don't rely on jpa storage for user & group
This commit is contained in:
parent
3e007aa0c4
commit
a5295da1bf
3 changed files with 28 additions and 46 deletions
|
@ -9,6 +9,7 @@ import javax.ws.rs.NotFoundException;
|
|||
import org.jboss.logging.Logger;
|
||||
import org.keycloak.connections.jpa.JpaConnectionProvider;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RoleMapperModel;
|
||||
import sh.libre.scim.jpa.ScimResource;
|
||||
|
||||
|
@ -16,6 +17,7 @@ public abstract class Adapter<M extends RoleMapperModel, S extends com.unboundid
|
|||
|
||||
protected final Logger LOGGER;
|
||||
protected final String realmId;
|
||||
protected final RealmModel realm;
|
||||
protected final String type;
|
||||
protected final String componentId;
|
||||
protected final EntityManager em;
|
||||
|
@ -26,6 +28,7 @@ public abstract class Adapter<M extends RoleMapperModel, S extends com.unboundid
|
|||
|
||||
public Adapter(KeycloakSession session, String componentId, String type, Logger logger) {
|
||||
this.session = session;
|
||||
this.realm = session.getContext().getRealm();
|
||||
this.realmId = session.getContext().getRealm().getId();
|
||||
this.componentId = componentId;
|
||||
this.em = session.getProvider(JpaConnectionProvider.class).getEntityManager();
|
||||
|
|
|
@ -19,10 +19,6 @@ import com.unboundid.scim2.common.types.Meta;
|
|||
import org.jboss.logging.Logger;
|
||||
import org.keycloak.models.GroupModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.jpa.entities.GroupEntity;
|
||||
import org.keycloak.models.jpa.entities.UserEntity;
|
||||
import org.keycloak.models.jpa.entities.UserGroupMembershipEntity;
|
||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||
|
||||
public class GroupAdapter extends Adapter<GroupModel, GroupResource> {
|
||||
|
||||
|
@ -124,7 +120,7 @@ public class GroupAdapter extends Adapter<GroupModel, GroupResource> {
|
|||
if (this.id == null) {
|
||||
return false;
|
||||
}
|
||||
var group = this.em.find(GroupEntity.class, this.id);
|
||||
var group = session.groups().getGroupById(realm, id);
|
||||
if (group != null) {
|
||||
return true;
|
||||
}
|
||||
|
@ -133,38 +129,25 @@ public class GroupAdapter extends Adapter<GroupModel, GroupResource> {
|
|||
|
||||
@Override
|
||||
public Boolean tryToMap() {
|
||||
try {
|
||||
var groupEntity = this.em
|
||||
.createQuery("select g from GroupEntity g where g.name=:name",
|
||||
GroupEntity.class)
|
||||
.setParameter("name", displayName)
|
||||
.getSingleResult();
|
||||
setId(groupEntity.getId());
|
||||
var group = session.groups().getGroupsStream(realm).filter(x -> x.getName() == displayName).findFirst();
|
||||
if (group.isPresent()) {
|
||||
setId(group.get().getId());
|
||||
return true;
|
||||
} catch (Exception e) {
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void createEntity() {
|
||||
var kcGroup = new GroupEntity();
|
||||
kcGroup.setId(KeycloakModelUtils.generateId());
|
||||
kcGroup.setRealm(realmId);
|
||||
kcGroup.setName(displayName);
|
||||
kcGroup.setParentId(GroupEntity.TOP_PARENT_ID);
|
||||
this.em.persist(kcGroup);
|
||||
this.id = kcGroup.getId();
|
||||
var group = session.groups().createGroup(realm, displayName);
|
||||
this.id = group.getId();
|
||||
for (String mId : members) {
|
||||
try {
|
||||
var user = this.em.find(UserEntity.class, mId);
|
||||
var user = session.users().getUserById(realm, mId);
|
||||
if (user == null) {
|
||||
throw new NoResultException();
|
||||
}
|
||||
var membership = new UserGroupMembershipEntity();
|
||||
membership.setUser(user);
|
||||
membership.setGroupId(kcGroup.getId());
|
||||
this.em.persist(membership);
|
||||
user.joinGroup(group);
|
||||
} catch (Exception e) {
|
||||
LOGGER.warn(e);
|
||||
}
|
||||
|
|
|
@ -15,8 +15,6 @@ import com.unboundid.scim2.common.types.UserResource;
|
|||
import org.jboss.logging.Logger;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.jpa.entities.UserEntity;
|
||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||
|
||||
public class UserAdapter extends Adapter<UserModel, UserResource> {
|
||||
|
||||
|
@ -160,14 +158,10 @@ public class UserAdapter extends Adapter<UserModel, UserResource> {
|
|||
|
||||
@Override
|
||||
public void createEntity() {
|
||||
var kcUser = new UserEntity();
|
||||
kcUser.setId(KeycloakModelUtils.generateId());
|
||||
kcUser.setRealmId(realmId);
|
||||
kcUser.setUsername(username);
|
||||
kcUser.setEmail(email, false);
|
||||
kcUser.setEnabled(active);
|
||||
this.em.persist(kcUser);
|
||||
this.id = kcUser.getId();
|
||||
var user = session.users().addUser(realm, username);
|
||||
user.setEmail(email);
|
||||
user.setEnabled(active);
|
||||
this.id = user.getId();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -175,7 +169,7 @@ public class UserAdapter extends Adapter<UserModel, UserResource> {
|
|||
if (this.id == null) {
|
||||
return false;
|
||||
}
|
||||
var user = this.em.find(UserEntity.class, this.id);
|
||||
var user = session.users().getUserById(realm, id);
|
||||
if (user != null) {
|
||||
return true;
|
||||
}
|
||||
|
@ -184,17 +178,19 @@ public class UserAdapter extends Adapter<UserModel, UserResource> {
|
|||
|
||||
@Override
|
||||
public Boolean tryToMap() {
|
||||
try {
|
||||
var userEntity = this.em
|
||||
.createQuery("select u from UserEntity u where u.username=:username or u.email=:email",
|
||||
UserEntity.class)
|
||||
.setParameter("username", username)
|
||||
.setParameter("email", email)
|
||||
.getSingleResult();
|
||||
|
||||
setId(userEntity.getId());
|
||||
var sameUsernameUser = session.users().getUserByUsername(realm, username);
|
||||
var sameEmailUser = session.users().getUserByEmail(realm, email);
|
||||
if ((sameUsernameUser != null && sameEmailUser != null) && sameUsernameUser.getId() != sameEmailUser.getId()) {
|
||||
LOGGER.warnf("found 2 possible users for remote user %s %s", username, email);
|
||||
return false;
|
||||
}
|
||||
if (sameUsernameUser != null) {
|
||||
this.id = sameUsernameUser.getId();
|
||||
return true;
|
||||
}
|
||||
if (sameEmailUser != null) {
|
||||
this.id = sameEmailUser.getId();
|
||||
return true;
|
||||
} catch (Exception e) {
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue