libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

KEYCLOAK-13633 refactor(tomcat-adapter-spi): remove usage of java.security.acl.Group to make jdk 15 possible

Browse source 
Signed-off-by: Phillip Schichtel <phillip@schich.tel>
This commit is contained in:
Pascal Keßler 2020-10-23 18:58:15 +02:00 committed by Marek Posolda
parent 717d9515fa
commit b3ee471e11
2 changed files with 16 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

54
adapters/spi/tomcat-adapter-spi/src/main/java/org/keycloak/adapters/tomcat/GenericPrincipalFactory.java
View file

@ -22,13 +22,7 @@ import org.apache.catalina.realm.GenericPrincipal;
import javax.security.auth.Subject; import javax.security.auth.Subject;
import java.security.Principal; import java.security.Principal;
import java.security.acl.Group; import java.util.*;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
/** /**
* @author <a href="mailto:ungarida@gmail.com">Davide Ungari</a> * @author <a href="mailto:ungarida@gmail.com">Davide Ungari</a>
@ -40,24 +34,18 @@ public abstract class GenericPrincipalFactory {
Subject subject = new Subject(); Subject subject = new Subject();
Set<Principal> principals = subject.getPrincipals(); Set<Principal> principals = subject.getPrincipals();
principals.add(identity); principals.add(identity);
Group[] roleSets = getRoleSets(roleSet); final SimpleGroup[] roleSets = getRoleSets(roleSet);
for (int g = 0; g < roleSets.length; g++) { for (SimpleGroup group : roleSets) {
Group group = roleSets[g];
String name = group.getName(); String name = group.getName();
Group subjectGroup = createGroup(name, principals); SimpleGroup subjectGroup = createGroup(name, principals);
// Copy the group members to the Subject group // Copy the group members to the Subject group
Enumeration<? extends Principal> members = group.members(); Enumeration<? extends Principal> members = group.members();
while (members.hasMoreElements()) { while (members.hasMoreElements()) {
Principal role = (Principal) members.nextElement(); Principal role = members.nextElement();
subjectGroup.addMember(role); subjectGroup.addMember(role);
} }
} }
return createPrincipal(getPrincipal(subject), new ArrayList<>(roleSet));
Principal userPrincipal = getPrincipal(subject);
List<String> rolesAsStringList = new ArrayList<String>();
rolesAsStringList.addAll(roleSet);
GenericPrincipal principal = createPrincipal(userPrincipal, rolesAsStringList);
return principal;
} }
protected abstract GenericPrincipal createPrincipal(Principal userPrincipal, List<String> roles); protected abstract GenericPrincipal createPrincipal(Principal userPrincipal, List<String> roles);
@ -71,36 +59,24 @@ public abstract class GenericPrincipalFactory {
*/ */
protected Principal getPrincipal(Subject subject) { protected Principal getPrincipal(Subject subject) {
Principal principal = null; Principal principal = null;
Principal callerPrincipal = null;
if (subject != null) { if (subject != null) {
Set<Principal> principals = subject.getPrincipals(); Set<Principal> principals = subject.getPrincipals();
if (principals != null && !principals.isEmpty()) { if (principals != null && !principals.isEmpty()) {
for (Principal p : principals) { for (Principal p : principals) {
if (!(p instanceof Group) && principal == null) { if (!(p instanceof SimpleGroup) && principal == null) {
principal = p; principal = p;
} }
// if (p instanceof Group) {
// Group g = Group.class.cast(p);
// if (g.getName().equals(SecurityConstants.CALLER_PRINCIPAL_GROUP) && callerPrincipal == null) {
// Enumeration<? extends Principal> e = g.members();
// if (e.hasMoreElements())
// callerPrincipal = e.nextElement();
// }
// }
} }
} }
} }
return callerPrincipal == null ? principal : callerPrincipal; return principal;
} }
protected Group createGroup(String name, Set<Principal> principals) { protected SimpleGroup createGroup(String name, Set<Principal> principals) {
Group roles = null; SimpleGroup roles = null;
Iterator<Principal> iter = principals.iterator(); for (final Object next : principals) {
while (iter.hasNext()) { if (!(next instanceof SimpleGroup)) continue;
Object next = iter.next(); SimpleGroup grp = (SimpleGroup) next;
if (!(next instanceof Group))
continue;
Group grp = (Group) next;
if (grp.getName().equals(name)) { if (grp.getName().equals(name)) {
roles = grp; roles = grp;
break; break;
@ -114,9 +90,9 @@ public abstract class GenericPrincipalFactory {
return roles; return roles;
} }
protected Group[] getRoleSets(Collection<String> roleSet) { protected SimpleGroup[] getRoleSets(Collection<String> roleSet) {
SimpleGroup roles = new SimpleGroup("Roles"); SimpleGroup roles = new SimpleGroup("Roles");
Group[] roleSets = {roles}; SimpleGroup[] roleSets = {roles};
for (String role : roleSet) { for (String role : roleSet) {
roles.addMember(new SimplePrincipal(role)); roles.addMember(new SimplePrincipal(role));
} }

3
adapters/spi/tomcat-adapter-spi/src/main/java/org/keycloak/adapters/tomcat/SimpleGroup.java
View file

@ -18,13 +18,12 @@
package org.keycloak.adapters.tomcat; package org.keycloak.adapters.tomcat;
import java.security.Principal; import java.security.Principal;
import java.security.acl.Group;
import java.util.Collections; import java.util.Collections;
import java.util.Enumeration; import java.util.Enumeration;
import java.util.HashSet; import java.util.HashSet;
import java.util.Set; import java.util.Set;
public class SimpleGroup extends SimplePrincipal implements Group { public class SimpleGroup extends SimplePrincipal {
private final Set<Principal> members = new HashSet<Principal>(); private final Set<Principal> members = new HashSet<Principal>();
/** /**