Merge pull request #1660 from mposolda/master

Fixes
2015-09-30 17:16:44 +02:00 · 2015-09-30 17:16:44 +02:00 · c6b34f32a1
commit c6b34f32a1
parent 974c0a50e7 4f6d3c8dca
7 changed files with 24 additions and 15 deletions
--- a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java
+++ b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java
@ -244,7 +244,7 @@ public class KerberosFederationProvider implements UserFederationProvider {
        // Just guessing email from kerberos realm
        String email = username + "@" + kerberosConfig.getKerberosRealm().toLowerCase();
-        logger.info("Creating kerberos user: " + username + ", email: " + email + " to local Keycloak storage");
+        logger.debugf("Creating kerberos user: %s, email: %s to local Keycloak storage", username, email);
        UserModel user = session.userStorage().addUser(realm, username);
        user.setEnabled(true);
        user.setEmail(email);
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/RoleLDAPFederationMapper.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/RoleLDAPFederationMapper.java
@ -106,7 +106,7 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
                String roleName = ldapRole.getAttributeAsString(rolesRdnAttr);
                if (roleContainer.getRole(roleName) == null) {
-                    logger.infof("Syncing role [%s] from LDAP to keycloak DB", roleName);
+                    logger.debugf("Syncing role [%s] from LDAP to keycloak DB", roleName);
                    roleContainer.addRole(roleName);
                }
            }
@ -208,7 +208,7 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
        roleDn.addFirst(roleNameAttribute, roleName);
        ldapObject.setDn(roleDn);
-        logger.infof("Creating role [%s] to LDAP with DN [%s]", roleName, roleDn.toString());
+        logger.debugf("Creating role [%s] to LDAP with DN [%s]", roleName, roleDn.toString());
        ldapProvider.getLdapIdentityStore().add(ldapObject);
        return ldapObject;
    }
--- a/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_6_0.java
+++ b/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_6_0.java
@ -4,9 +4,11 @@ import java.util.List;
 import org.keycloak.migration.ModelVersion;
 import org.keycloak.models.ClientModel;
 import org.keycloak.models.Constants;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RoleModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.models.utils.KeycloakModelUtils;
 /**
@ -19,17 +21,24 @@ public class MigrateTo1_6_0 {
    public void migrate(KeycloakSession session) {
        List<RealmModel> realms = session.realms().getRealms();
        for (RealmModel realm : realms) {
            if (realm.getRole(Constants.OFFLINE_ACCESS_ROLE) == null) {
                for (RoleModel realmRole : realm.getRoles()) {
                    realmRole.setScopeParamRequired(false);
                }
                for (ClientModel client : realm.getClients()) {
                    for (RoleModel clientRole : client.getRoles()) {
                        clientRole.setScopeParamRequired(false);
                    }
                }
-            for (RoleModel realmRole : realm.getRoles()) {
+                KeycloakModelUtils.setupOfflineTokens(realm);
-                realmRole.setScopeParamRequired(false);
+                RoleModel role = realm.getRole(Constants.OFFLINE_ACCESS_ROLE);
-            }
+
-            for (ClientModel client : realm.getClients()) {
+                // Check if possible to avoid iterating over users
-                for (RoleModel clientRole : client.getRoles()) {
+                for (UserModel user : session.userStorage().getUsers(realm, true)) {
-                    clientRole.setScopeParamRequired(false);
+                    user.grantRole(role);
                }
            }
            KeycloakModelUtils.setupOfflineTokens(realm);
        }
    }
--- a/model/api/src/main/java/org/keycloak/models/UserFederationManager.java
+++ b/model/api/src/main/java/org/keycloak/models/UserFederationManager.java
@ -111,7 +111,7 @@ public class UserFederationManager implements UserProvider {
            if (realmModel == null) return;
            UserModel deletedUser = tx.userStorage().getUserById(user.getId(), realmModel);
            tx.userStorage().removeUser(realmModel, deletedUser);
-            logger.infof("Removed invalid user '%s'", user.getUsername());
+            logger.debugf("Removed invalid user '%s'", user.getUsername());
            tx.getTransaction().commit();
        } finally {
            tx.close();
--- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java
@ -399,7 +399,7 @@ public class TokenEndpoint {
        if (clientUser == null || client.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, ServiceAccountConstants.CLIENT_ID_PROTOCOL_MAPPER) == null) {
            // May need to handle bootstrap here as well
-            logger.infof("Service account user for client '%s' not found or default protocol mapper for service account not found. Creating now", client.getClientId());
+            logger.debugf("Service account user for client '%s' not found or default protocol mapper for service account not found. Creating now", client.getClientId());
            new ClientManager(new RealmManager(session)).enableServiceAccount(client);
            clientUser = session.users().getUserByServiceAccountClient(client);
        }
--- a/services/src/main/java/org/keycloak/services/managers/ClientManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/ClientManager.java
@ -103,7 +103,7 @@ public class ClientManager {
        // Add dedicated user for this service account
        if (realmManager.getSession().users().getUserByServiceAccountClient(client) == null) {
            String username = ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + client.getClientId();
-            logger.infof("Creating service account user '%s'", username);
+            logger.debugf("Creating service account user '%s'", username);
            // Don't use federation for service account user
            UserModel user = realmManager.getSession().userStorage().addUser(client.getRealm(), username);
--- a/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java
@ -280,7 +280,7 @@ public class ResourceAdminManager {
    protected boolean sendPushRevocationPolicyRequest(RealmModel realm, ClientModel resource, int notBefore, String managementUrl) {
        PushNotBeforeAction adminAction = new PushNotBeforeAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, resource.getClientId(), notBefore);
        String token = new TokenManager().encodeToken(realm, adminAction);
-        logger.infov("pushRevocation resource: {0} url: {1}", resource.getClientId(), managementUrl);
+        logger.debugv("pushRevocation resource: {0} url: {1}", resource.getClientId(), managementUrl);
        URI target = UriBuilder.fromUri(managementUrl).path(AdapterConstants.K_PUSH_NOT_BEFORE).build();
        try {
            int status = session.getProvider(HttpClientProvider.class).postText(target.toString(), token);