From ad3b9fc3898f31408c54ffd3bdf0e62a4be7bce2 Mon Sep 17 00:00:00 2001 From: rmartinc Date: Fri, 7 Feb 2020 12:56:28 +0100 Subject: [PATCH] KEYCLOAK-12579: LDAP groups duplicated during UI listing of user groups --- .../group/GroupLDAPStorageMapper.java | 6 +-- .../models/cache/infinispan/RealmAdapter.java | 9 +--- .../cache/infinispan/RealmCacheSession.java | 20 +++------ .../org/keycloak/models/jpa/GroupAdapter.java | 21 ++++----- .../keycloak/models/jpa/JpaRealmProvider.java | 39 ++++++++-------- .../org/keycloak/models/jpa/RealmAdapter.java | 9 +--- .../models/jpa/entities/GroupEntity.java | 25 ++++++----- .../META-INF/jpa-changelog-9.0.1.xml | 22 ++++++++++ .../models/utils/RepresentationToModel.java | 3 +- .../java/org/keycloak/models/RealmModel.java | 15 ++++++- .../org/keycloak/models/RealmProvider.java | 14 +++++- .../resources/admin/GroupResource.java | 3 +- .../resources/admin/GroupsResource.java | 1 - .../testsuite/admin/group/GroupTest.java | 44 ++++++++++++++++++- .../ldap/LDAPGroupMapper2WaySyncTest.java | 8 +--- .../ldap/LDAPGroupMapperSyncTest.java | 4 +- .../federation/ldap/LDAPGroupMapperTest.java | 11 ++--- 17 files changed, 153 insertions(+), 101 deletions(-) diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/group/GroupLDAPStorageMapper.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/group/GroupLDAPStorageMapper.java index f5f062082a..9c4622e318 100644 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/group/GroupLDAPStorageMapper.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/group/GroupLDAPStorageMapper.java @@ -322,12 +322,11 @@ public class GroupLDAPStorageMapper extends AbstractLDAPStorageMapper implements updateAttributesOfKCGroup(kcGroup, ldapGroups.get(kcGroup.getName())); syncResult.increaseUpdated(); } else { - kcGroup = realm.createGroup(groupTreeEntry.getGroupName()); if (kcParent == null) { - realm.moveGroup(kcGroup, null); + kcGroup = realm.createGroup(groupTreeEntry.getGroupName()); logger.debugf("Imported top-level group '%s' from LDAP", kcGroup.getName()); } else { - realm.moveGroup(kcGroup, kcParent); + kcGroup = realm.createGroup(groupTreeEntry.getGroupName(), kcParent); logger.debugf("Imported group '%s' from LDAP as child of group '%s'", kcGroup.getName(), kcParent.getName()); } @@ -406,7 +405,6 @@ public class GroupLDAPStorageMapper extends AbstractLDAPStorageMapper implements kcGroup = realm.createGroup(groupName); updateAttributesOfKCGroup(kcGroup, ldapGroup); - realm.moveGroup(kcGroup, null); } // Could theoretically happen on some LDAP servers if 'memberof' style is used and 'memberof' attribute of user references non-existing group diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmAdapter.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmAdapter.java index 72be425a16..82f0c2e4ac 100755 --- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmAdapter.java +++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmAdapter.java @@ -1352,13 +1352,8 @@ public class RealmAdapter implements CachedRealmModel { } @Override - public GroupModel createGroup(String name) { - return cacheSession.createGroup(this, name); - } - - @Override - public GroupModel createGroup(String id, String name) { - return cacheSession.createGroup(this, id, name); + public GroupModel createGroup(String id, String name, GroupModel toParent) { + return cacheSession.createGroup(this, id, name, toParent); } @Override diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmCacheSession.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmCacheSession.java index 4b3dd9d467..13d8e8bb75 100755 --- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmCacheSession.java +++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmCacheSession.java @@ -830,7 +830,7 @@ public class RealmCacheSession implements CacheRealmProvider { @Override public void moveGroup(RealmModel realm, GroupModel group, GroupModel toParent) { invalidateGroup(group.getId(), realm.getId(), true); - if (toParent != null) invalidateGroup(group.getId(), realm.getId(), false); // Queries already invalidated + if (toParent != null) invalidateGroup(toParent.getId(), realm.getId(), false); // Queries already invalidated listInvalidations.add(realm.getId()); invalidationEvents.add(GroupMovedEvent.create(group, toParent, realm.getId())); @@ -993,24 +993,18 @@ public class RealmCacheSession implements CacheRealmProvider { return getRealmDelegate().removeGroup(realm, group); } - @Override - public GroupModel createGroup(RealmModel realm, String name) { - GroupModel group = getRealmDelegate().createGroup(realm, name); - return groupAdded(realm, group); - } - - private GroupModel groupAdded(RealmModel realm, GroupModel group) { + private GroupModel groupAdded(RealmModel realm, GroupModel group, GroupModel toParent) { listInvalidations.add(realm.getId()); - cache.groupQueriesInvalidations(realm.getId(), invalidations); - invalidations.add(group.getId()); + invalidateGroup(group.getId(), realm.getId(), true); + if (toParent != null) invalidateGroup(toParent.getId(), realm.getId(), false); // Queries already invalidated invalidationEvents.add(GroupAddedEvent.create(group.getId(), realm.getId())); return group; } @Override - public GroupModel createGroup(RealmModel realm, String id, String name) { - GroupModel group = getRealmDelegate().createGroup(realm, id, name); - return groupAdded(realm, group); + public GroupModel createGroup(RealmModel realm, String id, String name, GroupModel toParent) { + GroupModel group = getRealmDelegate().createGroup(realm, id, name, toParent); + return groupAdded(realm, group, toParent); } @Override diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/GroupAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/GroupAdapter.java index 1525dd2f10..c1055733bc 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/GroupAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/GroupAdapter.java @@ -76,16 +76,13 @@ public class GroupAdapter implements GroupModel , JpaModel { @Override public GroupModel getParent() { - GroupEntity parent = group.getParent(); - if (parent == null) return null; - return realm.getGroupById(parent.getId()); + String parentId = this.getParentId(); + return parentId == null? null : realm.getGroupById(parentId); } @Override public String getParentId() { - GroupEntity parent = group.getParent(); - if (parent == null) return null; - return parent.getId(); + return GroupEntity.TOP_PARENT_ID.equals(group.getParentId())? null : group.getParentId(); } public static GroupEntity toEntity(GroupModel model, EntityManager em) { @@ -97,13 +94,11 @@ public class GroupAdapter implements GroupModel , JpaModel { @Override public void setParent(GroupModel parent) { - if (parent == null) group.setParent(null); - else if (parent.getId().equals(getId())) { - return; - } - else { + if (parent == null) { + group.setParentId(GroupEntity.TOP_PARENT_ID); + } else if (!parent.getId().equals(getId())) { GroupEntity parentEntity = toEntity(parent, em); - group.setParent(parentEntity); + group.setParentId(parentEntity.getId()); } } @@ -126,7 +121,7 @@ public class GroupAdapter implements GroupModel , JpaModel { @Override public Set getSubGroups() { TypedQuery query = em.createNamedQuery("getGroupIdsByParent", String.class); - query.setParameter("parent", group); + query.setParameter("parent", group.getId()); List ids = query.getResultList(); Set set = new HashSet<>(); for (String id : ids) { diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaRealmProvider.java b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaRealmProvider.java index 383a1b6f43..e32995be05 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaRealmProvider.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaRealmProvider.java @@ -45,6 +45,7 @@ import javax.persistence.TypedQuery; import java.util.*; import java.util.stream.Collectors; +import org.keycloak.models.ModelException; /** @@ -433,15 +434,16 @@ public class JpaRealmProvider implements RealmProvider { @Override public Long getGroupsCount(RealmModel realm, Boolean onlyTopGroups) { - String query = "getGroupCount"; if(Objects.equals(onlyTopGroups, Boolean.TRUE)) { - query = "getTopLevelGroupCount"; + return em.createNamedQuery("getTopLevelGroupCount", Long.class) + .setParameter("realm", realm.getId()) + .setParameter("parent", GroupEntity.TOP_PARENT_ID) + .getSingleResult(); + } else { + return em.createNamedQuery("getGroupCount", Long.class) + .setParameter("realm", realm.getId()) + .getSingleResult(); } - Long count = em.createNamedQuery(query, Long.class) - .setParameter("realm", realm.getId()) - .getSingleResult(); - - return count; } @Override @@ -480,7 +482,7 @@ public class JpaRealmProvider implements RealmProvider { RealmEntity ref = em.getReference(RealmEntity.class, realm.getId()); return ref.getGroups().stream() - .filter(g -> g.getParent() == null) + .filter(g -> GroupEntity.TOP_PARENT_ID.equals(g.getParentId())) .map(g -> session.realms().getGroupById(g.getId(), realm)) .sorted(Comparator.comparing(GroupModel::getName)) .collect(Collectors.collectingAndThen( @@ -491,6 +493,7 @@ public class JpaRealmProvider implements RealmProvider { public List getTopLevelGroups(RealmModel realm, Integer first, Integer max) { List groupIds = em.createNamedQuery("getTopLevelGroupIds", String.class) .setParameter("realm", realm.getId()) + .setParameter("parent", GroupEntity.TOP_PARENT_ID) .setFirstResult(first) .setMaxResults(max) .getResultList(); @@ -501,9 +504,7 @@ public class JpaRealmProvider implements RealmProvider { list.add(group); } } - - list.sort(Comparator.comparing(GroupModel::getName)); - + // no need to sort, it's sorted at database level return Collections.unmodifiableList(list); } @@ -553,19 +554,19 @@ public class JpaRealmProvider implements RealmProvider { } @Override - public GroupModel createGroup(RealmModel realm, String name) { - String id = KeycloakModelUtils.generateId(); - return createGroup(realm, id, name); - } - - @Override - public GroupModel createGroup(RealmModel realm, String id, String name) { - if (id == null) id = KeycloakModelUtils.generateId(); + public GroupModel createGroup(RealmModel realm, String id, String name, GroupModel toParent) { + if (id == null) { + id = KeycloakModelUtils.generateId(); + } else if (GroupEntity.TOP_PARENT_ID.equals(id)) { + // maybe it's impossible but better ensure this doesn't happen + throw new ModelException("The ID of the new group is equals to the tag used for top level groups"); + } GroupEntity groupEntity = new GroupEntity(); groupEntity.setId(id); groupEntity.setName(name); RealmEntity realmEntity = em.getReference(RealmEntity.class, realm.getId()); groupEntity.setRealm(realmEntity); + groupEntity.setParentId(toParent == null? GroupEntity.TOP_PARENT_ID : toParent.getId()); em.persist(groupEntity); em.flush(); realmEntity.getGroups().add(groupEntity); diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java index fac54887a0..c54ed5a193 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java @@ -1947,13 +1947,8 @@ public class RealmAdapter implements RealmModel, JpaModel { } @Override - public GroupModel createGroup(String name) { - return session.realms().createGroup(this, name); - } - - @Override - public GroupModel createGroup(String id, String name) { - return session.realms().createGroup(this, id, name); + public GroupModel createGroup(String id, String name, GroupModel toParent) { + return session.realms().createGroup(this, id, name, toParent); } @Override diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/GroupEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/GroupEntity.java index 32a450ec12..2925812799 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/GroupEntity.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/GroupEntity.java @@ -28,17 +28,23 @@ import java.util.Collection; * @version $Revision: 1 $ */ @NamedQueries({ - @NamedQuery(name="getGroupIdsByParent", query="select u.id from GroupEntity u where u.parent = :parent"), + @NamedQuery(name="getGroupIdsByParent", query="select u.id from GroupEntity u where u.parentId = :parent"), @NamedQuery(name="getGroupIdsByNameContaining", query="select u.id from GroupEntity u where u.realm.id = :realm and u.name like concat('%',:search,'%') order by u.name ASC"), - @NamedQuery(name="getTopLevelGroupIds", query="select u.id from GroupEntity u where u.parent is null and u.realm.id = :realm order by u.name ASC"), + @NamedQuery(name="getTopLevelGroupIds", query="select u.id from GroupEntity u where u.parentId = :parent and u.realm.id = :realm order by u.name ASC"), @NamedQuery(name="getGroupCount", query="select count(u) from GroupEntity u where u.realm.id = :realm"), - @NamedQuery(name="getTopLevelGroupCount", query="select count(u) from GroupEntity u where u.realm.id = :realm and u.parent is null") + @NamedQuery(name="getTopLevelGroupCount", query="select count(u) from GroupEntity u where u.realm.id = :realm and u.parentId = :parent") }) @Entity @Table(name="KEYCLOAK_GROUP", uniqueConstraints = { @UniqueConstraint(columnNames = {"REALM_ID", "PARENT_GROUP", "NAME"})} ) public class GroupEntity { + + /** + * ID set in the PARENT column to mark the group as top level. + */ + public static String TOP_PARENT_ID = " "; + @Id @Column(name="ID", length = 36) @Access(AccessType.PROPERTY) // we do this because relationships often fetch id, but not entity. This avoids an extra SQL @@ -48,9 +54,8 @@ public class GroupEntity { @Column(name = "NAME") protected String name; - @ManyToOne(fetch = FetchType.LAZY) - @JoinColumn(name = "PARENT_GROUP") - private GroupEntity parent; + @Column(name = "PARENT_GROUP") + private String parentId; @ManyToOne(fetch = FetchType.LAZY) @JoinColumn(name = "REALM_ID") @@ -93,12 +98,12 @@ public class GroupEntity { this.realm = realm; } - public GroupEntity getParent() { - return parent; + public String getParentId() { + return parentId; } - public void setParent(GroupEntity parent) { - this.parent = parent; + public void setParentId(String parentId) { + this.parentId = parentId; } @Override diff --git a/model/jpa/src/main/resources/META-INF/jpa-changelog-9.0.1.xml b/model/jpa/src/main/resources/META-INF/jpa-changelog-9.0.1.xml index 5fb8dd3bd0..16a820ddb5 100644 --- a/model/jpa/src/main/resources/META-INF/jpa-changelog-9.0.1.xml +++ b/model/jpa/src/main/resources/META-INF/jpa-changelog-9.0.1.xml @@ -23,4 +23,26 @@ + + + + + + + + + + + + + + + + + + + + + + diff --git a/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java b/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java index 9982bbe091..a76d39a1ca 100755 --- a/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java +++ b/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java @@ -667,13 +667,12 @@ public class RepresentationToModel { } public static void importGroup(RealmModel realm, GroupModel parent, GroupRepresentation group) { - GroupModel newGroup = realm.createGroup(group.getId(), group.getName()); + GroupModel newGroup = realm.createGroup(group.getId(), group.getName(), parent); if (group.getAttributes() != null) { for (Map.Entry> attr : group.getAttributes().entrySet()) { newGroup.setAttribute(attr.getKey(), attr.getValue()); } } - realm.moveGroup(newGroup, parent); if (group.getRealmRoles() != null) { for (String roleString : group.getRealmRoles()) { diff --git a/server-spi/src/main/java/org/keycloak/models/RealmModel.java b/server-spi/src/main/java/org/keycloak/models/RealmModel.java index 0f453eecde..d1a1507324 100755 --- a/server-spi/src/main/java/org/keycloak/models/RealmModel.java +++ b/server-spi/src/main/java/org/keycloak/models/RealmModel.java @@ -471,8 +471,19 @@ public interface RealmModel extends RoleContainerModel { String getDefaultLocale(); void setDefaultLocale(String locale); - GroupModel createGroup(String name); - GroupModel createGroup(String id, String name); + default GroupModel createGroup(String name) { + return createGroup(null, name, null); + }; + + default GroupModel createGroup(String id, String name) { + return createGroup(id, name, null); + }; + + default GroupModel createGroup(String name, GroupModel toParent) { + return createGroup(null, name, toParent); + }; + + GroupModel createGroup(String id, String name, GroupModel toParent); GroupModel getGroupById(String id); List getGroups(); diff --git a/server-spi/src/main/java/org/keycloak/models/RealmProvider.java b/server-spi/src/main/java/org/keycloak/models/RealmProvider.java index de150a7c92..edd04a69dd 100755 --- a/server-spi/src/main/java/org/keycloak/models/RealmProvider.java +++ b/server-spi/src/main/java/org/keycloak/models/RealmProvider.java @@ -56,9 +56,19 @@ public interface RealmProvider extends Provider, ClientProvider { boolean removeGroup(RealmModel realm, GroupModel group); - GroupModel createGroup(RealmModel realm, String name); + default GroupModel createGroup(RealmModel realm, String name) { + return createGroup(realm, null, name, null); + } - GroupModel createGroup(RealmModel realm, String id, String name); + default GroupModel createGroup(RealmModel realm, String id, String name) { + return createGroup(realm, id, name, null); + } + + default GroupModel createGroup(RealmModel realm, String name, GroupModel toParent) { + return createGroup(realm, null, name, toParent); + } + + GroupModel createGroup(RealmModel realm, String id, String name, GroupModel toParent); void addTopLevelGroup(RealmModel realm, GroupModel subGroup); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/GroupResource.java b/services/src/main/java/org/keycloak/services/resources/admin/GroupResource.java index ade68c3f7a..69979c2432 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/GroupResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/GroupResource.java @@ -144,7 +144,7 @@ public class GroupResource { } adminEvent.operation(OperationType.UPDATE); } else { - child = realm.createGroup(rep.getName()); + child = realm.createGroup(rep.getName(), group); updateGroup(rep, child); URI uri = session.getContext().getUri().getBaseUriBuilder() .path(session.getContext().getUri().getMatchedURIs().get(2)) @@ -154,7 +154,6 @@ public class GroupResource { adminEvent.operation(OperationType.CREATE); } - realm.moveGroup(child, group); adminEvent.resourcePath(session.getContext().getUri()).representation(rep).success(); GroupRepresentation childRep = ModelToRepresentation.toGroupHierarchy(child, true); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/GroupsResource.java b/services/src/main/java/org/keycloak/services/resources/admin/GroupsResource.java index 61ac1d5d7d..bc74bf9f43 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/GroupsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/GroupsResource.java @@ -164,7 +164,6 @@ public class GroupsResource { rep.setId(child.getId()); adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), child.getId()); } - realm.moveGroup(child, null); adminEvent.representation(rep).success(); return builder.build(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java index 8e352f0888..df9a656e88 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java @@ -29,8 +29,6 @@ import org.keycloak.admin.client.resource.UsersResource; import org.keycloak.events.admin.OperationType; import org.keycloak.events.admin.ResourceType; import org.keycloak.models.Constants; -import org.keycloak.models.UserModel; -import org.keycloak.models.utils.RepresentationToModel; import org.keycloak.representations.AccessToken; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.CredentialRepresentation; @@ -70,9 +68,14 @@ import org.junit.Rule; import org.junit.rules.ExpectedException; import org.keycloak.admin.client.Keycloak; import org.keycloak.models.AdminRoles; +import org.keycloak.models.ModelDuplicateException; +import org.keycloak.models.RealmModel; +import org.keycloak.models.utils.KeycloakModelUtils; import static org.keycloak.testsuite.Assert.assertNames; import org.keycloak.testsuite.arquillian.AuthServerTestEnricher; +import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected; import org.keycloak.testsuite.auth.page.AuthRealm; +import org.keycloak.testsuite.runonserver.RunOnServerException; import org.keycloak.testsuite.util.GroupBuilder; /** @@ -188,6 +191,43 @@ public class GroupTest extends AbstractGroupTest { assertEquals(409, response.getStatus()); // conflict status 409 - same name not allowed } + @Test + public void allowSameGroupNameAtDifferentLevel() throws Exception { + RealmResource realm = adminClient.realms().realm("test"); + + // creating "/test-group" + GroupRepresentation topGroup = new GroupRepresentation(); + topGroup.setName("test-group"); + topGroup = createGroup(realm, topGroup); + + // creating "/test-group/test-group" + GroupRepresentation childGroup = new GroupRepresentation(); + childGroup.setName("test-group"); + try (Response response = realm.groups().group(topGroup.getId()).subGroup(childGroup)) { + assertEquals(201, response.getStatus()); + } + + assertNotNull(realm.getGroupByPath("/test-group/test-group")); + } + + @Test + @UncaughtServerErrorExpected + public void doNotAllowSameGroupNameAtTopLevelInDatabase() throws Exception { + final String id = KeycloakModelUtils.generateId(); + testingClient.server().run(session -> { + RealmModel realm = session.realms().getRealm("test"); + realm.createGroup(id, "test-group"); + }); + getCleanup().addGroupId(id); + // unique key should work even in top groups + expectedException.expect(RunOnServerException.class); + expectedException.expectMessage(ModelDuplicateException.class.getName()); + testingClient.server().run(session -> { + RealmModel realm = session.realms().getRealm("test"); + realm.createGroup("test-group"); + }); + } + @Test public void createAndTestGroups() throws Exception { RealmResource realm = adminClient.realms().realm("test"); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapper2WaySyncTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapper2WaySyncTest.java index c870f20d71..329e72d50d 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapper2WaySyncTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapper2WaySyncTest.java @@ -82,18 +82,14 @@ public class LDAPGroupMapper2WaySyncTest extends AbstractLDAPTest { removeAllModelGroups(appRealm); GroupModel group1 = appRealm.createGroup("group1"); - appRealm.moveGroup(group1, null); group1.setSingleAttribute(descriptionAttrName, "group1 - description1"); - GroupModel group11 = appRealm.createGroup("group11"); - appRealm.moveGroup(group11, group1); + GroupModel group11 = appRealm.createGroup("group11", group1); - GroupModel group12 = appRealm.createGroup("group12"); - appRealm.moveGroup(group12, group1); + GroupModel group12 = appRealm.createGroup("group12", group1); group12.setSingleAttribute(descriptionAttrName, "group12 - description12"); GroupModel group2 = appRealm.createGroup("group2"); - appRealm.moveGroup(group2, null); }); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapperSyncTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapperSyncTest.java index ea2a28ff5b..5e8e8500e6 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapperSyncTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapperSyncTest.java @@ -276,9 +276,7 @@ public class LDAPGroupMapperSyncTest extends AbstractLDAPTest { // Create some new groups in keycloak GroupModel model1 = realm.createGroup("model1"); - realm.moveGroup(model1, null); - GroupModel model2 = realm.createGroup("model2"); - realm.moveGroup(model2, kcGroup1); + GroupModel model2 = realm.createGroup("model2", kcGroup1); // Sync groups again from LDAP. Nothing deleted syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapperTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapperTest.java index 4540eccfdb..243019f2ae 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapperTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapperTest.java @@ -574,18 +574,13 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest { RealmModel appRealm = ctx.getRealm(); GroupModel group3 = appRealm.createGroup("group3"); - session.realms().addTopLevelGroup(appRealm, group3); - GroupModel group31 = appRealm.createGroup("group31"); - group3.addChild(group31); - GroupModel group32 = appRealm.createGroup("group32"); - group3.addChild(group32); + GroupModel group31 = appRealm.createGroup("group31", group3); + GroupModel group32 = appRealm.createGroup("group32", group3); GroupModel group4 = appRealm.createGroup("group4"); - session.realms().addTopLevelGroup(appRealm, group4); - GroupModel group14 = appRealm.createGroup("group14"); GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1"); - group1.addChild(group14); + GroupModel group14 = appRealm.createGroup("group14", group1); });