libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

[KEYCLOAK-10407] - Avoiding redundant calls on identity.getid

Browse source
This commit is contained in:
Pedro Igor 2019-05-28 10:23:37 -03:00 committed by Stian Thorgersen
parent 80187b54ff
commit 9fd7ab81f0
2 changed files with 42 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
services/src/main/java/org/keycloak/authorization/admin/PolicyEvaluationService.java
View file

@ -236,6 +236,10 @@ public class PolicyEvaluationService {
UserSessionModel userSession = null;
if (subject != null) {
UserModel userModel = keycloakSession.users().getUserById(subject, realm);
if (userModel == null) {
userModel = keycloakSession.users().getUserByUsername(subject, realm);
}
if (userModel != null) {
String clientId = representation.getClientId();
@ -280,7 +284,6 @@ public class PolicyEvaluationService {
accessToken.audience(client.getId());
accessToken.issuer(Urls.realmIssuer(keycloakSession.getContext().getUri().getBaseUri(), realm.getName()));
accessToken.setRealmAccess(new AccessToken.Access());
}
if (representation.getRoleIds() != null && !representation.getRoleIds().isEmpty()) {

57
services/src/main/java/org/keycloak/authorization/common/KeycloakIdentity.java
View file

@ -55,6 +55,8 @@ public class KeycloakIdentity implements Identity {
protected final RealmModel realm;
protected final KeycloakSession keycloakSession;
protected final Attributes attributes;
private final boolean resourceServer;
private final String id;
public KeycloakIdentity(KeycloakSession keycloakSession) {
this(Tokens.getAccessToken(keycloakSession), keycloakSession);
@ -137,6 +139,23 @@ public class KeycloakIdentity implements Identity {
if (resourceAccess != null) {
resourceAccess.forEach((clientId, access) -> attributes.put("kc.client." + clientId + ".roles", access.getRoles()));
}
ClientModel clientModel = getTargetClient();
UserModel clientUser = null;
if (clientModel != null) {
clientUser = this.keycloakSession.users().getServiceAccount(clientModel);
}
UserModel userSession = getUserFromSessionState();
this.resourceServer = clientUser != null && userSession.getId().equals(clientUser.getId());
if (resourceServer) {
this.id = clientModel.getId();
} else {
this.id = userSession.getId();
}
} catch (Exception e) {
throw new RuntimeException("Error while reading attributes from security token.", e);
}
@ -198,6 +217,23 @@ public class KeycloakIdentity implements Identity {
if (resourceAccess != null) {
resourceAccess.forEach((clientId, access) -> attributes.put("kc.client." + clientId + ".roles", access.getRoles()));
}
ClientModel clientModel = getTargetClient();
UserModel clientUser = null;
if (clientModel != null) {
clientUser = this.keycloakSession.users().getServiceAccount(clientModel);
}
UserModel userSession = getUserFromSessionState();
this.resourceServer = clientUser != null && userSession.getId().equals(clientUser.getId());
if (resourceServer) {
this.id = clientModel.getId();
} else {
this.id = userSession.getId();
}
} catch (Exception e) {
throw new RuntimeException("Error while reading attributes from security token.", e);
}
@ -207,12 +243,7 @@ public class KeycloakIdentity implements Identity {
@Override
public String getId() {
if (isResourceServer()) {
ClientModel client = getTargetClient();
return client==null ? null : client.getId();
}
return this.getUserFromSessionState().getId();
return this.id;
}
@Override
@ -225,19 +256,7 @@ public class KeycloakIdentity implements Identity {
}
public boolean isResourceServer() {
UserModel clientUser = null;
ClientModel clientModel = getTargetClient();
if (clientModel != null) {
clientUser = this.keycloakSession.users().getServiceAccount(clientModel);
}
if (clientUser == null) {
return false;
}
return this.getUserFromSessionState().getId().equals(clientUser.getId());
return this.resourceServer;
}
private ClientModel getTargetClient() {