From c1664478d92444a91454c5dc1a066326b878d51f Mon Sep 17 00:00:00 2001 From: Gabriel Lavoie Date: Fri, 1 Sep 2017 15:05:12 -0400 Subject: [PATCH] KEYCLOAK-4858: Slow query performance for client with large data volume - Changing RESOURCE_SERVER PK to the client ID. - Changing FK on children of RESOURCE_SERVER. - Use direct fetch of ResourceServer through ID/PK to avoid a lot of implicit Hibernate flush. --- .../client/ClientPolicyProviderFactory.java | 2 +- .../role/RolePolicyProviderFactory.java | 2 +- .../user/UserPolicyProviderFactory.java | 2 +- .../authorization/ResourceServerAdapter.java | 8 +- .../StoreFactoryCacheManager.java | 8 +- .../StoreFactoryCacheSession.java | 39 ++------ .../entities/CachedResourceServer.java | 9 -- .../events/ResourceServerRemovedEvent.java | 2 +- .../events/ResourceServerUpdatedEvent.java | 8 +- .../jpa/entities/ResourceServerEntity.java | 27 +----- .../jpa/store/JPAResourceServerStore.java | 21 +---- .../jpa/store/PolicyAdapter.java | 1 - .../jpa/store/ResourceAdapter.java | 1 - .../jpa/store/ResourceServerAdapter.java | 9 -- .../authorization/jpa/store/ScopeAdapter.java | 2 - .../META-INF/jpa-changelog-3.4.0.xml | 88 +++++++++++++++++++ .../META-INF/jpa-changelog-master.xml | 1 + .../authorization/model/ResourceServer.java | 8 -- .../evaluation/DefaultPolicyEvaluator.java | 2 +- .../store/ResourceServerStore.java | 9 -- .../ClientApplicationSynchronizer.java | 2 +- .../syncronization/RealmSynchronizer.java | 2 +- .../syncronization/UserSynchronizer.java | 4 +- .../migration/migrators/MigrateTo2_1_0.java | 2 +- .../models/utils/ModelToRepresentation.java | 11 ++- .../models/utils/RepresentationToModel.java | 8 +- .../admin/AuthorizationService.java | 8 +- .../admin/PolicyEvaluationService.java | 2 +- .../admin/ResourceSetService.java | 8 +- .../entitlement/EntitlementService.java | 4 +- .../protection/ProtectionService.java | 4 +- .../permission/AbstractPermissionService.java | 2 +- .../authorization/util/Permissions.java | 12 ++- .../exportimport/util/ExportUtils.java | 6 +- .../admin/permissions/ClientPermissions.java | 2 +- .../admin/permissions/GroupPermissions.java | 3 +- .../IdentityProviderPermissions.java | 3 +- .../admin/permissions/MgmtPermissions.java | 5 +- .../admin/permissions/RolePermissions.java | 3 +- .../admin/permissions/UserPermissions.java | 2 +- .../testsuite/admin/AuthzCleanupTest.java | 2 +- .../testsuite/admin/PermissionsTest.java | 2 +- .../PolicyEvaluationCompositeRoleTest.java | 2 +- .../authorization/ResourceManagementTest.java | 1 - 44 files changed, 154 insertions(+), 195 deletions(-) create mode 100644 model/jpa/src/main/resources/META-INF/jpa-changelog-3.4.0.xml diff --git a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java index 6d7ed543ac..13602970d0 100644 --- a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java +++ b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java @@ -108,7 +108,7 @@ public class ClientPolicyProviderFactory implements PolicyProviderFactory { diff --git a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProviderFactory.java b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProviderFactory.java index 933a85971d..4769ee3ef2 100644 --- a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProviderFactory.java +++ b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProviderFactory.java @@ -222,7 +222,7 @@ public class RolePolicyProviderFactory implements PolicyProviderFactory { diff --git a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/user/UserPolicyProviderFactory.java b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/user/UserPolicyProviderFactory.java index 5a90f93227..28d4d0b86c 100644 --- a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/user/UserPolicyProviderFactory.java +++ b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/user/UserPolicyProviderFactory.java @@ -181,7 +181,7 @@ public class UserPolicyProviderFactory implements PolicyProviderFactory { - ResourceServer resourceServer = resourceServerStore.findByClient(clientModel.getId()); + ResourceServer resourceServer = resourceServerStore.findById(clientModel.getId()); if (resourceServer != null) { policyStore.findByType(getId(), resourceServer.getId()).forEach(policy -> { diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/ResourceServerAdapter.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/ResourceServerAdapter.java index bb3ec6cbc0..7d72c9890e 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/ResourceServerAdapter.java +++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/ResourceServerAdapter.java @@ -38,7 +38,7 @@ public class ResourceServerAdapter implements ResourceServer, CachedModel invalidations) { + public void resourceServerUpdated(String id, Set invalidations) { invalidations.add(id); - invalidations.add(StoreFactoryCacheSession.getResourceServerByClientCacheKey(clientId)); + invalidations.add(StoreFactoryCacheSession.getResourceServerByClientCacheKey(id)); } - public void resourceServerRemoval(String id, String name, Set invalidations) { - resourceServerUpdated(id, name, invalidations); + public void resourceServerRemoval(String id, Set invalidations) { + resourceServerUpdated(id, invalidations); addInvalidations(InResourceServerPredicate.create().resourceServer(id), invalidations); } diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheSession.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheSession.java index 2efdd91f2a..c70a43a5e7 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheSession.java +++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheSession.java @@ -229,12 +229,12 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { return invalidations.contains(id); } - public void registerResourceServerInvalidation(String id, String clientId) { - cache.resourceServerUpdated(id, clientId, invalidations); + public void registerResourceServerInvalidation(String id) { + cache.resourceServerUpdated(id, invalidations); ResourceServerAdapter adapter = managedResourceServers.get(id); if (adapter != null) adapter.invalidateFlag(); - invalidationEvents.add(ResourceServerUpdatedEvent.create(id, clientId)); + invalidationEvents.add(ResourceServerUpdatedEvent.create(id)); } public void registerScopeInvalidation(String id, String name, String serverId) { @@ -350,7 +350,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { @Override public ResourceServer create(String clientId) { ResourceServer server = getResourceServerStoreDelegate().create(clientId); - registerResourceServerInvalidation(server.getId(), server.getClientId()); + registerResourceServerInvalidation(server.getId()); return server; } @@ -361,8 +361,8 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { if (server == null) return; cache.invalidateObject(id); - invalidationEvents.add(ResourceServerRemovedEvent.create(id, server.getClientId())); - cache.resourceServerRemoval(id, server.getClientId(), invalidations); + invalidationEvents.add(ResourceServerRemovedEvent.create(id, server.getId())); + cache.resourceServerRemoval(id, invalidations); getResourceServerStoreDelegate().delete(id); } @@ -392,33 +392,6 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { managedResourceServers.put(id, adapter); return adapter; } - - - @Override - public ResourceServer findByClient(String clientId) { - String cacheKey = getResourceServerByClientCacheKey(clientId); - ResourceServerListQuery query = cache.get(cacheKey, ResourceServerListQuery.class); - if (query != null) { - logger.tracev("ResourceServer by clientId cache hit: {0}", clientId); - } - if (query == null) { - Long loaded = cache.getCurrentRevision(cacheKey); - ResourceServer model = getResourceServerStoreDelegate().findByClient(clientId); - if (model == null) return null; - if (invalidations.contains(model.getId())) return model; - query = new ResourceServerListQuery(loaded, cacheKey, model.getId()); - cache.addRevisioned(query, startupRevision); - return model; - } else if (invalidations.contains(cacheKey)) { - return getResourceServerStoreDelegate().findByClient(clientId); - } else { - String serverId = query.getResourceServers().iterator().next(); - if (invalidations.contains(serverId)) { - return getResourceServerStoreDelegate().findByClient(clientId); - } - return findById(serverId); - } - } } protected class ScopeCache implements ScopeStore { diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/entities/CachedResourceServer.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/entities/CachedResourceServer.java index 7dfb5fbf86..a904bd1a3d 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/entities/CachedResourceServer.java +++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/entities/CachedResourceServer.java @@ -22,29 +22,20 @@ import org.keycloak.authorization.model.ResourceServer; import org.keycloak.models.cache.infinispan.entities.AbstractRevisioned; import org.keycloak.representations.idm.authorization.PolicyEnforcementMode; -import java.io.Serializable; - /** * @author Pedro Igor */ public class CachedResourceServer extends AbstractRevisioned { - private String clientId; private boolean allowRemoteResourceManagement; private PolicyEnforcementMode policyEnforcementMode; public CachedResourceServer(Long revision, ResourceServer resourceServer) { super(revision, resourceServer.getId()); - this.clientId = resourceServer.getClientId(); this.allowRemoteResourceManagement = resourceServer.isAllowRemoteResourceManagement(); this.policyEnforcementMode = resourceServer.getPolicyEnforcementMode(); } - - public String getClientId() { - return this.clientId; - } - public boolean isAllowRemoteResourceManagement() { return this.allowRemoteResourceManagement; } diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceServerRemovedEvent.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceServerRemovedEvent.java index fbe5a7aa48..74b8d0c26d 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceServerRemovedEvent.java +++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceServerRemovedEvent.java @@ -49,6 +49,6 @@ public class ResourceServerRemovedEvent extends InvalidationEvent implements Aut @Override public void addInvalidations(StoreFactoryCacheManager cache, Set invalidations) { - cache.resourceServerRemoval(id, clientId, invalidations); + cache.resourceServerRemoval(id, invalidations); } } diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceServerUpdatedEvent.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceServerUpdatedEvent.java index 2034c9b4d6..1862345887 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceServerUpdatedEvent.java +++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/events/ResourceServerUpdatedEvent.java @@ -28,12 +28,10 @@ import java.util.Set; public class ResourceServerUpdatedEvent extends InvalidationEvent implements AuthorizationCacheInvalidationEvent { private String id; - private String clientId; - public static ResourceServerUpdatedEvent create(String id, String clientId) { + public static ResourceServerUpdatedEvent create(String id) { ResourceServerUpdatedEvent event = new ResourceServerUpdatedEvent(); event.id = id; - event.clientId = clientId; return event; } @@ -44,11 +42,11 @@ public class ResourceServerUpdatedEvent extends InvalidationEvent implements Aut @Override public String toString() { - return String.format("ResourceServerRemovedEvent [ id=%s, clientId=%s ]", id, clientId); + return String.format("ResourceServerRemovedEvent [ id=%s, clientId=%s ]", id, id); } @Override public void addInvalidations(StoreFactoryCacheManager cache, Set invalidations) { - cache.resourceServerUpdated(id, clientId, invalidations); + cache.resourceServerUpdated(id, invalidations); } } diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/ResourceServerEntity.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/ResourceServerEntity.java index fabdd9c1e0..46f236d45a 100644 --- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/ResourceServerEntity.java +++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/ResourceServerEntity.java @@ -18,41 +18,24 @@ package org.keycloak.authorization.jpa.entities; -import org.keycloak.authorization.model.ResourceServer; import org.keycloak.representations.idm.authorization.PolicyEnforcementMode; -import javax.persistence.Access; -import javax.persistence.AccessType; import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Id; -import javax.persistence.NamedQueries; -import javax.persistence.NamedQuery; -import javax.persistence.OneToMany; import javax.persistence.Table; -import javax.persistence.UniqueConstraint; -import java.util.List; /** * @author Pedro Igor */ @Entity -@Table(name = "RESOURCE_SERVER", uniqueConstraints = {@UniqueConstraint(columnNames = "CLIENT_ID")}) -@NamedQueries( - { - @NamedQuery(name="findResourceServerIdByClient", query="select r.id from ResourceServerEntity r where r.clientId = :clientId"), - } -) +@Table(name = "RESOURCE_SERVER") public class ResourceServerEntity { @Id @Column(name="ID", length = 36) - @Access(AccessType.PROPERTY) // we do this because relationships often fetch id, but not entity. This avoids an extra SQL private String id; - @Column(name = "CLIENT_ID") - private String clientId; - @Column(name = "ALLOW_RS_REMOTE_MGMT") private boolean allowRemoteResourceManagement; @@ -67,14 +50,6 @@ public class ResourceServerEntity { this.id = id; } - public String getClientId() { - return this.clientId; - } - - public void setClientId(String clientId) { - this.clientId = clientId; - } - public boolean isAllowRemoteResourceManagement() { return this.allowRemoteResourceManagement; } diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAResourceServerStore.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAResourceServerStore.java index 8eb1037ee3..207d4abe4a 100644 --- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAResourceServerStore.java +++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAResourceServerStore.java @@ -22,16 +22,11 @@ import org.keycloak.authorization.jpa.entities.PolicyEntity; import org.keycloak.authorization.jpa.entities.ResourceEntity; import org.keycloak.authorization.jpa.entities.ResourceServerEntity; import org.keycloak.authorization.jpa.entities.ScopeEntity; -import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.ResourceServer; -import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.store.ResourceServerStore; -import org.keycloak.models.utils.KeycloakModelUtils; import javax.persistence.EntityManager; -import javax.persistence.NoResultException; -import javax.persistence.Query; import javax.persistence.TypedQuery; import java.util.LinkedList; import java.util.List; @@ -53,8 +48,7 @@ public class JPAResourceServerStore implements ResourceServerStore { public ResourceServer create(String clientId) { ResourceServerEntity entity = new ResourceServerEntity(); - entity.setId(KeycloakModelUtils.generateId()); - entity.setClientId(clientId); + entity.setId(clientId); this.entityManager.persist(entity); @@ -116,17 +110,4 @@ public class JPAResourceServerStore implements ResourceServerStore { if (entity == null) return null; return new ResourceServerAdapter(entity, entityManager, provider.getStoreFactory()); } - - @Override - public ResourceServer findByClient(final String clientId) { - TypedQuery query = entityManager.createNamedQuery("findResourceServerIdByClient", String.class); - - query.setParameter("clientId", clientId); - try { - String id = query.getSingleResult(); - return provider.getStoreFactory().getResourceServerStore().findById(id); - } catch (NoResultException ex) { - return null; - } - } } diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/PolicyAdapter.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/PolicyAdapter.java index 6fc2d1e85e..b7891659d9 100644 --- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/PolicyAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/PolicyAdapter.java @@ -16,7 +16,6 @@ */ package org.keycloak.authorization.jpa.store; -import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.jpa.entities.PolicyEntity; import org.keycloak.authorization.jpa.entities.ResourceEntity; import org.keycloak.authorization.jpa.entities.ScopeEntity; diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceAdapter.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceAdapter.java index 5c55114901..9ce0de200e 100644 --- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceAdapter.java @@ -16,7 +16,6 @@ */ package org.keycloak.authorization.jpa.store; -import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.jpa.entities.ResourceEntity; import org.keycloak.authorization.jpa.entities.ScopeEntity; import org.keycloak.authorization.model.Resource; diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceServerAdapter.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceServerAdapter.java index 56d585650e..72c7cc1c92 100644 --- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceServerAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceServerAdapter.java @@ -16,11 +16,7 @@ */ package org.keycloak.authorization.jpa.store; -import org.keycloak.authorization.AuthorizationProvider; -import org.keycloak.authorization.jpa.entities.ResourceEntity; import org.keycloak.authorization.jpa.entities.ResourceServerEntity; -import org.keycloak.authorization.model.Policy; -import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.store.StoreFactory; import org.keycloak.models.jpa.JpaModel; @@ -53,11 +49,6 @@ public class ResourceServerAdapter implements ResourceServer, JpaModel + + + + + + + + + + + + + + + + UPDATE RESOURCE_SERVER_POLICY p SET RESOURCE_SERVER_CLIENT_ID=(SELECT CLIENT_ID FROM RESOURCE_SERVER s WHERE s.ID = p.RESOURCE_SERVER_ID); + UPDATE RESOURCE_SERVER_RESOURCE p SET RESOURCE_SERVER_CLIENT_ID=(SELECT CLIENT_ID FROM RESOURCE_SERVER s WHERE s.ID = p.RESOURCE_SERVER_ID); + UPDATE RESOURCE_SERVER_SCOPE p SET RESOURCE_SERVER_CLIENT_ID=(SELECT CLIENT_ID FROM RESOURCE_SERVER s WHERE s.ID = p.RESOURCE_SERVER_ID); + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/model/jpa/src/main/resources/META-INF/jpa-changelog-master.xml b/model/jpa/src/main/resources/META-INF/jpa-changelog-master.xml index 96b9a18dd0..2792861027 100755 --- a/model/jpa/src/main/resources/META-INF/jpa-changelog-master.xml +++ b/model/jpa/src/main/resources/META-INF/jpa-changelog-master.xml @@ -49,4 +49,5 @@ + diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/model/ResourceServer.java b/server-spi-private/src/main/java/org/keycloak/authorization/model/ResourceServer.java index d5b9ac46ab..69c3b6de8a 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/model/ResourceServer.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/model/ResourceServer.java @@ -35,14 +35,6 @@ public interface ResourceServer { */ String getId(); - /** - * Returns the identifier of the client application (which already exists in Keycloak) that is also acting as a resource - * server. - * - * @return the identifier of the client application associated with this instance. - */ - String getClientId(); - /** * Indicates if the resource server is allowed to manage its own resources remotely using the Protection API. * diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultPolicyEvaluator.java b/server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultPolicyEvaluator.java index 1ec8887d5d..c720504712 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultPolicyEvaluator.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultPolicyEvaluator.java @@ -165,7 +165,7 @@ public class DefaultPolicyEvaluator implements PolicyEvaluator { List resourcesByType = resourceStore.findByType(type, resource.getResourceServer().getId()); for (Resource resourceType : resourcesByType) { - if (resourceType.getOwner().equals(resource.getResourceServer().getClientId())) { + if (resourceType.getOwner().equals(resource.getResourceServer().getId())) { resources.add(resourceType); } } diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/store/ResourceServerStore.java b/server-spi-private/src/main/java/org/keycloak/authorization/store/ResourceServerStore.java index 742f98b299..d01b19a411 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/store/ResourceServerStore.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/store/ResourceServerStore.java @@ -51,13 +51,4 @@ public interface ResourceServerStore { * @return the resource server instance with the given identifier or null if no instance was found */ ResourceServer findById(String id); - - /** - * Returns a {@link ResourceServer} instance based on the identifier of a client application. - * - * @param id the identifier of an existing client application - * - * @return the resource server instance, with the given client id or null if no instance was found - */ - ResourceServer findByClient(String id); } diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java index aeb039dc4f..d8af293e0f 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java @@ -37,7 +37,7 @@ public class ClientApplicationSynchronizer implements Synchronizer { StoreFactory storeFactory = authorizationProvider.getStoreFactory(); event.getRealm().getClients().forEach(clientModel -> { - ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel.getId()); + ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); if (resourceServer != null) { String id = resourceServer.getId(); diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/UserSynchronizer.java b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/UserSynchronizer.java index 03a2cda718..b760e8d598 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/UserSynchronizer.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/UserSynchronizer.java @@ -17,8 +17,6 @@ package org.keycloak.authorization.store.syncronization; -import java.util.function.Consumer; - import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.store.PolicyStore; @@ -48,7 +46,7 @@ public class UserSynchronizer implements Synchronizer { RealmModel realm = event.getRealm(); realm.getClients().forEach(clientModel -> { - ResourceServer resourceServer = resourceServerStore.findByClient(clientModel.getId()); + ResourceServer resourceServer = resourceServerStore.findById(clientModel.getId()); if (resourceServer != null) { resourceStore.findByOwner(userModel.getId(), resourceServer.getId()).forEach(resource -> { diff --git a/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo2_1_0.java b/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo2_1_0.java index d1e0ca2b35..9ff2a52cd7 100644 --- a/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo2_1_0.java +++ b/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo2_1_0.java @@ -67,7 +67,7 @@ public class MigrateTo2_1_0 implements Migration { StoreFactory storeFactory = authorizationProvider.getStoreFactory(); PolicyStore policyStore = storeFactory.getPolicyStore(); realm.getClients().forEach(clientModel -> { - ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel.getId()); + ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(clientModel.getId()); if (resourceServer != null) { policyStore.findByType("role", resourceServer.getId()).forEach(policy -> { diff --git a/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java b/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java index ef95c0ae6a..172147a20f 100755 --- a/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java +++ b/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java @@ -35,7 +35,6 @@ import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.policy.provider.PolicyProviderFactory; import org.keycloak.authorization.store.ResourceStore; -import org.keycloak.common.Profile; import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.common.util.Time; import org.keycloak.component.ComponentModel; @@ -43,10 +42,10 @@ import org.keycloak.credential.CredentialModel; import org.keycloak.events.Event; import org.keycloak.events.admin.AdminEvent; import org.keycloak.events.admin.AuthDetails; +import org.keycloak.models.AuthenticatedClientSessionModel; import org.keycloak.models.AuthenticationExecutionModel; import org.keycloak.models.AuthenticationFlowModel; import org.keycloak.models.AuthenticatorConfigModel; -import org.keycloak.models.AuthenticatedClientSessionModel; import org.keycloak.models.ClientModel; import org.keycloak.models.ClientTemplateModel; import org.keycloak.models.FederatedIdentityModel; @@ -789,7 +788,7 @@ public class ModelToRepresentation { ResourceServerRepresentation server = new ResourceServerRepresentation(); server.setId(model.getId()); - server.setClientId(model.getClientId()); + server.setClientId(model.getId()); server.setName(client.getClientId()); server.setAllowRemoteResourceManagement(model.isAllowRemoteResourceManagement()); server.setPolicyEnforcementMode(model.getPolicyEnforcementMode()); @@ -852,8 +851,8 @@ public class ModelToRepresentation { KeycloakSession keycloakSession = authorization.getKeycloakSession(); RealmModel realm = authorization.getRealm(); - if (owner.getId().equals(resourceServer.getClientId())) { - ClientModel clientModel = realm.getClientById(resourceServer.getClientId()); + if (owner.getId().equals(resourceServer.getId())) { + ClientModel clientModel = realm.getClientById(resourceServer.getId()); owner.setName(clientModel.getClientId()); } else { UserModel userModel = keycloakSession.users().getUserById(owner.getId(), realm); @@ -882,7 +881,7 @@ public class ModelToRepresentation { if (resource.getType() != null) { ResourceStore resourceStore = authorization.getStoreFactory().getResourceStore(); for (Resource typed : resourceStore.findByType(resource.getType(), resourceServer.getId())) { - if (typed.getOwner().equals(resourceServer.getClientId()) && !typed.getId().equals(resource.getId())) { + if (typed.getOwner().equals(resourceServer.getId()) && !typed.getId().equals(resource.getId())) { resource.setTypedScopes(typed.getScopes().stream().map(model1 -> { ScopeRepresentation scope = new ScopeRepresentation(); scope.setId(model1.getId()); diff --git a/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java b/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java index 3fdddde16a..ad838ff414 100755 --- a/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java +++ b/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java @@ -1922,7 +1922,7 @@ public class RepresentationToModel { public static void toModel(ResourceServerRepresentation rep, AuthorizationProvider authorization) { ResourceServerStore resourceServerStore = authorization.getStoreFactory().getResourceServerStore(); ResourceServer resourceServer; - ResourceServer existing = resourceServerStore.findByClient(rep.getClientId()); + ResourceServer existing = resourceServerStore.findById(rep.getClientId()); if (existing == null) { resourceServer = resourceServerStore.create(rep.getClientId()); @@ -1947,7 +1947,7 @@ public class RepresentationToModel { if (owner == null) { owner = new ResourceOwnerRepresentation(); - owner.setId(resourceServer.getClientId()); + owner.setId(resourceServer.getId()); resource.setOwner(owner); } else if (owner.getName() != null) { UserModel user = session.users().getUserByUsername(owner.getName(), realm); @@ -2270,7 +2270,7 @@ public class RepresentationToModel { if (owner == null) { owner = new ResourceOwnerRepresentation(); - owner.setId(resourceServer.getClientId()); + owner.setId(resourceServer.getId()); } String ownerId = owner.getId(); @@ -2279,7 +2279,7 @@ public class RepresentationToModel { throw new RuntimeException("No owner specified for resource [" + resource.getName() + "]."); } - if (!resourceServer.getClientId().equals(ownerId)) { + if (!resourceServer.getId().equals(ownerId)) { RealmModel realm = authorization.getRealm(); KeycloakSession keycloakSession = authorization.getKeycloakSession(); UserProvider users = keycloakSession.users(); diff --git a/services/src/main/java/org/keycloak/authorization/admin/AuthorizationService.java b/services/src/main/java/org/keycloak/authorization/admin/AuthorizationService.java index 3d4f163363..72772e29da 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/AuthorizationService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/AuthorizationService.java @@ -18,15 +18,15 @@ package org.keycloak.authorization.admin; +import javax.ws.rs.Path; + import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.model.ResourceServer; import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; -import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; import org.keycloak.services.resources.admin.AdminEventBuilder; - -import javax.ws.rs.Path; +import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; /** * @author Pedro Igor @@ -43,7 +43,7 @@ public class AuthorizationService { this.client = client; this.authorization = session.getProvider(AuthorizationProvider.class); this.adminEvent = adminEvent; - this.resourceServer = this.authorization.getStoreFactory().getResourceServerStore().findByClient(this.client.getId()); + this.resourceServer = this.authorization.getStoreFactory().getResourceServerStore().findById(this.client.getId()); this.auth = auth; } diff --git a/services/src/main/java/org/keycloak/authorization/admin/PolicyEvaluationService.java b/services/src/main/java/org/keycloak/authorization/admin/PolicyEvaluationService.java index ecebaae34a..e3903a8f0f 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/PolicyEvaluationService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/PolicyEvaluationService.java @@ -229,7 +229,7 @@ public class PolicyEvaluationService { String clientId = representation.getClientId(); if (clientId == null) { - clientId = resourceServer.getClientId(); + clientId = resourceServer.getId(); } if (clientId != null) { diff --git a/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java b/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java index 3f8b7373c3..f4d685c9cd 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java @@ -30,17 +30,15 @@ import org.keycloak.events.admin.OperationType; import org.keycloak.events.admin.ResourceType; import org.keycloak.models.ClientModel; import org.keycloak.models.Constants; -import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; -import org.keycloak.models.UserProvider; import org.keycloak.representations.idm.authorization.PolicyRepresentation; import org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation; import org.keycloak.representations.idm.authorization.ResourceRepresentation; import org.keycloak.representations.idm.authorization.ScopeRepresentation; import org.keycloak.services.ErrorResponse; -import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; import org.keycloak.services.resources.admin.AdminEventBuilder; +import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; import javax.ws.rs.Consumes; import javax.ws.rs.DELETE; @@ -103,7 +101,7 @@ public class ResourceSetService { if (owner == null) { owner = new ResourceOwnerRepresentation(); - owner.setId(resourceServer.getClientId()); + owner.setId(resourceServer.getId()); } String ownerId = owner.getId(); @@ -217,7 +215,7 @@ public class ResourceSetService { if (model.getType() != null) { ResourceStore resourceStore = authorization.getStoreFactory().getResourceStore(); for (Resource typed : resourceStore.findByType(model.getType(), resourceServer.getId())) { - if (typed.getOwner().equals(resourceServer.getClientId()) && !typed.getId().equals(model.getId())) { + if (typed.getOwner().equals(resourceServer.getId()) && !typed.getId().equals(model.getId())) { scopes.addAll(typed.getScopes().stream().map(model1 -> { ScopeRepresentation scope = new ScopeRepresentation(); scope.setId(model1.getId()); diff --git a/services/src/main/java/org/keycloak/authorization/entitlement/EntitlementService.java b/services/src/main/java/org/keycloak/authorization/entitlement/EntitlementService.java index 54097bbe36..0108eab934 100644 --- a/services/src/main/java/org/keycloak/authorization/entitlement/EntitlementService.java +++ b/services/src/main/java/org/keycloak/authorization/entitlement/EntitlementService.java @@ -119,7 +119,7 @@ public class EntitlementService { } StoreFactory storeFactory = authorization.getStoreFactory(); - ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(client.getId()); + ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(client.getId()); if (resourceServer == null) { throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Client does not support permissions", Status.FORBIDDEN); @@ -152,7 +152,7 @@ public class EntitlementService { } StoreFactory storeFactory = authorization.getStoreFactory(); - ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(client.getId()); + ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(client.getId()); if (resourceServer == null) { throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Client does not support permissions", Status.FORBIDDEN); diff --git a/services/src/main/java/org/keycloak/authorization/protection/ProtectionService.java b/services/src/main/java/org/keycloak/authorization/protection/ProtectionService.java index 377927983e..30afbc798b 100644 --- a/services/src/main/java/org/keycloak/authorization/protection/ProtectionService.java +++ b/services/src/main/java/org/keycloak/authorization/protection/ProtectionService.java @@ -100,7 +100,7 @@ public class ProtectionService { ResourceServer resourceServer = getResourceServer(identity); KeycloakSession keycloakSession = authorization.getKeycloakSession(); RealmModel realm = keycloakSession.getContext().getRealm(); - ClientModel client = realm.getClientById(resourceServer.getClientId()); + ClientModel client = realm.getClientById(resourceServer.getId()); if (!identity.hasClientRole(client.getClientId(), "uma_protection")) { throw new ErrorResponseException(OAuthErrorException.INVALID_SCOPE, "Requires uma_protection scope.", Status.FORBIDDEN); @@ -117,7 +117,7 @@ public class ProtectionService { throw new ErrorResponseException("invalid_clientId", "Client application with id [" + identity.getId() + "] does not exist in realm [" + realm.getName() + "]", Status.BAD_REQUEST); } - ResourceServer resourceServer = this.authorization.getStoreFactory().getResourceServerStore().findByClient(identity.getId()); + ResourceServer resourceServer = this.authorization.getStoreFactory().getResourceServerStore().findById(identity.getId()); if (resourceServer == null) { throw new ErrorResponseException("invalid_clientId", "Client application [" + clientApplication.getClientId() + "] is not registered as resource server.", Status.FORBIDDEN); diff --git a/services/src/main/java/org/keycloak/authorization/protection/permission/AbstractPermissionService.java b/services/src/main/java/org/keycloak/authorization/protection/permission/AbstractPermissionService.java index 665fe8f5af..1e669cfa04 100644 --- a/services/src/main/java/org/keycloak/authorization/protection/permission/AbstractPermissionService.java +++ b/services/src/main/java/org/keycloak/authorization/protection/permission/AbstractPermissionService.java @@ -114,7 +114,7 @@ public class AbstractPermissionService { } for (Resource baseResource : authorization.getStoreFactory().getResourceStore().findByType(resource.getType(), resourceServer.getId())) { - if (baseResource.getOwner().equals(resource.getResourceServer().getClientId())) { + if (baseResource.getOwner().equals(resource.getResourceServer().getId())) { for (Scope baseScope : baseResource.getScopes()) { if (baseScope.getName().equals(scopeName)) { return new ScopeRepresentation(scopeName); diff --git a/services/src/main/java/org/keycloak/authorization/util/Permissions.java b/services/src/main/java/org/keycloak/authorization/util/Permissions.java index b0e5daa364..a420cf9bb5 100644 --- a/services/src/main/java/org/keycloak/authorization/util/Permissions.java +++ b/services/src/main/java/org/keycloak/authorization/util/Permissions.java @@ -20,8 +20,6 @@ package org.keycloak.authorization.util; import java.util.ArrayList; import java.util.Arrays; -import java.util.Collections; -import java.util.HashMap; import java.util.HashSet; import java.util.LinkedHashMap; import java.util.LinkedList; @@ -70,7 +68,7 @@ public final class Permissions { StoreFactory storeFactory = authorization.getStoreFactory(); ResourceStore resourceStore = storeFactory.getResourceStore(); - resourceStore.findByOwner(resourceServer.getClientId(), resourceServer.getId()).stream().forEach(resource -> permissions.addAll(createResourcePermissionsWithScopes(resource, new LinkedList(resource.getScopes()), authorization))); + resourceStore.findByOwner(resourceServer.getId(), resourceServer.getId()).stream().forEach(resource -> permissions.addAll(createResourcePermissionsWithScopes(resource, new LinkedList(resource.getScopes()), authorization))); resourceStore.findByOwner(identity.getId(), resourceServer.getId()).stream().forEach(resource -> permissions.addAll(createResourcePermissionsWithScopes(resource, new LinkedList(resource.getScopes()), authorization))); return permissions; @@ -86,11 +84,11 @@ public final class Permissions { scopes = new LinkedList<>(resource.getScopes()); // check if there is a typed resource whose scopes are inherited by the resource being requested. In this case, we assume that parent resource // is owned by the resource server itself - if (type != null && !resource.getOwner().equals(resourceServer.getClientId())) { + if (type != null && !resource.getOwner().equals(resourceServer.getId())) { StoreFactory storeFactory = authorization.getStoreFactory(); ResourceStore resourceStore = storeFactory.getResourceStore(); resourceStore.findByType(type, resourceServer.getId()).forEach(resource1 -> { - if (resource1.getOwner().equals(resourceServer.getClientId())) { + if (resource1.getOwner().equals(resourceServer.getId())) { for (Scope typeScope : resource1.getScopes()) { if (!scopes.contains(typeScope)) { scopes.add(typeScope); @@ -123,11 +121,11 @@ public final class Permissions { // check if there is a typed resource whose scopes are inherited by the resource being requested. In this case, we assume that parent resource // is owned by the resource server itself - if (type != null && !resource.getOwner().equals(resourceServer.getClientId())) { + if (type != null && !resource.getOwner().equals(resourceServer.getId())) { StoreFactory storeFactory = authorization.getStoreFactory(); ResourceStore resourceStore = storeFactory.getResourceStore(); resourceStore.findByType(type, resourceServer.getId()).forEach(resource1 -> { - if (resource1.getOwner().equals(resourceServer.getClientId())) { + if (resource1.getOwner().equals(resourceServer.getId())) { for (Scope typeScope : resource1.getScopes()) { if (!scopes.contains(typeScope)) { scopes.add(typeScope); diff --git a/services/src/main/java/org/keycloak/exportimport/util/ExportUtils.java b/services/src/main/java/org/keycloak/exportimport/util/ExportUtils.java index fa1e238b04..371c4daa01 100755 --- a/services/src/main/java/org/keycloak/exportimport/util/ExportUtils.java +++ b/services/src/main/java/org/keycloak/exportimport/util/ExportUtils.java @@ -55,7 +55,6 @@ import org.keycloak.models.RoleContainerModel; import org.keycloak.models.RoleModel; import org.keycloak.models.UserConsentModel; import org.keycloak.models.UserModel; -import org.keycloak.models.UserProvider; import org.keycloak.models.utils.ModelToRepresentation; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.ClientTemplateRepresentation; @@ -73,6 +72,7 @@ import org.keycloak.representations.idm.authorization.ResourceRepresentation; import org.keycloak.representations.idm.authorization.ResourceServerRepresentation; import org.keycloak.representations.idm.authorization.ScopeRepresentation; import org.keycloak.util.JsonSerialization; + import com.fasterxml.jackson.core.JsonEncoding; import com.fasterxml.jackson.core.JsonFactory; import com.fasterxml.jackson.core.JsonGenerator; @@ -298,7 +298,7 @@ public class ExportUtils { AuthorizationProviderFactory providerFactory = (AuthorizationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class); AuthorizationProvider authorization = providerFactory.create(session, client.getRealm()); StoreFactory storeFactory = authorization.getStoreFactory(); - ResourceServer settingsModel = authorization.getStoreFactory().getResourceServerStore().findByClient(client.getId()); + ResourceServer settingsModel = authorization.getStoreFactory().getResourceServerStore().findById(client.getId()); if (settingsModel == null) { return null; @@ -314,7 +314,7 @@ public class ExportUtils { .stream().map(resource -> { ResourceRepresentation rep = toRepresentation(resource, settingsModel, authorization); - if (rep.getOwner().getId().equals(settingsModel.getClientId())) { + if (rep.getOwner().getId().equals(settingsModel.getId())) { rep.setOwner(null); } else { rep.getOwner().setId(null); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissions.java index 8aeb9abdf4..149b313bc9 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissions.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissions.java @@ -112,7 +112,7 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionM String resourceName = getResourceName(client); Resource resource = authz.getStoreFactory().getResourceStore().findByName(resourceName, server.getId()); if (resource == null) { - resource = authz.getStoreFactory().getResourceStore().create(resourceName, server, server.getClientId()); + resource = authz.getStoreFactory().getResourceStore().create(resourceName, server, server.getId()); resource.setType("Client"); Set scopeset = new HashSet<>(); scopeset.add(configureScope); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java index 46b15d024e..c6aa3c6434 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java @@ -26,7 +26,6 @@ import org.keycloak.models.AdminRoles; import org.keycloak.models.GroupModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; -import org.keycloak.models.utils.ModelToRepresentation; import org.keycloak.services.ForbiddenException; import java.util.HashMap; @@ -95,7 +94,7 @@ class GroupPermissions implements GroupPermissionEvaluator, GroupPermissionManag String groupResourceName = getGroupResourceName(group); Resource groupResource = authz.getStoreFactory().getResourceStore().findByName(groupResourceName, server.getId()); if (groupResource == null) { - groupResource = authz.getStoreFactory().getResourceStore().create(groupResourceName, server, server.getClientId()); + groupResource = authz.getStoreFactory().getResourceStore().create(groupResourceName, server, server.getId()); Set scopeset = new HashSet<>(); scopeset.add(manageScope); scopeset.add(viewScope); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/IdentityProviderPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/IdentityProviderPermissions.java index 71661b12cc..9be37d6b6e 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/IdentityProviderPermissions.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/IdentityProviderPermissions.java @@ -32,7 +32,6 @@ import org.keycloak.models.RealmModel; import java.util.Arrays; import java.util.Collection; -import java.util.HashMap; import java.util.HashSet; import java.util.LinkedHashMap; import java.util.Map; @@ -76,7 +75,7 @@ class IdentityProviderPermissions implements IdentityProviderPermissionManageme String resourceName = getResourceName(idp); Resource resource = authz.getStoreFactory().getResourceStore().findByName(resourceName, server.getId()); if (resource == null) { - resource = authz.getStoreFactory().getResourceStore().create(resourceName, server, server.getClientId()); + resource = authz.getStoreFactory().getResourceStore().create(resourceName, server, server.getId()); resource.setType("IdentityProvider"); Set scopeset = new HashSet<>(); scopeset.add(exchangeToScope); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/MgmtPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/MgmtPermissions.java index 80812f2d5d..6fa044f255 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/MgmtPermissions.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/MgmtPermissions.java @@ -40,7 +40,6 @@ import org.keycloak.models.Constants; import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.models.RealmModel; -import org.keycloak.models.RoleModel; import org.keycloak.models.UserModel; import org.keycloak.services.ForbiddenException; import org.keycloak.services.managers.RealmManager; @@ -252,7 +251,7 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage ResourceServerStore resourceServerStore = authz.getStoreFactory().getResourceServerStore(); ClientModel client = getRealmManagementClient(); if (client == null) return null; - realmResourceServer = authz.getStoreFactory().getResourceServerStore().findByClient(client.getId()); + realmResourceServer = authz.getStoreFactory().getResourceServerStore().findById(client.getId()); return realmResourceServer; } @@ -260,7 +259,7 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage public ResourceServer initializeRealmResourceServer() { if (realmResourceServer != null) return realmResourceServer; ClientModel client = getRealmManagementClient(); - realmResourceServer = authz.getStoreFactory().getResourceServerStore().findByClient(client.getId()); + realmResourceServer = authz.getStoreFactory().getResourceServerStore().findById(client.getId()); if (realmResourceServer == null) { realmResourceServer = authz.getStoreFactory().getResourceServerStore().create(client.getId()); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/RolePermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/RolePermissions.java index 0e12861929..361cb0c25a 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/RolePermissions.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/RolePermissions.java @@ -34,7 +34,6 @@ import org.keycloak.models.RoleModel; import org.keycloak.representations.idm.authorization.DecisionStrategy; import org.keycloak.services.ForbiddenException; -import java.util.HashMap; import java.util.HashSet; import java.util.LinkedHashMap; import java.util.Map; @@ -541,7 +540,7 @@ class RolePermissions implements RolePermissionEvaluator, RolePermissionManageme String roleResourceName = getRoleResourceName(role); Resource resource = authz.getStoreFactory().getResourceStore().findByName(roleResourceName, server.getId()); if (resource == null) { - resource = authz.getStoreFactory().getResourceStore().create(roleResourceName, server, server.getClientId()); + resource = authz.getStoreFactory().getResourceStore().create(roleResourceName, server, server.getId()); Set scopeset = new HashSet<>(); scopeset.add(mapClientScope); scopeset.add(mapCompositeScope); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java index 3ac26ed5fa..0078497bf6 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java @@ -84,7 +84,7 @@ class UserPermissions implements UserPermissionEvaluator, UserPermissionManageme Resource usersResource = authz.getStoreFactory().getResourceStore().findByName(USERS_RESOURCE, server.getId()); if (usersResource == null) { - usersResource = authz.getStoreFactory().getResourceStore().create(USERS_RESOURCE, server, server.getClientId()); + usersResource = authz.getStoreFactory().getResourceStore().create(USERS_RESOURCE, server, server.getId()); Set scopeset = new HashSet<>(); scopeset.add(manageScope); scopeset.add(viewScope); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AuthzCleanupTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AuthzCleanupTest.java index 5adec447e8..11eac1202a 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AuthzCleanupTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AuthzCleanupTest.java @@ -85,7 +85,7 @@ public class AuthzCleanupTest extends AbstractKeycloakTest { session.getContext().setRealm(realm); AuthorizationProvider authz = session.getProvider(AuthorizationProvider.class); ClientModel myclient = realm.getClientByClientId("myclient"); - ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().findByClient(myclient.getId()); + ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().findById(myclient.getId()); createRolePolicy(authz, resourceServer, "client-role-1"); createRolePolicy(authz, resourceServer, "client-role-2"); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java index 16b080497c..42dbdb0856 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java @@ -1829,7 +1829,7 @@ public class PermissionsTest extends AbstractKeycloakTest { for (Method m : rep.getClass().getDeclaredMethods()) { if (m.getParameters().length == 0 && m.getName().startsWith("get") && !ignoreList.contains(m.getName())) { - try { + try { Object o = m.invoke(rep); assertNull("Expected " + m.getName() + " to be null", o); } catch (Exception e) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PolicyEvaluationCompositeRoleTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PolicyEvaluationCompositeRoleTest.java index cb93c96f02..1c57147371 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PolicyEvaluationCompositeRoleTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PolicyEvaluationCompositeRoleTest.java @@ -87,7 +87,7 @@ public class PolicyEvaluationCompositeRoleTest extends AbstractAuthzTest { Policy policy = createRolePolicy(authz, resourceServer, role1); Scope scope = authz.getStoreFactory().getScopeStore().create("myscope", resourceServer); - Resource resource = authz.getStoreFactory().getResourceStore().create("myresource", resourceServer, resourceServer.getClientId()); + Resource resource = authz.getStoreFactory().getResourceStore().create("myresource", resourceServer, resourceServer.getId()); addScopePermission(authz, resourceServer, "mypermission", resource, scope, policy); RoleModel composite = realm.addRole("composite"); diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/authorization/ResourceManagementTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/authorization/ResourceManagementTest.java index 4a4fc9a4ad..b9a75a42c4 100644 --- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/authorization/ResourceManagementTest.java +++ b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/authorization/ResourceManagementTest.java @@ -61,7 +61,6 @@ public class ResourceManagementTest extends AbstractPhotozAdminTest { assertEquals("Resource Type", resourceModel.getType()); assertEquals("Resource Icon URI", resourceModel.getIconUri()); assertEquals("Resource URI", resourceModel.getUri()); - assertEquals(resourceServer.getClientId(), resourceModel.getOwner()); assertEquals(resourceServer.getId(), resourceModel.getResourceServer().getId()); }); }