[KEYCLOAK-10407] - Avoiding redundant calls on identity.getid
This commit is contained in:
parent
80187b54ff
commit
9fd7ab81f0
2 changed files with 42 additions and 20 deletions
|
@ -237,6 +237,10 @@ public class PolicyEvaluationService {
|
|||
if (subject != null) {
|
||||
UserModel userModel = keycloakSession.users().getUserById(subject, realm);
|
||||
|
||||
if (userModel == null) {
|
||||
userModel = keycloakSession.users().getUserByUsername(subject, realm);
|
||||
}
|
||||
|
||||
if (userModel != null) {
|
||||
String clientId = representation.getClientId();
|
||||
|
||||
|
@ -280,7 +284,6 @@ public class PolicyEvaluationService {
|
|||
accessToken.audience(client.getId());
|
||||
accessToken.issuer(Urls.realmIssuer(keycloakSession.getContext().getUri().getBaseUri(), realm.getName()));
|
||||
accessToken.setRealmAccess(new AccessToken.Access());
|
||||
|
||||
}
|
||||
|
||||
if (representation.getRoleIds() != null && !representation.getRoleIds().isEmpty()) {
|
||||
|
|
|
@ -55,6 +55,8 @@ public class KeycloakIdentity implements Identity {
|
|||
protected final RealmModel realm;
|
||||
protected final KeycloakSession keycloakSession;
|
||||
protected final Attributes attributes;
|
||||
private final boolean resourceServer;
|
||||
private final String id;
|
||||
|
||||
public KeycloakIdentity(KeycloakSession keycloakSession) {
|
||||
this(Tokens.getAccessToken(keycloakSession), keycloakSession);
|
||||
|
@ -137,6 +139,23 @@ public class KeycloakIdentity implements Identity {
|
|||
if (resourceAccess != null) {
|
||||
resourceAccess.forEach((clientId, access) -> attributes.put("kc.client." + clientId + ".roles", access.getRoles()));
|
||||
}
|
||||
|
||||
ClientModel clientModel = getTargetClient();
|
||||
UserModel clientUser = null;
|
||||
|
||||
if (clientModel != null) {
|
||||
clientUser = this.keycloakSession.users().getServiceAccount(clientModel);
|
||||
}
|
||||
|
||||
UserModel userSession = getUserFromSessionState();
|
||||
|
||||
this.resourceServer = clientUser != null && userSession.getId().equals(clientUser.getId());
|
||||
|
||||
if (resourceServer) {
|
||||
this.id = clientModel.getId();
|
||||
} else {
|
||||
this.id = userSession.getId();
|
||||
}
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException("Error while reading attributes from security token.", e);
|
||||
}
|
||||
|
@ -198,6 +217,23 @@ public class KeycloakIdentity implements Identity {
|
|||
if (resourceAccess != null) {
|
||||
resourceAccess.forEach((clientId, access) -> attributes.put("kc.client." + clientId + ".roles", access.getRoles()));
|
||||
}
|
||||
|
||||
ClientModel clientModel = getTargetClient();
|
||||
UserModel clientUser = null;
|
||||
|
||||
if (clientModel != null) {
|
||||
clientUser = this.keycloakSession.users().getServiceAccount(clientModel);
|
||||
}
|
||||
|
||||
UserModel userSession = getUserFromSessionState();
|
||||
|
||||
this.resourceServer = clientUser != null && userSession.getId().equals(clientUser.getId());
|
||||
|
||||
if (resourceServer) {
|
||||
this.id = clientModel.getId();
|
||||
} else {
|
||||
this.id = userSession.getId();
|
||||
}
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException("Error while reading attributes from security token.", e);
|
||||
}
|
||||
|
@ -207,12 +243,7 @@ public class KeycloakIdentity implements Identity {
|
|||
|
||||
@Override
|
||||
public String getId() {
|
||||
if (isResourceServer()) {
|
||||
ClientModel client = getTargetClient();
|
||||
return client==null ? null : client.getId();
|
||||
}
|
||||
|
||||
return this.getUserFromSessionState().getId();
|
||||
return this.id;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -225,19 +256,7 @@ public class KeycloakIdentity implements Identity {
|
|||
}
|
||||
|
||||
public boolean isResourceServer() {
|
||||
UserModel clientUser = null;
|
||||
|
||||
ClientModel clientModel = getTargetClient();
|
||||
|
||||
if (clientModel != null) {
|
||||
clientUser = this.keycloakSession.users().getServiceAccount(clientModel);
|
||||
}
|
||||
|
||||
if (clientUser == null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return this.getUserFromSessionState().getId().equals(clientUser.getId());
|
||||
return this.resourceServer;
|
||||
}
|
||||
|
||||
private ClientModel getTargetClient() {
|
||||
|
|
Loading…
Reference in a new issue