIKE, CriteriaOperator::like);
OPERATORS.put(Operator.ILIKE, CriteriaOperator::ilike);
// Check that all operators are covered
EnumSet<Operator> s = EnumSet.allOf(Operator.class);
s.removeAll(OPERATORS.keySet());
if (! s.isEmpty()) {
throw new IllegalStateException("Some operators are not implemented: " + s);
}
}
/**
* Returns a predicate {@code P(x)} for comparing {@code value} and {@code x} as {@code x OP value}.
* <b>Implementation note:</b> Note that this may mean reverse logic to e.g. {@link Comparable#compareTo}.
* @param operator
* @param value
* @return
*/
public static Predicate<Object> predicateFor(Operator op, Object[] value) {
final Function<Object[], Predicate<Object>> funcToGetPredicate = OPERATORS.get(op);
if (funcToGetPredicate == null) {
throw new IllegalArgumentException("Unknown operator: " + op);
}
return funcToGetPredicate.apply(value);
}
private static Object getFirstArrayElement(Object[] value) throws IllegalStateException {
if (value == null || value.length != 1) {
throw new IllegalStateException("Invalid argument: " + Arrays.toString(value));
}
return value[0];
}
public static Predicate<Object> eq(Object[] value) {
Object value0 = getFirstArrayElement(value);
return new Predicate<Object>() {
@Override public boolean test(Object v) { return Objects.equals(v, value0); }
};
}
public static Predicate<Object> ne(Object[] value) {
Object value0 = getFirstArrayElement(value);
return new Predicate<Object>() {
@Override public boolean test(Object v) { return ! Objects.equals(v, value0); }
};
}
public static Predicate<Object> exists(Object[] value) {
if (value != null && value.length != 0) {
throw new IllegalStateException("Invalid argument: " + Arrays.toString(value));
}
return Objects::nonNull;
}
public static Predicate<Object> notExists(Object[] value) {
if (value != null && value.length != 0) {
throw new IllegalStateException("Invalid argument: " + Arrays.toString(value));
}
return Objects::isNull;
}
public static Predicate<Object> in(Object[] value) {
if (value == null || value.length == 0) {
return ALWAYS_FALSE;
}
final Collection<?> operand;
if (value.length == 1) {
final Object value0 = value[0];
if (value0 instanceof Collection) {
operand = (Collection) value0;
} else if (value0 instanceof Stream) {
try (Stream valueS = (Stream) value0) {
operand = (Set) valueS.collect(Collectors.toSet());
}
} else {
operand = Collections.singleton(value0);
}
} else {
operand = new HashSet(Arrays.asList(value));
}
return operand.isEmpty() ? ALWAYS_FALSE : new Predicate<Object>() {
@Override public boolean test(Object v) { return operand.contains(v); }
};
}
public static Predicate<Object> lt(Object[] value) {
return getComparisonPredicate(ComparisonPredicateImpl.Op.LT, value);
}
public static Predicate<Object> le(Object[] value) {
return getComparisonPredicate(ComparisonPredicateImpl.Op.LE, value);
}
public static Predicate<Object> gt(Object[] value) {
return getComparisonPredicate(ComparisonPredicateImpl.Op.GT, value);
}
public static Predicate<Object> ge(Object[] value) {
return getComparisonPredicate(ComparisonPredicateImpl.Op.GE, value);
}
private static Predicate<Object> getComparisonPredicate(ComparisonPredicateImpl.Op op, Object[] value) throws IllegalArgumentException {
Object value0 = getFirstArrayElement(value);
if (value0 instanceof Comparable) {
Comparable cValue = (Comparable) value0;
return new ComparisonPredicateImpl(op, cValue);
} else {
throw new IllegalArgumentException("Incomparable argument for comparison operation: " + value0);
}
}
public static Predicate<Object> like(Object[] value) {
Object value0 = getFirstArrayElement(value);
if (value0 instanceof String) {
String sValue = (String) value0;
boolean anyBeginning = sValue.startsWith("%");
boolean anyEnd = sValue.endsWith("%");
Pattern pValue = Pattern.compile(
(anyBeginning ? ".*" : "")
+ Pattern.quote(sValue.substring(anyBeginning ? 1 : 0, sValue.length() - (anyEnd ? 1 : 0)))
+ (anyEnd ? ".*" : ""),
Pattern.DOTALL
);
return o -> {
return o instanceof String && pValue.matcher((String) o).matches();
};
}
return ALWAYS_FALSE;
}
public static Predicate<Object> ilike(Object[] value) {
Object value0 = getFirstArrayElement(value);
if (value0 instanceof String) {
String sValue = (String) value0;
boolean anyBeginning = sValue.startsWith("%");
boolean anyEnd = sValue.endsWith("%");
Pattern pValue = Pattern.compile(
(anyBeginning ? ".*" : "")
+ Pattern.quote(sValue.substring(anyBeginning ? 1 : 0, sValue.length() - (anyEnd ? 1 : 0)))
+ (anyEnd ? ".*" : ""),
Pattern.CASE_INSENSITIVE + Pattern.DOTALL
);
return o -> {
return o instanceof String && pValue.matcher((String) o).matches();
};
}
return ALWAYS_FALSE;
}
private static class ComparisonPredicateImpl implements Predicate<Object> {
private static enum Op {
LT { @Override boolean isComparisonTrue(int compareToValue) { return compareToValue > 0; } },
LE { @Override boolean isComparisonTrue(int compareToValue) { return compareToValue >= 0; } },
GT { @Override boolean isComparisonTrue(int compareToValue) { return compareToValue < 0; } },
GE { @Override boolean isComparisonTrue(int compareToValue) { return compareToValue <= 0; } },
;
abstract boolean isComparisonTrue(int compareToValue);
}
private final Op op;
private final Comparable cValue;
public ComparisonPredicateImpl(Op op, Comparable cValue) {
this.op = op;
this.cValue = cValue;
}
@Override
public boolean test(Object o) {
try {
return o != null && op.isComparisonTrue(cValue.compareTo(o));
} catch (ClassCastException ex) {
LOG.log(Level.WARNING, "Incomparable argument type for comparison operation: {0}", cValue.getClass().getSimpleName());
return false;
}
}
}
}

View file

@ -0,0 +1,55 @@
/*
* Copyright 2021 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.models.map.storage;
import org.keycloak.models.map.storage.ModelCriteriaBuilder.Operator;
import org.keycloak.storage.SearchableModelField;
/**
*
* @author hmlnarik
*/
public class CriterionNotSupportedException extends RuntimeException {
private final SearchableModelField field;
private final Operator op;
public CriterionNotSupportedException(SearchableModelField field, Operator op) {
super("Criterion not supported: operator: " + op + ", field: " + field);
this.field = field;
this.op = op;
}
public CriterionNotSupportedException(SearchableModelField field, Operator op, String message) {
super(message);
this.field = field;
this.op = op;
}
public CriterionNotSupportedException(SearchableModelField field, Operator op, String message, Throwable cause) {
super(message, cause);
this.field = field;
this.op = op;
}
public SearchableModelField getField() {
return field;
}
public Operator getOp() {
return op;
}
}

View file

@ -0,0 +1,243 @@
/*
* Copyright 2021 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.models.map.storage;
import org.keycloak.models.ClientModel;
import org.keycloak.models.GroupModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.map.authSession.AbstractRootAuthenticationSessionEntity;
import org.keycloak.models.map.client.AbstractClientEntity;
import org.keycloak.models.map.common.AbstractEntity;
import org.keycloak.models.map.group.AbstractGroupEntity;
import org.keycloak.models.map.role.AbstractRoleEntity;
import org.keycloak.storage.SearchableModelField;
import java.util.HashMap;
import java.util.Map;
import org.keycloak.models.map.storage.MapModelCriteriaBuilder.UpdatePredicatesFunc;
import org.keycloak.models.map.storage.ModelCriteriaBuilder.Operator;
import org.keycloak.models.map.user.AbstractUserEntity;
import org.keycloak.models.map.user.UserConsentEntity;
import org.keycloak.sessions.RootAuthenticationSessionModel;
import org.keycloak.storage.StorageId;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import java.util.function.Function;
import java.util.function.Predicate;
/**
*
* @author hmlnarik
*/
public class MapFieldPredicates {
public static final Map<SearchableModelField<ClientModel>, UpdatePredicatesFunc<Object, AbstractClientEntity<Object>, ClientModel>> CLIENT_PREDICATES = basePredicates(ClientModel.SearchableFields.ID);
public static final Map<SearchableModelField<GroupModel>, UpdatePredicatesFunc<Object, AbstractGroupEntity<Object>, GroupModel>> GROUP_PREDICATES = basePredicates(GroupModel.SearchableFields.ID);
public static final Map<SearchableModelField<RoleModel>, UpdatePredicatesFunc<Object, AbstractRoleEntity<Object>, RoleModel>> ROLE_PREDICATES = basePredicates(RoleModel.SearchableFields.ID);
public static final Map<SearchableModelField<UserModel>, UpdatePredicatesFunc<Object, AbstractUserEntity<Object>, UserModel>> USER_PREDICATES = basePredicates(UserModel.SearchableFields.ID);
public static final Map<SearchableModelField<RootAuthenticationSessionModel>, UpdatePredicatesFunc<Object, AbstractRootAuthenticationSessionEntity<Object>, RootAuthenticationSessionModel>> AUTHENTICATION_SESSION_PREDICATES = basePredicates(RootAuthenticationSessionModel.SearchableFields.ID);
@SuppressWarnings("unchecked")
private static final Map<Class<?>, Map> PREDICATES = new HashMap<>();
static {
put(CLIENT_PREDICATES, ClientModel.SearchableFields.REALM_ID, AbstractClientEntity::getRealmId);
put(CLIENT_PREDICATES, ClientModel.SearchableFields.CLIENT_ID, AbstractClientEntity::getClientId);
put(GROUP_PREDICATES, GroupModel.SearchableFields.REALM_ID, AbstractGroupEntity::getRealmId);
put(GROUP_PREDICATES, GroupModel.SearchableFields.NAME, AbstractGroupEntity::getName);
put(GROUP_PREDICATES, GroupModel.SearchableFields.PARENT_ID, AbstractGroupEntity::getParentId);
put(GROUP_PREDICATES, GroupModel.SearchableFields.ASSIGNED_ROLE, MapFieldPredicates::checkGrantedGroupRole);
put(ROLE_PREDICATES, RoleModel.SearchableFields.REALM_ID, AbstractRoleEntity::getRealmId);
put(ROLE_PREDICATES, RoleModel.SearchableFields.CLIENT_ID, AbstractRoleEntity::getClientId);
put(ROLE_PREDICATES, RoleModel.SearchableFields.DESCRIPTION, AbstractRoleEntity::getDescription);
put(ROLE_PREDICATES, RoleModel.SearchableFields.NAME, AbstractRoleEntity::getName);
put(ROLE_PREDICATES, RoleModel.SearchableFields.IS_CLIENT_ROLE, AbstractRoleEntity::isClientRole);
put(ROLE_PREDICATES, RoleModel.SearchableFields.IS_COMPOSITE_ROLE, AbstractRoleEntity::isComposite);
put(USER_PREDICATES, UserModel.SearchableFields.REALM_ID, AbstractUserEntity::getRealmId);
put(USER_PREDICATES, UserModel.SearchableFields.USERNAME, AbstractUserEntity::getUsername);
put(USER_PREDICATES, UserModel.SearchableFields.FIRST_NAME, AbstractUserEntity::getFirstName);
put(USER_PREDICATES, UserModel.SearchableFields.LAST_NAME, AbstractUserEntity::getLastName);
put(USER_PREDICATES, UserModel.SearchableFields.EMAIL, AbstractUserEntity::getEmail);
put(USER_PREDICATES, UserModel.SearchableFields.ENABLED, AbstractUserEntity::isEnabled);
put(USER_PREDICATES, UserModel.SearchableFields.EMAIL_VERIFIED, AbstractUserEntity::isEmailVerified);
put(USER_PREDICATES, UserModel.SearchableFields.FEDERATION_LINK, AbstractUserEntity::getFederationLink);
put(USER_PREDICATES, UserModel.SearchableFields.ATTRIBUTE, MapFieldPredicates::checkUserAttributes);
put(USER_PREDICATES, UserModel.SearchableFields.IDP_AND_USER, MapFieldPredicates::getUserIdpAliasAtIdentityProviderPredicate);
put(USER_PREDICATES, UserModel.SearchableFields.ASSIGNED_ROLE, MapFieldPredicates::checkGrantedUserRole);
put(USER_PREDICATES, UserModel.SearchableFields.ASSIGNED_GROUP, MapFieldPredicates::checkUserGroup);
put(USER_PREDICATES, UserModel.SearchableFields.CONSENT_FOR_CLIENT, MapFieldPredicates::checkUserClientConsent);
put(USER_PREDICATES, UserModel.SearchableFields.CONSENT_WITH_CLIENT_SCOPE, MapFieldPredicates::checkUserConsentsWithClientScope);
put(USER_PREDICATES, UserModel.SearchableFields.CONSENT_CLIENT_FEDERATION_LINK, MapFieldPredicates::getUserConsentClientFederationLink);
put(USER_PREDICATES, UserModel.SearchableFields.SERVICE_ACCOUNT_CLIENT, AbstractUserEntity::getServiceAccountClientLink);
put(AUTHENTICATION_SESSION_PREDICATES, RootAuthenticationSessionModel.SearchableFields.REALM_ID, AbstractRootAuthenticationSessionEntity::getRealmId);
put(AUTHENTICATION_SESSION_PREDICATES, RootAuthenticationSessionModel.SearchableFields.TIMESTAMP, AbstractRootAuthenticationSessionEntity::getTimestamp);
}
static {
PREDICATES.put(ClientModel.class, CLIENT_PREDICATES);
PREDICATES.put(RoleModel.class, ROLE_PREDICATES);
PREDICATES.put(GroupModel.class, GROUP_PREDICATES);
PREDICATES.put(UserModel.class, USER_PREDICATES);
PREDICATES.put(RootAuthenticationSessionModel.class, AUTHENTICATION_SESSION_PREDICATES);
}
private static <K, V extends AbstractEntity<K>, M> void put(
Map<SearchableModelField<M>, UpdatePredicatesFunc<K, V, M>> map,
SearchableModelField<M> field, Function<V, Object> extractor) {
map.put(field, (mcb, op, values) -> mcb.fieldCompare(op, extractor, values));
}
private static <K, V extends AbstractEntity<K>, M> void put(
Map<SearchableModelField<M>, UpdatePredicatesFunc<K, V, M>> map,
SearchableModelField<M> field, UpdatePredicatesFunc<K, V, M> function) {
map.put(field, function);
}
private static String ensureEqSingleValue(SearchableModelField<?> field, String parameterName, Operator op, Object[] values) throws CriterionNotSupportedException {
if (op != Operator.EQ) {
throw new CriterionNotSupportedException(field, op);
}
if (values == null || values.length != 1) {
throw new CriterionNotSupportedException(field, op, "Invalid arguments, expected (" + parameterName + "), got: " + Arrays.toString(values));
}
final Object ob = values[0];
if (! (ob instanceof String)) {
throw new CriterionNotSupportedException(field, op, "Invalid arguments, expected (String role_id), got: " + Arrays.toString(values));
}
String s = (String) ob;
return s;
}
private static MapModelCriteriaBuilder<Object, AbstractGroupEntity<Object>, GroupModel> checkGrantedGroupRole(MapModelCriteriaBuilder<Object, AbstractGroupEntity<Object>, GroupModel> mcb, Operator op, Object[] values) {
String roleIdS = ensureEqSingleValue(GroupModel.SearchableFields.ASSIGNED_ROLE, "role_id", op, values);
Function<AbstractGroupEntity<Object>, ?> getter;
getter = ge -> ge.getGrantedRoles().contains(roleIdS);
return mcb.fieldCompare(Boolean.TRUE::equals, getter);
}
private static MapModelCriteriaBuilder<Object, AbstractUserEntity<Object>, UserModel> getUserConsentClientFederationLink(MapModelCriteriaBuilder<Object, AbstractUserEntity<Object>, UserModel> mcb, Operator op, Object[] values) {
String providerId = ensureEqSingleValue(UserModel.SearchableFields.CONSENT_CLIENT_FEDERATION_LINK, "provider_id", op, values);
String providerIdS = new StorageId((String) providerId, "").getId();
Function<AbstractUserEntity<Object>, ?> getter;
getter = ue -> ue.getUserConsents().map(UserConsentEntity::getClientId).anyMatch(v -> v != null && v.startsWith(providerIdS));
return mcb.fieldCompare(Boolean.TRUE::equals, getter);
}
private static MapModelCriteriaBuilder<Object, AbstractUserEntity<Object>, UserModel> checkUserAttributes(MapModelCriteriaBuilder<Object, AbstractUserEntity<Object>, UserModel> mcb, Operator op, Object[] values) {
if (values == null || values.length <= 1) {
throw new CriterionNotSupportedException(UserModel.SearchableFields.ATTRIBUTE, op, "Invalid arguments, expected (attribute_name, ...), got: " + Arrays.toString(values));
}
final Object attrName = values[0];
if (! (attrName instanceof String)) {
throw new CriterionNotSupportedException(UserModel.SearchableFields.ATTRIBUTE, op, "Invalid arguments, expected (String attribute_name), got: " + Arrays.toString(values));
}
String attrNameS = (String) attrName;
Function<AbstractUserEntity<Object>, ?> getter;
Object[] realValues = new Object[values.length - 1];
System.arraycopy(values, 1, realValues, 0, values.length - 1);
Predicate<Object> valueComparator = CriteriaOperator.predicateFor(op, realValues);
getter = ue -> {
final List<String> attrs = ue.getAttribute(attrNameS);
return attrs != null && attrs.stream().anyMatch(valueComparator);
};
return mcb.fieldCompare(Boolean.TRUE::equals, getter);
}
private static MapModelCriteriaBuilder<Object, AbstractUserEntity<Object>, UserModel> checkGrantedUserRole(MapModelCriteriaBuilder<Object, AbstractUserEntity<Object>, UserModel> mcb, Operator op, Object[] values) {
String roleIdS = ensureEqSingleValue(UserModel.SearchableFields.ASSIGNED_ROLE, "role_id", op, values);
Function<AbstractUserEntity<Object>, ?> getter;
getter = ue -> ue.getRolesMembership().contains(roleIdS);
return mcb.fieldCompare(Boolean.TRUE::equals, getter);
}
private static MapModelCriteriaBuilder<Object, AbstractUserEntity<Object>, UserModel> checkUserGroup(MapModelCriteriaBuilder<Object, AbstractUserEntity<Object>, UserModel> mcb, Operator op, Object[] values) {
Function<AbstractUserEntity<Object>, ?> getter;
if (op == Operator.IN && values != null && values.length == 1 && (values[0] instanceof Collection)) {
Collection<?> c = (Collection<?>) values[0];
getter = ue -> ue.getGroupsMembership().stream().anyMatch(c::contains);
} else {
String groupIdS = ensureEqSingleValue(UserModel.SearchableFields.ASSIGNED_GROUP, "group_id", op, values);
getter = ue -> ue.getGroupsMembership().contains(groupIdS);
}
return mcb.fieldCompare(Boolean.TRUE::equals, getter);
}
private static MapModelCriteriaBuilder<Object, AbstractUserEntity<Object>, UserModel> checkUserClientConsent(MapModelCriteriaBuilder<Object, AbstractUserEntity<Object>, UserModel> mcb, Operator op, Object[] values) {
String clientIdS = ensureEqSingleValue(UserModel.SearchableFields.CONSENT_FOR_CLIENT, "client_id", op, values);
Function<AbstractUserEntity<Object>, ?> getter;
getter = ue -> ue.getUserConsent(clientIdS);
return mcb.fieldCompare(Operator.EXISTS, getter, null);
}
private static MapModelCriteriaBuilder<Object, AbstractUserEntity<Object>, UserModel> checkUserConsentsWithClientScope(MapModelCriteriaBuilder<Object, AbstractUserEntity<Object>, UserModel> mcb, Operator op, Object[] values) {
String clientScopeIdS = ensureEqSingleValue(UserModel.SearchableFields.CONSENT_FOR_CLIENT, "client_scope_id", op, values);
Function<AbstractUserEntity<Object>, ?> getter;
getter = ue -> ue.getUserConsents().anyMatch(consent -> consent.getGrantedClientScopesIds().contains(clientScopeIdS));
return mcb.fieldCompare(Boolean.TRUE::equals, getter);
}
private static MapModelCriteriaBuilder<Object, AbstractUserEntity<Object>, UserModel> getUserIdpAliasAtIdentityProviderPredicate(MapModelCriteriaBuilder<Object, AbstractUserEntity<Object>, UserModel> mcb, Operator op, Object[] values) {
if (op != Operator.EQ) {
throw new CriterionNotSupportedException(UserModel.SearchableFields.IDP_AND_USER, op);
}
if (values == null || values.length == 0 || values.length > 2) {
throw new CriterionNotSupportedException(UserModel.SearchableFields.IDP_AND_USER, op, "Invalid arguments, expected (idp_alias) or (idp_alias, idp_user), got: " + Arrays.toString(values));
}
final Object idpAlias = values[0];
Function<AbstractUserEntity<Object>, ?> getter;
if (values.length == 1) {
getter = ue -> ue.getFederatedIdentities()
.anyMatch(aue -> Objects.equals(idpAlias, aue.getIdentityProvider()));
} else if (idpAlias == null) {
final Object idpUserId = values[1];
getter = ue -> ue.getFederatedIdentities()
.anyMatch(aue -> Objects.equals(idpUserId, aue.getUserId()));
} else {
final Object idpUserId = values[1];
getter = ue -> ue.getFederatedIdentities()
.anyMatch(aue -> Objects.equals(idpAlias, aue.getIdentityProvider()) && Objects.equals(idpUserId, aue.getUserId()));
}
return mcb.fieldCompare(Boolean.TRUE::equals, getter);
}
protected static <K, V extends AbstractEntity<K>, M> Map<SearchableModelField<M>, UpdatePredicatesFunc<K, V, M>> basePredicates(SearchableModelField<M> idField) {
Map<SearchableModelField<M>, UpdatePredicatesFunc<K, V, M>> fieldPredicates = new HashMap<>();
fieldPredicates.put(idField, (o, op, values) -> o.idCompare(op, values));
return fieldPredicates;
}
@SuppressWarnings("unchecked")
public static <K, V extends AbstractEntity<K>, M> Map<SearchableModelField<M>, UpdatePredicatesFunc<K, V, M>> getPredicates(Class<M> clazz) {
return PREDICATES.get(clazz);
}
}

View file

@ -18,58 +18,32 @@ package org.keycloak.models.map.storage;
import org.keycloak.models.KeycloakTransaction;
import org.keycloak.models.map.common.AbstractEntity;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Objects;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.jboss.logging.Logger;
public class MapKeycloakTransaction<K, V> implements KeycloakTransaction {
public class MapKeycloakTransaction<K, V extends AbstractEntity<K>, M> implements KeycloakTransaction {
private final static Logger log = Logger.getLogger(MapKeycloakTransaction.class);
private enum MapOperation {
CREATE {
@Override
protected <K, V> MapTaskWithValue<K, V> taskFor(K key, V value) {
return new MapTaskWithValue<K, V>(value) {
@Override public void execute(MapStorage<K, V> map) { map.create(key, getValue()); }
@Override public MapOperation getOperation() { return CREATE; }
};
}
},
UPDATE {
@Override
protected <K, V> MapTaskWithValue<K, V> taskFor(K key, V value) {
return new MapTaskWithValue<K, V>(value) {
@Override public void execute(MapStorage<K, V> map) { map.update(key, getValue()); }
@Override public MapOperation getOperation() { return UPDATE; }
};
}
},
DELETE {
@Override
protected <K, V> MapTaskWithValue<K, V> taskFor(K key, V value) {
return new MapTaskWithValue<K, V>(null) {
@Override public void execute(MapStorage<K, V> map) { map.delete(key); }
@Override public MapOperation getOperation() { return DELETE; }
};
}
},
;
protected abstract <K, V> MapTaskWithValue<K, V> taskFor(K key, V value);
CREATE, UPDATE, DELETE,
}
private boolean active;
private boolean rollback;
private final Map<K, MapTaskWithValue<K, V>> tasks = new LinkedHashMap<>();
private final MapStorage<K, V> map;
private final Map<K, MapTaskWithValue> tasks = new LinkedHashMap<>();
private final MapStorage<K, V, M> map;
public MapKeycloakTransaction(MapStorage<K, V> map) {
public MapKeycloakTransaction(MapStorage<K, V, M> map) {
this.map = map;
}
@ -86,8 +60,8 @@ public class MapKeycloakTransaction<K, V> implements KeycloakTransaction {
throw new RuntimeException("Rollback only!");
}
for (MapTaskWithValue<K, V> value : tasks.values()) {
value.execute(map);
for (MapTaskWithValue value : tasks.values()) {
value.execute();
}
}
@ -114,83 +88,175 @@ public class MapKeycloakTransaction<K, V> implements KeycloakTransaction {
/**
* Adds a given task if not exists for the given key
*/
private void addTask(MapOperation op, K key, V value) {
log.tracef("Adding operation %s for %s @ %08x", op, key, System.identityHashCode(value));
protected void addTask(K key, MapTaskWithValue task) {
log.tracef("Adding operation %s for %s @ %08x", task.getOperation(), key, System.identityHashCode(task.getValue()));
K taskKey = key;
tasks.merge(taskKey, op.taskFor(key, value), MapTaskCompose::new);
tasks.merge(taskKey, task, MapTaskCompose::new);
}
// This is for possibility to lookup for session by id, which was created in this transaction
public V read(K key, Function<K, V> defaultValueFunc) {
MapTaskWithValue<K, V> current = tasks.get(key);
if (current != null) {
return current.getValue();
}
return defaultValueFunc.apply(key);
public V read(K key) {
return read(key, map::read);
}
public V getUpdated(Map.Entry<K, V> keyDefaultValue) {
MapTaskWithValue<K, V> current = tasks.get(keyDefaultValue.getKey());
if (current != null) {
public V read(K key, Function<K, V> defaultValueFunc) {
MapTaskWithValue current = tasks.get(key);
// If the key exists, then it has entered the "tasks" after bulk delete that could have
// removed it, so looking through bulk deletes is irrelevant
if (tasks.containsKey(key)) {
return current.getValue();
}
return keyDefaultValue.getValue();
// If the key does not exist, then it would be read fresh from the storage, but then it
// could have been removed by some bulk delete in the existing tasks. Check it.
final V value = defaultValueFunc.apply(key);
for (MapTaskWithValue val : tasks.values()) {
if (val instanceof MapKeycloakTransaction.BulkDeleteOperation) {
final BulkDeleteOperation delOp = (BulkDeleteOperation) val;
if (! delOp.getFilterForNonDeletedObjects().test(value)) {
return null;
}
}
}
return value;
}
/**
* Returns the stream of records that match given criteria and includes changes made in this transaction, i.e.
* the result contains updates and excludes records that have been deleted in this transaction.
*
* Note that returned stream might not reflect on the bulk delete. This is known limitation that can be fixed if necessary.
*
* @param mcb
* @return
*/
public Stream<V> getUpdatedNotRemoved(ModelCriteriaBuilder<M> mcb) {
Predicate<? super V> filterOutAllBulkDeletedObjects = tasks.values().stream()
.filter(BulkDeleteOperation.class::isInstance)
.map(BulkDeleteOperation.class::cast)
.map(BulkDeleteOperation::getFilterForNonDeletedObjects)
.reduce(Predicate::and)
.orElse(v -> true);
Stream<V> updatedAndNotRemovedObjectsStream = this.map.read(mcb)
.filter(filterOutAllBulkDeletedObjects)
.map(this::getUpdated) // If the object has been removed, tx.get will return null, otherwise it will return me.getValue()
.filter(Objects::nonNull);
// In case of created values stored in MapKeycloakTransaction, we need filter those according to the filter
MapModelCriteriaBuilder<K, V, M> mapMcb = mcb.unwrap(MapModelCriteriaBuilder.class);
Stream<V> res = mapMcb == null
? updatedAndNotRemovedObjectsStream
: Stream.concat(
createdValuesStream(mapMcb.getKeyFilter(), mapMcb.getEntityFilter()),
updatedAndNotRemovedObjectsStream
);
return res;
}
/**
* Returns the stream of records that match given criteria and includes changes made in this transaction, i.e.
* the result contains updates and excludes records that have been deleted in this transaction.
*
* @param mcb
* @return
*/
public long getCount(ModelCriteriaBuilder<M> mcb) {
return getUpdatedNotRemoved(mcb).count();
}
/**
* Returns a updated version of the {@code orig} object as updated in this transaction.
* If the underlying store handles transactions on its own, this can return {@code orig} directly.
* @param orig
* @return The {@code orig} object as visible from this transaction, or {@code null} if the object has been removed.
*/
public V getUpdated(V orig) {
MapTaskWithValue current = orig == null ? null : tasks.get(orig.getId());
return current == null ? orig : current.getValue();
}
public void update(K key, V value) {
addTask(MapOperation.UPDATE, key, value);
addTask(key, new UpdateOperation(key, value));
}
public void create(K key, V value) {
addTask(MapOperation.CREATE, key, value);
addTask(key, new CreateOperation(key, value));
}
public void updateIfChanged(K key, V value, Predicate<V> shouldPut) {
log.tracef("Adding operation UPDATE_IF_CHANGED for %s @ %08x", key, System.identityHashCode(value));
K taskKey = key;
MapTaskWithValue<K, V> op = new MapTaskWithValue<K, V>(value) {
MapTaskWithValue op = new MapTaskWithValue(value) {
@Override
public void execute(MapStorage<K, V> map) {
public void execute() {
if (shouldPut.test(getValue())) {
map.update(key, getValue());
}
}
@Override public MapOperation getOperation() { return MapOperation.UPDATE; }
};
tasks.merge(taskKey, op, MapKeycloakTransaction::merge);
tasks.merge(taskKey, op, this::merge);
}
public void delete(K key) {
addTask(MapOperation.DELETE, key, null);
addTask(key, new DeleteOperation(key));
}
public Stream<V> valuesStream() {
return this.tasks.values().stream()
.map(MapTaskWithValue<K,V>::getValue)
.filter(Objects::nonNull);
/**
* Bulk removal of items.
*
* @param artificialKey Key to record the transaction with, must be a key that does not exist in this transaction to
* prevent collision with other operations in this transaction
* @param mcb
*/
public long delete(K artificialKey, ModelCriteriaBuilder<M> mcb) {
log.tracef("Adding operation DELETE_BULK");
// Remove all tasks that create / update / delete objects deleted by the bulk removal.
final BulkDeleteOperation bdo = new BulkDeleteOperation(mcb);
Predicate<V> filterForNonDeletedObjects = bdo.getFilterForNonDeletedObjects();
long res = 0;
for (Iterator<Entry<K, MapTaskWithValue>> it = tasks.entrySet().iterator(); it.hasNext();) {
Entry<K, MapTaskWithValue> me = it.next();
if (! filterForNonDeletedObjects.test(me.getValue().getValue())) {
log.tracef(" [DELETE_BULK] removing %s", me.getKey());
it.remove();
res++;
}
}
tasks.put(artificialKey, bdo);
return res + bdo.getCount();
}
public Stream<V> createdValuesStream() {
return this.tasks.values().stream()
private Stream<V> createdValuesStream(Predicate<? super K> keyFilter, Predicate<? super V> entityFilter) {
return this.tasks.entrySet().stream()
.filter(me -> keyFilter.test(me.getKey()))
.map(Map.Entry::getValue)
.filter(v -> v.containsCreate() && ! v.isReplace())
.map(MapTaskWithValue<K,V>::getValue)
.filter(Objects::nonNull);
.map(MapTaskWithValue::getValue)
.filter(Objects::nonNull)
.filter(entityFilter)
// make a snapshot
.collect(Collectors.toList()).stream();
}
private static <K, V> MapTaskWithValue<K, V> merge(MapTaskWithValue<K, V> oldValue, MapTaskWithValue<K, V> newValue) {
private MapTaskWithValue merge(MapTaskWithValue oldValue, MapTaskWithValue newValue) {
switch (newValue.getOperation()) {
case DELETE:
return oldValue.containsCreate() ? null : newValue;
default:
return new MapTaskCompose<>(oldValue, newValue);
return new MapTaskCompose(oldValue, newValue);
}
}
private static abstract class MapTaskWithValue<K, V> {
protected abstract class MapTaskWithValue {
protected final V value;
public MapTaskWithValue(V value) {
@ -214,24 +280,24 @@ public class MapKeycloakTransaction<K, V> implements KeycloakTransaction {
}
public abstract MapOperation getOperation();
public abstract void execute(MapStorage<K,V> map);
public abstract void execute();
}
private static class MapTaskCompose<K, V> extends MapTaskWithValue<K, V> {
private class MapTaskCompose extends MapTaskWithValue {
private final MapTaskWithValue<K, V> oldValue;
private final MapTaskWithValue<K, V> newValue;
private final MapTaskWithValue oldValue;
private final MapTaskWithValue newValue;
public MapTaskCompose(MapTaskWithValue<K, V> oldValue, MapTaskWithValue<K, V> newValue) {
public MapTaskCompose(MapTaskWithValue oldValue, MapTaskWithValue newValue) {
super(null);
this.oldValue = oldValue;
this.newValue = newValue;
}
@Override
public void execute(MapStorage<K, V> map) {
oldValue.execute(map);
newValue.execute(map);
public void execute() {
oldValue.execute();
newValue.execute();
}
@Override
@ -257,7 +323,81 @@ public class MapKeycloakTransaction<K, V> implements KeycloakTransaction {
@Override
public boolean isReplace() {
return (newValue.getOperation() == MapOperation.CREATE && oldValue.containsRemove()) ||
(oldValue instanceof MapTaskCompose && ((MapTaskCompose) oldValue).isReplace());
(oldValue instanceof MapKeycloakTransaction.MapTaskCompose && ((MapTaskCompose) oldValue).isReplace());
}
}
private class CreateOperation extends MapTaskWithValue {
private final K key;
public CreateOperation(K key, V value) {
super(value);
this.key = key;
}
@Override public void execute() { map.create(key, getValue()); }
@Override public MapOperation getOperation() { return MapOperation.CREATE; }
}
private class UpdateOperation extends MapTaskWithValue {
private final K key;
public UpdateOperation(K key, V value) {
super(value);
this.key = key;
}
@Override public void execute() { map.update(key, getValue()); }
@Override public MapOperation getOperation() { return MapOperation.UPDATE; }
}
private class DeleteOperation extends MapTaskWithValue {
private final K key;
public DeleteOperation(K key) {
super(null);
this.key = key;
}
@Override public void execute() { map.delete(key); }
@Override public MapOperation getOperation() { return MapOperation.DELETE; }
}
private class BulkDeleteOperation extends MapTaskWithValue {
private final ModelCriteriaBuilder<M> mcb;
public BulkDeleteOperation(ModelCriteriaBuilder<M> mcb) {
super(null);
this.mcb = mcb;
}
@Override
@SuppressWarnings("unchecked")
public void execute() {
map.delete(mcb);
}
public Predicate<V> getFilterForNonDeletedObjects() {
if (! (mcb instanceof MapModelCriteriaBuilder)) {
return t -> true;
}
@SuppressWarnings("unchecked")
final MapModelCriteriaBuilder<K, V, M> mmcb = (MapModelCriteriaBuilder<K, V, M>) mcb;
Predicate<? super V> entityFilter = mmcb.getEntityFilter();
Predicate<? super K> keyFilter = ((MapModelCriteriaBuilder) mcb).getKeyFilter();
return v -> v != null && ! (keyFilter.test(v.getId()) && entityFilter.test(v));
}
@Override
public MapOperation getOperation() {
return MapOperation.DELETE;
}
private long getCount() {
return map.getCount(mcb);
}
}
}

View file

@ -0,0 +1,142 @@
/*
* Copyright 2021 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.models.map.storage;
import org.keycloak.models.map.common.AbstractEntity;
import org.keycloak.storage.SearchableModelField;
import java.util.Map;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.stream.Stream;
/**
*
* @author hmlnarik
*/
public class MapModelCriteriaBuilder<K, V extends AbstractEntity<K>, M> implements ModelCriteriaBuilder<M> {
@FunctionalInterface
public static interface UpdatePredicatesFunc<K, V extends AbstractEntity<K>, M> {
MapModelCriteriaBuilder<K, V, M> apply(MapModelCriteriaBuilder<K, V, M> builder, Operator op, Object[] params);
}
private static final Predicate<Object> ALWAYS_TRUE = (e) -> true;
private static final Predicate<Object> ALWAYS_FALSE = (e) -> false;
private final Predicate<? super K> keyFilter;
private final Predicate<? super V> entityFilter;
private final Map<SearchableModelField<M>, UpdatePredicatesFunc<K, V, M>> fieldPredicates;
public MapModelCriteriaBuilder(Map<SearchableModelField<M>, UpdatePredicatesFunc<K, V, M>> fieldPredicates) {
this(fieldPredicates, ALWAYS_TRUE, ALWAYS_TRUE);
}
private MapModelCriteriaBuilder(Map<SearchableModelField<M>, UpdatePredicatesFunc<K, V, M>> fieldPredicates, Predicate<? super K> indexReadFilter, Predicate<? super V> sequentialReadFilter) {
this.fieldPredicates = fieldPredicates;
this.keyFilter = indexReadFilter;
this.entityFilter = sequentialReadFilter;
}
@Override
public MapModelCriteriaBuilder<K, V, M> compare(SearchableModelField<M> modelField, Operator op, Object... values) {
UpdatePredicatesFunc<K, V, M> method = fieldPredicates.get(modelField);
if (method == null) {
throw new IllegalArgumentException("Filter not implemented for field " + modelField);
}
return method.apply(this, op, values);
}
@SafeVarargs
@SuppressWarnings("unchecked")
@Override
public final MapModelCriteriaBuilder<K, V, M> and(ModelCriteriaBuilder<M>... builders) {
Predicate<? super K> resIndexFilter = Stream.of(builders).map(MapModelCriteriaBuilder.class::cast).map(MapModelCriteriaBuilder::getKeyFilter).reduce(keyFilter, Predicate::and);
Predicate<V> resEntityFilter = Stream.of(builders).map(MapModelCriteriaBuilder.class::cast).map(MapModelCriteriaBuilder::getEntityFilter).reduce(entityFilter, Predicate::and);
return new MapModelCriteriaBuilder<>(fieldPredicates, resIndexFilter, resEntityFilter);
}
@SafeVarargs
@SuppressWarnings("unchecked")
@Override
public final MapModelCriteriaBuilder<K, V, M> or(ModelCriteriaBuilder<M>... builders) {
Predicate<? super K> resIndexFilter = Stream.of(builders).map(MapModelCriteriaBuilder.class::cast).map(MapModelCriteriaBuilder::getKeyFilter).reduce(ALWAYS_FALSE, Predicate::or);
Predicate<V> resEntityFilter = Stream.of(builders).map(MapModelCriteriaBuilder.class::cast).map(MapModelCriteriaBuilder::getEntityFilter).reduce(ALWAYS_FALSE, Predicate::or);
return new MapModelCriteriaBuilder<>(
fieldPredicates,
v -> keyFilter.test(v) && resIndexFilter.test(v),
v -> entityFilter.test(v) && resEntityFilter.test(v)
);
}
@SuppressWarnings("unchecked")
@Override
public MapModelCriteriaBuilder<K, V, M> not(ModelCriteriaBuilder<M> builder) {
MapModelCriteriaBuilder<K, V, M> b = builder.unwrap(MapModelCriteriaBuilder.class);
if (b == null) {
throw new ClassCastException("Incompatible class: " + builder.getClass());
}
Predicate<? super K> resIndexFilter = b.getKeyFilter() == ALWAYS_TRUE ? ALWAYS_TRUE : b.getKeyFilter().negate();
Predicate<? super V> resEntityFilter = b.getEntityFilter() == ALWAYS_TRUE ? ALWAYS_TRUE : b.getEntityFilter().negate();
return new MapModelCriteriaBuilder<>(
fieldPredicates,
v -> keyFilter.test(v) && ! resIndexFilter.test(v),
v -> entityFilter.test(v) && ! resEntityFilter.test(v)
);
}
public Predicate<? super K> getKeyFilter() {
return keyFilter;
}
public Predicate<? super V> getEntityFilter() {
return entityFilter;
}
protected MapModelCriteriaBuilder<K, V, M> idCompare(Operator op, Object[] values) {
switch (op) {
case LT:
case LE:
case GT:
case GE:
case EQ:
case NE:
case EXISTS:
case NOT_EXISTS:
case IN:
return new MapModelCriteriaBuilder<>(fieldPredicates, this.keyFilter.and(CriteriaOperator.predicateFor(op, values)), this.entityFilter);
default:
throw new AssertionError("Invalid operator: " + op);
}
}
protected MapModelCriteriaBuilder<K, V, M> fieldCompare(Operator op, Function<V, ?> getter, Object[] values) {
Predicate<Object> valueComparator = CriteriaOperator.predicateFor(op, values);
return fieldCompare(valueComparator, getter);
}
protected MapModelCriteriaBuilder<K, V, M> fieldCompare(Predicate<Object> valueComparator, Function<V, ?> getter) {
final Predicate<? super V> resEntityFilter;
if (entityFilter == ALWAYS_FALSE) {
resEntityFilter = ALWAYS_FALSE;
} else {
final Predicate<V> p = v -> valueComparator.test(getter.apply(v));
resEntityFilter = p.and(entityFilter);
}
return new MapModelCriteriaBuilder<>(fieldPredicates, this.keyFilter, resEntityFilter);
}
}

View file

@ -16,29 +16,41 @@
*/
package org.keycloak.models.map.storage;
import java.util.Map;
import java.util.Set;
import org.keycloak.models.map.common.AbstractEntity;
import java.util.stream.Stream;
/**
* Implementation of this interface interacts with a persistence storage storing various entities, e.g. users, realms.
* It contains basic object CRUD operations as well as bulk {@link #read(org.keycloak.models.map.storage.ModelCriteriaBuilder)}
* and bulk {@link #delete(org.keycloak.models.map.storage.ModelCriteriaBuilder)} operations,
* and operation for determining the number of the objects satisfying given criteria
* ({@link #getCount(org.keycloak.models.map.storage.ModelCriteriaBuilder)}).
*
* @author hmlnarik
* @param <K> Type of the primary key. Various storages can
* @param <V> Type of the stored values that contains all the data stripped of session state. In other words, in the entities
* there are only IDs and mostly primitive types / {@code String}, never references to {@code *Model} instances.
* See the {@code Abstract*Entity} classes in this module.
* @param <M> Type of the {@code *Model} corresponding to the stored value, e.g. {@code UserModel}. This is used for
* filtering via model fields in {@link ModelCriteriaBuilder} which is necessary to abstract from physical
* layout and thus to support no-downtime upgrade.
*/
public interface MapStorage<K, V> {
public interface MapStorage<K, V extends AbstractEntity<K>, M> {
/**
* Creates an object in the store identified by given {@code key}.
* @param key Key of the object as seen in the logical level
* @param value Entity
* @return Reference to the entity created in the store
* @throws NullPointerException if object or its {@code id} is {@code null}
* @throws NullPointerException if object or its {@code key} is {@code null}
*/
V create(K key, V value);
/**
* Returns object with the given {@code key} from the storage or {@code null} if object does not exist.
* @param key Must not be {@code null}.
* @param key Key of the object. Must not be {@code null}.
* @return See description
* @throws NullPointerException if the {@code key} is {@code null}
*/
V read(K key);
@ -46,14 +58,30 @@ public interface MapStorage<K, V> {
* Returns stream of objects satisfying given {@code criteria} from the storage.
* The criteria are specified in the given criteria builder based on model properties.
*
* @param criteria
* @param criteria Criteria filtering out the object, originally obtained
* from {@link #createCriteriaBuilder()} method of this object.
* If {@code null}, it returns an empty stream.
* @return Stream of objects. Never returns {@code null}.
* @throws IllegalStateException If {@code criteria} is not compatible, i.e. has not been originally created
* by the {@link #createCriteriaBuilder()} method of this object.
*/
Stream<V> read(ModelCriteriaBuilder criteria);
Stream<V> read(ModelCriteriaBuilder<M> criteria);
/**
* Returns the number of objects satisfying given {@code criteria} from the storage.
* The criteria are specified in the given criteria builder based on model properties.
*
* @param criteria
* @return Number of objects. Never returns {@code null}.
* @throws IllegalStateException If {@code criteria} is not compatible, i.e. has not been originally created
* by the {@link #createCriteriaBuilder()} method of this object.
*/
long getCount(ModelCriteriaBuilder<M> criteria);
/**
* Updates the object with the given {@code id} in the storage if it already exists.
* @param id
* @param key Primary key of the object to update
* @param value Updated value
* @throws NullPointerException if object or its {@code id} is {@code null}
*/
V update(K key, V value);
@ -61,8 +89,19 @@ public interface MapStorage<K, V> {
/**
* Deletes object with the given {@code key} from the storage, if exists, no-op otherwise.
* @param key
* @return Returns {@code true} if the object has been deleted or result cannot be determined, {@code false} otherwise.
*/
V delete(K key);
boolean delete(K key);
/**
* Deletes objects that match the given criteria.
* @param criteria
* @return Number of removed objects (might return {@code -1} if not supported)
* @throws IllegalStateException If {@code criteria} is not compatible, i.e. has not been originally created
* by the {@link #createCriteriaBuilder()} method of this object.
*/
long delete(ModelCriteriaBuilder<M> criteria);
/**
* Returns criteria builder for the storage engine.
@ -77,9 +116,17 @@ public interface MapStorage<K, V> {
*
* @return See description
*/
ModelCriteriaBuilder createCriteriaBuilder();
ModelCriteriaBuilder<M> createCriteriaBuilder();
@Deprecated
Set<Map.Entry<K,V>> entrySet();
/**
* Creates a {@code MapKeycloakTransaction} object that tracks a new transaction related to this storage.
* In case of JPA or similar, the transaction object might be supplied by the container (via JTA) or
* shared same across storages accessing the same database within the same session; in other cases
* (e.g. plain map) a separate transaction handler might be created per each storage.
*
* @return See description.
*/
public MapKeycloakTransaction<K, V, M> createTransaction();
}

View file

@ -39,5 +39,5 @@ public interface MapStorageProvider extends Provider, ProviderFactory<MapStorage
* @param flags
* @return
*/
<K, V extends AbstractEntity<K>> MapStorage<K, V> getStorage(String name, Class<K> keyType, Class<V> valueType, Flag... flags);
<K, V extends AbstractEntity<K>, M> MapStorage<K, V, M> getStorage(String name, Class<K> keyType, Class<V> valueType, Class<M> modelType, Flag... flags);
}

View file

@ -51,7 +51,7 @@ import org.keycloak.storage.SearchableModelField;
*
* @author hmlnarik
*/
public interface ModelCriteriaBuilder {
public interface ModelCriteriaBuilder<M> {
/**
* The operators are very basic ones for this use case. In the real scenario,
@ -94,8 +94,15 @@ public interface ModelCriteriaBuilder {
* </ul>
*/
ILIKE,
/** Operator for belonging into a set of values */
IN
/**
* Operator for belonging into a collection of values. Operand in {@code value}
* can be an array (via an implicit conversion of the vararg), a {@link Collection} or a {@link Stream}.
*/
IN,
/** Is not null */
EXISTS,
/** Is null */
NOT_EXISTS,
}
/**
@ -108,8 +115,9 @@ public interface ModelCriteriaBuilder {
* @param op Operator
* @param value Additional operands of the operator.
* @return
* @throws CriterionNotSupported If the operator is not supported for the given field.
*/
ModelCriteriaBuilder compare(SearchableModelField modelField, Operator op, Object... value);
ModelCriteriaBuilder<M> compare(SearchableModelField<M> modelField, Operator op, Object... value);
/**
* Creates and returns a new instance of {@code ModelCriteriaBuilder} that
@ -126,8 +134,9 @@ public interface ModelCriteriaBuilder {
* );
* </pre>
*
* @throws CriterionNotSupported If the operator is not supported for the given field.
*/
ModelCriteriaBuilder and(ModelCriteriaBuilder... builders);
ModelCriteriaBuilder<M> and(ModelCriteriaBuilder<M>... builders);
/**
* Creates and returns a new instance of {@code ModelCriteriaBuilder} that
@ -143,8 +152,10 @@ public interface ModelCriteriaBuilder {
* cb.compare(FIELD1, EQ, 3).compare(FIELD2, EQ, 4)
* );
* </pre>
*
* @throws CriterionNotSupported If the operator is not supported for the given field.
*/
ModelCriteriaBuilder or(ModelCriteriaBuilder... builders);
ModelCriteriaBuilder<M> or(ModelCriteriaBuilder<M>... builders);
/**
* Creates and returns a new instance of {@code ModelCriteriaBuilder} that
@ -155,21 +166,21 @@ public interface ModelCriteriaBuilder {
*
* @param builder
* @return
* @throws CriterionNotSupported If the operator is not supported for the given field.
*/
ModelCriteriaBuilder not(ModelCriteriaBuilder builder);
ModelCriteriaBuilder<M> not(ModelCriteriaBuilder<M> builder);
/**
* Returns this object cast to the given class.
* Returns this object cast to the given class, or {@code null} if the class cannot be cast to that {@code clazz}.
* @param <T>
* @param clazz
* @return
* @throws ClassCastException When this instance cannot be converted to the given {@code clazz}.
*/
default <T extends ModelCriteriaBuilder> T unwrap(Class<T> clazz) {
if (clazz.isInstance(this)) {
return clazz.cast(this);
} else {
throw new ClassCastException("Incompatible class: " + clazz);
return null;
}
}

View file

@ -0,0 +1,132 @@
/*
* Copyright 2020 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.models.map.storage.chm;
import org.keycloak.models.map.storage.MapModelCriteriaBuilder;
import org.keycloak.models.map.common.AbstractEntity;
import org.keycloak.models.map.storage.MapFieldPredicates;
import org.keycloak.models.map.storage.MapKeycloakTransaction;
import org.keycloak.models.map.storage.MapStorage;
import org.keycloak.models.map.storage.ModelCriteriaBuilder;
import org.keycloak.storage.SearchableModelField;
import java.util.Map;
import java.util.Map.Entry;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.stream.Stream;
import org.keycloak.models.map.storage.MapModelCriteriaBuilder.UpdatePredicatesFunc;
import java.util.Iterator;
import java.util.Objects;
import java.util.function.Predicate;
/**
*
* @author hmlnarik
*/
public class ConcurrentHashMapStorage<K, V extends AbstractEntity<K>, M> implements MapStorage<K, V, M> {
private final ConcurrentMap<K, V> store = new ConcurrentHashMap<>();
private final Map<SearchableModelField<M>, UpdatePredicatesFunc<K, V, M>> fieldPredicates;
@SuppressWarnings("unchecked")
public ConcurrentHashMapStorage(Class<M> modelClass) {
this.fieldPredicates = MapFieldPredicates.getPredicates(modelClass);
}
@Override
public V create(K key, V value) {
return store.putIfAbsent(key, value);
}
@Override
public V read(K key) {
Objects.requireNonNull(key, "Key must be non-null");
return store.get(key);
}
@Override
public V update(K key, V value) {
return store.replace(key, value);
}
@Override
public boolean delete(K key) {
return store.remove(key) != null;
}
@Override
public long delete(ModelCriteriaBuilder<M> criteria) {
long res;
if (criteria == null) {
res = store.size();
store.clear();
return res;
}
MapModelCriteriaBuilder<K, V, M> b = criteria.unwrap(MapModelCriteriaBuilder.class);
if (b == null) {
throw new IllegalStateException("Incompatible class: " + criteria.getClass());
}
Predicate<? super K> keyFilter = b.getKeyFilter();
Predicate<? super V> entityFilter = b.getEntityFilter();
res = 0;
for (Iterator<Entry<K, V>> iterator = store.entrySet().iterator(); iterator.hasNext();) {
Entry<K, V> next = iterator.next();
if (keyFilter.test(next.getKey()) && entityFilter.test(next.getValue())) {
res++;
iterator.remove();
}
}
return res;
}
@Override
public ModelCriteriaBuilder<M> createCriteriaBuilder() {
return new MapModelCriteriaBuilder<>(fieldPredicates);
}
@Override
public MapKeycloakTransaction<K, V, M> createTransaction() {
return new MapKeycloakTransaction<>(this);
}
@Override
public Stream<V> read(ModelCriteriaBuilder<M> criteria) {
if (criteria == null) {
return Stream.empty();
}
Stream<Entry<K, V>> stream = store.entrySet().stream();
MapModelCriteriaBuilder<K, V, M> b = criteria.unwrap(MapModelCriteriaBuilder.class);
if (b == null) {
throw new IllegalStateException("Incompatible class: " + criteria.getClass());
}
Predicate<? super K> keyFilter = b.getKeyFilter();
Predicate<? super V> entityFilter = b.getEntityFilter();
stream = stream.filter(me -> keyFilter.test(me.getKey()) && entityFilter.test(me.getValue()));
return stream.map(Map.Entry::getValue);
}
@Override
public long getCount(ModelCriteriaBuilder<M> criteria) {
return read(criteria).count();
}
}

View file

@ -14,28 +14,23 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.models.map.storage;
package org.keycloak.models.map.storage.chm;
import org.keycloak.Config.Scope;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.map.common.AbstractEntity;
import org.keycloak.models.map.common.Serialization;
import org.keycloak.storage.SearchableModelField;
import com.fasterxml.jackson.databind.JavaType;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.util.EnumSet;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.function.Predicate;
import java.util.stream.Stream;
import org.jboss.logging.Logger;
import org.keycloak.models.map.storage.MapStorageProvider;
import org.keycloak.models.map.storage.ModelCriteriaBuilder;
/**
*
@ -43,123 +38,11 @@ import org.jboss.logging.Logger;
*/
public class ConcurrentHashMapStorageProvider implements MapStorageProvider {
public static class ConcurrentHashMapStorage<K, V> implements MapStorage<K, V> {
private final ConcurrentMap<K, V> store = new ConcurrentHashMap<>();
@Override
public V create(K key, V value) {
return store.putIfAbsent(key, value);
}
@Override
public V read(K key) {
return store.get(key);
}
@Override
public V update(K key, V value) {
return store.replace(key, value);
}
@Override
public V delete(K key) {
return store.remove(key);
}
@Override
public ModelCriteriaBuilder createCriteriaBuilder() {
return new MapModelCriteriaBuilder(null);
}
@Override
public Set<Entry<K, V>> entrySet() {
return store.entrySet();
}
@Override
public Stream<V> read(ModelCriteriaBuilder criteria) {
throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
}
}
private static class MapModelCriteriaBuilder<M> implements ModelCriteriaBuilder {
@FunctionalInterface
public interface TriConsumer<A extends MapModelCriteriaBuilder<?>,B,C> { A apply(A a, B b, C c); }
private static final Predicate<Object> ALWAYS_TRUE = e -> true;
private static final Predicate<Object> ALWAYS_FALSE = e -> false;
private final Predicate<? super String> indexFilter;
private final Predicate<? super M> modelFilter;
private final Map<String, TriConsumer<MapModelCriteriaBuilder<M>, Operator, Object>> fieldPredicates;
public MapModelCriteriaBuilder(Map<String, TriConsumer<MapModelCriteriaBuilder<M>, Operator, Object>> fieldPredicates) {
this(fieldPredicates, ALWAYS_TRUE, ALWAYS_TRUE);
}
private MapModelCriteriaBuilder(Map<String, TriConsumer<MapModelCriteriaBuilder<M>, Operator, Object>> fieldPredicates,
Predicate<? super String> indexReadFilter, Predicate<? super M> sequentialReadFilter) {
this.fieldPredicates = fieldPredicates;
this.indexFilter = indexReadFilter;
this.modelFilter = sequentialReadFilter;
}
@Override
public ModelCriteriaBuilder compare(SearchableModelField modelField, Operator op, Object... value) {
throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
}
@Override
public MapModelCriteriaBuilder<M> and(ModelCriteriaBuilder... builders) {
Predicate<? super String> resIndexFilter = Stream.of(builders)
.map(MapModelCriteriaBuilder.class::cast)
.map(MapModelCriteriaBuilder::getIndexFilter)
.reduce(ALWAYS_TRUE, (p1, p2) -> p1.and(p2));
Predicate<? super M> resModelFilter = Stream.of(builders)
.map(MapModelCriteriaBuilder.class::cast)
.map(MapModelCriteriaBuilder::getModelFilter)
.reduce(ALWAYS_TRUE, (p1, p2) -> p1.and(p2));
return new MapModelCriteriaBuilder<>(fieldPredicates, resIndexFilter, resModelFilter);
}
@Override
public MapModelCriteriaBuilder<M> or(ModelCriteriaBuilder... builders) {
Predicate<? super String> resIndexFilter = Stream.of(builders)
.map(MapModelCriteriaBuilder.class::cast)
.map(MapModelCriteriaBuilder::getIndexFilter)
.reduce(ALWAYS_FALSE, (p1, p2) -> p1.or(p2));
Predicate<? super M> resModelFilter = Stream.of(builders)
.map(MapModelCriteriaBuilder.class::cast)
.map(MapModelCriteriaBuilder::getModelFilter)
.reduce(ALWAYS_FALSE, (p1, p2) -> p1.or(p2));
return new MapModelCriteriaBuilder<>(fieldPredicates, resIndexFilter, resModelFilter);
}
@Override
public MapModelCriteriaBuilder<M> not(ModelCriteriaBuilder builder) {
MapModelCriteriaBuilder b = builder.unwrap(MapModelCriteriaBuilder.class);
Predicate<? super String> resIndexFilter = b.getIndexFilter() == ALWAYS_TRUE ? ALWAYS_TRUE : b.getIndexFilter().negate();
Predicate<? super M> resModelFilter = b.getModelFilter() == ALWAYS_TRUE ? ALWAYS_TRUE : b.getModelFilter().negate();
return new MapModelCriteriaBuilder<>(fieldPredicates, resIndexFilter, resModelFilter);
}
public Predicate<? super String> getIndexFilter() {
return indexFilter;
}
public Predicate<? super M> getModelFilter() {
return modelFilter;
}
}
private static final String PROVIDER_ID = "concurrenthashmap";
public static final String PROVIDER_ID = "concurrenthashmap";
private static final Logger LOG = Logger.getLogger(ConcurrentHashMapStorageProvider.class);
private final ConcurrentHashMap<String, ConcurrentHashMapStorage<?,?>> storages = new ConcurrentHashMap<>();
private final ConcurrentHashMap<String, ConcurrentHashMapStorage<?,?,?>> storages = new ConcurrentHashMap<>();
private File storageDirectory;
@ -189,13 +72,15 @@ public class ConcurrentHashMapStorageProvider implements MapStorageProvider {
storages.forEach(this::storeMap);
}
private void storeMap(String fileName, ConcurrentHashMapStorage<?, ?> store) {
private void storeMap(String fileName, ConcurrentHashMapStorage<?, ?, ?> store) {
if (fileName != null) {
File f = getFile(fileName);
try {
if (storageDirectory != null && storageDirectory.exists()) {
LOG.debugf("Storing contents to %s", f.getCanonicalPath());
Serialization.MAPPER.writeValue(f, store.entrySet().stream().map(Map.Entry::getValue));
@SuppressWarnings("unchecked")
final ModelCriteriaBuilder readAllCriteria = store.createCriteriaBuilder();
Serialization.MAPPER.writeValue(f, store.read(readAllCriteria));
} else {
LOG.debugf("Not storing contents of %s because directory %s does not exist", fileName, this.storageDirectory);
}
@ -205,8 +90,9 @@ public class ConcurrentHashMapStorageProvider implements MapStorageProvider {
}
}
private <K, V extends AbstractEntity<K>> ConcurrentHashMapStorage<K, V> loadMap(String fileName, Class<V> valueType, EnumSet<Flag> flags) {
ConcurrentHashMapStorage<K, V> store = new ConcurrentHashMapStorage<>();
private <K, V extends AbstractEntity<K>, M> ConcurrentHashMapStorage<K, V, M> loadMap(String fileName,
Class<V> valueType, Class<M> modelType, EnumSet<Flag> flags) {
ConcurrentHashMapStorage<K, V, M> store = new ConcurrentHashMapStorage<>(modelType);
if (! flags.contains(Flag.INITIALIZE_EMPTY)) {
final File f = getFile(fileName);
@ -233,9 +119,10 @@ public class ConcurrentHashMapStorageProvider implements MapStorageProvider {
@Override
@SuppressWarnings("unchecked")
public <K, V extends AbstractEntity<K>> ConcurrentHashMapStorage<K, V> getStorage(String name, Class<K> keyType, Class<V> valueType, Flag... flags) {
public <K, V extends AbstractEntity<K>, M> ConcurrentHashMapStorage<K, V, M> getStorage(String name,
Class<K> keyType, Class<V> valueType, Class<M> modelType, Flag... flags) {
EnumSet<Flag> f = flags == null || flags.length == 0 ? EnumSet.noneOf(Flag.class) : EnumSet.of(flags[0], flags);
return (ConcurrentHashMapStorage<K, V>) storages.computeIfAbsent(name, n -> loadMap(name, valueType, f));
return (ConcurrentHashMapStorage<K, V, M>) storages.computeIfAbsent(name, n -> loadMap(name, valueType, modelType, f));
}
private File getFile(String fileName) {

View file

@ -17,9 +17,9 @@
package org.keycloak.models.map.user;
import org.apache.commons.lang.StringUtils;
import org.jboss.logging.Logger;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.store.ResourceStore;
import org.keycloak.common.util.Time;
import org.keycloak.component.ComponentModel;
@ -39,17 +39,19 @@ import org.keycloak.models.RequiredActionProviderModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserConsentModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserModel.SearchableFields;
import org.keycloak.models.UserProvider;
import org.keycloak.models.map.common.Serialization;
import org.keycloak.models.map.storage.MapKeycloakTransaction;
import org.keycloak.models.map.storage.MapStorage;
import org.keycloak.models.map.storage.ModelCriteriaBuilder;
import org.keycloak.models.map.storage.ModelCriteriaBuilder.Operator;
import org.keycloak.storage.StorageId;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.client.ClientStorageProvider;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
@ -75,13 +77,13 @@ public class MapUserProvider implements UserProvider.Streams, UserCredentialStor
private static final Logger LOG = Logger.getLogger(MapUserProvider.class);
private static final Predicate<MapUserEntity> ALWAYS_FALSE = c -> { return false; };
private final KeycloakSession session;
final MapKeycloakTransaction<UUID, MapUserEntity> tx;
private final MapStorage<UUID, MapUserEntity> userStore;
final MapKeycloakTransaction<UUID, MapUserEntity, UserModel> tx;
private final MapStorage<UUID, MapUserEntity, UserModel> userStore;
public MapUserProvider(KeycloakSession session, MapStorage<UUID, MapUserEntity> store) {
public MapUserProvider(KeycloakSession session, MapStorage<UUID, MapUserEntity, UserModel> store) {
this.session = session;
this.userStore = store;
this.tx = new MapKeycloakTransaction<>(userStore);
this.tx = userStore.createTransaction();
session.getTransactionManager().enlist(tx);
}
@ -134,7 +136,7 @@ public class MapUserProvider implements UserProvider.Streams, UserCredentialStor
}
private Optional<MapUserEntity> getEntityById(RealmModel realm, UUID id) {
MapUserEntity mapUserEntity = tx.read(id, userStore::read);
MapUserEntity mapUserEntity = tx.read(id);
if (mapUserEntity != null && entityRealmFilter(realm).test(mapUserEntity)) {
return Optional.of(mapUserEntity);
}
@ -146,18 +148,6 @@ public class MapUserProvider implements UserProvider.Streams, UserCredentialStor
return getEntityById(realm, id).map(this::registerEntityForChanges);
}
private Stream<MapUserEntity> getNotRemovedUpdatedUsersStream() {
Stream<MapUserEntity> updatedAndNotRemovedUsersStream = userStore.entrySet().stream()
.map(tx::getUpdated) // If the group has been removed, tx.read will return null, otherwise it will return me.getValue()
.filter(Objects::nonNull);
return Stream.concat(tx.createdValuesStream(), updatedAndNotRemovedUsersStream);
}
private Stream<MapUserEntity> getUnsortedUserEntitiesStream(RealmModel realm) {
return getNotRemovedUpdatedUsersStream()
.filter(entityRealmFilter(realm));
}
@Override
public void addFederatedIdentity(RealmModel realm, UserModel user, FederatedIdentityModel socialLink) {
if (user == null || user.getId() == null) {
@ -182,7 +172,11 @@ public class MapUserProvider implements UserProvider.Streams, UserCredentialStor
public void preRemove(RealmModel realm, IdentityProviderModel provider) {
String socialProvider = provider.getAlias();
LOG.tracef("preRemove[RealmModel realm, IdentityProviderModel provider](%s, %s)%s", realm, socialProvider, getShortStackTrace());
getUnsortedUserEntitiesStream(realm)
ModelCriteriaBuilder<UserModel> mcb = userStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.IDP_AND_USER, Operator.EQ, socialProvider);
tx.getUpdatedNotRemoved(mcb)
.map(this::registerEntityForChanges)
.forEach(userEntity -> userEntity.removeFederatedIdentity(socialProvider));
}
@ -214,9 +208,11 @@ public class MapUserProvider implements UserProvider.Streams, UserCredentialStor
@Override
public UserModel getUserByFederatedIdentity(RealmModel realm, FederatedIdentityModel socialLink) {
LOG.tracef("getUserByFederatedIdentity(%s, %s)%s", realm, socialLink, getShortStackTrace());
return getUnsortedUserEntitiesStream(realm)
.filter(userEntity -> Objects.nonNull(userEntity.getFederatedIdentity(socialLink.getIdentityProvider())))
.filter(userEntity -> Objects.equals(userEntity.getFederatedIdentity(socialLink.getIdentityProvider()).getUserId(), socialLink.getUserId()))
ModelCriteriaBuilder<UserModel> mcb = userStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.IDP_AND_USER, Operator.EQ, socialLink.getIdentityProvider(), socialLink.getUserId());
return tx.getUpdatedNotRemoved(mcb)
.collect(Collectors.collectingAndThen(
Collectors.toList(),
list -> {
@ -301,8 +297,11 @@ public class MapUserProvider implements UserProvider.Streams, UserCredentialStor
@Override
public UserModel getServiceAccount(ClientModel client) {
LOG.tracef("getServiceAccount(%s)%s", client.getId(), getShortStackTrace());
return getUnsortedUserEntitiesStream(client.getRealm())
.filter(userEntity -> Objects.equals(userEntity.getServiceAccountClientLink(), client.getId()))
ModelCriteriaBuilder<UserModel> mcb = userStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, client.getRealm().getId())
.compare(SearchableFields.SERVICE_ACCOUNT_CLIENT, Operator.EQ, client.getId());
return tx.getUpdatedNotRemoved(mcb)
.collect(Collectors.collectingAndThen(
Collectors.toList(),
list -> {
@ -321,14 +320,17 @@ public class MapUserProvider implements UserProvider.Streams, UserCredentialStor
@Override
public UserModel addUser(RealmModel realm, String id, String username, boolean addDefaultRoles, boolean addDefaultRequiredActions) {
LOG.tracef("addUser(%s, %s, %s, %s, %s)%s", realm, id, username, addDefaultRoles, addDefaultRequiredActions, getShortStackTrace());
if (getUnsortedUserEntitiesStream(realm)
.anyMatch(userEntity -> Objects.equals(userEntity.getUsername(), username))) {
ModelCriteriaBuilder<UserModel> mcb = userStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.USERNAME, Operator.EQ, username);
if (tx.getCount(mcb) > 0) {
throw new ModelDuplicateException("User with username '" + username + "' in realm " + realm.getName() + " already exists" );
}
final UUID entityId = id == null ? UUID.randomUUID() : UUID.fromString(id);
if (tx.read(entityId, userStore::read) != null) {
if (tx.read(entityId) != null) {
throw new ModelDuplicateException("User exists: " + entityId);
}
@ -360,57 +362,75 @@ public class MapUserProvider implements UserProvider.Streams, UserCredentialStor
@Override
public void preRemove(RealmModel realm) {
LOG.tracef("preRemove[RealmModel](%s)%s", realm, getShortStackTrace());
getUnsortedUserEntitiesStream(realm)
.map(MapUserEntity::getId)
.forEach(tx::delete);
ModelCriteriaBuilder<UserModel> mcb = userStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId());
tx.delete(UUID.randomUUID(), mcb);
}
@Override
public void removeImportedUsers(RealmModel realm, String storageProviderId) {
LOG.tracef("removeImportedUsers(%s, %s)%s", realm, storageProviderId, getShortStackTrace());
getUnsortedUserEntitiesStream(realm)
.filter(userEntity -> Objects.equals(userEntity.getFederationLink(), storageProviderId))
.map(MapUserEntity::getId)
.forEach(tx::delete);
ModelCriteriaBuilder<UserModel> mcb = userStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.FEDERATION_LINK, Operator.EQ, storageProviderId);
tx.delete(UUID.randomUUID(), mcb);
}
@Override
public void unlinkUsers(RealmModel realm, String storageProviderId) {
LOG.tracef("unlinkUsers(%s, %s)%s", realm, storageProviderId, getShortStackTrace());
getUnsortedUserEntitiesStream(realm)
.filter(userEntity -> Objects.equals(userEntity.getFederationLink(), storageProviderId))
.map(this::registerEntityForChanges)
.forEach(userEntity -> userEntity.setFederationLink(null));
ModelCriteriaBuilder<UserModel> mcb = userStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.FEDERATION_LINK, Operator.EQ, storageProviderId);
try (Stream<MapUserEntity> s = tx.getUpdatedNotRemoved(mcb)) {
s.map(this::registerEntityForChanges)
.forEach(userEntity -> userEntity.setFederationLink(null));
}
}
@Override
public void preRemove(RealmModel realm, RoleModel role) {
String roleId = role.getId();
LOG.tracef("preRemove[RoleModel](%s, %s)%s", realm, roleId, getShortStackTrace());
getUnsortedUserEntitiesStream(realm)
.filter(userEntity -> userEntity.getRolesMembership().contains(roleId))
.map(this::registerEntityForChanges)
.forEach(userEntity -> userEntity.removeRolesMembership(roleId));
ModelCriteriaBuilder<UserModel> mcb = userStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.ASSIGNED_ROLE, Operator.EQ, roleId);
try (Stream<MapUserEntity> s = tx.getUpdatedNotRemoved(mcb)) {
s.map(this::registerEntityForChanges)
.forEach(userEntity -> userEntity.removeRolesMembership(roleId));
}
}
@Override
public void preRemove(RealmModel realm, GroupModel group) {
String groupId = group.getId();
LOG.tracef("preRemove[GroupModel](%s, %s)%s", realm, groupId, getShortStackTrace());
getUnsortedUserEntitiesStream(realm)
.filter(userEntity -> userEntity.getGroupsMembership().contains(groupId))
.map(this::registerEntityForChanges)
.forEach(userEntity -> userEntity.removeGroupsMembership(groupId));
ModelCriteriaBuilder<UserModel> mcb = userStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.ASSIGNED_GROUP, Operator.EQ, groupId);
try (Stream<MapUserEntity> s = tx.getUpdatedNotRemoved(mcb)) {
s.map(this::registerEntityForChanges)
.forEach(userEntity -> userEntity.removeGroupsMembership(groupId));
}
}
@Override
public void preRemove(RealmModel realm, ClientModel client) {
String clientId = client.getId();
LOG.tracef("preRemove[ClientModel](%s, %s)%s", realm, clientId, getShortStackTrace());
getUnsortedUserEntitiesStream(realm)
.filter(userEntity -> Objects.nonNull(userEntity.getUserConsent(clientId)))
.map(this::registerEntityForChanges)
.forEach(userEntity -> userEntity.removeUserConsent(clientId));
ModelCriteriaBuilder<UserModel> mcb = userStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.CONSENT_FOR_CLIENT, Operator.EQ, clientId);
try (Stream<MapUserEntity> s = tx.getUpdatedNotRemoved(mcb)) {
s.map(this::registerEntityForChanges)
.forEach(userEntity -> userEntity.removeUserConsent(clientId));
}
}
@Override
@ -423,10 +443,14 @@ public class MapUserProvider implements UserProvider.Streams, UserCredentialStor
String clientScopeId = clientScope.getId();
LOG.tracef("preRemove[ClientScopeModel](%s)%s", clientScopeId, getShortStackTrace());
getUnsortedUserEntitiesStream(clientScope.getRealm())
.map(this::registerEntityForChanges)
.flatMap(AbstractUserEntity::getUserConsents)
.forEach(consent -> consent.removeGrantedClientScopesIds(clientScopeId));
ModelCriteriaBuilder<UserModel> mcb = userStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, clientScope.getRealm().getId())
.compare(SearchableFields.CONSENT_WITH_CLIENT_SCOPE, Operator.EQ, clientScopeId);
try (Stream<MapUserEntity> s = tx.getUpdatedNotRemoved(mcb)) {
s.flatMap(AbstractUserEntity::getUserConsents)
.forEach(consent -> consent.removeGrantedClientScopesIds(clientScopeId));
}
}
@Override
@ -437,23 +461,27 @@ public class MapUserProvider implements UserProvider.Streams, UserCredentialStor
removeImportedUsers(realm, componentId);
}
if (component.getProviderType().equals(ClientStorageProvider.class.getName())) {
getUnsortedUserEntitiesStream(realm)
.forEach(removeConsentsForExternalClient(componentId));
ModelCriteriaBuilder<UserModel> mcb = userStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.CONSENT_CLIENT_FEDERATION_LINK, Operator.EQ, componentId);
try (Stream<MapUserEntity> s = tx.getUpdatedNotRemoved(mcb)) {
String providerIdS = new StorageId(componentId, "").getId();
s.forEach(removeConsentsForExternalClient(providerIdS));
}
}
}
private Consumer<MapUserEntity> removeConsentsForExternalClient(String componentId) {
private Consumer<MapUserEntity> removeConsentsForExternalClient(String idPrefix) {
return userEntity -> {
List<UserConsentEntity> consentModels = userEntity.getUserConsents()
.filter(consent ->
Objects.equals(new StorageId(consent.getClientId()).getProviderId(), componentId))
.collect(Collectors.toList());
List<String> consentClientIds = userEntity.getUserConsents()
.map(UserConsentEntity::getClientId)
.filter(clientId -> clientId != null && clientId.startsWith(idPrefix))
.collect(Collectors.toList());
if (consentModels.size() > 0) {
if (! consentClientIds.isEmpty()) {
userEntity = registerEntityForChanges(userEntity);
for (UserConsentEntity consentEntity : consentModels) {
userEntity.removeUserConsent(consentEntity.getClientId());
}
consentClientIds.forEach(userEntity::removeUserConsent);
}
};
}
@ -462,9 +490,13 @@ public class MapUserProvider implements UserProvider.Streams, UserCredentialStor
public void grantToAllUsers(RealmModel realm, RoleModel role) {
String roleId = role.getId();
LOG.tracef("grantToAllUsers(%s, %s)%s", realm, roleId, getShortStackTrace());
getUnsortedUserEntitiesStream(realm)
.map(this::registerEntityForChanges)
.forEach(entity -> entity.addRolesMembership(roleId));
ModelCriteriaBuilder<UserModel> mcb = userStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId());
try (Stream<MapUserEntity> s = tx.getUpdatedNotRemoved(mcb)) {
s.map(this::registerEntityForChanges)
.forEach(entity -> entity.addRolesMembership(roleId));
}
}
@Override
@ -476,20 +508,26 @@ public class MapUserProvider implements UserProvider.Streams, UserCredentialStor
@Override
public UserModel getUserByUsername(RealmModel realm, String username) {
if (username == null) return null;
final String usernameLowercase = username.toLowerCase();
LOG.tracef("getUserByUsername(%s, %s)%s", realm, username, getShortStackTrace());
return getUnsortedUserEntitiesStream(realm)
.filter(userEntity -> Objects.equals(userEntity.getUsername(), usernameLowercase))
.findFirst()
.map(entityToAdapterFunc(realm)).orElse(null);
ModelCriteriaBuilder<UserModel> mcb = userStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.USERNAME, Operator.ILIKE, username);
try (Stream<MapUserEntity> s = tx.getUpdatedNotRemoved(mcb)) {
return s.findFirst()
.map(entityToAdapterFunc(realm)).orElse(null);
}
}
@Override
public UserModel getUserByEmail(RealmModel realm, String email) {
LOG.tracef("getUserByEmail(%s, %s)%s", realm, email, getShortStackTrace());
List<MapUserEntity> usersWithEmail = getUnsortedUserEntitiesStream(realm)
.filter(userEntity -> Objects.equals(userEntity.getEmail(), email.toLowerCase()))
ModelCriteriaBuilder<UserModel> mcb = userStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.EMAIL, Operator.EQ, email);
List<MapUserEntity> usersWithEmail = tx.getUpdatedNotRemoved(mcb)
.filter(userEntity -> Objects.equals(userEntity.getEmail(), email))
.collect(Collectors.toList());
if (usersWithEmail.isEmpty()) return null;
@ -524,26 +562,29 @@ public class MapUserProvider implements UserProvider.Streams, UserCredentialStor
@Override
public int getUsersCount(RealmModel realm, boolean includeServiceAccount) {
LOG.tracef("getUsersCount(%s, %s)%s", realm, includeServiceAccount, getShortStackTrace());
Stream<MapUserEntity> unsortedUserEntitiesStream = getUnsortedUserEntitiesStream(realm);
ModelCriteriaBuilder<UserModel> mcb = userStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId());
if (!includeServiceAccount) {
unsortedUserEntitiesStream = unsortedUserEntitiesStream
.filter(userEntity -> Objects.isNull(userEntity.getServiceAccountClientLink()));
if (! includeServiceAccount) {
mcb = mcb.compare(SearchableFields.SERVICE_ACCOUNT_CLIENT, Operator.NOT_EXISTS);
}
return (int) unsortedUserEntitiesStream.count();
return (int) tx.getCount(mcb);
}
@Override
public Stream<UserModel> getUsersStream(RealmModel realm, Integer firstResult, Integer maxResults, boolean includeServiceAccounts) {
LOG.tracef("getUsersStream(%s, %d, %d, %s)%s", realm, firstResult, maxResults, includeServiceAccounts, getShortStackTrace());
Stream<MapUserEntity> usersStream = getUnsortedUserEntitiesStream(realm);
if (!includeServiceAccounts) {
usersStream = usersStream.filter(userEntity -> Objects.isNull(userEntity.getServiceAccountClientLink()));
ModelCriteriaBuilder<UserModel> mcb = userStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId());
if (! includeServiceAccounts) {
mcb = mcb.compare(SearchableFields.SERVICE_ACCOUNT_CLIENT, Operator.NOT_EXISTS);
}
return paginatedStream(usersStream.sorted(MapUserEntity.COMPARE_BY_USERNAME), firstResult, maxResults)
.map(entityToAdapterFunc(realm));
return paginatedStream(tx.getUpdatedNotRemoved(mcb)
.sorted(MapUserEntity.COMPARE_BY_USERNAME), firstResult, maxResults)
.map(entityToAdapterFunc(realm));
}
@Override
@ -564,11 +605,12 @@ public class MapUserProvider implements UserProvider.Streams, UserCredentialStor
@Override
public Stream<UserModel> searchForUserStream(RealmModel realm, Map<String, String> attributes, Integer firstResult, Integer maxResults) {
LOG.tracef("searchForUserStream(%s, %s, %d, %d)%s", realm, attributes, firstResult, maxResults, getShortStackTrace());
/* Find all predicates based on attributes map */
List<Predicate<MapUserEntity>> predicatesList = new ArrayList<>();
if (!session.getAttributeOrDefault(UserModel.INCLUDE_SERVICE_ACCOUNT, true)) {
predicatesList.add(userEntity -> Objects.isNull(userEntity.getServiceAccountClientLink()));
ModelCriteriaBuilder<UserModel> mcb = userStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId());
if (! session.getAttributeOrDefault(UserModel.INCLUDE_SERVICE_ACCOUNT, true)) {
mcb = mcb.compare(SearchableFields.SERVICE_ACCOUNT_CLIENT, Operator.NOT_EXISTS);
}
final boolean exactSearch = Boolean.parseBoolean(attributes.getOrDefault(UserModel.EXACT, Boolean.FALSE.toString()));
@ -579,81 +621,86 @@ public class MapUserProvider implements UserProvider.Streams, UserCredentialStor
if (value == null) {
continue;
}
value = value.trim();
final String searchedString = value.toLowerCase();
Function<Function<MapUserEntity, String>, Predicate<MapUserEntity>> containsOrExactPredicate =
func -> {
return userEntity -> testContainsOrExact(func.apply(userEntity), searchedString, exactSearch);
};
final String searchedString = exactSearch ? value : ("%" + value + "%");
switch (key) {
case UserModel.SEARCH:
List<Predicate<MapUserEntity>> orPredicates = new ArrayList<>();
orPredicates.add(userEntity -> StringUtils.containsIgnoreCase(userEntity.getUsername(), searchedString));
orPredicates.add(userEntity -> StringUtils.containsIgnoreCase(userEntity.getEmail(), searchedString));
orPredicates.add(userEntity -> StringUtils.containsIgnoreCase(concatFirstNameLastName(userEntity), searchedString));
predicatesList.add(orPredicates.stream().reduce(Predicate::or).orElse(t -> false));
for (String stringToSearch : value.trim().split("\\s+")) {
if (value.isEmpty()) {
continue;
}
final String s = exactSearch ? stringToSearch : ("%" + stringToSearch + "%");
mcb = mcb.or(
userStore.createCriteriaBuilder().compare(SearchableFields.USERNAME, Operator.ILIKE, s),
userStore.createCriteriaBuilder().compare(SearchableFields.EMAIL, Operator.ILIKE, s),
userStore.createCriteriaBuilder().compare(SearchableFields.FIRST_NAME, Operator.ILIKE, s),
userStore.createCriteriaBuilder().compare(SearchableFields.LAST_NAME, Operator.ILIKE, s)
);
}
break;
case USERNAME:
predicatesList.add(containsOrExactPredicate.apply(MapUserEntity::getUsername));
mcb = mcb.compare(SearchableFields.USERNAME, Operator.ILIKE, searchedString);
break;
case FIRST_NAME:
predicatesList.add(containsOrExactPredicate.apply(MapUserEntity::getFirstName));
mcb = mcb.compare(SearchableFields.FIRST_NAME, Operator.ILIKE, searchedString);
break;
case LAST_NAME:
predicatesList.add(containsOrExactPredicate.apply(MapUserEntity::getLastName));
mcb = mcb.compare(SearchableFields.LAST_NAME, Operator.ILIKE, searchedString);
break;
case EMAIL:
predicatesList.add(containsOrExactPredicate.apply(MapUserEntity::getEmail));
mcb = mcb.compare(SearchableFields.EMAIL, Operator.ILIKE, searchedString);
break;
case EMAIL_VERIFIED: {
boolean booleanValue = Boolean.parseBoolean(searchedString);
predicatesList.add(userEntity -> Objects.equals(userEntity.isEmailVerified(), booleanValue));
boolean booleanValue = Boolean.parseBoolean(value);
mcb = mcb.compare(SearchableFields.EMAIL_VERIFIED, Operator.EQ, booleanValue);
break;
}
case UserModel.ENABLED: {
boolean booleanValue = Boolean.parseBoolean(searchedString);
predicatesList.add(userEntity -> Objects.equals(userEntity.isEnabled(), booleanValue));
boolean booleanValue = Boolean.parseBoolean(value);
mcb = mcb.compare(SearchableFields.ENABLED, Operator.EQ, booleanValue);
break;
}
case UserModel.IDP_ALIAS: {
predicatesList.add(mapUserEntity -> Objects.nonNull(mapUserEntity.getFederatedIdentity(value)));
if (! attributes.containsKey(UserModel.IDP_USER_ID)) {
mcb = mcb.compare(SearchableFields.IDP_AND_USER, Operator.EQ, value);
}
break;
}
case UserModel.IDP_USER_ID: {
predicatesList.add(mapUserEntity -> mapUserEntity.getFederatedIdentities()
.anyMatch(idp -> Objects.equals(idp.getUserId(), value)));
mcb = mcb.compare(SearchableFields.IDP_AND_USER, Operator.EQ, attributes.get(UserModel.IDP_ALIAS), value);
break;
}
}
}
// Only return those results that the current user is authorized to view,
// i.e. there is an intersection of groups with view permission of the current
// user (passed in via UserModel.GROUPS attribute), the groups for the returned
// users, and the respective group resource available from the authorization provider
@SuppressWarnings("unchecked")
Set<String> userGroups = (Set<String>) session.getAttribute(UserModel.GROUPS);
if (userGroups != null && userGroups.size() > 0) {
final ResourceStore resourceStore = session.getProvider(AuthorizationProvider.class).getStoreFactory()
.getResourceStore();
final Predicate<String> resourceByGroupIdExists = id -> resourceStore
.findByResourceServer(Collections.singletonMap("name", new String[] { "group.resource." + id }),
null, 0, 1).size() == 1;
if (userGroups != null) {
if (userGroups.isEmpty()) {
return Stream.empty();
}
predicatesList.add(userEntity -> {
return userEntity.getGroupsMembership()
.stream()
.filter(userGroups::contains)
.anyMatch(resourceByGroupIdExists);
final ResourceStore resourceStore = session.getProvider(AuthorizationProvider.class).getStoreFactory().getResourceStore();
HashSet<String> authorizedGroups = new HashSet<>(userGroups);
authorizedGroups.removeIf(id -> {
Map<String, String[]> values = new HashMap<>();
values.put(Resource.EXACT_NAME, new String[] { "true" });
values.put("name", new String[] { "group.resource." + id });
return resourceStore.findByResourceServer(values, null, 0, 1).isEmpty();
});
mcb = mcb.compare(SearchableFields.ASSIGNED_GROUP, Operator.IN, authorizedGroups);
}
// Prepare resulting predicate
Predicate<MapUserEntity> resultingPredicate = predicatesList.stream()
.reduce(Predicate::and) // Combine all predicates with and
.orElse(t -> true); // If there is no predicate in predicatesList, return all users
Stream<MapUserEntity> usersStream = getUnsortedUserEntitiesStream(realm) // Get stream of all users in the realm
.filter(resultingPredicate) // Apply all predicates to userStream
Stream<MapUserEntity> usersStream = tx.getUpdatedNotRemoved(mcb)
.sorted(AbstractUserEntity.COMPARE_BY_USERNAME); // Sort before paginating
return paginatedStream(usersStream, firstResult, maxResults) // paginate if necessary
@ -661,45 +708,27 @@ public class MapUserProvider implements UserProvider.Streams, UserCredentialStor
.filter(Objects::nonNull);
}
private String concatFirstNameLastName(MapUserEntity entity) {
StringBuilder stringBuilder = new StringBuilder();
if (entity.getFirstName() != null) {
stringBuilder.append(entity.getFirstName());
}
stringBuilder.append(" ");
if (entity.getLastName() != null) {
stringBuilder.append(entity.getLastName());
}
return stringBuilder.toString();
}
private boolean testContainsOrExact(String testedString, String searchedString, boolean exactMatch) {
if (exactMatch) {
return StringUtils.equalsIgnoreCase(testedString, searchedString);
} else {
return StringUtils.containsIgnoreCase(testedString, searchedString);
}
}
@Override
public Stream<UserModel> getGroupMembersStream(RealmModel realm, GroupModel group, Integer firstResult, Integer maxResults) {
LOG.tracef("getGroupMembersStream(%s, %s, %d, %d)%s", realm, group.getId(), firstResult, maxResults, getShortStackTrace());
return paginatedStream(getUnsortedUserEntitiesStream(realm)
.filter(userEntity -> userEntity.getGroupsMembership().contains(group.getId()))
.sorted(MapUserEntity.COMPARE_BY_USERNAME), firstResult, maxResults)
ModelCriteriaBuilder<UserModel> mcb = userStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.ASSIGNED_GROUP, Operator.EQ, group.getId());
return paginatedStream(tx.getUpdatedNotRemoved(mcb).sorted(MapUserEntity.COMPARE_BY_USERNAME), firstResult, maxResults)
.map(entityToAdapterFunc(realm));
}
@Override
public Stream<UserModel> searchForUserByUserAttributeStream(RealmModel realm, String attrName, String attrValue) {
LOG.tracef("searchForUserByUserAttributeStream(%s, %s, %s)%s", realm, attrName, attrValue, getShortStackTrace());
return getUnsortedUserEntitiesStream(realm)
.filter(userEntity -> userEntity.getAttribute(attrName).contains(attrValue))
.map(entityToAdapterFunc(realm))
.sorted(UserModel.COMPARE_BY_USERNAME);
ModelCriteriaBuilder<UserModel> mcb = userStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.ATTRIBUTE, Operator.EQ, attrName, attrValue);
return tx.getUpdatedNotRemoved(mcb)
.sorted(MapUserEntity.COMPARE_BY_USERNAME)
.map(entityToAdapterFunc(realm));
}
@Override
@ -722,8 +751,11 @@ public class MapUserProvider implements UserProvider.Streams, UserCredentialStor
@Override
public Stream<UserModel> getRoleMembersStream(RealmModel realm, RoleModel role, Integer firstResult, Integer maxResults) {
LOG.tracef("getRoleMembersStream(%s, %s, %d, %d)%s", realm, role, firstResult, maxResults, getShortStackTrace());
return paginatedStream(getUnsortedUserEntitiesStream(realm)
.filter(entity -> entity.getRolesMembership().contains(role.getId()))
ModelCriteriaBuilder<UserModel> mcb = userStore.createCriteriaBuilder()
.compare(SearchableFields.REALM_ID, Operator.EQ, realm.getId())
.compare(SearchableFields.ASSIGNED_ROLE, Operator.EQ, role.getId());
return paginatedStream(tx.getUpdatedNotRemoved(mcb)
.sorted(MapUserEntity.COMPARE_BY_USERNAME), firstResult, maxResults)
.map(entityToAdapterFunc(realm));
}

View file

@ -19,6 +19,7 @@ package org.keycloak.models.map.user;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserProvider;
import org.keycloak.models.UserProviderFactory;
import org.keycloak.models.map.common.AbstractMapProviderFactory;
@ -33,12 +34,12 @@ import java.util.UUID;
*/
public class MapUserProviderFactory extends AbstractMapProviderFactory<UserProvider> implements UserProviderFactory {
private MapStorage<UUID, MapUserEntity> store;
private MapStorage<UUID, MapUserEntity, UserModel> store;
@Override
public void postInit(KeycloakSessionFactory factory) {
MapStorageProvider sp = (MapStorageProvider) factory.getProviderFactory(MapStorageProvider.class);
this.store = sp.getStorage("users", UUID.class, MapUserEntity.class);
this.store = sp.getStorage("users", UUID.class, MapUserEntity.class, UserModel.class);
}

View file

@ -23,6 +23,7 @@ import java.util.Set;
import org.keycloak.common.util.ObjectUtil;
import org.keycloak.provider.ProviderEvent;
import org.keycloak.provider.ProviderEventManager;
import org.keycloak.storage.SearchableModelField;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@ -36,6 +37,12 @@ public interface ClientModel extends ClientScopeModel, RoleContainerModel, Prot
String PUBLIC_KEY = "publicKey";
String X509CERTIFICATE = "X509Certificate";
public static class SearchableFields {
public static final SearchableModelField<ClientModel> ID = new SearchableModelField<>("id", String.class);
public static final SearchableModelField<ClientModel> REALM_ID = new SearchableModelField<>("realmId", String.class);
public static final SearchableModelField<ClientModel> CLIENT_ID = new SearchableModelField<>("clientId", String.class);
}
interface ClientCreationEvent extends ProviderEvent {
ClientModel getCreatedClient();
}

View file

@ -19,6 +19,7 @@ package org.keycloak.models;
import org.keycloak.provider.ProviderEvent;
import org.keycloak.storage.SearchableModelField;
import java.util.Comparator;
import java.util.List;
import java.util.Map;
@ -31,6 +32,20 @@ import java.util.stream.Stream;
* @version $Revision: 1 $
*/
public interface GroupModel extends RoleMapperModel {
public static class SearchableFields {
public static final SearchableModelField<GroupModel> ID = new SearchableModelField<>("id", String.class);
public static final SearchableModelField<GroupModel> REALM_ID = new SearchableModelField<>("realmId", String.class);
/** Parent group ID */
public static final SearchableModelField<GroupModel> PARENT_ID = new SearchableModelField<>("parentGroupId", String.class);
public static final SearchableModelField<GroupModel> NAME = new SearchableModelField<>("name", String.class);
/**
* Field for comparison with roles granted to this group.
* A role can be checked for belonging only via EQ operator. Role is referred by their ID
*/
public static final SearchableModelField<GroupModel> ASSIGNED_ROLE = new SearchableModelField<>("assignedRole", String.class);
}
interface GroupRemovedEvent extends ProviderEvent {
RealmModel getRealm();
GroupModel getGroup();

View file

@ -17,6 +17,7 @@
package org.keycloak.models;
import org.keycloak.storage.SearchableModelField;
import java.util.List;
import java.util.Map;
import java.util.Set;
@ -28,6 +29,18 @@ import java.util.stream.Stream;
* @version $Revision: 1 $
*/
public interface RoleModel {
public static class SearchableFields {
public static final SearchableModelField<RoleModel> ID = new SearchableModelField<>("id", String.class);
public static final SearchableModelField<RoleModel> REALM_ID = new SearchableModelField<>("realmId", String.class);
/** If client role, ID of the client (not the clientId) */
public static final SearchableModelField<RoleModel> CLIENT_ID = new SearchableModelField<>("clientId", String.class);
public static final SearchableModelField<RoleModel> NAME = new SearchableModelField<>("name", String.class);
public static final SearchableModelField<RoleModel> DESCRIPTION = new SearchableModelField<>("description", String.class);
public static final SearchableModelField<RoleModel> IS_CLIENT_ROLE = new SearchableModelField<>("isClientRole", Boolean.class);
public static final SearchableModelField<RoleModel> IS_COMPOSITE_ROLE = new SearchableModelField<>("isCompositeRole", Boolean.class);
}
String getName();
String getDescription();

View file

@ -19,6 +19,7 @@ package org.keycloak.models;
import org.keycloak.provider.ProviderEvent;
import org.keycloak.storage.SearchableModelField;
import java.util.Comparator;
import java.util.LinkedHashSet;
import java.util.List;
@ -48,6 +49,50 @@ public interface UserModel extends RoleMapperModel {
Comparator<UserModel> COMPARE_BY_USERNAME = Comparator.comparing(UserModel::getUsername, String.CASE_INSENSITIVE_ORDER);
public static class SearchableFields {
public static final SearchableModelField<UserModel> ID = new SearchableModelField<>("id", String.class);
public static final SearchableModelField<UserModel> REALM_ID = new SearchableModelField<>("realmId", String.class);
public static final SearchableModelField<UserModel> USERNAME = new SearchableModelField<>("username", String.class);
public static final SearchableModelField<UserModel> FIRST_NAME = new SearchableModelField<>("firstName", String.class);
public static final SearchableModelField<UserModel> LAST_NAME = new SearchableModelField<>("lastName", String.class);
public static final SearchableModelField<UserModel> EMAIL = new SearchableModelField<>("email", String.class);
public static final SearchableModelField<UserModel> ENABLED = new SearchableModelField<>("enabled", Boolean.class);
public static final SearchableModelField<UserModel> EMAIL_VERIFIED = new SearchableModelField<>("emailVerified", Boolean.class);
public static final SearchableModelField<UserModel> FEDERATION_LINK = new SearchableModelField<>("federationLink", String.class);
/**
* This field can only searched either for users coming from an IDP, then the operand is (idp_alias),
* or as user coming from a particular IDP with given username there, then the operand is a pair (idp_alias, idp_user_id).
* It is also possible to search regardless of {@code idp_alias}, then the pair is {@code (null, idp_user_id)}.
*/
public static final SearchableModelField<UserModel> IDP_AND_USER = new SearchableModelField<>("idpAlias:idpUserId", String.class);
public static final SearchableModelField<UserModel> ASSIGNED_ROLE = new SearchableModelField<>("assignedRole", String.class);
public static final SearchableModelField<UserModel> ASSIGNED_GROUP = new SearchableModelField<>("assignedGroup", String.class);
/**
* Search for users that have consent set for a particular client.
*/
public static final SearchableModelField<UserModel> CONSENT_FOR_CLIENT = new SearchableModelField<>("clientConsent", String.class);
/**
* Search for users that have consent set for a particular client that originates in the given client provider.
*/
public static final SearchableModelField<UserModel> CONSENT_CLIENT_FEDERATION_LINK = new SearchableModelField<>("clientConsentFederationLink", String.class);
/**
* Search for users that have consent that has given client scope.
*/
public static final SearchableModelField<UserModel> CONSENT_WITH_CLIENT_SCOPE = new SearchableModelField<>("consentWithClientScope", String.class);
/**
* ID of the client corresponding to the service account
*/
public static final SearchableModelField<UserModel> SERVICE_ACCOUNT_CLIENT = new SearchableModelField<>("serviceAccountClientId", String.class);
/**
* Search for attribute value. The parameters is a pair {@code (attribute_name, values...)} where {@code attribute_name}
* is always checked for equality, and the value (which can be any numbert of values, none for operators like EXISTS
* or potentially many for e.g. IN) is checked per the operator.
*/
public static final SearchableModelField<UserModel> ATTRIBUTE = new SearchableModelField<>("attribute", String[].class);
}
interface UserRemovedEvent extends ProviderEvent {
RealmModel getRealm();
UserModel getUser();

View file

@ -21,6 +21,7 @@ import java.util.Map;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.storage.SearchableModelField;
/**
* Represents usually one browser session with potentially many browser tabs. Every browser tab is represented by
@ -30,6 +31,12 @@ import org.keycloak.models.RealmModel;
*/
public interface RootAuthenticationSessionModel {
public static class SearchableFields {
public static final SearchableModelField<RootAuthenticationSessionModel> ID = new SearchableModelField<>("id", String.class);
public static final SearchableModelField<RootAuthenticationSessionModel> REALM_ID = new SearchableModelField<>("realmId", String.class);
public static final SearchableModelField<RootAuthenticationSessionModel> TIMESTAMP = new SearchableModelField<>("timestamp", Long.class);
}
/**
* Returns id of the root authentication session.
* @return {@code String}

View file

@ -16,6 +16,8 @@
*/
package org.keycloak.storage;
import java.util.Objects;
/**
*
* @author hmlnarik
@ -37,4 +39,34 @@ public class SearchableModelField<M> {
public Class<?> getFieldType() {
return fieldClass;
}
@Override
public int hashCode() {
int hash = 5;
hash = 83 * hash + Objects.hashCode(this.name);
return hash;
}
@Override
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (getClass() != obj.getClass()) {
return false;
}
final SearchableModelField<?> other = (SearchableModelField<?>) obj;
if ( ! Objects.equals(this.name, other.name)) {
return false;
}
return true;
}
@Override
public String toString() {
return "SearchableModelField " + name + " @ " + getClass().getTypeParameters()[0].getTypeName();
}
}