Merge pull request #1660 from mposolda/master

Fixes
This commit is contained in:
Marek Posolda 2015-09-30 17:16:44 +02:00
commit c6b34f32a1
7 changed files with 24 additions and 15 deletions

View file

@ -244,7 +244,7 @@ public class KerberosFederationProvider implements UserFederationProvider {
// Just guessing email from kerberos realm
String email = username + "@" + kerberosConfig.getKerberosRealm().toLowerCase();
logger.info("Creating kerberos user: " + username + ", email: " + email + " to local Keycloak storage");
logger.debugf("Creating kerberos user: %s, email: %s to local Keycloak storage", username, email);
UserModel user = session.userStorage().addUser(realm, username);
user.setEnabled(true);
user.setEmail(email);

View file

@ -106,7 +106,7 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
String roleName = ldapRole.getAttributeAsString(rolesRdnAttr);
if (roleContainer.getRole(roleName) == null) {
logger.infof("Syncing role [%s] from LDAP to keycloak DB", roleName);
logger.debugf("Syncing role [%s] from LDAP to keycloak DB", roleName);
roleContainer.addRole(roleName);
}
}
@ -208,7 +208,7 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
roleDn.addFirst(roleNameAttribute, roleName);
ldapObject.setDn(roleDn);
logger.infof("Creating role [%s] to LDAP with DN [%s]", roleName, roleDn.toString());
logger.debugf("Creating role [%s] to LDAP with DN [%s]", roleName, roleDn.toString());
ldapProvider.getLdapIdentityStore().add(ldapObject);
return ldapObject;
}

View file

@ -4,9 +4,11 @@ import java.util.List;
import org.keycloak.migration.ModelVersion;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
/**
@ -19,7 +21,7 @@ public class MigrateTo1_6_0 {
public void migrate(KeycloakSession session) {
List<RealmModel> realms = session.realms().getRealms();
for (RealmModel realm : realms) {
if (realm.getRole(Constants.OFFLINE_ACCESS_ROLE) == null) {
for (RoleModel realmRole : realm.getRoles()) {
realmRole.setScopeParamRequired(false);
}
@ -30,6 +32,13 @@ public class MigrateTo1_6_0 {
}
KeycloakModelUtils.setupOfflineTokens(realm);
RoleModel role = realm.getRole(Constants.OFFLINE_ACCESS_ROLE);
// Check if possible to avoid iterating over users
for (UserModel user : session.userStorage().getUsers(realm, true)) {
user.grantRole(role);
}
}
}
}

View file

@ -111,7 +111,7 @@ public class UserFederationManager implements UserProvider {
if (realmModel == null) return;
UserModel deletedUser = tx.userStorage().getUserById(user.getId(), realmModel);
tx.userStorage().removeUser(realmModel, deletedUser);
logger.infof("Removed invalid user '%s'", user.getUsername());
logger.debugf("Removed invalid user '%s'", user.getUsername());
tx.getTransaction().commit();
} finally {
tx.close();

View file

@ -399,7 +399,7 @@ public class TokenEndpoint {
if (clientUser == null || client.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, ServiceAccountConstants.CLIENT_ID_PROTOCOL_MAPPER) == null) {
// May need to handle bootstrap here as well
logger.infof("Service account user for client '%s' not found or default protocol mapper for service account not found. Creating now", client.getClientId());
logger.debugf("Service account user for client '%s' not found or default protocol mapper for service account not found. Creating now", client.getClientId());
new ClientManager(new RealmManager(session)).enableServiceAccount(client);
clientUser = session.users().getUserByServiceAccountClient(client);
}

View file

@ -103,7 +103,7 @@ public class ClientManager {
// Add dedicated user for this service account
if (realmManager.getSession().users().getUserByServiceAccountClient(client) == null) {
String username = ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + client.getClientId();
logger.infof("Creating service account user '%s'", username);
logger.debugf("Creating service account user '%s'", username);
// Don't use federation for service account user
UserModel user = realmManager.getSession().userStorage().addUser(client.getRealm(), username);

View file

@ -280,7 +280,7 @@ public class ResourceAdminManager {
protected boolean sendPushRevocationPolicyRequest(RealmModel realm, ClientModel resource, int notBefore, String managementUrl) {
PushNotBeforeAction adminAction = new PushNotBeforeAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, resource.getClientId(), notBefore);
String token = new TokenManager().encodeToken(realm, adminAction);
logger.infov("pushRevocation resource: {0} url: {1}", resource.getClientId(), managementUrl);
logger.debugv("pushRevocation resource: {0} url: {1}", resource.getClientId(), managementUrl);
URI target = UriBuilder.fromUri(managementUrl).path(AdapterConstants.K_PUSH_NOT_BEFORE).build();
try {
int status = session.getProvider(HttpClientProvider.class).postText(target.toString(), token);