libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Merge pull request #1342 from mposolda/master

Browse source 
JSON migration, LDAP logging reduced to trace/debug
This commit is contained in:
Marek Posolda 2015-06-08 20:24:45 +02:00
commit aabb3428a8
8 changed files with 50 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
View file

@ -266,6 +266,10 @@ public class RealmRepresentation {
this.codeSecret = codeSecret; this.codeSecret = codeSecret;
} }
public Boolean isPasswordCredentialGrantAllowed() {
return passwordCredentialGrantAllowed;
}
public Boolean isRegistrationAllowed() { public Boolean isRegistrationAllowed() {
return registrationAllowed; return registrationAllowed;
} }

2
federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/query/internal/OrCondition.java
View file

@ -1,7 +1,5 @@
package org.keycloak.federation.ldap.idm.query.internal; package org.keycloak.federation.ldap.idm.query.internal;
import java.util.List;
import org.keycloak.federation.ldap.idm.query.Condition; import org.keycloak.federation.ldap.idm.query.Condition;
import org.keycloak.federation.ldap.idm.query.QueryParameter; import org.keycloak.federation.ldap.idm.query.QueryParameter;

18
federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPIdentityStore.java
View file

@ -181,8 +181,8 @@ public class LDAPIdentityStore implements IdentityStore {
public boolean validatePassword(LDAPObject user, String password) { public boolean validatePassword(LDAPObject user, String password) {
String userDN = user.getDn().toString(); String userDN = user.getDn().toString();
if (logger.isDebugEnabled()) { if (logger.isTraceEnabled()) {
logger.debugf("Using DN [%s] for authentication of user", userDN); logger.tracef("Using DN [%s] for authentication of user", userDN);
} }
if (operationManager.authenticate(userDN, password)) { if (operationManager.authenticate(userDN, password)) {
@ -259,7 +259,9 @@ public class LDAPIdentityStore implements IdentityStore {
filter.append(getObjectClassesFilter(identityQuery.getObjectClasses())); filter.append(getObjectClassesFilter(identityQuery.getObjectClasses()));
filter.append(")"); filter.append(")");
logger.infof("Using filter for LDAP search: %s", filter); if (logger.isTraceEnabled()) {
logger.tracef("Using filter for LDAP search: %s . Searching in DN: %s", filter, identityQuery.getSearchDn());
}
return filter; return filter;
} }
@ -378,10 +380,6 @@ public class LDAPIdentityStore implements IdentityStore {
ldapObject.setDn(dn); ldapObject.setDn(dn);
ldapObject.setRdnAttributeName(dn.getFirstRdnAttrName()); ldapObject.setRdnAttributeName(dn.getFirstRdnAttrName());
if (logger.isTraceEnabled()) {
logger.tracef("Populating LDAP Object from DN [%s]", entryDN);
}
NamingEnumeration<? extends Attribute> ldapAttributes = attributes.getAll(); NamingEnumeration<? extends Attribute> ldapAttributes = attributes.getAll();
// Exact name of attributes might be different // Exact name of attributes might be different
@ -415,9 +413,6 @@ public class LDAPIdentityStore implements IdentityStore {
if (ldapAttributeName.equalsIgnoreCase(LDAPConstants.OBJECT_CLASS)) { if (ldapAttributeName.equalsIgnoreCase(LDAPConstants.OBJECT_CLASS)) {
ldapObject.setObjectClasses(attrValues); ldapObject.setObjectClasses(attrValues);
} else { } else {
if (logger.isTraceEnabled()) {
logger.tracef("Populating ldap attribute [%s] with value [%s] for DN [%s].", ldapAttributeName, attrValues.toString(), entryDN);
}
if (attrValues.size() == 1) { if (attrValues.size() == 1) {
ldapObject.setAttribute(ldapAttributeName, attrValues.iterator().next()); ldapObject.setAttribute(ldapAttributeName, attrValues.iterator().next());
} else { } else {
@ -431,6 +426,9 @@ public class LDAPIdentityStore implements IdentityStore {
} }
} }
if (logger.isTraceEnabled()) {
logger.tracef("Found ldap object [%s] and populated with the attributes [%s]. Read-only attributes are [%s]", ldapObject.getDn().toString(), ldapObject.getAttributes(), ldapObject.getReadOnlyAttributeNames());
}
return ldapObject; return ldapObject;
} catch (Exception e) { } catch (Exception e) {

20
federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java
View file

@ -128,8 +128,8 @@ public class LDAPOperationManager {
execute(new LdapOperation<SearchResult>() { execute(new LdapOperation<SearchResult>() {
@Override @Override
public SearchResult execute(LdapContext context) throws NamingException { public SearchResult execute(LdapContext context) throws NamingException {
if (logger.isDebugEnabled()) { if (logger.isTraceEnabled()) {
logger.debugf("Removing entry with DN [%s]", entryDn); logger.tracef("Removing entry with DN [%s]", entryDn);
} }
destroySubcontext(context, entryDn); destroySubcontext(context, entryDn);
return null; return null;
@ -357,8 +357,8 @@ public class LDAPOperationManager {
public void modifyAttributes(final String dn, final ModificationItem[] mods) { public void modifyAttributes(final String dn, final ModificationItem[] mods) {
try { try {
if (logger.isDebugEnabled()) { if (logger.isTraceEnabled()) {
logger.debugf("Modifying attributes for entry [%s]: [", dn); logger.tracef("Modifying attributes for entry [%s]: [", dn);
for (ModificationItem item : mods) { for (ModificationItem item : mods) {
Object values; Object values;
@ -369,10 +369,10 @@ public class LDAPOperationManager {
values = "No values"; values = "No values";
} }
logger.debugf(" Op [%s]: %s = %s", item.getModificationOp(), item.getAttribute().getID(), values); logger.tracef(" Op [%s]: %s = %s", item.getModificationOp(), item.getAttribute().getID(), values);
} }
logger.debugf("]"); logger.tracef("]");
} }
execute(new LdapOperation<Void>() { execute(new LdapOperation<Void>() {
@ -389,18 +389,18 @@ public class LDAPOperationManager {
public void createSubContext(final String name, final Attributes attributes) { public void createSubContext(final String name, final Attributes attributes) {
try { try {
if (logger.isDebugEnabled()) { if (logger.isTraceEnabled()) {
logger.debugf("Creating entry [%s] with attributes: [", name); logger.tracef("Creating entry [%s] with attributes: [", name);
NamingEnumeration<? extends Attribute> all = attributes.getAll(); NamingEnumeration<? extends Attribute> all = attributes.getAll();
while (all.hasMore()) { while (all.hasMore()) {
Attribute attribute = all.next(); Attribute attribute = all.next();
logger.debugf(" %s = %s", attribute.getID(), attribute.get()); logger.tracef(" %s = %s", attribute.getID(), attribute.get());
} }
logger.debugf("]"); logger.tracef("]");
} }
execute(new LdapOperation<Void>() { execute(new LdapOperation<Void>() {

7
federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/RoleLDAPFederationMapper.java
View file

@ -79,8 +79,7 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
RoleContainerModel roleContainer = getTargetRoleContainer(mapperModel, realm); RoleContainerModel roleContainer = getTargetRoleContainer(mapperModel, realm);
RoleModel role = roleContainer.getRole(roleName); RoleModel role = roleContainer.getRole(roleName);
// TODO: debug logger.debugf("Granting role [%s] to user [%s] during import from LDAP", roleName, user.getUsername());
logger.infof("Granting role [%s] to user [%s] during import from LDAP", roleName, user.getUsername());
user.grantRole(role); user.grantRole(role);
} }
} }
@ -94,8 +93,7 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
// Sync roles from LDAP tree and create them in local Keycloak DB (if they don't exist here yet) // Sync roles from LDAP tree and create them in local Keycloak DB (if they don't exist here yet)
protected void syncRolesFromLDAP(UserFederationMapperModel mapperModel, LDAPFederationProvider ldapProvider, RealmModel realm) { protected void syncRolesFromLDAP(UserFederationMapperModel mapperModel, LDAPFederationProvider ldapProvider, RealmModel realm) {
if (!rolesSyncedModels.contains(mapperModel.getId())) { if (!rolesSyncedModels.contains(mapperModel.getId())) {
// TODO: debug logger.debugf("Syncing roles from LDAP into Keycloak DB. Mapper is [%s], LDAP provider is [%s]", mapperModel.getName(), ldapProvider.getModel().getDisplayName());
logger.infof("Syncing roles from LDAP into Keycloak DB. Mapper is [%s], LDAP provider is [%s]", mapperModel.getName(), ldapProvider.getModel().getDisplayName());
LDAPIdentityQuery ldapQuery = createRoleQuery(mapperModel, ldapProvider); LDAPIdentityQuery ldapQuery = createRoleQuery(mapperModel, ldapProvider);
@ -108,7 +106,6 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
String roleName = ldapRole.getAttributeAsString(rolesRdnAttr); String roleName = ldapRole.getAttributeAsString(rolesRdnAttr);
if (roleContainer.getRole(roleName) == null) { if (roleContainer.getRole(roleName) == null) {
// TODO: debug
logger.infof("Syncing role [%s] from LDAP to keycloak DB", roleName); logger.infof("Syncing role [%s] from LDAP to keycloak DB", roleName);
roleContainer.addRole(roleName); roleContainer.addRole(roleName);
} }

19
model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_3_0_Beta1.java
View file

@ -5,6 +5,7 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.LDAPConstants; import org.keycloak.models.LDAPConstants;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.UserFederationEventAwareProviderFactory; import org.keycloak.models.UserFederationEventAwareProviderFactory;
import org.keycloak.models.UserFederationMapperModel;
import org.keycloak.models.UserFederationProvider; import org.keycloak.models.UserFederationProvider;
import org.keycloak.models.UserFederationProviderFactory; import org.keycloak.models.UserFederationProviderFactory;
import org.keycloak.models.UserFederationProviderModel; import org.keycloak.models.UserFederationProviderModel;
@ -12,6 +13,7 @@ import org.keycloak.models.utils.DefaultAuthenticationFlows;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set;
import javax.naming.directory.SearchControls; import javax.naming.directory.SearchControls;
@ -43,26 +45,34 @@ public class MigrateTo1_3_0_Beta1 {
Map<String, String> config = fedProvider.getConfig(); Map<String, String> config = fedProvider.getConfig();
// Update config properties for LDAP federation provider // Update config properties for LDAP federation provider
if (config.get(LDAPConstants.SEARCH_SCOPE) == null) {
config.put(LDAPConstants.SEARCH_SCOPE, String.valueOf(SearchControls.SUBTREE_SCOPE)); config.put(LDAPConstants.SEARCH_SCOPE, String.valueOf(SearchControls.SUBTREE_SCOPE));
}
String usersDn = config.remove("userDnSuffix"); String usersDn = config.remove("userDnSuffix");
if (usersDn != null && config.get(LDAPConstants.USERS_DN) == null) {
config.put(LDAPConstants.USERS_DN, usersDn); config.put(LDAPConstants.USERS_DN, usersDn);
}
String rdnLdapAttribute = config.get(LDAPConstants.USERNAME_LDAP_ATTRIBUTE); String usernameLdapAttribute = config.get(LDAPConstants.USERNAME_LDAP_ATTRIBUTE);
if (rdnLdapAttribute != null) { if (usernameLdapAttribute != null && config.get(LDAPConstants.RDN_LDAP_ATTRIBUTE) == null) {
if (rdnLdapAttribute.equalsIgnoreCase(LDAPConstants.SAM_ACCOUNT_NAME)) { if (usernameLdapAttribute.equalsIgnoreCase(LDAPConstants.SAM_ACCOUNT_NAME)) {
config.put(LDAPConstants.RDN_LDAP_ATTRIBUTE, LDAPConstants.CN); config.put(LDAPConstants.RDN_LDAP_ATTRIBUTE, LDAPConstants.CN);
} else { } else {
config.put(LDAPConstants.RDN_LDAP_ATTRIBUTE, rdnLdapAttribute); config.put(LDAPConstants.RDN_LDAP_ATTRIBUTE, usernameLdapAttribute);
} }
} }
if (config.get(LDAPConstants.UUID_LDAP_ATTRIBUTE) == null) {
String uuidAttrName = LDAPConstants.getUuidAttributeName(config.get(LDAPConstants.VENDOR)); String uuidAttrName = LDAPConstants.getUuidAttributeName(config.get(LDAPConstants.VENDOR));
config.put(LDAPConstants.UUID_LDAP_ATTRIBUTE, uuidAttrName); config.put(LDAPConstants.UUID_LDAP_ATTRIBUTE, uuidAttrName);
}
realm.updateUserFederationProvider(fedProvider); realm.updateUserFederationProvider(fedProvider);
// Create default mappers for LDAP // Create default mappers for LDAP
Set<UserFederationMapperModel> mappers = realm.getUserFederationMappersByFederationProvider(fedProvider.getId());
if (mappers.isEmpty()) {
UserFederationProviderFactory ldapFactory = (UserFederationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(UserFederationProvider.class, LDAPConstants.LDAP_PROVIDER); UserFederationProviderFactory ldapFactory = (UserFederationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(UserFederationProvider.class, LDAPConstants.LDAP_PROVIDER);
if (ldapFactory != null) { if (ldapFactory != null) {
((UserFederationEventAwareProviderFactory) ldapFactory).onProviderModelCreated(realm, fedProvider); ((UserFederationEventAwareProviderFactory) ldapFactory).onProviderModelCreated(realm, fedProvider);
@ -71,3 +81,4 @@ public class MigrateTo1_3_0_Beta1 {
} }
} }
} }
}

2
model/api/src/main/java/org/keycloak/models/UserFederationManager.java
View file

@ -20,7 +20,7 @@ public class UserFederationManager implements UserProvider {
protected KeycloakSession session; protected KeycloakSession session;
// Set of already validated/proxied users during this session. Key is user ID // Set of already validated/proxied federation users during this session. Key is user ID
private Map<String, UserModel> managedUsers = new HashMap<>(); private Map<String, UserModel> managedUsers = new HashMap<>();
public UserFederationManager(KeycloakSession session) { public UserFederationManager(KeycloakSession session) {

4
model/api/src/main/java/org/keycloak/models/UserFederationProvider.java
View file

@ -44,11 +44,12 @@ public interface UserFederationProvider extends Provider {
/** /**
* Gives the provider an option to validate if user still exists in federation backend and then proxy UserModel loaded from local storage. * Gives the provider an option to validate if user still exists in federation backend and then proxy UserModel loaded from local storage.
* This method is called whenever a UserModel is pulled from local storage. * This method is called whenever a UserModel is pulled from Keycloak local storage.
* For example, the LDAP provider proxies the UserModel and does on-demand synchronization with * For example, the LDAP provider proxies the UserModel and does on-demand synchronization with
* LDAP whenever UserModel update methods are invoked. It also overrides UserModel.updateCredential for the * LDAP whenever UserModel update methods are invoked. It also overrides UserModel.updateCredential for the
* credential types it supports * credential types it supports
* *
* @param realm
* @param local * @param local
* @return null if user is no longer valid or proxy object otherwise * @return null if user is no longer valid or proxy object otherwise
*/ */
@ -122,6 +123,7 @@ public interface UserFederationProvider extends Provider {
* Is the Keycloak UserModel still valid and/or existing in federated storage? Keycloak may call this method * Is the Keycloak UserModel still valid and/or existing in federated storage? Keycloak may call this method
* in various user operations. The local storage may be deleted if this method returns false. * in various user operations. The local storage may be deleted if this method returns false.
* *
* @param realm
* @param local * @param local
* @return * @return
*/ */