don't rely on jpa storage for user & group

This commit is contained in:
Hugo Renard 2022-09-21 10:15:10 +02:00
parent 3e007aa0c4
commit a5295da1bf
Signed by: hougo
GPG key ID: 3A285FD470209C59
3 changed files with 28 additions and 46 deletions

View file

@ -9,6 +9,7 @@ import javax.ws.rs.NotFoundException;
import org.jboss.logging.Logger;
import org.keycloak.connections.jpa.JpaConnectionProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleMapperModel;
import sh.libre.scim.jpa.ScimResource;
@ -16,6 +17,7 @@ public abstract class Adapter<M extends RoleMapperModel, S extends com.unboundid
protected final Logger LOGGER;
protected final String realmId;
protected final RealmModel realm;
protected final String type;
protected final String componentId;
protected final EntityManager em;
@ -26,6 +28,7 @@ public abstract class Adapter<M extends RoleMapperModel, S extends com.unboundid
public Adapter(KeycloakSession session, String componentId, String type, Logger logger) {
this.session = session;
this.realm = session.getContext().getRealm();
this.realmId = session.getContext().getRealm().getId();
this.componentId = componentId;
this.em = session.getProvider(JpaConnectionProvider.class).getEntityManager();

View file

@ -19,10 +19,6 @@ import com.unboundid.scim2.common.types.Meta;
import org.jboss.logging.Logger;
import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.jpa.entities.GroupEntity;
import org.keycloak.models.jpa.entities.UserEntity;
import org.keycloak.models.jpa.entities.UserGroupMembershipEntity;
import org.keycloak.models.utils.KeycloakModelUtils;
public class GroupAdapter extends Adapter<GroupModel, GroupResource> {
@ -124,7 +120,7 @@ public class GroupAdapter extends Adapter<GroupModel, GroupResource> {
if (this.id == null) {
return false;
}
var group = this.em.find(GroupEntity.class, this.id);
var group = session.groups().getGroupById(realm, id);
if (group != null) {
return true;
}
@ -133,38 +129,25 @@ public class GroupAdapter extends Adapter<GroupModel, GroupResource> {
@Override
public Boolean tryToMap() {
try {
var groupEntity = this.em
.createQuery("select g from GroupEntity g where g.name=:name",
GroupEntity.class)
.setParameter("name", displayName)
.getSingleResult();
setId(groupEntity.getId());
var group = session.groups().getGroupsStream(realm).filter(x -> x.getName() == displayName).findFirst();
if (group.isPresent()) {
setId(group.get().getId());
return true;
} catch (Exception e) {
}
return false;
}
@Override
public void createEntity() {
var kcGroup = new GroupEntity();
kcGroup.setId(KeycloakModelUtils.generateId());
kcGroup.setRealm(realmId);
kcGroup.setName(displayName);
kcGroup.setParentId(GroupEntity.TOP_PARENT_ID);
this.em.persist(kcGroup);
this.id = kcGroup.getId();
var group = session.groups().createGroup(realm, displayName);
this.id = group.getId();
for (String mId : members) {
try {
var user = this.em.find(UserEntity.class, mId);
var user = session.users().getUserById(realm, mId);
if (user == null) {
throw new NoResultException();
}
var membership = new UserGroupMembershipEntity();
membership.setUser(user);
membership.setGroupId(kcGroup.getId());
this.em.persist(membership);
user.joinGroup(group);
} catch (Exception e) {
LOGGER.warn(e);
}

View file

@ -15,8 +15,6 @@ import com.unboundid.scim2.common.types.UserResource;
import org.jboss.logging.Logger;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.UserModel;
import org.keycloak.models.jpa.entities.UserEntity;
import org.keycloak.models.utils.KeycloakModelUtils;
public class UserAdapter extends Adapter<UserModel, UserResource> {
@ -160,14 +158,10 @@ public class UserAdapter extends Adapter<UserModel, UserResource> {
@Override
public void createEntity() {
var kcUser = new UserEntity();
kcUser.setId(KeycloakModelUtils.generateId());
kcUser.setRealmId(realmId);
kcUser.setUsername(username);
kcUser.setEmail(email, false);
kcUser.setEnabled(active);
this.em.persist(kcUser);
this.id = kcUser.getId();
var user = session.users().addUser(realm, username);
user.setEmail(email);
user.setEnabled(active);
this.id = user.getId();
}
@Override
@ -175,7 +169,7 @@ public class UserAdapter extends Adapter<UserModel, UserResource> {
if (this.id == null) {
return false;
}
var user = this.em.find(UserEntity.class, this.id);
var user = session.users().getUserById(realm, id);
if (user != null) {
return true;
}
@ -184,17 +178,19 @@ public class UserAdapter extends Adapter<UserModel, UserResource> {
@Override
public Boolean tryToMap() {
try {
var userEntity = this.em
.createQuery("select u from UserEntity u where u.username=:username or u.email=:email",
UserEntity.class)
.setParameter("username", username)
.setParameter("email", email)
.getSingleResult();
setId(userEntity.getId());
var sameUsernameUser = session.users().getUserByUsername(realm, username);
var sameEmailUser = session.users().getUserByEmail(realm, email);
if ((sameUsernameUser != null && sameEmailUser != null) && sameUsernameUser.getId() != sameEmailUser.getId()) {
LOGGER.warnf("found 2 possible users for remote user %s %s", username, email);
return false;
}
if (sameUsernameUser != null) {
this.id = sameUsernameUser.getId();
return true;
}
if (sameEmailUser != null) {
this.id = sameEmailUser.getId();
return true;
} catch (Exception e) {
}
return false;
}