Merge pull request #3350 from patriot1burke/master
federated import/export to json
This commit is contained in:
Bill Burke
GitHub
commit
d941e07169
35 changed files with 1077 additions and 349 deletions
|
|
@ -95,6 +95,7 @@ public class RealmRepresentation {
|
||||||
protected Integer otpPolicyPeriod;
|
protected Integer otpPolicyPeriod;
|
||||||
|
|
||||||
protected List<UserRepresentation> users;
|
protected List<UserRepresentation> users;
|
||||||
|
protected List<UserRepresentation> federatedUsers;
|
||||||
protected List<ScopeMappingRepresentation> scopeMappings;
|
protected List<ScopeMappingRepresentation> scopeMappings;
|
||||||
protected Map<String, List<ScopeMappingRepresentation>> clientScopeMappings;
|
protected Map<String, List<ScopeMappingRepresentation>> clientScopeMappings;
|
||||||
protected List<ClientRepresentation> clients;
|
protected List<ClientRepresentation> clients;
|
||||||
|
|
@ -883,4 +884,11 @@ public class RealmRepresentation {
|
||||||
return attributes;
|
return attributes;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public List<UserRepresentation> getFederatedUsers() {
|
||||||
|
return federatedUsers;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setFederatedUsers(List<UserRepresentation> federatedUsers) {
|
||||||
|
this.federatedUsers = federatedUsers;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -475,15 +475,15 @@ public class UserCacheSession implements UserCache {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void updateConsent(RealmModel realm, UserModel user, UserConsentModel consent) {
|
public void updateConsent(RealmModel realm, String userId, UserConsentModel consent) {
|
||||||
invalidations.add(getConsentCacheKey(user.getId()));
|
invalidations.add(getConsentCacheKey(userId));
|
||||||
getDelegate().updateConsent(realm, user, consent);
|
getDelegate().updateConsent(realm, userId, consent);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean revokeConsentForClient(RealmModel realm, UserModel user, String clientInternalId) {
|
public boolean revokeConsentForClient(RealmModel realm, String userId, String clientInternalId) {
|
||||||
invalidations.add(getConsentCacheKey(user.getId()));
|
invalidations.add(getConsentCacheKey(userId));
|
||||||
return getDelegate().revokeConsentForClient(realm, user, clientInternalId);
|
return getDelegate().revokeConsentForClient(realm, userId, clientInternalId);
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getConsentCacheKey(String userId) {
|
public String getConsentCacheKey(String userId) {
|
||||||
|
|
@ -492,25 +492,25 @@ public class UserCacheSession implements UserCache {
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addConsent(RealmModel realm, UserModel user, UserConsentModel consent) {
|
public void addConsent(RealmModel realm, String userId, UserConsentModel consent) {
|
||||||
invalidations.add(getConsentCacheKey(user.getId()));
|
invalidations.add(getConsentCacheKey(userId));
|
||||||
getDelegate().addConsent(realm, user, consent);
|
getDelegate().addConsent(realm, userId, consent);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public UserConsentModel getConsentByClient(RealmModel realm, UserModel user, String clientId) {
|
public UserConsentModel getConsentByClient(RealmModel realm, String userId, String clientId) {
|
||||||
logger.tracev("getConsentByClient: {0}", user.getUsername());
|
logger.tracev("getConsentByClient: {0}", userId);
|
||||||
|
|
||||||
String cacheKey = getConsentCacheKey(user.getId());
|
String cacheKey = getConsentCacheKey(userId);
|
||||||
if (realmInvalidations.contains(realm.getId()) || invalidations.contains(user.getId()) || invalidations.contains(cacheKey)) {
|
if (realmInvalidations.contains(realm.getId()) || invalidations.contains(userId) || invalidations.contains(cacheKey)) {
|
||||||
return getDelegate().getConsentByClient(realm, user, clientId);
|
return getDelegate().getConsentByClient(realm, userId, clientId);
|
||||||
}
|
}
|
||||||
|
|
||||||
CachedUserConsents cached = cache.get(cacheKey, CachedUserConsents.class);
|
CachedUserConsents cached = cache.get(cacheKey, CachedUserConsents.class);
|
||||||
|
|
||||||
if (cached == null) {
|
if (cached == null) {
|
||||||
Long loaded = cache.getCurrentRevision(cacheKey);
|
Long loaded = cache.getCurrentRevision(cacheKey);
|
||||||
List<UserConsentModel> consents = getDelegate().getConsents(realm, user);
|
List<UserConsentModel> consents = getDelegate().getConsents(realm, userId);
|
||||||
cached = new CachedUserConsents(loaded, cacheKey, realm, consents);
|
cached = new CachedUserConsents(loaded, cacheKey, realm, consents);
|
||||||
cache.addRevisioned(cached, startupRevision);
|
cache.addRevisioned(cached, startupRevision);
|
||||||
}
|
}
|
||||||
|
|
@ -520,19 +520,19 @@ public class UserCacheSession implements UserCache {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<UserConsentModel> getConsents(RealmModel realm, UserModel user) {
|
public List<UserConsentModel> getConsents(RealmModel realm, String userId) {
|
||||||
logger.tracev("getConsents: {0}", user.getUsername());
|
logger.tracev("getConsents: {0}", userId);
|
||||||
|
|
||||||
String cacheKey = getConsentCacheKey(user.getId());
|
String cacheKey = getConsentCacheKey(userId);
|
||||||
if (realmInvalidations.contains(realm.getId()) || invalidations.contains(user.getId()) || invalidations.contains(cacheKey)) {
|
if (realmInvalidations.contains(realm.getId()) || invalidations.contains(userId) || invalidations.contains(cacheKey)) {
|
||||||
return getDelegate().getConsents(realm, user);
|
return getDelegate().getConsents(realm, userId);
|
||||||
}
|
}
|
||||||
|
|
||||||
CachedUserConsents cached = cache.get(cacheKey, CachedUserConsents.class);
|
CachedUserConsents cached = cache.get(cacheKey, CachedUserConsents.class);
|
||||||
|
|
||||||
if (cached == null) {
|
if (cached == null) {
|
||||||
Long loaded = cache.getCurrentRevision(cacheKey);
|
Long loaded = cache.getCurrentRevision(cacheKey);
|
||||||
List<UserConsentModel> consents = getDelegate().getConsents(realm, user);
|
List<UserConsentModel> consents = getDelegate().getConsents(realm, userId);
|
||||||
cached = new CachedUserConsents(loaded, cacheKey, realm, consents);
|
cached = new CachedUserConsents(loaded, cacheKey, realm, consents);
|
||||||
cache.addRevisioned(cached, startupRevision);
|
cache.addRevisioned(cached, startupRevision);
|
||||||
return consents;
|
return consents;
|
||||||
|
|
|
||||||
|
|
@ -194,19 +194,19 @@ public class JpaUserProvider implements UserProvider, UserCredentialStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addConsent(RealmModel realm, UserModel user, UserConsentModel consent) {
|
public void addConsent(RealmModel realm, String userId, UserConsentModel consent) {
|
||||||
String clientId = consent.getClient().getId();
|
String clientId = consent.getClient().getId();
|
||||||
|
|
||||||
UserConsentEntity consentEntity = getGrantedConsentEntity(user, clientId);
|
UserConsentEntity consentEntity = getGrantedConsentEntity(userId, clientId);
|
||||||
if (consentEntity != null) {
|
if (consentEntity != null) {
|
||||||
throw new ModelDuplicateException("Consent already exists for client [" + clientId + "] and user [" + user.getId() + "]");
|
throw new ModelDuplicateException("Consent already exists for client [" + clientId + "] and user [" + userId + "]");
|
||||||
}
|
}
|
||||||
|
|
||||||
long currentTime = Time.currentTimeMillis();
|
long currentTime = Time.currentTimeMillis();
|
||||||
|
|
||||||
consentEntity = new UserConsentEntity();
|
consentEntity = new UserConsentEntity();
|
||||||
consentEntity.setId(KeycloakModelUtils.generateId());
|
consentEntity.setId(KeycloakModelUtils.generateId());
|
||||||
consentEntity.setUser(em.getReference(UserEntity.class, user.getId()));
|
consentEntity.setUser(em.getReference(UserEntity.class, userId));
|
||||||
consentEntity.setClientId(clientId);
|
consentEntity.setClientId(clientId);
|
||||||
consentEntity.setCreatedDate(currentTime);
|
consentEntity.setCreatedDate(currentTime);
|
||||||
consentEntity.setLastUpdatedDate(currentTime);
|
consentEntity.setLastUpdatedDate(currentTime);
|
||||||
|
|
@ -217,15 +217,15 @@ public class JpaUserProvider implements UserProvider, UserCredentialStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public UserConsentModel getConsentByClient(RealmModel realm, UserModel user, String clientId) {
|
public UserConsentModel getConsentByClient(RealmModel realm, String userId, String clientId) {
|
||||||
UserConsentEntity entity = getGrantedConsentEntity(user, clientId);
|
UserConsentEntity entity = getGrantedConsentEntity(userId, clientId);
|
||||||
return toConsentModel(realm, entity);
|
return toConsentModel(realm, entity);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<UserConsentModel> getConsents(RealmModel realm, UserModel user) {
|
public List<UserConsentModel> getConsents(RealmModel realm, String userId) {
|
||||||
TypedQuery<UserConsentEntity> query = em.createNamedQuery("userConsentsByUser", UserConsentEntity.class);
|
TypedQuery<UserConsentEntity> query = em.createNamedQuery("userConsentsByUser", UserConsentEntity.class);
|
||||||
query.setParameter("userId", user.getId());
|
query.setParameter("userId", userId);
|
||||||
List<UserConsentEntity> results = query.getResultList();
|
List<UserConsentEntity> results = query.getResultList();
|
||||||
|
|
||||||
List<UserConsentModel> consents = new ArrayList<UserConsentModel>();
|
List<UserConsentModel> consents = new ArrayList<UserConsentModel>();
|
||||||
|
|
@ -237,19 +237,19 @@ public class JpaUserProvider implements UserProvider, UserCredentialStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void updateConsent(RealmModel realm, UserModel user, UserConsentModel consent) {
|
public void updateConsent(RealmModel realm, String userId, UserConsentModel consent) {
|
||||||
String clientId = consent.getClient().getId();
|
String clientId = consent.getClient().getId();
|
||||||
|
|
||||||
UserConsentEntity consentEntity = getGrantedConsentEntity(user, clientId);
|
UserConsentEntity consentEntity = getGrantedConsentEntity(userId, clientId);
|
||||||
if (consentEntity == null) {
|
if (consentEntity == null) {
|
||||||
throw new ModelException("Consent not found for client [" + clientId + "] and user [" + user.getId() + "]");
|
throw new ModelException("Consent not found for client [" + clientId + "] and user [" + userId + "]");
|
||||||
}
|
}
|
||||||
|
|
||||||
updateGrantedConsentEntity(consentEntity, consent);
|
updateGrantedConsentEntity(consentEntity, consent);
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean revokeConsentForClient(RealmModel realm, UserModel user, String clientId) {
|
public boolean revokeConsentForClient(RealmModel realm, String userId, String clientId) {
|
||||||
UserConsentEntity consentEntity = getGrantedConsentEntity(user, clientId);
|
UserConsentEntity consentEntity = getGrantedConsentEntity(userId, clientId);
|
||||||
if (consentEntity == null) return false;
|
if (consentEntity == null) return false;
|
||||||
|
|
||||||
em.remove(consentEntity);
|
em.remove(consentEntity);
|
||||||
|
|
@ -258,13 +258,13 @@ public class JpaUserProvider implements UserProvider, UserCredentialStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
private UserConsentEntity getGrantedConsentEntity(UserModel user, String clientId) {
|
private UserConsentEntity getGrantedConsentEntity(String userId, String clientId) {
|
||||||
TypedQuery<UserConsentEntity> query = em.createNamedQuery("userConsentByUserAndClient", UserConsentEntity.class);
|
TypedQuery<UserConsentEntity> query = em.createNamedQuery("userConsentByUserAndClient", UserConsentEntity.class);
|
||||||
query.setParameter("userId", user.getId());
|
query.setParameter("userId", userId);
|
||||||
query.setParameter("clientId", clientId);
|
query.setParameter("clientId", clientId);
|
||||||
List<UserConsentEntity> results = query.getResultList();
|
List<UserConsentEntity> results = query.getResultList();
|
||||||
if (results.size() > 1) {
|
if (results.size() > 1) {
|
||||||
throw new ModelException("More results found for user [" + user.getUsername() + "] and client [" + clientId + "]");
|
throw new ModelException("More results found for user [" + userId + "] and client [" + clientId + "]");
|
||||||
} else if (results.size() == 1) {
|
} else if (results.size() == 1) {
|
||||||
return results.get(0);
|
return results.get(0);
|
||||||
} else {
|
} else {
|
||||||
|
|
|
||||||
|
|
@ -70,12 +70,6 @@ import java.util.Set;
|
||||||
*/
|
*/
|
||||||
public class JpaUserFederatedStorageProvider implements
|
public class JpaUserFederatedStorageProvider implements
|
||||||
UserFederatedStorageProvider,
|
UserFederatedStorageProvider,
|
||||||
UserAttributeFederatedStorage,
|
|
||||||
UserBrokerLinkFederatedStorage,
|
|
||||||
UserConsentFederatedStorage,
|
|
||||||
UserGroupMembershipFederatedStorage,
|
|
||||||
UserRequiredActionsFederatedStorage,
|
|
||||||
UserRoleMappingsFederatedStorage,
|
|
||||||
UserCredentialStore {
|
UserCredentialStore {
|
||||||
|
|
||||||
private final KeycloakSession session;
|
private final KeycloakSession session;
|
||||||
|
|
@ -95,66 +89,66 @@ public class JpaUserFederatedStorageProvider implements
|
||||||
* We create an entry so that its easy to iterate over all things in the database. Specifically useful for export
|
* We create an entry so that its easy to iterate over all things in the database. Specifically useful for export
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
protected void createIndex(RealmModel realm, UserModel user) {
|
protected void createIndex(RealmModel realm, String userId) {
|
||||||
if (em.find(FederatedUser.class, user.getId()) == null) {
|
if (em.find(FederatedUser.class, userId) == null) {
|
||||||
FederatedUser fedUser = new FederatedUser();
|
FederatedUser fedUser = new FederatedUser();
|
||||||
fedUser.setId(user.getId());
|
fedUser.setId(userId);
|
||||||
fedUser.setRealmId(realm.getId());
|
fedUser.setRealmId(realm.getId());
|
||||||
fedUser.setStorageProviderId(StorageId.resolveProviderId(user));
|
fedUser.setStorageProviderId(new StorageId(userId).getProviderId());
|
||||||
em.persist(fedUser);
|
em.persist(fedUser);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void setAttribute(RealmModel realm, UserModel user, String name, List<String> values) {
|
public void setAttribute(RealmModel realm, String userId, String name, List<String> values) {
|
||||||
createIndex(realm, user);
|
createIndex(realm, userId);
|
||||||
deleteAttribute(realm, user, name);
|
deleteAttribute(realm, userId, name);
|
||||||
em.flush();
|
em.flush();
|
||||||
for (String value : values) {
|
for (String value : values) {
|
||||||
persistAttributeValue(realm, user, name, value);
|
persistAttributeValue(realm, userId, name, value);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private void deleteAttribute(RealmModel realm, UserModel user, String name) {
|
private void deleteAttribute(RealmModel realm, String userId, String name) {
|
||||||
em.createNamedQuery("deleteUserFederatedAttributesByUserAndName")
|
em.createNamedQuery("deleteUserFederatedAttributesByUserAndName")
|
||||||
.setParameter("userId", user.getId())
|
.setParameter("userId", userId)
|
||||||
.setParameter("realmId", realm.getId())
|
.setParameter("realmId", realm.getId())
|
||||||
.setParameter("name", name)
|
.setParameter("name", name)
|
||||||
.executeUpdate();
|
.executeUpdate();
|
||||||
}
|
}
|
||||||
|
|
||||||
private void persistAttributeValue(RealmModel realm, UserModel user, String name, String value) {
|
private void persistAttributeValue(RealmModel realm, String userId, String name, String value) {
|
||||||
FederatedUserAttributeEntity attr = new FederatedUserAttributeEntity();
|
FederatedUserAttributeEntity attr = new FederatedUserAttributeEntity();
|
||||||
attr.setId(KeycloakModelUtils.generateId());
|
attr.setId(KeycloakModelUtils.generateId());
|
||||||
attr.setName(name);
|
attr.setName(name);
|
||||||
attr.setValue(value);
|
attr.setValue(value);
|
||||||
attr.setUserId(user.getId());
|
attr.setUserId(userId);
|
||||||
attr.setRealmId(realm.getId());
|
attr.setRealmId(realm.getId());
|
||||||
attr.setStorageProviderId(StorageId.resolveProviderId(user));
|
attr.setStorageProviderId(new StorageId(userId).getProviderId());
|
||||||
em.persist(attr);
|
em.persist(attr);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void setSingleAttribute(RealmModel realm, UserModel user, String name, String value) {
|
public void setSingleAttribute(RealmModel realm, String userId, String name, String value) {
|
||||||
createIndex(realm, user);
|
createIndex(realm, userId);
|
||||||
deleteAttribute(realm, user, name);
|
deleteAttribute(realm, userId, name);
|
||||||
em.flush();
|
em.flush();
|
||||||
persistAttributeValue(realm, user, name, value);
|
persistAttributeValue(realm, userId, name, value);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void removeAttribute(RealmModel realm, UserModel user, String name) {
|
public void removeAttribute(RealmModel realm, String userId, String name) {
|
||||||
// createIndex(realm, user); don't need to create an index for removal
|
// createIndex(realm, user); don't need to create an index for removal
|
||||||
deleteAttribute(realm, user, name);
|
deleteAttribute(realm, userId, name);
|
||||||
em.flush();
|
em.flush();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public MultivaluedHashMap<String, String> getAttributes(RealmModel realm, UserModel user) {
|
public MultivaluedHashMap<String, String> getAttributes(RealmModel realm, String userId) {
|
||||||
TypedQuery<FederatedUserAttributeEntity> query = em.createNamedQuery("getFederatedAttributesByUser", FederatedUserAttributeEntity.class);
|
TypedQuery<FederatedUserAttributeEntity> query = em.createNamedQuery("getFederatedAttributesByUser", FederatedUserAttributeEntity.class);
|
||||||
List<FederatedUserAttributeEntity> list = query
|
List<FederatedUserAttributeEntity> list = query
|
||||||
.setParameter("userId", user.getId())
|
.setParameter("userId", userId)
|
||||||
.setParameter("realmId", realm.getId())
|
.setParameter("realmId", realm.getId())
|
||||||
.getResultList();
|
.getResultList();
|
||||||
MultivaluedHashMap<String, String> result = new MultivaluedHashMap<>();
|
MultivaluedHashMap<String, String> result = new MultivaluedHashMap<>();
|
||||||
|
|
@ -192,31 +186,31 @@ public class JpaUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addFederatedIdentity(RealmModel realm, UserModel user, FederatedIdentityModel link) {
|
public void addFederatedIdentity(RealmModel realm, String userId, FederatedIdentityModel link) {
|
||||||
createIndex(realm, user);
|
createIndex(realm, userId);
|
||||||
BrokerLinkEntity entity = new BrokerLinkEntity();
|
BrokerLinkEntity entity = new BrokerLinkEntity();
|
||||||
entity.setRealmId(realm.getId());
|
entity.setRealmId(realm.getId());
|
||||||
entity.setUserId(user.getId());
|
entity.setUserId(userId);
|
||||||
entity.setBrokerUserId(link.getUserId());
|
entity.setBrokerUserId(link.getUserId());
|
||||||
entity.setIdentityProvider(link.getIdentityProvider());
|
entity.setIdentityProvider(link.getIdentityProvider());
|
||||||
entity.setToken(link.getToken());
|
entity.setToken(link.getToken());
|
||||||
entity.setBrokerUserName(link.getUserName());
|
entity.setBrokerUserName(link.getUserName());
|
||||||
entity.setStorageProviderId(StorageId.resolveProviderId(user));
|
entity.setStorageProviderId(new StorageId(userId).getProviderId());
|
||||||
em.persist(entity);
|
em.persist(entity);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean removeFederatedIdentity(RealmModel realm, UserModel user, String socialProvider) {
|
public boolean removeFederatedIdentity(RealmModel realm, String userId, String socialProvider) {
|
||||||
BrokerLinkEntity entity = getBrokerLinkEntity(realm, user, socialProvider);
|
BrokerLinkEntity entity = getBrokerLinkEntity(realm, userId, socialProvider);
|
||||||
if (entity == null) return false;
|
if (entity == null) return false;
|
||||||
em.remove(entity);
|
em.remove(entity);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
private BrokerLinkEntity getBrokerLinkEntity(RealmModel realm, UserModel user, String socialProvider) {
|
private BrokerLinkEntity getBrokerLinkEntity(RealmModel realm, String userId, String socialProvider) {
|
||||||
TypedQuery<BrokerLinkEntity> query = em.createNamedQuery("findBrokerLinkByUserAndProvider", BrokerLinkEntity.class)
|
TypedQuery<BrokerLinkEntity> query = em.createNamedQuery("findBrokerLinkByUserAndProvider", BrokerLinkEntity.class)
|
||||||
.setParameter("userId", user.getId())
|
.setParameter("userId", userId)
|
||||||
.setParameter("realmId", realm.getId())
|
.setParameter("realmId", realm.getId())
|
||||||
.setParameter("identityProvider", socialProvider);
|
.setParameter("identityProvider", socialProvider);
|
||||||
List<BrokerLinkEntity> results = query.getResultList();
|
List<BrokerLinkEntity> results = query.getResultList();
|
||||||
|
|
@ -224,9 +218,9 @@ public class JpaUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void updateFederatedIdentity(RealmModel realm, UserModel user, FederatedIdentityModel model) {
|
public void updateFederatedIdentity(RealmModel realm, String userId, FederatedIdentityModel model) {
|
||||||
createIndex(realm, user);
|
createIndex(realm, userId);
|
||||||
BrokerLinkEntity entity = getBrokerLinkEntity(realm, user, model.getIdentityProvider());
|
BrokerLinkEntity entity = getBrokerLinkEntity(realm, userId, model.getIdentityProvider());
|
||||||
if (entity == null) return;
|
if (entity == null) return;
|
||||||
entity.setBrokerUserName(model.getUserName());
|
entity.setBrokerUserName(model.getUserName());
|
||||||
entity.setBrokerUserId(model.getUserId());
|
entity.setBrokerUserId(model.getUserId());
|
||||||
|
|
@ -237,9 +231,9 @@ public class JpaUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Set<FederatedIdentityModel> getFederatedIdentities(UserModel user, RealmModel realm) {
|
public Set<FederatedIdentityModel> getFederatedIdentities(String userId, RealmModel realm) {
|
||||||
TypedQuery<BrokerLinkEntity> query = em.createNamedQuery("findBrokerLinkByUser", BrokerLinkEntity.class)
|
TypedQuery<BrokerLinkEntity> query = em.createNamedQuery("findBrokerLinkByUser", BrokerLinkEntity.class)
|
||||||
.setParameter("userId", user.getId());
|
.setParameter("userId", userId);
|
||||||
List<BrokerLinkEntity> results = query.getResultList();
|
List<BrokerLinkEntity> results = query.getResultList();
|
||||||
Set<FederatedIdentityModel> set = new HashSet<>();
|
Set<FederatedIdentityModel> set = new HashSet<>();
|
||||||
for (BrokerLinkEntity entity : results) {
|
for (BrokerLinkEntity entity : results) {
|
||||||
|
|
@ -250,28 +244,28 @@ public class JpaUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public FederatedIdentityModel getFederatedIdentity(UserModel user, String socialProvider, RealmModel realm) {
|
public FederatedIdentityModel getFederatedIdentity(String userId, String socialProvider, RealmModel realm) {
|
||||||
BrokerLinkEntity entity = getBrokerLinkEntity(realm, user, socialProvider);
|
BrokerLinkEntity entity = getBrokerLinkEntity(realm, userId, socialProvider);
|
||||||
if (entity == null) return null;
|
if (entity == null) return null;
|
||||||
return new FederatedIdentityModel(entity.getIdentityProvider(), entity.getBrokerUserId(), entity.getBrokerUserName(), entity.getToken());
|
return new FederatedIdentityModel(entity.getIdentityProvider(), entity.getBrokerUserId(), entity.getBrokerUserName(), entity.getToken());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addConsent(RealmModel realm, UserModel user, UserConsentModel consent) {
|
public void addConsent(RealmModel realm, String userId, UserConsentModel consent) {
|
||||||
createIndex(realm, user);
|
createIndex(realm, userId);
|
||||||
String clientId = consent.getClient().getId();
|
String clientId = consent.getClient().getId();
|
||||||
|
|
||||||
FederatedUserConsentEntity consentEntity = getGrantedConsentEntity(user, clientId);
|
FederatedUserConsentEntity consentEntity = getGrantedConsentEntity(userId, clientId);
|
||||||
if (consentEntity != null) {
|
if (consentEntity != null) {
|
||||||
throw new ModelDuplicateException("Consent already exists for client [" + clientId + "] and user [" + user.getId() + "]");
|
throw new ModelDuplicateException("Consent already exists for client [" + clientId + "] and user [" + userId + "]");
|
||||||
}
|
}
|
||||||
|
|
||||||
consentEntity = new FederatedUserConsentEntity();
|
consentEntity = new FederatedUserConsentEntity();
|
||||||
consentEntity.setId(KeycloakModelUtils.generateId());
|
consentEntity.setId(KeycloakModelUtils.generateId());
|
||||||
consentEntity.setUserId(user.getId());
|
consentEntity.setUserId(userId);
|
||||||
consentEntity.setClientId(clientId);
|
consentEntity.setClientId(clientId);
|
||||||
consentEntity.setRealmId(realm.getId());
|
consentEntity.setRealmId(realm.getId());
|
||||||
consentEntity.setStorageProviderId(StorageId.resolveProviderId(user));
|
consentEntity.setStorageProviderId(new StorageId(userId).getProviderId());
|
||||||
em.persist(consentEntity);
|
em.persist(consentEntity);
|
||||||
em.flush();
|
em.flush();
|
||||||
|
|
||||||
|
|
@ -280,15 +274,15 @@ public class JpaUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public UserConsentModel getConsentByClient(RealmModel realm, UserModel user, String clientInternalId) {
|
public UserConsentModel getConsentByClient(RealmModel realm, String userId, String clientInternalId) {
|
||||||
FederatedUserConsentEntity entity = getGrantedConsentEntity(user, clientInternalId);
|
FederatedUserConsentEntity entity = getGrantedConsentEntity(userId, clientInternalId);
|
||||||
return toConsentModel(realm, entity);
|
return toConsentModel(realm, entity);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<UserConsentModel> getConsents(RealmModel realm, UserModel user) {
|
public List<UserConsentModel> getConsents(RealmModel realm, String userId) {
|
||||||
TypedQuery<FederatedUserConsentEntity> query = em.createNamedQuery("userFederatedConsentsByUser", FederatedUserConsentEntity.class);
|
TypedQuery<FederatedUserConsentEntity> query = em.createNamedQuery("userFederatedConsentsByUser", FederatedUserConsentEntity.class);
|
||||||
query.setParameter("userId", user.getId());
|
query.setParameter("userId", userId);
|
||||||
List<FederatedUserConsentEntity> results = query.getResultList();
|
List<FederatedUserConsentEntity> results = query.getResultList();
|
||||||
|
|
||||||
List<UserConsentModel> consents = new ArrayList<UserConsentModel>();
|
List<UserConsentModel> consents = new ArrayList<UserConsentModel>();
|
||||||
|
|
@ -300,13 +294,13 @@ public class JpaUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void updateConsent(RealmModel realm, UserModel user, UserConsentModel consent) {
|
public void updateConsent(RealmModel realm, String userId, UserConsentModel consent) {
|
||||||
createIndex(realm, user);
|
createIndex(realm, userId);
|
||||||
String clientId = consent.getClient().getId();
|
String clientId = consent.getClient().getId();
|
||||||
|
|
||||||
FederatedUserConsentEntity consentEntity = getGrantedConsentEntity(user, clientId);
|
FederatedUserConsentEntity consentEntity = getGrantedConsentEntity(userId, clientId);
|
||||||
if (consentEntity == null) {
|
if (consentEntity == null) {
|
||||||
throw new ModelException("Consent not found for client [" + clientId + "] and user [" + user.getId() + "]");
|
throw new ModelException("Consent not found for client [" + clientId + "] and user [" + userId + "]");
|
||||||
}
|
}
|
||||||
|
|
||||||
updateGrantedConsentEntity(consentEntity, consent);
|
updateGrantedConsentEntity(consentEntity, consent);
|
||||||
|
|
@ -314,8 +308,8 @@ public class JpaUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean revokeConsentForClient(RealmModel realm, UserModel user, String clientInternalId) {
|
public boolean revokeConsentForClient(RealmModel realm, String userId, String clientInternalId) {
|
||||||
FederatedUserConsentEntity consentEntity = getGrantedConsentEntity(user, clientInternalId);
|
FederatedUserConsentEntity consentEntity = getGrantedConsentEntity(userId, clientInternalId);
|
||||||
if (consentEntity == null) return false;
|
if (consentEntity == null) return false;
|
||||||
|
|
||||||
em.remove(consentEntity);
|
em.remove(consentEntity);
|
||||||
|
|
@ -323,13 +317,13 @@ public class JpaUserFederatedStorageProvider implements
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
private FederatedUserConsentEntity getGrantedConsentEntity(UserModel user, String clientId) {
|
private FederatedUserConsentEntity getGrantedConsentEntity(String userId, String clientId) {
|
||||||
TypedQuery<FederatedUserConsentEntity> query = em.createNamedQuery("userFederatedConsentByUserAndClient", FederatedUserConsentEntity.class);
|
TypedQuery<FederatedUserConsentEntity> query = em.createNamedQuery("userFederatedConsentByUserAndClient", FederatedUserConsentEntity.class);
|
||||||
query.setParameter("userId", user.getId());
|
query.setParameter("userId", userId);
|
||||||
query.setParameter("clientId", clientId);
|
query.setParameter("clientId", clientId);
|
||||||
List<FederatedUserConsentEntity> results = query.getResultList();
|
List<FederatedUserConsentEntity> results = query.getResultList();
|
||||||
if (results.size() > 1) {
|
if (results.size() > 1) {
|
||||||
throw new ModelException("More results found for user [" + user.getUsername() + "] and client [" + clientId + "]");
|
throw new ModelException("More results found for user [" + userId + "] and client [" + clientId + "]");
|
||||||
} else if (results.size() == 1) {
|
} else if (results.size() == 1) {
|
||||||
return results.get(0);
|
return results.get(0);
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -423,10 +417,10 @@ public class JpaUserFederatedStorageProvider implements
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Set<GroupModel> getGroups(RealmModel realm, UserModel user) {
|
public Set<GroupModel> getGroups(RealmModel realm, String userId) {
|
||||||
Set<GroupModel> set = new HashSet<>();
|
Set<GroupModel> set = new HashSet<>();
|
||||||
TypedQuery<FederatedUserGroupMembershipEntity> query = em.createNamedQuery("feduserGroupMembership", FederatedUserGroupMembershipEntity.class);
|
TypedQuery<FederatedUserGroupMembershipEntity> query = em.createNamedQuery("feduserGroupMembership", FederatedUserGroupMembershipEntity.class);
|
||||||
query.setParameter("userId", user.getId());
|
query.setParameter("userId", userId);
|
||||||
List<FederatedUserGroupMembershipEntity> results = query.getResultList();
|
List<FederatedUserGroupMembershipEntity> results = query.getResultList();
|
||||||
if (results.size() == 0) return set;
|
if (results.size() == 0) return set;
|
||||||
for (FederatedUserGroupMembershipEntity entity : results) {
|
for (FederatedUserGroupMembershipEntity entity : results) {
|
||||||
|
|
@ -437,30 +431,24 @@ public class JpaUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void joinGroup(RealmModel realm, UserModel user, GroupModel group) {
|
public void joinGroup(RealmModel realm, String userId, GroupModel group) {
|
||||||
if (isMemberOf(realm, user, group)) return;
|
createIndex(realm, userId);
|
||||||
createIndex(realm, user);
|
|
||||||
FederatedUserGroupMembershipEntity entity = new FederatedUserGroupMembershipEntity();
|
FederatedUserGroupMembershipEntity entity = new FederatedUserGroupMembershipEntity();
|
||||||
entity.setUserId(user.getId());
|
entity.setUserId(userId);
|
||||||
entity.setStorageProviderId(StorageId.resolveProviderId(user));
|
entity.setStorageProviderId(new StorageId(userId).getProviderId());
|
||||||
entity.setGroupId(group.getId());
|
entity.setGroupId(group.getId());
|
||||||
entity.setRealmId(realm.getId());
|
entity.setRealmId(realm.getId());
|
||||||
em.persist(entity);
|
em.persist(entity);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean isMemberOf(RealmModel realm, UserModel user, GroupModel group) {
|
|
||||||
Set<GroupModel> roles = user.getGroups();
|
|
||||||
return KeycloakModelUtils.isMember(roles, group);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void leaveGroup(RealmModel realm, UserModel user, GroupModel group) {
|
public void leaveGroup(RealmModel realm, String userId, GroupModel group) {
|
||||||
if (user == null || group == null) return;
|
if (userId == null || group == null) return;
|
||||||
|
|
||||||
TypedQuery<FederatedUserGroupMembershipEntity> query1 = em.createNamedQuery("feduserMemberOf", FederatedUserGroupMembershipEntity.class);
|
TypedQuery<FederatedUserGroupMembershipEntity> query1 = em.createNamedQuery("feduserMemberOf", FederatedUserGroupMembershipEntity.class);
|
||||||
query1.setParameter("userId", user.getId());
|
query1.setParameter("userId", userId);
|
||||||
query1.setParameter("groupId", group.getId());
|
query1.setParameter("groupId", group.getId());
|
||||||
TypedQuery<FederatedUserGroupMembershipEntity> query = query1;
|
TypedQuery<FederatedUserGroupMembershipEntity> query = query1;
|
||||||
List<FederatedUserGroupMembershipEntity> results = query.getResultList();
|
List<FederatedUserGroupMembershipEntity> results = query.getResultList();
|
||||||
|
|
@ -483,9 +471,9 @@ public class JpaUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Set<String> getRequiredActions(RealmModel realm, UserModel user) {
|
public Set<String> getRequiredActions(RealmModel realm, String userId) {
|
||||||
Set<String> set = new HashSet<>();
|
Set<String> set = new HashSet<>();
|
||||||
List<FederatedUserRequiredActionEntity> values = getRequiredActionEntities(realm, user);
|
List<FederatedUserRequiredActionEntity> values = getRequiredActionEntities(realm, userId);
|
||||||
for (FederatedUserRequiredActionEntity entity : values) {
|
for (FederatedUserRequiredActionEntity entity : values) {
|
||||||
set.add(entity.getAction());
|
set.add(entity.getAction());
|
||||||
}
|
}
|
||||||
|
|
@ -494,29 +482,28 @@ public class JpaUserFederatedStorageProvider implements
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private List<FederatedUserRequiredActionEntity> getRequiredActionEntities(RealmModel realm, UserModel user) {
|
private List<FederatedUserRequiredActionEntity> getRequiredActionEntities(RealmModel realm, String userId) {
|
||||||
TypedQuery<FederatedUserRequiredActionEntity> query = em.createNamedQuery("getFederatedUserRequiredActionsByUser", FederatedUserRequiredActionEntity.class)
|
TypedQuery<FederatedUserRequiredActionEntity> query = em.createNamedQuery("getFederatedUserRequiredActionsByUser", FederatedUserRequiredActionEntity.class)
|
||||||
.setParameter("userId", user.getId())
|
.setParameter("userId", userId)
|
||||||
.setParameter("realmId", realm.getId());
|
.setParameter("realmId", realm.getId());
|
||||||
return query.getResultList();
|
return query.getResultList();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addRequiredAction(RealmModel realm, UserModel user, String action) {
|
public void addRequiredAction(RealmModel realm, String userId, String action) {
|
||||||
createIndex(realm, user);
|
createIndex(realm, userId);
|
||||||
if (user.getRequiredActions().contains(action)) return;
|
|
||||||
FederatedUserRequiredActionEntity entity = new FederatedUserRequiredActionEntity();
|
FederatedUserRequiredActionEntity entity = new FederatedUserRequiredActionEntity();
|
||||||
entity.setUserId(user.getId());
|
entity.setUserId(userId);
|
||||||
entity.setRealmId(realm.getId());
|
entity.setRealmId(realm.getId());
|
||||||
entity.setStorageProviderId(StorageId.resolveProviderId(user));
|
entity.setStorageProviderId(new StorageId(userId).getProviderId());
|
||||||
entity.setAction(action);
|
entity.setAction(action);
|
||||||
em.persist(entity);
|
em.persist(entity);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void removeRequiredAction(RealmModel realm, UserModel user, String action) {
|
public void removeRequiredAction(RealmModel realm, String userId, String action) {
|
||||||
List<FederatedUserRequiredActionEntity> values = getRequiredActionEntities(realm, user);
|
List<FederatedUserRequiredActionEntity> values = getRequiredActionEntities(realm, userId);
|
||||||
for (FederatedUserRequiredActionEntity entity : values) {
|
for (FederatedUserRequiredActionEntity entity : values) {
|
||||||
if (action.equals(entity.getAction())) em.remove(entity);
|
if (action.equals(entity.getAction())) em.remove(entity);
|
||||||
}
|
}
|
||||||
|
|
@ -525,12 +512,11 @@ public class JpaUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void grantRole(RealmModel realm, UserModel user, RoleModel role) {
|
public void grantRole(RealmModel realm, String userId, RoleModel role) {
|
||||||
if (user.hasRole(role)) return;
|
createIndex(realm, userId);
|
||||||
createIndex(realm, user);
|
|
||||||
FederatedUserRoleMappingEntity entity = new FederatedUserRoleMappingEntity();
|
FederatedUserRoleMappingEntity entity = new FederatedUserRoleMappingEntity();
|
||||||
entity.setUserId(user.getId());
|
entity.setUserId(userId);
|
||||||
entity.setStorageProviderId(StorageId.resolveProviderId(user));
|
entity.setStorageProviderId(new StorageId(userId).getProviderId());
|
||||||
entity.setRealmId(realm.getId());
|
entity.setRealmId(realm.getId());
|
||||||
entity.setRoleId(role.getId());
|
entity.setRoleId(role.getId());
|
||||||
em.persist(entity);
|
em.persist(entity);
|
||||||
|
|
@ -538,10 +524,10 @@ public class JpaUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Set<RoleModel> getRoleMappings(RealmModel realm, UserModel user) {
|
public Set<RoleModel> getRoleMappings(RealmModel realm, String userId) {
|
||||||
Set<RoleModel> set = new HashSet<>();
|
Set<RoleModel> set = new HashSet<>();
|
||||||
TypedQuery<FederatedUserRoleMappingEntity> query = em.createNamedQuery("feduserRoleMappings", FederatedUserRoleMappingEntity.class);
|
TypedQuery<FederatedUserRoleMappingEntity> query = em.createNamedQuery("feduserRoleMappings", FederatedUserRoleMappingEntity.class);
|
||||||
query.setParameter("userId", user.getId());
|
query.setParameter("userId", userId);
|
||||||
List<FederatedUserRoleMappingEntity> results = query.getResultList();
|
List<FederatedUserRoleMappingEntity> results = query.getResultList();
|
||||||
if (results.size() == 0) return set;
|
if (results.size() == 0) return set;
|
||||||
for (FederatedUserRoleMappingEntity entity : results) {
|
for (FederatedUserRoleMappingEntity entity : results) {
|
||||||
|
|
@ -552,9 +538,9 @@ public class JpaUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void deleteRoleMapping(RealmModel realm, UserModel user, RoleModel role) {
|
public void deleteRoleMapping(RealmModel realm, String userId, RoleModel role) {
|
||||||
TypedQuery<FederatedUserRoleMappingEntity> query = em.createNamedQuery("feduserRoleMappings", FederatedUserRoleMappingEntity.class);
|
TypedQuery<FederatedUserRoleMappingEntity> query = em.createNamedQuery("feduserRoleMappings", FederatedUserRoleMappingEntity.class);
|
||||||
query.setParameter("userId", user.getId());
|
query.setParameter("userId", userId);
|
||||||
List<FederatedUserRoleMappingEntity> results = query.getResultList();
|
List<FederatedUserRoleMappingEntity> results = query.getResultList();
|
||||||
for (FederatedUserRoleMappingEntity entity : results) {
|
for (FederatedUserRoleMappingEntity entity : results) {
|
||||||
if (entity.getRoleId().equals(role.getId())) em.remove(entity);
|
if (entity.getRoleId().equals(role.getId())) em.remove(entity);
|
||||||
|
|
@ -564,10 +550,10 @@ public class JpaUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void updateCredential(RealmModel realm, UserModel user, CredentialModel cred) {
|
public void updateCredential(RealmModel realm, String userId, CredentialModel cred) {
|
||||||
FederatedUserCredentialEntity entity = em.find(FederatedUserCredentialEntity.class, cred.getId());
|
FederatedUserCredentialEntity entity = em.find(FederatedUserCredentialEntity.class, cred.getId());
|
||||||
if (entity == null) return;
|
if (entity == null) return;
|
||||||
createIndex(realm, user);
|
createIndex(realm, userId);
|
||||||
entity.setAlgorithm(cred.getAlgorithm());
|
entity.setAlgorithm(cred.getAlgorithm());
|
||||||
entity.setCounter(cred.getCounter());
|
entity.setCounter(cred.getCounter());
|
||||||
entity.setCreatedDate(cred.getCreatedDate());
|
entity.setCreatedDate(cred.getCreatedDate());
|
||||||
|
|
@ -618,8 +604,8 @@ public class JpaUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public CredentialModel createCredential(RealmModel realm, UserModel user, CredentialModel cred) {
|
public CredentialModel createCredential(RealmModel realm, String userId, CredentialModel cred) {
|
||||||
createIndex(realm, user);
|
createIndex(realm, userId);
|
||||||
FederatedUserCredentialEntity entity = new FederatedUserCredentialEntity();
|
FederatedUserCredentialEntity entity = new FederatedUserCredentialEntity();
|
||||||
String id = cred.getId() == null ? KeycloakModelUtils.generateId() : cred.getId();
|
String id = cred.getId() == null ? KeycloakModelUtils.generateId() : cred.getId();
|
||||||
entity.setId(id);
|
entity.setId(id);
|
||||||
|
|
@ -633,9 +619,9 @@ public class JpaUserFederatedStorageProvider implements
|
||||||
entity.setSalt(cred.getSalt());
|
entity.setSalt(cred.getSalt());
|
||||||
entity.setType(cred.getType());
|
entity.setType(cred.getType());
|
||||||
entity.setValue(cred.getValue());
|
entity.setValue(cred.getValue());
|
||||||
entity.setUserId(user.getId());
|
entity.setUserId(userId);
|
||||||
entity.setRealmId(realm.getId());
|
entity.setRealmId(realm.getId());
|
||||||
entity.setStorageProviderId(StorageId.resolveProviderId(user));
|
entity.setStorageProviderId(new StorageId(userId).getProviderId());
|
||||||
em.persist(entity);
|
em.persist(entity);
|
||||||
MultivaluedHashMap<String, String> config = cred.getConfig();
|
MultivaluedHashMap<String, String> config = cred.getConfig();
|
||||||
if (config != null && !config.isEmpty()) {
|
if (config != null && !config.isEmpty()) {
|
||||||
|
|
@ -658,7 +644,7 @@ public class JpaUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean removeStoredCredential(RealmModel realm, UserModel user, String id) {
|
public boolean removeStoredCredential(RealmModel realm, String userId, String id) {
|
||||||
FederatedUserCredentialEntity entity = em.find(FederatedUserCredentialEntity.class, id);
|
FederatedUserCredentialEntity entity = em.find(FederatedUserCredentialEntity.class, id);
|
||||||
if (entity == null) return false;
|
if (entity == null) return false;
|
||||||
em.remove(entity);
|
em.remove(entity);
|
||||||
|
|
@ -666,7 +652,7 @@ public class JpaUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public CredentialModel getStoredCredentialById(RealmModel realm, UserModel user, String id) {
|
public CredentialModel getStoredCredentialById(RealmModel realm, String userId, String id) {
|
||||||
FederatedUserCredentialEntity entity = em.find(FederatedUserCredentialEntity.class, id);
|
FederatedUserCredentialEntity entity = em.find(FederatedUserCredentialEntity.class, id);
|
||||||
if (entity == null) return null;
|
if (entity == null) return null;
|
||||||
CredentialModel model = toModel(entity);
|
CredentialModel model = toModel(entity);
|
||||||
|
|
@ -695,9 +681,9 @@ public class JpaUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<CredentialModel> getStoredCredentials(RealmModel realm, UserModel user) {
|
public List<CredentialModel> getStoredCredentials(RealmModel realm, String userId) {
|
||||||
TypedQuery<FederatedUserCredentialEntity> query = em.createNamedQuery("federatedUserCredentialByUser", FederatedUserCredentialEntity.class)
|
TypedQuery<FederatedUserCredentialEntity> query = em.createNamedQuery("federatedUserCredentialByUser", FederatedUserCredentialEntity.class)
|
||||||
.setParameter("userId", user.getId());
|
.setParameter("userId", userId);
|
||||||
List<FederatedUserCredentialEntity> results = query.getResultList();
|
List<FederatedUserCredentialEntity> results = query.getResultList();
|
||||||
List<CredentialModel> rtn = new LinkedList<>();
|
List<CredentialModel> rtn = new LinkedList<>();
|
||||||
for (FederatedUserCredentialEntity entity : results) {
|
for (FederatedUserCredentialEntity entity : results) {
|
||||||
|
|
@ -707,10 +693,10 @@ public class JpaUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<CredentialModel> getStoredCredentialsByType(RealmModel realm, UserModel user, String type) {
|
public List<CredentialModel> getStoredCredentialsByType(RealmModel realm, String userId, String type) {
|
||||||
TypedQuery<FederatedUserCredentialEntity> query = em.createNamedQuery("federatedUserCredentialByUserAndType", FederatedUserCredentialEntity.class)
|
TypedQuery<FederatedUserCredentialEntity> query = em.createNamedQuery("federatedUserCredentialByUserAndType", FederatedUserCredentialEntity.class)
|
||||||
.setParameter("type", type)
|
.setParameter("type", type)
|
||||||
.setParameter("userId", user.getId());
|
.setParameter("userId", userId);
|
||||||
List<FederatedUserCredentialEntity> results = query.getResultList();
|
List<FederatedUserCredentialEntity> results = query.getResultList();
|
||||||
List<CredentialModel> rtn = new LinkedList<>();
|
List<CredentialModel> rtn = new LinkedList<>();
|
||||||
for (FederatedUserCredentialEntity entity : results) {
|
for (FederatedUserCredentialEntity entity : results) {
|
||||||
|
|
@ -720,11 +706,11 @@ public class JpaUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public CredentialModel getStoredCredentialByNameAndType(RealmModel realm, UserModel user, String name, String type) {
|
public CredentialModel getStoredCredentialByNameAndType(RealmModel realm, String userId, String name, String type) {
|
||||||
TypedQuery<FederatedUserCredentialEntity> query = em.createNamedQuery("federatedUserCredentialByNameAndType", FederatedUserCredentialEntity.class)
|
TypedQuery<FederatedUserCredentialEntity> query = em.createNamedQuery("federatedUserCredentialByNameAndType", FederatedUserCredentialEntity.class)
|
||||||
.setParameter("type", type)
|
.setParameter("type", type)
|
||||||
.setParameter("device", name)
|
.setParameter("device", name)
|
||||||
.setParameter("userId", user.getId());
|
.setParameter("userId", userId);
|
||||||
List<FederatedUserCredentialEntity> results = query.getResultList();
|
List<FederatedUserCredentialEntity> results = query.getResultList();
|
||||||
if (results.isEmpty()) return null;
|
if (results.isEmpty()) return null;
|
||||||
return toModel(results.get(0));
|
return toModel(results.get(0));
|
||||||
|
|
@ -734,11 +720,54 @@ public class JpaUserFederatedStorageProvider implements
|
||||||
public List<String> getStoredUsers(RealmModel realm, int first, int max) {
|
public List<String> getStoredUsers(RealmModel realm, int first, int max) {
|
||||||
TypedQuery<String> query = em.createNamedQuery("getFederatedUserIds", String.class)
|
TypedQuery<String> query = em.createNamedQuery("getFederatedUserIds", String.class)
|
||||||
.setParameter("realmId", realm.getId())
|
.setParameter("realmId", realm.getId())
|
||||||
.setFirstResult(first)
|
.setFirstResult(first);
|
||||||
.setMaxResults(max);
|
if (max > 0) query.setMaxResults(max);
|
||||||
return query.getResultList();
|
return query.getResultList();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void updateCredential(RealmModel realm, UserModel user, CredentialModel cred) {
|
||||||
|
updateCredential(realm, user.getId(), cred);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public CredentialModel createCredential(RealmModel realm, UserModel user, CredentialModel cred) {
|
||||||
|
return createCredential(realm, user.getId(), cred);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean removeStoredCredential(RealmModel realm, UserModel user, String id) {
|
||||||
|
return removeStoredCredential(realm, user.getId(), id);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public CredentialModel getStoredCredentialById(RealmModel realm, UserModel user, String id) {
|
||||||
|
return getStoredCredentialById(realm, user.getId(), id);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public List<CredentialModel> getStoredCredentials(RealmModel realm, UserModel user) {
|
||||||
|
return getStoredCredentials(realm, user.getId());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public List<CredentialModel> getStoredCredentialsByType(RealmModel realm, UserModel user, String type) {
|
||||||
|
return getStoredCredentialsByType(realm, user.getId(), type);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public CredentialModel getStoredCredentialByNameAndType(RealmModel realm, UserModel user, String name, String type) {
|
||||||
|
return getStoredCredentialByNameAndType(realm, user.getId(), name, type);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public int getStoredUsersCount(RealmModel realm) {
|
||||||
|
Object count = em.createNamedQuery("getFederatedUserCount")
|
||||||
|
.setParameter("realmId", realm.getId())
|
||||||
|
.getSingleResult();
|
||||||
|
return ((Number)count).intValue();
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void preRemove(RealmModel realm) {
|
public void preRemove(RealmModel realm) {
|
||||||
int num = em.createNamedQuery("deleteFederatedUserConsentRolesByRealm")
|
int num = em.createNamedQuery("deleteFederatedUserConsentRolesByRealm")
|
||||||
|
|
|
||||||
|
|
@ -31,6 +31,7 @@ import javax.persistence.Table;
|
||||||
*/
|
*/
|
||||||
@NamedQueries({
|
@NamedQueries({
|
||||||
@NamedQuery(name="getFederatedUserIds", query="select f.id from FederatedUser f where f.realmId=:realmId"),
|
@NamedQuery(name="getFederatedUserIds", query="select f.id from FederatedUser f where f.realmId=:realmId"),
|
||||||
|
@NamedQuery(name="getFederatedUserCount", query="select count(u) from FederatedUser u where u.realmId = :realmId"),
|
||||||
@NamedQuery(name="deleteFederatedUserByUser", query="delete from FederatedUser f where f.id = :userId and f.realmId=:realmId"),
|
@NamedQuery(name="deleteFederatedUserByUser", query="delete from FederatedUser f where f.id = :userId and f.realmId=:realmId"),
|
||||||
@NamedQuery(name="deleteFederatedUsersByRealm", query="delete from FederatedUser f where f.realmId=:realmId"),
|
@NamedQuery(name="deleteFederatedUsersByRealm", query="delete from FederatedUser f where f.realmId=:realmId"),
|
||||||
@NamedQuery(name="deleteFederatedUsersByStorageProvider", query="delete from FederatedUser f where f.storageProviderId=:storageProviderId"),
|
@NamedQuery(name="deleteFederatedUsersByStorageProvider", query="delete from FederatedUser f where f.storageProviderId=:storageProviderId"),
|
||||||
|
|
|
||||||
|
|
@ -519,16 +519,16 @@ public class MongoUserProvider implements UserProvider, UserCredentialStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addConsent(RealmModel realm, UserModel user, UserConsentModel consent) {
|
public void addConsent(RealmModel realm, String userId, UserConsentModel consent) {
|
||||||
String clientId = consent.getClient().getId();
|
String clientId = consent.getClient().getId();
|
||||||
if (getConsentEntityByClientId(user, clientId) != null) {
|
if (getConsentEntityByClientId(userId, clientId) != null) {
|
||||||
throw new ModelDuplicateException("Consent already exists for client [" + clientId + "] and user [" + user.getId() + "]");
|
throw new ModelDuplicateException("Consent already exists for client [" + clientId + "] and user [" + userId + "]");
|
||||||
}
|
}
|
||||||
|
|
||||||
long currentTime = Time.currentTimeMillis();
|
long currentTime = Time.currentTimeMillis();
|
||||||
|
|
||||||
MongoUserConsentEntity consentEntity = new MongoUserConsentEntity();
|
MongoUserConsentEntity consentEntity = new MongoUserConsentEntity();
|
||||||
consentEntity.setUserId(user.getId());
|
consentEntity.setUserId(userId);
|
||||||
consentEntity.setClientId(clientId);
|
consentEntity.setClientId(clientId);
|
||||||
consentEntity.setCreatedDate(currentTime);
|
consentEntity.setCreatedDate(currentTime);
|
||||||
consentEntity.setLastUpdatedDate(currentTime);
|
consentEntity.setLastUpdatedDate(currentTime);
|
||||||
|
|
@ -537,17 +537,17 @@ public class MongoUserProvider implements UserProvider, UserCredentialStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public UserConsentModel getConsentByClient(RealmModel realm, UserModel user, String clientId) {
|
public UserConsentModel getConsentByClient(RealmModel realm, String userId, String clientId) {
|
||||||
UserConsentEntity consentEntity = getConsentEntityByClientId(user, clientId);
|
UserConsentEntity consentEntity = getConsentEntityByClientId(userId, clientId);
|
||||||
return consentEntity!=null ? toConsentModel(realm, consentEntity) : null;
|
return consentEntity!=null ? toConsentModel(realm, consentEntity) : null;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<UserConsentModel> getConsents(RealmModel realm, UserModel user) {
|
public List<UserConsentModel> getConsents(RealmModel realm, String userId) {
|
||||||
List<UserConsentModel> result = new ArrayList<UserConsentModel>();
|
List<UserConsentModel> result = new ArrayList<UserConsentModel>();
|
||||||
|
|
||||||
DBObject query = new QueryBuilder()
|
DBObject query = new QueryBuilder()
|
||||||
.and("userId").is(user.getId())
|
.and("userId").is(userId)
|
||||||
.get();
|
.get();
|
||||||
List<MongoUserConsentEntity> grantedConsents = getMongoStore().loadEntities(MongoUserConsentEntity.class, query, invocationContext);
|
List<MongoUserConsentEntity> grantedConsents = getMongoStore().loadEntities(MongoUserConsentEntity.class, query, invocationContext);
|
||||||
|
|
||||||
|
|
@ -559,9 +559,9 @@ public class MongoUserProvider implements UserProvider, UserCredentialStore {
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
private MongoUserConsentEntity getConsentEntityByClientId(UserModel user, String clientId) {
|
private MongoUserConsentEntity getConsentEntityByClientId(String userId, String clientId) {
|
||||||
DBObject query = new QueryBuilder()
|
DBObject query = new QueryBuilder()
|
||||||
.and("userId").is(user.getId())
|
.and("userId").is(userId)
|
||||||
.and("clientId").is(clientId)
|
.and("clientId").is(clientId)
|
||||||
.get();
|
.get();
|
||||||
return getMongoStore().loadSingleEntity(MongoUserConsentEntity.class, query, invocationContext);
|
return getMongoStore().loadSingleEntity(MongoUserConsentEntity.class, query, invocationContext);
|
||||||
|
|
@ -607,11 +607,11 @@ public class MongoUserProvider implements UserProvider, UserCredentialStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void updateConsent(RealmModel realm, UserModel user, UserConsentModel consent) {
|
public void updateConsent(RealmModel realm, String userId, UserConsentModel consent) {
|
||||||
String clientId = consent.getClient().getId();
|
String clientId = consent.getClient().getId();
|
||||||
MongoUserConsentEntity consentEntity = getConsentEntityByClientId(user, clientId);
|
MongoUserConsentEntity consentEntity = getConsentEntityByClientId(userId, clientId);
|
||||||
if (consentEntity == null) {
|
if (consentEntity == null) {
|
||||||
throw new ModelException("Consent not found for client [" + clientId + "] and user [" + user.getId() + "]");
|
throw new ModelException("Consent not found for client [" + clientId + "] and user [" + userId + "]");
|
||||||
} else {
|
} else {
|
||||||
fillEntityFromModel(consent, consentEntity);
|
fillEntityFromModel(consent, consentEntity);
|
||||||
getMongoStore().updateEntity(consentEntity, invocationContext);
|
getMongoStore().updateEntity(consentEntity, invocationContext);
|
||||||
|
|
@ -619,8 +619,8 @@ public class MongoUserProvider implements UserProvider, UserCredentialStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean revokeConsentForClient(RealmModel realm, UserModel user, String clientId) {
|
public boolean revokeConsentForClient(RealmModel realm, String userId, String clientId) {
|
||||||
MongoUserConsentEntity entity = getConsentEntityByClientId(user, clientId);
|
MongoUserConsentEntity entity = getConsentEntityByClientId(userId, clientId);
|
||||||
if (entity == null) {
|
if (entity == null) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -64,12 +64,6 @@ import java.util.Set;
|
||||||
*/
|
*/
|
||||||
public class MongoUserFederatedStorageProvider implements
|
public class MongoUserFederatedStorageProvider implements
|
||||||
UserFederatedStorageProvider,
|
UserFederatedStorageProvider,
|
||||||
UserAttributeFederatedStorage,
|
|
||||||
UserBrokerLinkFederatedStorage,
|
|
||||||
UserConsentFederatedStorage,
|
|
||||||
UserGroupMembershipFederatedStorage,
|
|
||||||
UserRequiredActionsFederatedStorage,
|
|
||||||
UserRoleMappingsFederatedStorage,
|
|
||||||
UserCredentialStore {
|
UserCredentialStore {
|
||||||
|
|
||||||
private final MongoStoreInvocationContext invocationContext;
|
private final MongoStoreInvocationContext invocationContext;
|
||||||
|
|
@ -108,8 +102,8 @@ public class MongoUserFederatedStorageProvider implements
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean removeStoredCredential(RealmModel realm, UserModel user, String id) {
|
public boolean removeStoredCredential(RealmModel realm, String userId, String id) {
|
||||||
FederatedUser userEntity = getUserById(user.getId());
|
FederatedUser userEntity = getUserById(userId);
|
||||||
if (userEntity == null) return false;
|
if (userEntity == null) return false;
|
||||||
CredentialEntity ce = getCredentialEntity(id, userEntity);
|
CredentialEntity ce = getCredentialEntity(id, userEntity);
|
||||||
if (ce != null) return getMongoStore().pullItemFromList(userEntity, "credentials", ce, invocationContext);
|
if (ce != null) return getMongoStore().pullItemFromList(userEntity, "credentials", ce, invocationContext);
|
||||||
|
|
@ -153,7 +147,7 @@ public class MongoUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public CredentialModel getStoredCredentialById(RealmModel realm, UserModel user, String id) {
|
public CredentialModel getStoredCredentialById(RealmModel realm, String userId, String id) {
|
||||||
FederatedUser userEntity = getUserById(id);
|
FederatedUser userEntity = getUserById(id);
|
||||||
if (userEntity != null && userEntity.getCredentials() != null) {
|
if (userEntity != null && userEntity.getCredentials() != null) {
|
||||||
for (CredentialEntity credentialEntity : userEntity.getCredentials()) {
|
for (CredentialEntity credentialEntity : userEntity.getCredentials()) {
|
||||||
|
|
@ -167,8 +161,8 @@ public class MongoUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<CredentialModel> getStoredCredentials(RealmModel realm, UserModel user) {
|
public List<CredentialModel> getStoredCredentials(RealmModel realm, String userId) {
|
||||||
FederatedUser userEntity = getUserById(user.getId());
|
FederatedUser userEntity = getUserById(userId);
|
||||||
if (userEntity != null && userEntity.getCredentials() != null) {
|
if (userEntity != null && userEntity.getCredentials() != null) {
|
||||||
List<CredentialModel> list = new LinkedList<>();
|
List<CredentialModel> list = new LinkedList<>();
|
||||||
for (CredentialEntity credentialEntity : userEntity.getCredentials()) {
|
for (CredentialEntity credentialEntity : userEntity.getCredentials()) {
|
||||||
|
|
@ -180,8 +174,8 @@ public class MongoUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<CredentialModel> getStoredCredentialsByType(RealmModel realm, UserModel user, String type) {
|
public List<CredentialModel> getStoredCredentialsByType(RealmModel realm, String userId, String type) {
|
||||||
FederatedUser userEntity = getUserById(user.getId());
|
FederatedUser userEntity = getUserById(userId);
|
||||||
if (userEntity != null && userEntity.getCredentials() != null) {
|
if (userEntity != null && userEntity.getCredentials() != null) {
|
||||||
List<CredentialModel> list = new LinkedList<>();
|
List<CredentialModel> list = new LinkedList<>();
|
||||||
for (CredentialEntity credentialEntity : userEntity.getCredentials()) {
|
for (CredentialEntity credentialEntity : userEntity.getCredentials()) {
|
||||||
|
|
@ -193,8 +187,8 @@ public class MongoUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public CredentialModel getStoredCredentialByNameAndType(RealmModel realm, UserModel user, String name, String type) {
|
public CredentialModel getStoredCredentialByNameAndType(RealmModel realm, String userId, String name, String type) {
|
||||||
FederatedUser userEntity = getUserById(user.getId());
|
FederatedUser userEntity = getUserById(userId);
|
||||||
if (userEntity != null && userEntity.getCredentials() != null) {
|
if (userEntity != null && userEntity.getCredentials() != null) {
|
||||||
for (CredentialEntity credentialEntity : userEntity.getCredentials()) {
|
for (CredentialEntity credentialEntity : userEntity.getCredentials()) {
|
||||||
if (credentialEntity.getDevice().equals(name) && type.equals(credentialEntity.getType())) {
|
if (credentialEntity.getDevice().equals(name) && type.equals(credentialEntity.getType())) {
|
||||||
|
|
@ -285,8 +279,8 @@ public class MongoUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void setSingleAttribute(RealmModel realm, UserModel user, String name, String value) {
|
public void setSingleAttribute(RealmModel realm, String userId, String name, String value) {
|
||||||
FederatedUser userEntity = findOrCreate(realm, user.getId());
|
FederatedUser userEntity = findOrCreate(realm, userId);
|
||||||
if (userEntity.getAttributes() == null) {
|
if (userEntity.getAttributes() == null) {
|
||||||
userEntity.setAttributes(new HashMap<>());
|
userEntity.setAttributes(new HashMap<>());
|
||||||
}
|
}
|
||||||
|
|
@ -298,8 +292,8 @@ public class MongoUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void setAttribute(RealmModel realm, UserModel user, String name, List<String> values) {
|
public void setAttribute(RealmModel realm, String userId, String name, List<String> values) {
|
||||||
FederatedUser userEntity = findOrCreate(realm, user.getId());
|
FederatedUser userEntity = findOrCreate(realm, userId);
|
||||||
if (userEntity.getAttributes() == null) {
|
if (userEntity.getAttributes() == null) {
|
||||||
userEntity.setAttributes(new HashMap<>());
|
userEntity.setAttributes(new HashMap<>());
|
||||||
}
|
}
|
||||||
|
|
@ -310,8 +304,8 @@ public class MongoUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void removeAttribute(RealmModel realm, UserModel user, String name) {
|
public void removeAttribute(RealmModel realm, String userId, String name) {
|
||||||
FederatedUser userEntity = getUserById(user.getId());
|
FederatedUser userEntity = getUserById(userId);
|
||||||
if (userEntity == null || userEntity.getAttributes() == null) return;
|
if (userEntity == null || userEntity.getAttributes() == null) return;
|
||||||
|
|
||||||
userEntity.getAttributes().remove(name);
|
userEntity.getAttributes().remove(name);
|
||||||
|
|
@ -319,8 +313,8 @@ public class MongoUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public MultivaluedHashMap<String, String> getAttributes(RealmModel realm, UserModel user) {
|
public MultivaluedHashMap<String, String> getAttributes(RealmModel realm, String userId) {
|
||||||
FederatedUser userEntity = getUserById(user.getId());
|
FederatedUser userEntity = getUserById(userId);
|
||||||
if (userEntity == null || userEntity.getAttributes() == null) return new MultivaluedHashMap<>();
|
if (userEntity == null || userEntity.getAttributes() == null) return new MultivaluedHashMap<>();
|
||||||
MultivaluedHashMap<String, String> result = new MultivaluedHashMap<>();
|
MultivaluedHashMap<String, String> result = new MultivaluedHashMap<>();
|
||||||
result.putAll(userEntity.getAttributes());
|
result.putAll(userEntity.getAttributes());
|
||||||
|
|
@ -351,8 +345,8 @@ public class MongoUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addFederatedIdentity(RealmModel realm, UserModel user, FederatedIdentityModel socialLink) {
|
public void addFederatedIdentity(RealmModel realm, String userId, FederatedIdentityModel socialLink) {
|
||||||
FederatedUser userEntity = findOrCreate(realm, user.getId());
|
FederatedUser userEntity = findOrCreate(realm, userId);
|
||||||
FederatedIdentityEntity federatedIdentityEntity = new FederatedIdentityEntity();
|
FederatedIdentityEntity federatedIdentityEntity = new FederatedIdentityEntity();
|
||||||
federatedIdentityEntity.setIdentityProvider(socialLink.getIdentityProvider());
|
federatedIdentityEntity.setIdentityProvider(socialLink.getIdentityProvider());
|
||||||
federatedIdentityEntity.setUserId(socialLink.getUserId());
|
federatedIdentityEntity.setUserId(socialLink.getUserId());
|
||||||
|
|
@ -363,8 +357,8 @@ public class MongoUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean removeFederatedIdentity(RealmModel realm, UserModel user, String socialProvider) {
|
public boolean removeFederatedIdentity(RealmModel realm, String userId, String socialProvider) {
|
||||||
FederatedUser userEntity = getUserById(user.getId());
|
FederatedUser userEntity = getUserById(userId);
|
||||||
if (userEntity == null) return false;
|
if (userEntity == null) return false;
|
||||||
|
|
||||||
FederatedIdentityEntity federatedIdentityEntity = findFederatedIdentityLink(userEntity, socialProvider);
|
FederatedIdentityEntity federatedIdentityEntity = findFederatedIdentityLink(userEntity, socialProvider);
|
||||||
|
|
@ -388,8 +382,8 @@ public class MongoUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void updateFederatedIdentity(RealmModel realm, UserModel federatedUser, FederatedIdentityModel federatedIdentityModel) {
|
public void updateFederatedIdentity(RealmModel realm, String userId, FederatedIdentityModel federatedIdentityModel) {
|
||||||
FederatedUser userEntity = getUserById(federatedUser.getId());
|
FederatedUser userEntity = getUserById(userId);
|
||||||
if (userEntity == null) return;
|
if (userEntity == null) return;
|
||||||
FederatedIdentityEntity federatedIdentityEntity = findFederatedIdentityLink(userEntity, federatedIdentityModel.getIdentityProvider());
|
FederatedIdentityEntity federatedIdentityEntity = findFederatedIdentityLink(userEntity, federatedIdentityModel.getIdentityProvider());
|
||||||
if (federatedIdentityEntity == null) return;
|
if (federatedIdentityEntity == null) return;
|
||||||
|
|
@ -401,8 +395,8 @@ public class MongoUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Set<FederatedIdentityModel> getFederatedIdentities(UserModel user, RealmModel realm) {
|
public Set<FederatedIdentityModel> getFederatedIdentities(String userId, RealmModel realm) {
|
||||||
FederatedUser userEntity = getUserById(user.getId());
|
FederatedUser userEntity = getUserById(userId);
|
||||||
if (userEntity == null) return Collections.EMPTY_SET;
|
if (userEntity == null) return Collections.EMPTY_SET;
|
||||||
List<FederatedIdentityEntity> linkEntities = userEntity.getFederatedIdentities();
|
List<FederatedIdentityEntity> linkEntities = userEntity.getFederatedIdentities();
|
||||||
|
|
||||||
|
|
@ -420,8 +414,8 @@ public class MongoUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public FederatedIdentityModel getFederatedIdentity(UserModel user, String socialProvider, RealmModel realm) {
|
public FederatedIdentityModel getFederatedIdentity(String userId, String socialProvider, RealmModel realm) {
|
||||||
FederatedUser userEntity = getUserById(user.getId());
|
FederatedUser userEntity = getUserById(userId);
|
||||||
if (userEntity == null) return null;
|
if (userEntity == null) return null;
|
||||||
FederatedIdentityEntity federatedIdentityEntity = findFederatedIdentityLink(userEntity, socialProvider);
|
FederatedIdentityEntity federatedIdentityEntity = findFederatedIdentityLink(userEntity, socialProvider);
|
||||||
|
|
||||||
|
|
@ -430,35 +424,35 @@ public class MongoUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addConsent(RealmModel realm, UserModel user, UserConsentModel consent) {
|
public void addConsent(RealmModel realm, String userId, UserConsentModel consent) {
|
||||||
session.userLocalStorage().addConsent(realm, user, consent);
|
session.userLocalStorage().addConsent(realm, userId, consent);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public UserConsentModel getConsentByClient(RealmModel realm, UserModel user, String clientInternalId) {
|
public UserConsentModel getConsentByClient(RealmModel realm, String userId, String clientInternalId) {
|
||||||
return session.userLocalStorage().getConsentByClient(realm, user, clientInternalId);
|
return session.userLocalStorage().getConsentByClient(realm, userId, clientInternalId);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<UserConsentModel> getConsents(RealmModel realm, UserModel user) {
|
public List<UserConsentModel> getConsents(RealmModel realm, String userId) {
|
||||||
return session.userLocalStorage().getConsents(realm, user);
|
return session.userLocalStorage().getConsents(realm, userId);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void updateConsent(RealmModel realm, UserModel user, UserConsentModel consent) {
|
public void updateConsent(RealmModel realm, String userId, UserConsentModel consent) {
|
||||||
session.userLocalStorage().updateConsent(realm, user, consent);
|
session.userLocalStorage().updateConsent(realm, userId, consent);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean revokeConsentForClient(RealmModel realm, UserModel user, String clientInternalId) {
|
public boolean revokeConsentForClient(RealmModel realm, String userId, String clientInternalId) {
|
||||||
return session.userLocalStorage().revokeConsentForClient(realm, user, clientInternalId);
|
return session.userLocalStorage().revokeConsentForClient(realm, userId, clientInternalId);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void updateCredential(RealmModel realm, UserModel user, CredentialModel cred) {
|
public void updateCredential(RealmModel realm, String userId, CredentialModel cred) {
|
||||||
FederatedUser userEntity = getUserById(user.getId());
|
FederatedUser userEntity = getUserById(userId);
|
||||||
if (userEntity == null) return;
|
if (userEntity == null) return;
|
||||||
CredentialEntity entity = getCredentialEntity(cred.getId(), userEntity);
|
CredentialEntity entity = getCredentialEntity(cred.getId(), userEntity);
|
||||||
if (entity == null) return;
|
if (entity == null) return;
|
||||||
|
|
@ -489,8 +483,8 @@ public class MongoUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public CredentialModel createCredential(RealmModel realm, UserModel user, CredentialModel cred) {
|
public CredentialModel createCredential(RealmModel realm, String userId, CredentialModel cred) {
|
||||||
FederatedUser userEntity = findOrCreate(realm, user.getId());
|
FederatedUser userEntity = findOrCreate(realm, userId);
|
||||||
CredentialEntity entity = new CredentialEntity();
|
CredentialEntity entity = new CredentialEntity();
|
||||||
entity.setId(KeycloakModelUtils.generateId());
|
entity.setId(KeycloakModelUtils.generateId());
|
||||||
toEntity(cred, entity);
|
toEntity(cred, entity);
|
||||||
|
|
@ -500,8 +494,8 @@ public class MongoUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Set<GroupModel> getGroups(RealmModel realm, UserModel user) {
|
public Set<GroupModel> getGroups(RealmModel realm, String userId) {
|
||||||
FederatedUser userEntity = getUserById(user.getId());
|
FederatedUser userEntity = getUserById(userId);
|
||||||
if (userEntity == null || userEntity.getGroupIds() == null || userEntity.getGroupIds().isEmpty()) return Collections.EMPTY_SET;
|
if (userEntity == null || userEntity.getGroupIds() == null || userEntity.getGroupIds().isEmpty()) return Collections.EMPTY_SET;
|
||||||
Set<GroupModel> groups = new HashSet<>();
|
Set<GroupModel> groups = new HashSet<>();
|
||||||
for (String groupId : userEntity.getGroupIds()) {
|
for (String groupId : userEntity.getGroupIds()) {
|
||||||
|
|
@ -513,16 +507,16 @@ public class MongoUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void joinGroup(RealmModel realm, UserModel user, GroupModel group) {
|
public void joinGroup(RealmModel realm, String userId, GroupModel group) {
|
||||||
FederatedUser userEntity = findOrCreate(realm, user.getId());
|
FederatedUser userEntity = findOrCreate(realm, userId);
|
||||||
getMongoStore().pushItemToList(userEntity, "groupIds", group.getId(), true, invocationContext);
|
getMongoStore().pushItemToList(userEntity, "groupIds", group.getId(), true, invocationContext);
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void leaveGroup(RealmModel realm, UserModel user, GroupModel group) {
|
public void leaveGroup(RealmModel realm, String userId, GroupModel group) {
|
||||||
FederatedUser userEntity = getUserById(user.getId());
|
FederatedUser userEntity = getUserById(userId);
|
||||||
if (userEntity == null || group == null) return;
|
if (userEntity == null || group == null) return;
|
||||||
getMongoStore().pullItemFromList(userEntity, "groupIds", group.getId(), invocationContext);
|
getMongoStore().pullItemFromList(userEntity, "groupIds", group.getId(), invocationContext);
|
||||||
|
|
||||||
|
|
@ -542,8 +536,8 @@ public class MongoUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Set<String> getRequiredActions(RealmModel realm, UserModel user) {
|
public Set<String> getRequiredActions(RealmModel realm, String userId) {
|
||||||
FederatedUser userEntity = getUserById(user.getId());
|
FederatedUser userEntity = getUserById(userId);
|
||||||
if (userEntity == null || userEntity.getRequiredActions() == null || userEntity.getRequiredActions().isEmpty()) return Collections.EMPTY_SET;
|
if (userEntity == null || userEntity.getRequiredActions() == null || userEntity.getRequiredActions().isEmpty()) return Collections.EMPTY_SET;
|
||||||
Set<String> set = new HashSet<>();
|
Set<String> set = new HashSet<>();
|
||||||
set.addAll(userEntity.getRequiredActions());
|
set.addAll(userEntity.getRequiredActions());
|
||||||
|
|
@ -551,30 +545,30 @@ public class MongoUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addRequiredAction(RealmModel realm, UserModel user, String action) {
|
public void addRequiredAction(RealmModel realm, String userId, String action) {
|
||||||
FederatedUser userEntity = findOrCreate(realm, user.getId());
|
FederatedUser userEntity = findOrCreate(realm, userId);
|
||||||
getMongoStore().pushItemToList(userEntity, "requiredActions", action, true, invocationContext);
|
getMongoStore().pushItemToList(userEntity, "requiredActions", action, true, invocationContext);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void removeRequiredAction(RealmModel realm, UserModel user, String action) {
|
public void removeRequiredAction(RealmModel realm, String userId, String action) {
|
||||||
FederatedUser userEntity = getUserById(user.getId());
|
FederatedUser userEntity = getUserById(userId);
|
||||||
if (userEntity == null || userEntity.getRequiredActions() == null || userEntity.getRequiredActions().isEmpty()) return;
|
if (userEntity == null || userEntity.getRequiredActions() == null || userEntity.getRequiredActions().isEmpty()) return;
|
||||||
getMongoStore().pullItemFromList(userEntity, "requiredActions", action, invocationContext);
|
getMongoStore().pullItemFromList(userEntity, "requiredActions", action, invocationContext);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void grantRole(RealmModel realm, UserModel user, RoleModel role) {
|
public void grantRole(RealmModel realm, String userId, RoleModel role) {
|
||||||
FederatedUser userEntity = findOrCreate(realm, user.getId());
|
FederatedUser userEntity = findOrCreate(realm, userId);
|
||||||
getMongoStore().pushItemToList(userEntity, "roleIds", role.getId(), true, invocationContext);
|
getMongoStore().pushItemToList(userEntity, "roleIds", role.getId(), true, invocationContext);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Set<RoleModel> getRoleMappings(RealmModel realm, UserModel user) {
|
public Set<RoleModel> getRoleMappings(RealmModel realm, String userId) {
|
||||||
FederatedUser userEntity = getUserById(user.getId());
|
FederatedUser userEntity = getUserById(userId);
|
||||||
if (userEntity == null || userEntity.getRoleIds() == null || userEntity.getRoleIds().isEmpty()) return Collections.EMPTY_SET;
|
if (userEntity == null || userEntity.getRoleIds() == null || userEntity.getRoleIds().isEmpty()) return Collections.EMPTY_SET;
|
||||||
Set<RoleModel> roles = new HashSet<>();
|
Set<RoleModel> roles = new HashSet<>();
|
||||||
for (String roleId : userEntity.getRoleIds()) {
|
for (String roleId : userEntity.getRoleIds()) {
|
||||||
|
|
@ -585,10 +579,53 @@ public class MongoUserFederatedStorageProvider implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void deleteRoleMapping(RealmModel realm, UserModel user, RoleModel role) {
|
public void deleteRoleMapping(RealmModel realm, String userId, RoleModel role) {
|
||||||
FederatedUser userEntity = getUserById(user.getId());
|
FederatedUser userEntity = getUserById(userId);
|
||||||
if (userEntity == null || userEntity.getRoleIds() == null || userEntity.getRoleIds().isEmpty()) return;
|
if (userEntity == null || userEntity.getRoleIds() == null || userEntity.getRoleIds().isEmpty()) return;
|
||||||
getMongoStore().pullItemFromList(userEntity, "roleIds", role.getId(), invocationContext);
|
getMongoStore().pullItemFromList(userEntity, "roleIds", role.getId(), invocationContext);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void updateCredential(RealmModel realm, UserModel user, CredentialModel cred) {
|
||||||
|
updateCredential(realm, user.getId(), cred);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public CredentialModel createCredential(RealmModel realm, UserModel user, CredentialModel cred) {
|
||||||
|
return createCredential(realm, user.getId(), cred);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean removeStoredCredential(RealmModel realm, UserModel user, String id) {
|
||||||
|
return removeStoredCredential(realm, user.getId(), id);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public CredentialModel getStoredCredentialById(RealmModel realm, UserModel user, String id) {
|
||||||
|
return getStoredCredentialById(realm, user.getId(), id);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public List<CredentialModel> getStoredCredentials(RealmModel realm, UserModel user) {
|
||||||
|
return getStoredCredentials(realm, user.getId());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public List<CredentialModel> getStoredCredentialsByType(RealmModel realm, UserModel user, String type) {
|
||||||
|
return getStoredCredentialsByType(realm, user.getId(), type);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public CredentialModel getStoredCredentialByNameAndType(RealmModel realm, UserModel user, String name, String type) {
|
||||||
|
return getStoredCredentialByNameAndType(realm, user.getId(), name, type);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public int getStoredUsersCount(RealmModel realm) {
|
||||||
|
DBObject query = new QueryBuilder()
|
||||||
|
.and("realmId").is(realm.getId())
|
||||||
|
.get();
|
||||||
|
return getMongoStore().countEntities(FederatedUser.class, query, invocationContext);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -175,35 +175,30 @@ public class UserFederationManager implements UserProvider {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addConsent(RealmModel realm, UserModel user, UserConsentModel consent) {
|
public void addConsent(RealmModel realm, String userId, UserConsentModel consent) {
|
||||||
validateUser(realm, user);
|
session.userStorage().addConsent(realm, userId, consent);
|
||||||
session.userStorage().addConsent(realm, user, consent);
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public UserConsentModel getConsentByClient(RealmModel realm, UserModel user, String clientInternalId) {
|
public UserConsentModel getConsentByClient(RealmModel realm, String userId, String clientInternalId) {
|
||||||
validateUser(realm, user);
|
return session.userStorage().getConsentByClient(realm, userId, clientInternalId);
|
||||||
return session.userStorage().getConsentByClient(realm, user, clientInternalId);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<UserConsentModel> getConsents(RealmModel realm, UserModel user) {
|
public List<UserConsentModel> getConsents(RealmModel realm, String userId) {
|
||||||
validateUser(realm, user);
|
return session.userStorage().getConsents(realm, userId);
|
||||||
return session.userStorage().getConsents(realm, user);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void updateConsent(RealmModel realm, UserModel user, UserConsentModel consent) {
|
public void updateConsent(RealmModel realm, String userId, UserConsentModel consent) {
|
||||||
validateUser(realm, user);
|
session.userStorage().updateConsent(realm, userId, consent);
|
||||||
session.userStorage().updateConsent(realm, user, consent);
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean revokeConsentForClient(RealmModel realm, UserModel user, String clientInternalId) {
|
public boolean revokeConsentForClient(RealmModel realm, String userId, String clientInternalId) {
|
||||||
validateUser(realm, user);
|
return session.userStorage().revokeConsentForClient(realm, userId, clientInternalId);
|
||||||
return session.userStorage().revokeConsentForClient(realm, user, clientInternalId);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
||||||
|
|
@ -43,11 +43,11 @@ public interface UserProvider extends Provider,
|
||||||
FederatedIdentityModel getFederatedIdentity(UserModel user, String socialProvider, RealmModel realm);
|
FederatedIdentityModel getFederatedIdentity(UserModel user, String socialProvider, RealmModel realm);
|
||||||
UserModel getUserByFederatedIdentity(FederatedIdentityModel socialLink, RealmModel realm);
|
UserModel getUserByFederatedIdentity(FederatedIdentityModel socialLink, RealmModel realm);
|
||||||
|
|
||||||
void addConsent(RealmModel realm, UserModel user, UserConsentModel consent);
|
void addConsent(RealmModel realm, String userId, UserConsentModel consent);
|
||||||
UserConsentModel getConsentByClient(RealmModel realm, UserModel user, String clientInternalId);
|
UserConsentModel getConsentByClient(RealmModel realm, String userId, String clientInternalId);
|
||||||
List<UserConsentModel> getConsents(RealmModel realm, UserModel user);
|
List<UserConsentModel> getConsents(RealmModel realm, String userId);
|
||||||
void updateConsent(RealmModel realm, UserModel user, UserConsentModel consent);
|
void updateConsent(RealmModel realm, String userId, UserConsentModel consent);
|
||||||
boolean revokeConsentForClient(RealmModel realm, UserModel user, String clientInternalId);
|
boolean revokeConsentForClient(RealmModel realm, String userId, String clientInternalId);
|
||||||
|
|
||||||
|
|
||||||
UserModel getServiceAccount(ClientModel client);
|
UserModel getServiceAccount(ClientModel client);
|
||||||
|
|
|
||||||
|
|
@ -101,6 +101,7 @@ import org.keycloak.representations.idm.authorization.ResourceOwnerRepresentatio
|
||||||
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
|
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
|
||||||
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
|
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
|
||||||
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
|
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
|
||||||
|
import org.keycloak.storage.federated.UserFederatedStorageProvider;
|
||||||
import org.keycloak.util.JsonSerialization;
|
import org.keycloak.util.JsonSerialization;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
|
@ -355,6 +356,13 @@ public class RepresentationToModel {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (rep.getFederatedUsers() != null) {
|
||||||
|
for (UserRepresentation userRep : rep.getFederatedUsers()) {
|
||||||
|
importFederatedUser(session, newRealm, userRep);
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if(rep.isInternationalizationEnabled() != null){
|
if(rep.isInternationalizationEnabled() != null){
|
||||||
newRealm.setInternationalizationEnabled(rep.isInternationalizationEnabled());
|
newRealm.setInternationalizationEnabled(rep.isInternationalizationEnabled());
|
||||||
}
|
}
|
||||||
|
|
@ -1363,7 +1371,7 @@ public class RepresentationToModel {
|
||||||
if (userRep.getClientConsents() != null) {
|
if (userRep.getClientConsents() != null) {
|
||||||
for (UserConsentRepresentation consentRep : userRep.getClientConsents()) {
|
for (UserConsentRepresentation consentRep : userRep.getClientConsents()) {
|
||||||
UserConsentModel consentModel = toModel(newRealm, consentRep);
|
UserConsentModel consentModel = toModel(newRealm, consentRep);
|
||||||
session.userStorage().addConsent(newRealm, user, consentModel);
|
session.userStorage().addConsent(newRealm, user.getId(), consentModel);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (userRep.getServiceAccountClientId() != null) {
|
if (userRep.getServiceAccountClientId() != null) {
|
||||||
|
|
@ -1451,6 +1459,32 @@ public class RepresentationToModel {
|
||||||
return credential;
|
return credential;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static CredentialModel toModel(CredentialRepresentation cred) {
|
||||||
|
CredentialModel model = new CredentialModel();
|
||||||
|
model.setHashIterations(cred.getHashIterations());
|
||||||
|
model.setCreatedDate(cred.getCreatedDate());
|
||||||
|
model.setType(cred.getType());
|
||||||
|
model.setDigits(cred.getDigits());
|
||||||
|
model.setConfig(cred.getConfig());
|
||||||
|
model.setDevice(cred.getDevice());
|
||||||
|
model.setAlgorithm(cred.getAlgorithm());
|
||||||
|
model.setCounter(cred.getCounter());
|
||||||
|
model.setPeriod(cred.getPeriod());
|
||||||
|
if (cred.getSalt() != null) {
|
||||||
|
try {
|
||||||
|
model.setSalt(Base64.decode(cred.getSalt()));
|
||||||
|
} catch (IOException e) {
|
||||||
|
throw new RuntimeException(e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
model.setValue(cred.getValue());
|
||||||
|
if (cred.getHashedSaltedValue() != null) {
|
||||||
|
model.setValue(cred.getHashedSaltedValue());
|
||||||
|
}
|
||||||
|
return model;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
// Role mappings
|
// Role mappings
|
||||||
|
|
||||||
public static void createRoleMappings(UserRepresentation userRep, UserModel user, RealmModel realm) {
|
public static void createRoleMappings(UserRepresentation userRep, UserModel user, RealmModel realm) {
|
||||||
|
|
@ -2188,4 +2222,99 @@ public class RepresentationToModel {
|
||||||
|
|
||||||
return model;
|
return model;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static void importFederatedUser(KeycloakSession session, RealmModel newRealm, UserRepresentation userRep) {
|
||||||
|
UserFederatedStorageProvider federatedStorage = session.userFederatedStorage();
|
||||||
|
if (userRep.getAttributes() != null) {
|
||||||
|
for (Map.Entry<String, Object> entry : userRep.getAttributes().entrySet()) {
|
||||||
|
String key = entry.getKey();
|
||||||
|
Object value = entry.getValue();
|
||||||
|
if (value == null) continue;
|
||||||
|
|
||||||
|
if (value instanceof Collection) {
|
||||||
|
Collection<String> colVal = (Collection<String>) value;
|
||||||
|
List<String> list = new LinkedList<>();
|
||||||
|
list.addAll(colVal);
|
||||||
|
federatedStorage.setAttribute(newRealm, userRep.getId(), key, list);
|
||||||
|
} else if (value instanceof String) {
|
||||||
|
// TODO: This is here just for backwards compatibility with KC 1.3 and earlier
|
||||||
|
String stringVal = (String) value;
|
||||||
|
federatedStorage.setSingleAttribute(newRealm, userRep.getId(), key, stringVal);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (userRep.getRequiredActions() != null) {
|
||||||
|
for (String action: userRep.getRequiredActions()) {
|
||||||
|
federatedStorage.addRequiredAction(newRealm, userRep.getId(), action);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (userRep.getCredentials() != null) {
|
||||||
|
for (CredentialRepresentation cred : userRep.getCredentials()) {
|
||||||
|
federatedStorage.createCredential(newRealm, userRep.getId(), toModel(cred));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
createFederatedRoleMappings(federatedStorage, userRep, newRealm);
|
||||||
|
|
||||||
|
if (userRep.getGroups() != null) {
|
||||||
|
for (String path : userRep.getGroups()) {
|
||||||
|
GroupModel group = KeycloakModelUtils.findGroupByPath(newRealm, path);
|
||||||
|
if (group == null) {
|
||||||
|
throw new RuntimeException("Unable to find group specified by path: " + path);
|
||||||
|
|
||||||
|
}
|
||||||
|
federatedStorage.joinGroup(newRealm, userRep.getId(), group);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (userRep.getFederatedIdentities() != null) {
|
||||||
|
for (FederatedIdentityRepresentation identity : userRep.getFederatedIdentities()) {
|
||||||
|
FederatedIdentityModel mappingModel = new FederatedIdentityModel(identity.getIdentityProvider(), identity.getUserId(), identity.getUserName());
|
||||||
|
federatedStorage.addFederatedIdentity(newRealm, userRep.getId(), mappingModel);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (userRep.getClientConsents() != null) {
|
||||||
|
for (UserConsentRepresentation consentRep : userRep.getClientConsents()) {
|
||||||
|
UserConsentModel consentModel = toModel(newRealm, consentRep);
|
||||||
|
federatedStorage.addConsent(newRealm, userRep.getId(), consentModel);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
public static void createFederatedRoleMappings(UserFederatedStorageProvider federatedStorage, UserRepresentation userRep, RealmModel realm) {
|
||||||
|
if (userRep.getRealmRoles() != null) {
|
||||||
|
for (String roleString : userRep.getRealmRoles()) {
|
||||||
|
RoleModel role = realm.getRole(roleString.trim());
|
||||||
|
if (role == null) {
|
||||||
|
role = realm.addRole(roleString.trim());
|
||||||
|
}
|
||||||
|
federatedStorage.grantRole(realm, userRep.getId(), role);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (userRep.getClientRoles() != null) {
|
||||||
|
for (Map.Entry<String, List<String>> entry : userRep.getClientRoles().entrySet()) {
|
||||||
|
ClientModel client = realm.getClientByClientId(entry.getKey());
|
||||||
|
if (client == null) {
|
||||||
|
throw new RuntimeException("Unable to find client role mappings for client: " + entry.getKey());
|
||||||
|
}
|
||||||
|
createFederatedClientRoleMappings(federatedStorage, realm, client, userRep, entry.getValue());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public static void createFederatedClientRoleMappings(UserFederatedStorageProvider federatedStorage, RealmModel realm, ClientModel clientModel, UserRepresentation userRep, List<String> roleNames) {
|
||||||
|
if (userRep == null) {
|
||||||
|
throw new RuntimeException("User not found");
|
||||||
|
}
|
||||||
|
|
||||||
|
for (String roleName : roleNames) {
|
||||||
|
RoleModel role = clientModel.getRole(roleName.trim());
|
||||||
|
if (role == null) {
|
||||||
|
role = clientModel.addRole(roleName.trim());
|
||||||
|
}
|
||||||
|
federatedStorage.grantRole(realm, userRep.getId(), role);
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -75,6 +75,9 @@ public class StorageId implements Serializable {
|
||||||
public static boolean isLocalStorage(UserModel user) {
|
public static boolean isLocalStorage(UserModel user) {
|
||||||
return new StorageId(user.getId()).getProviderId() == null;
|
return new StorageId(user.getId()).getProviderId() == null;
|
||||||
}
|
}
|
||||||
|
public static boolean isLocalStorage(String userId) {
|
||||||
|
return new StorageId(userId).getProviderId() == null;
|
||||||
|
}
|
||||||
|
|
||||||
public String getId() {
|
public String getId() {
|
||||||
return id;
|
return id;
|
||||||
|
|
|
||||||
|
|
@ -70,30 +70,30 @@ public abstract class AbstractUserAdapterFederatedStorage implements UserModel {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Set<String> getRequiredActions() {
|
public Set<String> getRequiredActions() {
|
||||||
return getFederatedStorage().getRequiredActions(realm, this);
|
return getFederatedStorage().getRequiredActions(realm, this.getId());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addRequiredAction(String action) {
|
public void addRequiredAction(String action) {
|
||||||
getFederatedStorage().addRequiredAction(realm, this, action);
|
getFederatedStorage().addRequiredAction(realm, this.getId(), action);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void removeRequiredAction(String action) {
|
public void removeRequiredAction(String action) {
|
||||||
getFederatedStorage().removeRequiredAction(realm, this, action);
|
getFederatedStorage().removeRequiredAction(realm, this.getId(), action);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addRequiredAction(RequiredAction action) {
|
public void addRequiredAction(RequiredAction action) {
|
||||||
getFederatedStorage().addRequiredAction(realm, this, action.name());
|
getFederatedStorage().addRequiredAction(realm, this.getId(), action.name());
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void removeRequiredAction(RequiredAction action) {
|
public void removeRequiredAction(RequiredAction action) {
|
||||||
getFederatedStorage().removeRequiredAction(realm, this, action.name());
|
getFederatedStorage().removeRequiredAction(realm, this.getId(), action.name());
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -119,7 +119,7 @@ public abstract class AbstractUserAdapterFederatedStorage implements UserModel {
|
||||||
@Override
|
@Override
|
||||||
public Set<GroupModel> getGroups() {
|
public Set<GroupModel> getGroups() {
|
||||||
Set<GroupModel> set = new HashSet<>();
|
Set<GroupModel> set = new HashSet<>();
|
||||||
set.addAll(getFederatedStorage().getGroups(realm, this));
|
set.addAll(getFederatedStorage().getGroups(realm, this.getId()));
|
||||||
if (appendDefaultGroups()) set.addAll(realm.getDefaultGroups());
|
if (appendDefaultGroups()) set.addAll(realm.getDefaultGroups());
|
||||||
set.addAll(getGroupsInternal());
|
set.addAll(getGroupsInternal());
|
||||||
return set;
|
return set;
|
||||||
|
|
@ -127,13 +127,13 @@ public abstract class AbstractUserAdapterFederatedStorage implements UserModel {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void joinGroup(GroupModel group) {
|
public void joinGroup(GroupModel group) {
|
||||||
getFederatedStorage().joinGroup(realm, this, group);
|
getFederatedStorage().joinGroup(realm, this.getId(), group);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void leaveGroup(GroupModel group) {
|
public void leaveGroup(GroupModel group) {
|
||||||
getFederatedStorage().leaveGroup(realm, this, group);
|
getFederatedStorage().leaveGroup(realm, this.getId(), group);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -183,7 +183,7 @@ public abstract class AbstractUserAdapterFederatedStorage implements UserModel {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void grantRole(RoleModel role) {
|
public void grantRole(RoleModel role) {
|
||||||
getFederatedStorage().grantRole(realm, this, role);
|
getFederatedStorage().grantRole(realm, this.getId(), role);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -212,12 +212,12 @@ public abstract class AbstractUserAdapterFederatedStorage implements UserModel {
|
||||||
}
|
}
|
||||||
|
|
||||||
protected Set<RoleModel> getFederatedRoleMappings() {
|
protected Set<RoleModel> getFederatedRoleMappings() {
|
||||||
return getFederatedStorage().getRoleMappings(realm, this);
|
return getFederatedStorage().getRoleMappings(realm, this.getId());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void deleteRoleMapping(RoleModel role) {
|
public void deleteRoleMapping(RoleModel role) {
|
||||||
getFederatedStorage().deleteRoleMapping(realm, this, role);
|
getFederatedStorage().deleteRoleMapping(realm, this.getId(), role);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -307,35 +307,35 @@ public abstract class AbstractUserAdapterFederatedStorage implements UserModel {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void setSingleAttribute(String name, String value) {
|
public void setSingleAttribute(String name, String value) {
|
||||||
getFederatedStorage().setSingleAttribute(realm, this, name, value);
|
getFederatedStorage().setSingleAttribute(realm, this.getId(), name, value);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void removeAttribute(String name) {
|
public void removeAttribute(String name) {
|
||||||
getFederatedStorage().removeAttribute(realm, this, name);
|
getFederatedStorage().removeAttribute(realm, this.getId(), name);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void setAttribute(String name, List<String> values) {
|
public void setAttribute(String name, List<String> values) {
|
||||||
getFederatedStorage().setAttribute(realm, this, name, values);
|
getFederatedStorage().setAttribute(realm, this.getId(), name, values);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String getFirstAttribute(String name) {
|
public String getFirstAttribute(String name) {
|
||||||
return getFederatedStorage().getAttributes(realm, this).getFirst(name);
|
return getFederatedStorage().getAttributes(realm, this.getId()).getFirst(name);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Map<String, List<String>> getAttributes() {
|
public Map<String, List<String>> getAttributes() {
|
||||||
return getFederatedStorage().getAttributes(realm, this);
|
return getFederatedStorage().getAttributes(realm, this.getId());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<String> getAttribute(String name) {
|
public List<String> getAttribute(String name) {
|
||||||
return getFederatedStorage().getAttributes(realm, this).get(name);
|
return getFederatedStorage().getAttributes(realm, this.getId()).get(name);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
||||||
|
|
@ -27,9 +27,9 @@ import java.util.List;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public interface UserAttributeFederatedStorage {
|
public interface UserAttributeFederatedStorage {
|
||||||
void setSingleAttribute(RealmModel realm, UserModel user, String name, String value);
|
void setSingleAttribute(RealmModel realm, String userId, String name, String value);
|
||||||
void setAttribute(RealmModel realm, UserModel user, String name, List<String> values);
|
void setAttribute(RealmModel realm, String userId, String name, List<String> values);
|
||||||
void removeAttribute(RealmModel realm, UserModel user, String name);
|
void removeAttribute(RealmModel realm, String userId, String name);
|
||||||
MultivaluedHashMap<String, String> getAttributes(RealmModel realm, UserModel user);
|
MultivaluedHashMap<String, String> getAttributes(RealmModel realm, String userId);
|
||||||
List<String> getUsersByUserAttribute(RealmModel realm, String name, String value);
|
List<String> getUsersByUserAttribute(RealmModel realm, String name, String value);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -28,9 +28,9 @@ import java.util.Set;
|
||||||
*/
|
*/
|
||||||
public interface UserBrokerLinkFederatedStorage {
|
public interface UserBrokerLinkFederatedStorage {
|
||||||
String getUserByFederatedIdentity(FederatedIdentityModel socialLink, RealmModel realm);
|
String getUserByFederatedIdentity(FederatedIdentityModel socialLink, RealmModel realm);
|
||||||
public void addFederatedIdentity(RealmModel realm, UserModel user, FederatedIdentityModel socialLink);
|
public void addFederatedIdentity(RealmModel realm, String userId, FederatedIdentityModel socialLink);
|
||||||
public boolean removeFederatedIdentity(RealmModel realm, UserModel user, String socialProvider);
|
public boolean removeFederatedIdentity(RealmModel realm, String userId, String socialProvider);
|
||||||
void updateFederatedIdentity(RealmModel realm, UserModel federatedUser, FederatedIdentityModel federatedIdentityModel);
|
void updateFederatedIdentity(RealmModel realm, String userId, FederatedIdentityModel federatedIdentityModel);
|
||||||
Set<FederatedIdentityModel> getFederatedIdentities(UserModel user, RealmModel realm);
|
Set<FederatedIdentityModel> getFederatedIdentities(String userId, RealmModel realm);
|
||||||
FederatedIdentityModel getFederatedIdentity(UserModel user, String socialProvider, RealmModel realm);
|
FederatedIdentityModel getFederatedIdentity(String userId, String socialProvider, RealmModel realm);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -27,9 +27,9 @@ import java.util.List;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public interface UserConsentFederatedStorage {
|
public interface UserConsentFederatedStorage {
|
||||||
void addConsent(RealmModel realm, UserModel user, UserConsentModel consent);
|
void addConsent(RealmModel realm, String userId, UserConsentModel consent);
|
||||||
UserConsentModel getConsentByClient(RealmModel realm, UserModel user, String clientInternalId);
|
UserConsentModel getConsentByClient(RealmModel realm, String userId, String clientInternalId);
|
||||||
List<UserConsentModel> getConsents(RealmModel realm, UserModel user);
|
List<UserConsentModel> getConsents(RealmModel realm, String userId);
|
||||||
void updateConsent(RealmModel realm, UserModel user, UserConsentModel consent);
|
void updateConsent(RealmModel realm, String userId, UserConsentModel consent);
|
||||||
boolean revokeConsentForClient(RealmModel realm, UserModel user, String clientInternalId);
|
boolean revokeConsentForClient(RealmModel realm, String userId, String clientInternalId);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -39,9 +39,11 @@ public interface UserFederatedStorageProvider extends Provider,
|
||||||
UserConsentFederatedStorage,
|
UserConsentFederatedStorage,
|
||||||
UserGroupMembershipFederatedStorage,
|
UserGroupMembershipFederatedStorage,
|
||||||
UserRequiredActionsFederatedStorage,
|
UserRequiredActionsFederatedStorage,
|
||||||
UserRoleMappingsFederatedStorage {
|
UserRoleMappingsFederatedStorage,
|
||||||
|
UserFederatedUserCredentialStore {
|
||||||
|
|
||||||
List<String> getStoredUsers(RealmModel realm, int first, int max);
|
List<String> getStoredUsers(RealmModel realm, int first, int max);
|
||||||
|
int getStoredUsersCount(RealmModel realm);
|
||||||
|
|
||||||
void preRemove(RealmModel realm);
|
void preRemove(RealmModel realm);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,38 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||||
|
* and other contributors as indicated by the @author tags.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package org.keycloak.storage.federated;
|
||||||
|
|
||||||
|
import org.keycloak.credential.CredentialModel;
|
||||||
|
import org.keycloak.models.RealmModel;
|
||||||
|
import org.keycloak.models.UserModel;
|
||||||
|
import org.keycloak.provider.Provider;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||||
|
* @version $Revision: 1 $
|
||||||
|
*/
|
||||||
|
public interface UserFederatedUserCredentialStore extends Provider {
|
||||||
|
void updateCredential(RealmModel realm, String userId, CredentialModel cred);
|
||||||
|
CredentialModel createCredential(RealmModel realm, String userId, CredentialModel cred);
|
||||||
|
boolean removeStoredCredential(RealmModel realm, String userId, String id);
|
||||||
|
CredentialModel getStoredCredentialById(RealmModel realm, String userId, String id);
|
||||||
|
List<CredentialModel> getStoredCredentials(RealmModel realm, String userId);
|
||||||
|
List<CredentialModel> getStoredCredentialsByType(RealmModel realm, String userId, String type);
|
||||||
|
CredentialModel getStoredCredentialByNameAndType(RealmModel realm, String userId, String name, String type);
|
||||||
|
}
|
||||||
|
|
@ -28,9 +28,9 @@ import java.util.Set;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public interface UserGroupMembershipFederatedStorage {
|
public interface UserGroupMembershipFederatedStorage {
|
||||||
Set<GroupModel> getGroups(RealmModel realm, UserModel user);
|
Set<GroupModel> getGroups(RealmModel realm, String userId);
|
||||||
void joinGroup(RealmModel realm,UserModel user, GroupModel group);
|
void joinGroup(RealmModel realm, String userId, GroupModel group);
|
||||||
void leaveGroup(RealmModel realm,UserModel user, GroupModel group);
|
void leaveGroup(RealmModel realm, String userId, GroupModel group);
|
||||||
List<String> getMembership(RealmModel realm, GroupModel group, int firstResult, int max);
|
List<String> getMembership(RealmModel realm, GroupModel group, int firstResult, int max);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,7 @@ import java.util.Set;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public interface UserRequiredActionsFederatedStorage {
|
public interface UserRequiredActionsFederatedStorage {
|
||||||
Set<String> getRequiredActions(RealmModel realm, UserModel user);
|
Set<String> getRequiredActions(RealmModel realm, String userId);
|
||||||
void addRequiredAction(RealmModel realm,UserModel user, String action);
|
void addRequiredAction(RealmModel realm, String userId, String action);
|
||||||
void removeRequiredAction(RealmModel realm,UserModel user, String action);
|
void removeRequiredAction(RealmModel realm, String userId, String action);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -28,9 +28,9 @@ import java.util.Set;
|
||||||
*/
|
*/
|
||||||
public interface UserRoleMappingsFederatedStorage {
|
public interface UserRoleMappingsFederatedStorage {
|
||||||
|
|
||||||
void grantRole(RealmModel realm,UserModel user, RoleModel role);
|
void grantRole(RealmModel realm, String userId, RoleModel role);
|
||||||
|
|
||||||
Set<RoleModel> getRoleMappings(RealmModel realm,UserModel user);
|
Set<RoleModel> getRoleMappings(RealmModel realm,String userId);
|
||||||
|
|
||||||
void deleteRoleMapping(RealmModel realm, UserModel user, RoleModel role);
|
void deleteRoleMapping(RealmModel realm, String userId, RoleModel role);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -85,6 +85,13 @@ public class DirExportProvider extends MultipleStepsExportProvider {
|
||||||
ExportUtils.exportUsersToStream(session, realm, users, JsonSerialization.prettyMapper, os);
|
ExportUtils.exportUsersToStream(session, realm, users, JsonSerialization.prettyMapper, os);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void writeFederatedUsers(String fileName, KeycloakSession session, RealmModel realm, List<String> users) throws IOException {
|
||||||
|
File file = new File(this.rootDirectory, fileName);
|
||||||
|
FileOutputStream os = new FileOutputStream(file);
|
||||||
|
ExportUtils.exportFederatedUsersToStream(session, realm, users, JsonSerialization.prettyMapper, os);
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void close() {
|
public void close() {
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -115,6 +115,13 @@ public class DirImportProvider implements ImportProvider {
|
||||||
return name.matches(realmName + "-users-[0-9]+\\.json");
|
return name.matches(realmName + "-users-[0-9]+\\.json");
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
File[] federatedUserFiles = this.rootDirectory.listFiles(new FilenameFilter() {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean accept(File dir, String name) {
|
||||||
|
return name.matches(realmName + "-federated-users-[0-9]+\\.json");
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
// Import realm first
|
// Import realm first
|
||||||
FileInputStream is = new FileInputStream(realmFile);
|
FileInputStream is = new FileInputStream(realmFile);
|
||||||
|
|
@ -143,6 +150,16 @@ public class DirImportProvider implements ImportProvider {
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
for (final File userFile : federatedUserFiles) {
|
||||||
|
final FileInputStream fis = new FileInputStream(userFile);
|
||||||
|
KeycloakModelUtils.runJobInTransaction(factory, new ExportImportSessionTask() {
|
||||||
|
@Override
|
||||||
|
protected void runExportImportTask(KeycloakSession session) throws IOException {
|
||||||
|
ImportUtils.importFederatedUsersFromStream(session, realmName, JsonSerialization.mapper, fis);
|
||||||
|
logger.infof("Imported federated users from %s", userFile.getAbsolutePath());
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -213,7 +213,7 @@ public class ExportUtils {
|
||||||
// Finally users if needed
|
// Finally users if needed
|
||||||
if (includeUsers) {
|
if (includeUsers) {
|
||||||
List<UserModel> allUsers = session.users().getUsers(realm, true);
|
List<UserModel> allUsers = session.users().getUsers(realm, true);
|
||||||
List<UserRepresentation> users = new ArrayList<UserRepresentation>();
|
List<UserRepresentation> users = new LinkedList<>();
|
||||||
for (UserModel user : allUsers) {
|
for (UserModel user : allUsers) {
|
||||||
UserRepresentation userRep = exportUser(session, realm, user);
|
UserRepresentation userRep = exportUser(session, realm, user);
|
||||||
users.add(userRep);
|
users.add(userRep);
|
||||||
|
|
@ -222,6 +222,16 @@ public class ExportUtils {
|
||||||
if (users.size() > 0) {
|
if (users.size() > 0) {
|
||||||
rep.setUsers(users);
|
rep.setUsers(users);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
List<UserRepresentation> federatedUsers = new LinkedList<>();
|
||||||
|
for (String userId : session.userFederatedStorage().getStoredUsers(realm, 0, -1)) {
|
||||||
|
UserRepresentation userRep = exportFederatedUser(session, realm, userId);
|
||||||
|
federatedUsers.add(userRep);
|
||||||
|
}
|
||||||
|
if (federatedUsers.size() > 0) {
|
||||||
|
rep.setFederatedUsers(federatedUsers);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// components
|
// components
|
||||||
|
|
@ -510,7 +520,7 @@ public class ExportUtils {
|
||||||
userRep.setFederationLink(user.getFederationLink());
|
userRep.setFederationLink(user.getFederationLink());
|
||||||
|
|
||||||
// Grants
|
// Grants
|
||||||
List<UserConsentModel> consents = session.users().getConsents(realm, user);
|
List<UserConsentModel> consents = session.users().getConsents(realm, user.getId());
|
||||||
LinkedList<UserConsentRepresentation> consentReps = new LinkedList<UserConsentRepresentation>();
|
LinkedList<UserConsentRepresentation> consentReps = new LinkedList<UserConsentRepresentation>();
|
||||||
for (UserConsentModel consent : consents) {
|
for (UserConsentModel consent : consents) {
|
||||||
UserConsentRepresentation consentRep = ModelToRepresentation.toRepresentation(consent);
|
UserConsentRepresentation consentRep = ModelToRepresentation.toRepresentation(consent);
|
||||||
|
|
@ -558,6 +568,7 @@ public class ExportUtils {
|
||||||
credRep.setDigits(userCred.getDigits());
|
credRep.setDigits(userCred.getDigits());
|
||||||
credRep.setCreatedDate(userCred.getCreatedDate());
|
credRep.setCreatedDate(userCred.getCreatedDate());
|
||||||
credRep.setConfig(userCred.getConfig());
|
credRep.setConfig(userCred.getConfig());
|
||||||
|
credRep.setPeriod(userCred.getPeriod());
|
||||||
return credRep;
|
return credRep;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -587,4 +598,122 @@ public class ExportUtils {
|
||||||
generator.close();
|
generator.close();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static void exportFederatedUsersToStream(KeycloakSession session, RealmModel realm, List<String> usersToExport, ObjectMapper mapper, OutputStream os) throws IOException {
|
||||||
|
JsonFactory factory = mapper.getFactory();
|
||||||
|
JsonGenerator generator = factory.createGenerator(os, JsonEncoding.UTF8);
|
||||||
|
try {
|
||||||
|
if (mapper.isEnabled(SerializationFeature.INDENT_OUTPUT)) {
|
||||||
|
generator.useDefaultPrettyPrinter();
|
||||||
|
}
|
||||||
|
generator.writeStartObject();
|
||||||
|
generator.writeStringField("realm", realm.getName());
|
||||||
|
// generator.writeStringField("strategy", strategy.toString());
|
||||||
|
generator.writeFieldName("federatedUsers");
|
||||||
|
generator.writeStartArray();
|
||||||
|
|
||||||
|
for (String userId : usersToExport) {
|
||||||
|
UserRepresentation userRep = ExportUtils.exportFederatedUser(session, realm, userId);
|
||||||
|
generator.writeObject(userRep);
|
||||||
|
}
|
||||||
|
|
||||||
|
generator.writeEndArray();
|
||||||
|
generator.writeEndObject();
|
||||||
|
} finally {
|
||||||
|
generator.close();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Full export of user data stored in federated storage (including role mappings and credentials)
|
||||||
|
*
|
||||||
|
* @param id
|
||||||
|
* @return fully exported user representation
|
||||||
|
*/
|
||||||
|
public static UserRepresentation exportFederatedUser(KeycloakSession session, RealmModel realm, String id) {
|
||||||
|
UserRepresentation userRep = new UserRepresentation();
|
||||||
|
userRep.setId(id);
|
||||||
|
MultivaluedHashMap<String, String> attributes = session.userFederatedStorage().getAttributes(realm, id);
|
||||||
|
if (attributes.size() > 0) {
|
||||||
|
Map<String, Object> attrs = new HashMap<>();
|
||||||
|
attrs.putAll(attributes);
|
||||||
|
userRep.setAttributes(attrs);
|
||||||
|
}
|
||||||
|
|
||||||
|
Set<String> requiredActions = session.userFederatedStorage().getRequiredActions(realm, id);
|
||||||
|
if (requiredActions.size() > 0) {
|
||||||
|
List<String> actions = new LinkedList<>();
|
||||||
|
actions.addAll(requiredActions);
|
||||||
|
userRep.setRequiredActions(actions);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
// Social links
|
||||||
|
Set<FederatedIdentityModel> socialLinks = session.userFederatedStorage().getFederatedIdentities(id, realm);
|
||||||
|
List<FederatedIdentityRepresentation> socialLinkReps = new ArrayList<FederatedIdentityRepresentation>();
|
||||||
|
for (FederatedIdentityModel socialLink : socialLinks) {
|
||||||
|
FederatedIdentityRepresentation socialLinkRep = exportSocialLink(socialLink);
|
||||||
|
socialLinkReps.add(socialLinkRep);
|
||||||
|
}
|
||||||
|
if (socialLinkReps.size() > 0) {
|
||||||
|
userRep.setFederatedIdentities(socialLinkReps);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Role mappings
|
||||||
|
Set<RoleModel> roles = session.userFederatedStorage().getRoleMappings(realm, id);
|
||||||
|
List<String> realmRoleNames = new ArrayList<>();
|
||||||
|
Map<String, List<String>> clientRoleNames = new HashMap<>();
|
||||||
|
for (RoleModel role : roles) {
|
||||||
|
if (role.getContainer() instanceof RealmModel) {
|
||||||
|
realmRoleNames.add(role.getName());
|
||||||
|
} else {
|
||||||
|
ClientModel client = (ClientModel)role.getContainer();
|
||||||
|
String clientId = client.getClientId();
|
||||||
|
List<String> currentClientRoles = clientRoleNames.get(clientId);
|
||||||
|
if (currentClientRoles == null) {
|
||||||
|
currentClientRoles = new ArrayList<>();
|
||||||
|
clientRoleNames.put(clientId, currentClientRoles);
|
||||||
|
}
|
||||||
|
|
||||||
|
currentClientRoles.add(role.getName());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (realmRoleNames.size() > 0) {
|
||||||
|
userRep.setRealmRoles(realmRoleNames);
|
||||||
|
}
|
||||||
|
if (clientRoleNames.size() > 0) {
|
||||||
|
userRep.setClientRoles(clientRoleNames);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Credentials
|
||||||
|
List<CredentialModel> creds = session.userFederatedStorage().getStoredCredentials(realm, id);
|
||||||
|
List<CredentialRepresentation> credReps = new ArrayList<CredentialRepresentation>();
|
||||||
|
for (CredentialModel cred : creds) {
|
||||||
|
CredentialRepresentation credRep = exportCredential(cred);
|
||||||
|
credReps.add(credRep);
|
||||||
|
}
|
||||||
|
userRep.setCredentials(credReps);
|
||||||
|
|
||||||
|
// Grants
|
||||||
|
List<UserConsentModel> consents = session.users().getConsents(realm, id);
|
||||||
|
LinkedList<UserConsentRepresentation> consentReps = new LinkedList<UserConsentRepresentation>();
|
||||||
|
for (UserConsentModel consent : consents) {
|
||||||
|
UserConsentRepresentation consentRep = ModelToRepresentation.toRepresentation(consent);
|
||||||
|
consentReps.add(consentRep);
|
||||||
|
}
|
||||||
|
if (consentReps.size() > 0) {
|
||||||
|
userRep.setClientConsents(consentReps);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
List<String> groups = new LinkedList<>();
|
||||||
|
for (GroupModel group : session.userFederatedStorage().getGroups(realm, id)) {
|
||||||
|
groups.add(ModelToRepresentation.buildGroupPath(group));
|
||||||
|
}
|
||||||
|
userRep.setGroups(groups);
|
||||||
|
|
||||||
|
return userRep;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -215,6 +215,48 @@ public class ImportUtils {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Assuming that it's invoked inside transaction
|
||||||
|
public static void importFederatedUsersFromStream(KeycloakSession session, String realmName, ObjectMapper mapper, InputStream is) throws IOException {
|
||||||
|
RealmProvider model = session.realms();
|
||||||
|
JsonFactory factory = mapper.getJsonFactory();
|
||||||
|
JsonParser parser = factory.createJsonParser(is);
|
||||||
|
try {
|
||||||
|
parser.nextToken();
|
||||||
|
|
||||||
|
while (parser.nextToken() == JsonToken.FIELD_NAME) {
|
||||||
|
if ("realm".equals(parser.getText())) {
|
||||||
|
parser.nextToken();
|
||||||
|
String currRealmName = parser.getText();
|
||||||
|
if (!currRealmName.equals(realmName)) {
|
||||||
|
throw new IllegalStateException("Trying to import users into invalid realm. Realm name: " + realmName + ", Expected realm name: " + currRealmName);
|
||||||
|
}
|
||||||
|
} else if ("federatedUsers".equals(parser.getText())) {
|
||||||
|
parser.nextToken();
|
||||||
|
|
||||||
|
if (parser.getCurrentToken() == JsonToken.START_ARRAY) {
|
||||||
|
parser.nextToken();
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO: support for more transactions per single users file (if needed)
|
||||||
|
List<UserRepresentation> userReps = new ArrayList<UserRepresentation>();
|
||||||
|
while (parser.getCurrentToken() == JsonToken.START_OBJECT) {
|
||||||
|
UserRepresentation user = parser.readValueAs(UserRepresentation.class);
|
||||||
|
userReps.add(user);
|
||||||
|
parser.nextToken();
|
||||||
|
}
|
||||||
|
|
||||||
|
importFederatedUsers(session, model, realmName, userReps);
|
||||||
|
|
||||||
|
if (parser.getCurrentToken() == JsonToken.END_ARRAY) {
|
||||||
|
parser.nextToken();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} finally {
|
||||||
|
parser.close();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
private static void importUsers(KeycloakSession session, RealmProvider model, String realmName, List<UserRepresentation> userReps) {
|
private static void importUsers(KeycloakSession session, RealmProvider model, String realmName, List<UserRepresentation> userReps) {
|
||||||
RealmModel realm = model.getRealmByName(realmName);
|
RealmModel realm = model.getRealmByName(realmName);
|
||||||
for (UserRepresentation user : userReps) {
|
for (UserRepresentation user : userReps) {
|
||||||
|
|
@ -222,4 +264,13 @@ public class ImportUtils {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
private static void importFederatedUsers(KeycloakSession session, RealmProvider model, String realmName, List<UserRepresentation> userReps) {
|
||||||
|
RealmModel realm = model.getRealmByName(realmName);
|
||||||
|
for (UserRepresentation user : userReps) {
|
||||||
|
RepresentationToModel.importFederatedUser(session, realm, user);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -68,6 +68,7 @@ public abstract class MultipleStepsExportProvider implements ExportProvider {
|
||||||
final int usersPerFile = ExportImportConfig.getUsersPerFile();
|
final int usersPerFile = ExportImportConfig.getUsersPerFile();
|
||||||
final UsersHolder usersHolder = new UsersHolder();
|
final UsersHolder usersHolder = new UsersHolder();
|
||||||
final boolean exportUsersIntoRealmFile = usersExportStrategy == UsersExportStrategy.REALM_FILE;
|
final boolean exportUsersIntoRealmFile = usersExportStrategy == UsersExportStrategy.REALM_FILE;
|
||||||
|
FederatedUsersHolder federatedUsersHolder = new FederatedUsersHolder();
|
||||||
|
|
||||||
KeycloakModelUtils.runJobInTransaction(factory, new ExportImportSessionTask() {
|
KeycloakModelUtils.runJobInTransaction(factory, new ExportImportSessionTask() {
|
||||||
|
|
||||||
|
|
@ -81,6 +82,7 @@ public abstract class MultipleStepsExportProvider implements ExportProvider {
|
||||||
// Count total number of users
|
// Count total number of users
|
||||||
if (!exportUsersIntoRealmFile) {
|
if (!exportUsersIntoRealmFile) {
|
||||||
usersHolder.totalCount = session.users().getUsersCount(realm);
|
usersHolder.totalCount = session.users().getUsersCount(realm);
|
||||||
|
federatedUsersHolder.totalCount = session.userFederatedStorage().getStoredUsersCount(realm);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -117,11 +119,43 @@ public abstract class MultipleStepsExportProvider implements ExportProvider {
|
||||||
usersHolder.currentPageStart = usersHolder.currentPageEnd;
|
usersHolder.currentPageStart = usersHolder.currentPageEnd;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if (usersExportStrategy != UsersExportStrategy.SKIP && !exportUsersIntoRealmFile) {
|
||||||
|
// We need to export users now
|
||||||
|
federatedUsersHolder.currentPageStart = 0;
|
||||||
|
|
||||||
|
// usersExportStrategy==SAME_FILE means exporting all users into single file (but separate to realm)
|
||||||
|
final int countPerPage = (usersExportStrategy == UsersExportStrategy.SAME_FILE) ? federatedUsersHolder.totalCount : usersPerFile;
|
||||||
|
|
||||||
|
while (federatedUsersHolder.currentPageStart < federatedUsersHolder.totalCount) {
|
||||||
|
if (federatedUsersHolder.currentPageStart + countPerPage < federatedUsersHolder.totalCount) {
|
||||||
|
federatedUsersHolder.currentPageEnd = federatedUsersHolder.currentPageStart + countPerPage;
|
||||||
|
} else {
|
||||||
|
federatedUsersHolder.currentPageEnd = federatedUsersHolder.totalCount;
|
||||||
|
}
|
||||||
|
|
||||||
|
KeycloakModelUtils.runJobInTransaction(factory, new ExportImportSessionTask() {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void runExportImportTask(KeycloakSession session) throws IOException {
|
||||||
|
RealmModel realm = session.realms().getRealmByName(realmName);
|
||||||
|
federatedUsersHolder.users = session.userFederatedStorage().getStoredUsers(realm, federatedUsersHolder.currentPageStart, federatedUsersHolder.currentPageEnd - federatedUsersHolder.currentPageStart);
|
||||||
|
|
||||||
|
writeFederatedUsers(realmName + "-federated-users-" + (federatedUsersHolder.currentPageStart / countPerPage) + ".json", session, realm, federatedUsersHolder.users);
|
||||||
|
|
||||||
|
logger.info("Users " + federatedUsersHolder.currentPageStart + "-" + (federatedUsersHolder.currentPageEnd -1) + " exported");
|
||||||
|
}
|
||||||
|
|
||||||
|
});
|
||||||
|
|
||||||
|
federatedUsersHolder.currentPageStart = federatedUsersHolder.currentPageEnd;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
protected abstract void writeRealm(String fileName, RealmRepresentation rep) throws IOException;
|
protected abstract void writeRealm(String fileName, RealmRepresentation rep) throws IOException;
|
||||||
|
|
||||||
protected abstract void writeUsers(String fileName, KeycloakSession session, RealmModel realm, List<UserModel> users) throws IOException;
|
protected abstract void writeUsers(String fileName, KeycloakSession session, RealmModel realm, List<UserModel> users) throws IOException;
|
||||||
|
protected abstract void writeFederatedUsers(String fileName, KeycloakSession session, RealmModel realm, List<String> users) throws IOException;
|
||||||
|
|
||||||
public static class RealmsHolder {
|
public static class RealmsHolder {
|
||||||
List<RealmModel> realms;
|
List<RealmModel> realms;
|
||||||
|
|
@ -134,4 +168,10 @@ public abstract class MultipleStepsExportProvider implements ExportProvider {
|
||||||
int currentPageStart;
|
int currentPageStart;
|
||||||
int currentPageEnd;
|
int currentPageEnd;
|
||||||
}
|
}
|
||||||
|
public static class FederatedUsersHolder {
|
||||||
|
List<String> users;
|
||||||
|
int totalCount;
|
||||||
|
int currentPageStart;
|
||||||
|
int currentPageEnd;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -64,7 +64,7 @@ public class ApplicationsBean {
|
||||||
MultivaluedHashMap<String, ClientRoleEntry> resourceRolesGranted = new MultivaluedHashMap<String, ClientRoleEntry>();
|
MultivaluedHashMap<String, ClientRoleEntry> resourceRolesGranted = new MultivaluedHashMap<String, ClientRoleEntry>();
|
||||||
List<String> claimsGranted = new LinkedList<String>();
|
List<String> claimsGranted = new LinkedList<String>();
|
||||||
if (client.isConsentRequired()) {
|
if (client.isConsentRequired()) {
|
||||||
UserConsentModel consent = session.users().getConsentByClient(realm, user, client.getId());
|
UserConsentModel consent = session.users().getConsentByClient(realm, user.getId(), client.getId());
|
||||||
|
|
||||||
if (consent != null) {
|
if (consent != null) {
|
||||||
processRoles(consent.getGrantedRoles(), realmRolesGranted, resourceRolesGranted);
|
processRoles(consent.getGrantedRoles(), realmRolesGranted, resourceRolesGranted);
|
||||||
|
|
|
||||||
|
|
@ -61,6 +61,7 @@ public class DefaultKeycloakContext implements KeycloakContext {
|
||||||
@Override
|
@Override
|
||||||
public String getContextPath() {
|
public String getContextPath() {
|
||||||
KeycloakApplication app = getContextObject(KeycloakApplication.class);
|
KeycloakApplication app = getContextObject(KeycloakApplication.class);
|
||||||
|
if (app == null) return null;
|
||||||
return app.getContextPath();
|
return app.getContextPath();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -491,7 +491,7 @@ public class AuthenticationManager {
|
||||||
|
|
||||||
if (client.isConsentRequired()) {
|
if (client.isConsentRequired()) {
|
||||||
|
|
||||||
UserConsentModel grantedConsent = session.users().getConsentByClient(realm, user, client.getId());
|
UserConsentModel grantedConsent = session.users().getConsentByClient(realm, user.getId(), client.getId());
|
||||||
|
|
||||||
ClientSessionCode accessCode = new ClientSessionCode(session, realm, clientSession);
|
ClientSessionCode accessCode = new ClientSessionCode(session, realm, clientSession);
|
||||||
for (RoleModel r : accessCode.getRequestedRoles()) {
|
for (RoleModel r : accessCode.getRequestedRoles()) {
|
||||||
|
|
@ -545,7 +545,7 @@ public class AuthenticationManager {
|
||||||
|
|
||||||
if (client.isConsentRequired()) {
|
if (client.isConsentRequired()) {
|
||||||
|
|
||||||
UserConsentModel grantedConsent = session.users().getConsentByClient(realm, user, client.getId());
|
UserConsentModel grantedConsent = session.users().getConsentByClient(realm, user.getId(), client.getId());
|
||||||
|
|
||||||
List<RoleModel> realmRoles = new LinkedList<>();
|
List<RoleModel> realmRoles = new LinkedList<>();
|
||||||
MultivaluedMap<String, RoleModel> resourceRoles = new MultivaluedMapImpl<>();
|
MultivaluedMap<String, RoleModel> resourceRoles = new MultivaluedMapImpl<>();
|
||||||
|
|
|
||||||
|
|
@ -496,7 +496,7 @@ public class AccountService extends AbstractSecuredLocalService {
|
||||||
|
|
||||||
// Revoke grant in UserModel
|
// Revoke grant in UserModel
|
||||||
UserModel user = auth.getUser();
|
UserModel user = auth.getUser();
|
||||||
session.users().revokeConsentForClient(realm, user, client.getId());
|
session.users().revokeConsentForClient(realm, user.getId(), client.getId());
|
||||||
new UserSessionManager(session).revokeOfflineToken(user, client);
|
new UserSessionManager(session).revokeOfflineToken(user, client);
|
||||||
|
|
||||||
// Logout clientSessions for this user and client
|
// Logout clientSessions for this user and client
|
||||||
|
|
|
||||||
|
|
@ -667,10 +667,10 @@ public class LoginActionsService {
|
||||||
return response;
|
return response;
|
||||||
}
|
}
|
||||||
|
|
||||||
UserConsentModel grantedConsent = session.users().getConsentByClient(realm, user, client.getId());
|
UserConsentModel grantedConsent = session.users().getConsentByClient(realm, user.getId(), client.getId());
|
||||||
if (grantedConsent == null) {
|
if (grantedConsent == null) {
|
||||||
grantedConsent = new UserConsentModel(client);
|
grantedConsent = new UserConsentModel(client);
|
||||||
session.users().addConsent(realm, user, grantedConsent);
|
session.users().addConsent(realm, user.getId(), grantedConsent);
|
||||||
}
|
}
|
||||||
for (RoleModel role : accessCode.getRequestedRoles()) {
|
for (RoleModel role : accessCode.getRequestedRoles()) {
|
||||||
grantedConsent.addGrantedRole(role);
|
grantedConsent.addGrantedRole(role);
|
||||||
|
|
@ -680,7 +680,7 @@ public class LoginActionsService {
|
||||||
grantedConsent.addGrantedProtocolMapper(protocolMapper);
|
grantedConsent.addGrantedProtocolMapper(protocolMapper);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
session.users().updateConsent(realm, user, grantedConsent);
|
session.users().updateConsent(realm, user.getId(), grantedConsent);
|
||||||
|
|
||||||
event.detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED);
|
event.detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED);
|
||||||
event.success();
|
event.success();
|
||||||
|
|
|
||||||
|
|
@ -525,7 +525,7 @@ public class UsersResource {
|
||||||
Set<ClientModel> offlineClients = new UserSessionManager(session).findClientsWithOfflineToken(realm, user);
|
Set<ClientModel> offlineClients = new UserSessionManager(session).findClientsWithOfflineToken(realm, user);
|
||||||
|
|
||||||
for (ClientModel client : realm.getClients()) {
|
for (ClientModel client : realm.getClients()) {
|
||||||
UserConsentModel consent = session.users().getConsentByClient(realm, user, client.getId());
|
UserConsentModel consent = session.users().getConsentByClient(realm, user.getId(), client.getId());
|
||||||
boolean hasOfflineToken = offlineClients.contains(client);
|
boolean hasOfflineToken = offlineClients.contains(client);
|
||||||
|
|
||||||
if (consent == null && !hasOfflineToken) {
|
if (consent == null && !hasOfflineToken) {
|
||||||
|
|
@ -576,7 +576,7 @@ public class UsersResource {
|
||||||
}
|
}
|
||||||
|
|
||||||
ClientModel client = realm.getClientByClientId(clientId);
|
ClientModel client = realm.getClientByClientId(clientId);
|
||||||
boolean revokedConsent = session.users().revokeConsentForClient(realm, user, client.getId());
|
boolean revokedConsent = session.users().revokeConsentForClient(realm, user.getId(), client.getId());
|
||||||
boolean revokedOfflineToken = new UserSessionManager(session).revokeOfflineToken(user, client);
|
boolean revokedOfflineToken = new UserSessionManager(session).revokeOfflineToken(user, client);
|
||||||
|
|
||||||
if (revokedConsent) {
|
if (revokedConsent) {
|
||||||
|
|
|
||||||
|
|
@ -157,7 +157,7 @@ public class UserStorageManager implements UserProvider, OnUserCache {
|
||||||
if (StorageId.isLocalStorage(user)) {
|
if (StorageId.isLocalStorage(user)) {
|
||||||
localStorage().addFederatedIdentity(realm, user, socialLink);
|
localStorage().addFederatedIdentity(realm, user, socialLink);
|
||||||
} else {
|
} else {
|
||||||
getFederatedStorage().addFederatedIdentity(realm, user, socialLink);
|
getFederatedStorage().addFederatedIdentity(realm, user.getId(), socialLink);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -166,7 +166,7 @@ public class UserStorageManager implements UserProvider, OnUserCache {
|
||||||
localStorage().updateFederatedIdentity(realm, federatedUser, federatedIdentityModel);
|
localStorage().updateFederatedIdentity(realm, federatedUser, federatedIdentityModel);
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
getFederatedStorage().updateFederatedIdentity(realm, federatedUser, federatedIdentityModel);
|
getFederatedStorage().updateFederatedIdentity(realm, federatedUser.getId(), federatedIdentityModel);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -175,55 +175,55 @@ public class UserStorageManager implements UserProvider, OnUserCache {
|
||||||
if (StorageId.isLocalStorage(user)) {
|
if (StorageId.isLocalStorage(user)) {
|
||||||
return localStorage().removeFederatedIdentity(realm, user, socialProvider);
|
return localStorage().removeFederatedIdentity(realm, user, socialProvider);
|
||||||
} else {
|
} else {
|
||||||
return getFederatedStorage().removeFederatedIdentity(realm, user, socialProvider);
|
return getFederatedStorage().removeFederatedIdentity(realm, user.getId(), socialProvider);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addConsent(RealmModel realm, UserModel user, UserConsentModel consent) {
|
public void addConsent(RealmModel realm, String userId, UserConsentModel consent) {
|
||||||
if (StorageId.isLocalStorage(user)) {
|
if (StorageId.isLocalStorage(userId)) {
|
||||||
localStorage().addConsent(realm, user, consent);
|
localStorage().addConsent(realm, userId, consent);
|
||||||
} else {
|
} else {
|
||||||
getFederatedStorage().addConsent(realm, user, consent);
|
getFederatedStorage().addConsent(realm, userId, consent);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public UserConsentModel getConsentByClient(RealmModel realm, UserModel user, String clientInternalId) {
|
public UserConsentModel getConsentByClient(RealmModel realm, String userId, String clientInternalId) {
|
||||||
if (StorageId.isLocalStorage(user)) {
|
if (StorageId.isLocalStorage(userId)) {
|
||||||
return localStorage().getConsentByClient(realm, user, clientInternalId);
|
return localStorage().getConsentByClient(realm, userId, clientInternalId);
|
||||||
} else {
|
} else {
|
||||||
return getFederatedStorage().getConsentByClient(realm, user, clientInternalId);
|
return getFederatedStorage().getConsentByClient(realm, userId, clientInternalId);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<UserConsentModel> getConsents(RealmModel realm, UserModel user) {
|
public List<UserConsentModel> getConsents(RealmModel realm, String userId) {
|
||||||
if (StorageId.isLocalStorage(user)) {
|
if (StorageId.isLocalStorage(userId)) {
|
||||||
return localStorage().getConsents(realm, user);
|
return localStorage().getConsents(realm, userId);
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
return getFederatedStorage().getConsents(realm, user);
|
return getFederatedStorage().getConsents(realm, userId);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void updateConsent(RealmModel realm, UserModel user, UserConsentModel consent) {
|
public void updateConsent(RealmModel realm, String userId, UserConsentModel consent) {
|
||||||
if (StorageId.isLocalStorage(user)) {
|
if (StorageId.isLocalStorage(userId)) {
|
||||||
localStorage().updateConsent(realm, user, consent);
|
localStorage().updateConsent(realm, userId, consent);
|
||||||
} else {
|
} else {
|
||||||
getFederatedStorage().updateConsent(realm, user, consent);
|
getFederatedStorage().updateConsent(realm, userId, consent);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean revokeConsentForClient(RealmModel realm, UserModel user, String clientInternalId) {
|
public boolean revokeConsentForClient(RealmModel realm, String userId, String clientInternalId) {
|
||||||
if (StorageId.isLocalStorage(user)) {
|
if (StorageId.isLocalStorage(userId)) {
|
||||||
return localStorage().revokeConsentForClient(realm, user, clientInternalId);
|
return localStorage().revokeConsentForClient(realm, userId, clientInternalId);
|
||||||
} else {
|
} else {
|
||||||
return getFederatedStorage().revokeConsentForClient(realm, user, clientInternalId);
|
return getFederatedStorage().revokeConsentForClient(realm, userId, clientInternalId);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -466,7 +466,7 @@ public class UserStorageManager implements UserProvider, OnUserCache {
|
||||||
if (StorageId.isLocalStorage(user)) {
|
if (StorageId.isLocalStorage(user)) {
|
||||||
set.addAll(localStorage().getFederatedIdentities(user, realm));
|
set.addAll(localStorage().getFederatedIdentities(user, realm));
|
||||||
}
|
}
|
||||||
if (getFederatedStorage() != null) set.addAll(getFederatedStorage().getFederatedIdentities(user, realm));
|
if (getFederatedStorage() != null) set.addAll(getFederatedStorage().getFederatedIdentities(user.getId(), realm));
|
||||||
return set;
|
return set;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -477,7 +477,7 @@ public class UserStorageManager implements UserProvider, OnUserCache {
|
||||||
FederatedIdentityModel model = localStorage().getFederatedIdentity(user, socialProvider, realm);
|
FederatedIdentityModel model = localStorage().getFederatedIdentity(user, socialProvider, realm);
|
||||||
if (model != null) return model;
|
if (model != null) return model;
|
||||||
}
|
}
|
||||||
if (getFederatedStorage() != null) return getFederatedStorage().getFederatedIdentity(user, socialProvider, realm);
|
if (getFederatedStorage() != null) return getFederatedStorage().getFederatedIdentity(user.getId(), socialProvider, realm);
|
||||||
else return null;
|
else return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,241 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||||
|
* and other contributors as indicated by the @author tags.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package org.keycloak.testsuite.federation.storage;
|
||||||
|
|
||||||
|
import org.junit.Assert;
|
||||||
|
import org.junit.Before;
|
||||||
|
import org.junit.BeforeClass;
|
||||||
|
import org.junit.ClassRule;
|
||||||
|
import org.junit.Rule;
|
||||||
|
import org.junit.Test;
|
||||||
|
import org.keycloak.OAuth2Constants;
|
||||||
|
import org.keycloak.common.util.MultivaluedHashMap;
|
||||||
|
import org.keycloak.component.ComponentModel;
|
||||||
|
import org.keycloak.credential.CredentialModel;
|
||||||
|
import org.keycloak.credential.hash.PasswordHashProvider;
|
||||||
|
import org.keycloak.exportimport.ExportImportConfig;
|
||||||
|
import org.keycloak.exportimport.ExportImportManager;
|
||||||
|
import org.keycloak.exportimport.UsersExportStrategy;
|
||||||
|
import org.keycloak.exportimport.dir.DirExportProviderFactory;
|
||||||
|
import org.keycloak.exportimport.singlefile.SingleFileExportProviderFactory;
|
||||||
|
import org.keycloak.models.GroupModel;
|
||||||
|
import org.keycloak.models.KeycloakSession;
|
||||||
|
import org.keycloak.models.PasswordPolicy;
|
||||||
|
import org.keycloak.models.RealmModel;
|
||||||
|
import org.keycloak.models.RoleModel;
|
||||||
|
import org.keycloak.models.UserCredentialModel;
|
||||||
|
import org.keycloak.models.UserModel;
|
||||||
|
import org.keycloak.models.cache.infinispan.UserAdapter;
|
||||||
|
import org.keycloak.policy.HashAlgorithmPasswordPolicyProviderFactory;
|
||||||
|
import org.keycloak.services.managers.RealmManager;
|
||||||
|
import org.keycloak.storage.StorageId;
|
||||||
|
import org.keycloak.storage.UserStorageProviderModel;
|
||||||
|
import org.keycloak.testsuite.OAuthClient;
|
||||||
|
import org.keycloak.testsuite.pages.AppPage;
|
||||||
|
import org.keycloak.testsuite.pages.LoginPage;
|
||||||
|
import org.keycloak.testsuite.rule.KeycloakRule;
|
||||||
|
import org.keycloak.testsuite.rule.WebResource;
|
||||||
|
import org.keycloak.testsuite.rule.WebRule;
|
||||||
|
import org.openqa.selenium.WebDriver;
|
||||||
|
|
||||||
|
import java.io.File;
|
||||||
|
import java.util.HashSet;
|
||||||
|
import java.util.LinkedList;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Properties;
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||||
|
* @version $Revision: 1 $
|
||||||
|
*/
|
||||||
|
public class FederatedStorageExportImportTest {
|
||||||
|
public static ComponentModel memoryProvider = null;
|
||||||
|
public static ComponentModel writableProvider = null;
|
||||||
|
@ClassRule
|
||||||
|
public static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
|
||||||
|
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
public static String basePath = null;
|
||||||
|
|
||||||
|
@BeforeClass
|
||||||
|
public static void setDirs() {
|
||||||
|
basePath = new File(System.getProperty("project.build.directory", "target")).getAbsolutePath();
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
protected PasswordHashProvider getHashProvider(KeycloakSession session, PasswordPolicy policy) {
|
||||||
|
PasswordHashProvider hash = session.getProvider(PasswordHashProvider.class, policy.getHashAlgorithm());
|
||||||
|
if (hash == null) {
|
||||||
|
return session.getProvider(PasswordHashProvider.class, HashAlgorithmPasswordPolicyProviderFactory.DEFAULT_VALUE);
|
||||||
|
}
|
||||||
|
return hash;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testSingleFile() throws Exception {
|
||||||
|
clearExportImportProperties();
|
||||||
|
KeycloakSession session = keycloakRule.startSession();
|
||||||
|
RealmModel realm = new RealmManager(session).createRealm("exported");
|
||||||
|
String realmId = realm.getId();
|
||||||
|
RoleModel role = realm.addRole("test-role");
|
||||||
|
GroupModel group = realm.createGroup("test-group");
|
||||||
|
String groupId = group.getId();
|
||||||
|
String userId = "f:1:path";
|
||||||
|
List<String> attrValues = new LinkedList<>();
|
||||||
|
attrValues.add("1");
|
||||||
|
attrValues.add("2");
|
||||||
|
session.userFederatedStorage().setSingleAttribute(realm, userId, "single1", "value1");
|
||||||
|
session.userFederatedStorage().setAttribute(realm, userId, "list1", attrValues);
|
||||||
|
session.userFederatedStorage().addRequiredAction(realm, userId, "UPDATE_PASSWORD");
|
||||||
|
CredentialModel credential = new CredentialModel();
|
||||||
|
getHashProvider(session, realm.getPasswordPolicy()).encode("password", realm.
|
||||||
|
getPasswordPolicy(), credential);
|
||||||
|
session.userFederatedStorage().createCredential(realm, userId, credential);
|
||||||
|
session.userFederatedStorage().grantRole(realm, userId, role);
|
||||||
|
session.userFederatedStorage().joinGroup(realm, userId, group);
|
||||||
|
keycloakRule.stopSession(session, true);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
String targetFilePath = basePath + File.separator + "singleFile-full.json";
|
||||||
|
System.out.println("export file: " + targetFilePath);
|
||||||
|
session = keycloakRule.startSession();
|
||||||
|
ExportImportConfig.setProvider(SingleFileExportProviderFactory.PROVIDER_ID);
|
||||||
|
ExportImportConfig.setFile(targetFilePath);
|
||||||
|
ExportImportConfig.setRealmName("exported");
|
||||||
|
ExportImportConfig.setAction(ExportImportConfig.ACTION_EXPORT);
|
||||||
|
new ExportImportManager(session).runExport();
|
||||||
|
session.realms().removeRealm(realmId);
|
||||||
|
keycloakRule.stopSession(session, true);
|
||||||
|
|
||||||
|
session = keycloakRule.startSession();
|
||||||
|
Assert.assertNull(session.realms().getRealmByName("exported"));
|
||||||
|
ExportImportConfig.setAction(ExportImportConfig.ACTION_IMPORT);
|
||||||
|
new ExportImportManager(session).runImport();
|
||||||
|
realm = session.realms().getRealmByName("exported");
|
||||||
|
Assert.assertNotNull(realm);
|
||||||
|
role = realm.getRole("test-role");
|
||||||
|
group = realm.getGroupById(groupId);
|
||||||
|
|
||||||
|
Assert.assertEquals(1, session.userFederatedStorage().getStoredUsersCount(realm));
|
||||||
|
MultivaluedHashMap<String, String> attributes = session.userFederatedStorage().getAttributes(realm, userId);
|
||||||
|
Assert.assertEquals(2, attributes.size());
|
||||||
|
Assert.assertEquals("value1", attributes.getFirst("single1"));
|
||||||
|
Assert.assertTrue(attributes.getList("list1").contains("1"));
|
||||||
|
Assert.assertTrue(attributes.getList("list1").contains("2"));
|
||||||
|
Assert.assertTrue(session.userFederatedStorage().getRequiredActions(realm, userId).contains("UPDATE_PASSWORD"));
|
||||||
|
Assert.assertTrue(session.userFederatedStorage().getRoleMappings(realm, userId).contains(role));
|
||||||
|
Assert.assertTrue(session.userFederatedStorage().getGroups(realm, userId).contains(group));
|
||||||
|
List<CredentialModel> creds = session.userFederatedStorage().getStoredCredentials(realm, userId);
|
||||||
|
Assert.assertEquals(1, creds.size());
|
||||||
|
Assert.assertTrue(getHashProvider(session, realm.getPasswordPolicy()).verify("password", creds.get(0)));
|
||||||
|
session.realms().removeRealm(realmId);
|
||||||
|
keycloakRule.stopSession(session, true);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testDir() throws Exception {
|
||||||
|
clearExportImportProperties();
|
||||||
|
KeycloakSession session = keycloakRule.startSession();
|
||||||
|
RealmModel realm = new RealmManager(session).createRealm("exported");
|
||||||
|
String realmId = realm.getId();
|
||||||
|
RoleModel role = realm.addRole("test-role");
|
||||||
|
GroupModel group = realm.createGroup("test-group");
|
||||||
|
String groupId = group.getId();
|
||||||
|
String userId = "f:1:path";
|
||||||
|
List<String> attrValues = new LinkedList<>();
|
||||||
|
attrValues.add("1");
|
||||||
|
attrValues.add("2");
|
||||||
|
session.userFederatedStorage().setSingleAttribute(realm, userId, "single1", "value1");
|
||||||
|
session.userFederatedStorage().setAttribute(realm, userId, "list1", attrValues);
|
||||||
|
session.userFederatedStorage().addRequiredAction(realm, userId, "UPDATE_PASSWORD");
|
||||||
|
CredentialModel credential = new CredentialModel();
|
||||||
|
getHashProvider(session, realm.getPasswordPolicy()).encode("password", realm.
|
||||||
|
getPasswordPolicy(), credential);
|
||||||
|
session.userFederatedStorage().createCredential(realm, userId, credential);
|
||||||
|
session.userFederatedStorage().grantRole(realm, userId, role);
|
||||||
|
session.userFederatedStorage().joinGroup(realm, userId, group);
|
||||||
|
keycloakRule.stopSession(session, true);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
String targetFilePath = basePath + File.separator + "dirExport";
|
||||||
|
session = keycloakRule.startSession();
|
||||||
|
ExportImportConfig.setProvider(DirExportProviderFactory.PROVIDER_ID);
|
||||||
|
ExportImportConfig.setDir(targetFilePath);
|
||||||
|
ExportImportConfig.setRealmName("exported");
|
||||||
|
ExportImportConfig.setAction(ExportImportConfig.ACTION_EXPORT);
|
||||||
|
new ExportImportManager(session).runExport();
|
||||||
|
session.realms().removeRealm(realmId);
|
||||||
|
keycloakRule.stopSession(session, true);
|
||||||
|
|
||||||
|
session = keycloakRule.startSession();
|
||||||
|
Assert.assertNull(session.realms().getRealmByName("exported"));
|
||||||
|
ExportImportConfig.setAction(ExportImportConfig.ACTION_IMPORT);
|
||||||
|
new ExportImportManager(session).runImport();
|
||||||
|
realm = session.realms().getRealmByName("exported");
|
||||||
|
Assert.assertNotNull(realm);
|
||||||
|
role = realm.getRole("test-role");
|
||||||
|
group = realm.getGroupById(groupId);
|
||||||
|
|
||||||
|
Assert.assertEquals(1, session.userFederatedStorage().getStoredUsersCount(realm));
|
||||||
|
MultivaluedHashMap<String, String> attributes = session.userFederatedStorage().getAttributes(realm, userId);
|
||||||
|
Assert.assertEquals(2, attributes.size());
|
||||||
|
Assert.assertEquals("value1", attributes.getFirst("single1"));
|
||||||
|
Assert.assertTrue(attributes.getList("list1").contains("1"));
|
||||||
|
Assert.assertTrue(attributes.getList("list1").contains("2"));
|
||||||
|
Assert.assertTrue(session.userFederatedStorage().getRequiredActions(realm, userId).contains("UPDATE_PASSWORD"));
|
||||||
|
Assert.assertTrue(session.userFederatedStorage().getRoleMappings(realm, userId).contains(role));
|
||||||
|
Assert.assertTrue(session.userFederatedStorage().getGroups(realm, userId).contains(group));
|
||||||
|
List<CredentialModel> creds = session.userFederatedStorage().getStoredCredentials(realm, userId);
|
||||||
|
Assert.assertEquals(1, creds.size());
|
||||||
|
Assert.assertTrue(getHashProvider(session, realm.getPasswordPolicy()).verify("password", creds.get(0)));
|
||||||
|
session.realms().removeRealm(realmId);
|
||||||
|
keycloakRule.stopSession(session, true);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
public void clearExportImportProperties() {
|
||||||
|
// Clear export/import properties after test
|
||||||
|
Properties systemProps = System.getProperties();
|
||||||
|
Set<String> propsToRemove = new HashSet<String>();
|
||||||
|
|
||||||
|
for (Object key : systemProps.keySet()) {
|
||||||
|
if (key.toString().startsWith(ExportImportConfig.PREFIX)) {
|
||||||
|
propsToRemove.add(key.toString());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
for (String propToRemove : propsToRemove) {
|
||||||
|
systemProps.remove(propToRemove);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -357,15 +357,15 @@ public class ImportTest extends AbstractModelTest {
|
||||||
|
|
||||||
// Test user consents
|
// Test user consents
|
||||||
admin = session.users().getUserByUsername("admin", realm);
|
admin = session.users().getUserByUsername("admin", realm);
|
||||||
Assert.assertEquals(2, session.users().getConsents(realm, admin).size());
|
Assert.assertEquals(2, session.users().getConsents(realm, admin.getId()).size());
|
||||||
|
|
||||||
UserConsentModel appAdminConsent = session.users().getConsentByClient(realm, admin, application.getId());
|
UserConsentModel appAdminConsent = session.users().getConsentByClient(realm, admin.getId(), application.getId());
|
||||||
Assert.assertEquals(2, appAdminConsent.getGrantedRoles().size());
|
Assert.assertEquals(2, appAdminConsent.getGrantedRoles().size());
|
||||||
Assert.assertTrue(appAdminConsent.getGrantedProtocolMappers() == null || appAdminConsent.getGrantedProtocolMappers().isEmpty());
|
Assert.assertTrue(appAdminConsent.getGrantedProtocolMappers() == null || appAdminConsent.getGrantedProtocolMappers().isEmpty());
|
||||||
Assert.assertTrue(appAdminConsent.isRoleGranted(realm.getRole("admin")));
|
Assert.assertTrue(appAdminConsent.isRoleGranted(realm.getRole("admin")));
|
||||||
Assert.assertTrue(appAdminConsent.isRoleGranted(application.getRole("app-admin")));
|
Assert.assertTrue(appAdminConsent.isRoleGranted(application.getRole("app-admin")));
|
||||||
|
|
||||||
UserConsentModel otherAppAdminConsent = session.users().getConsentByClient(realm, admin, otherApp.getId());
|
UserConsentModel otherAppAdminConsent = session.users().getConsentByClient(realm, admin.getId(), otherApp.getId());
|
||||||
Assert.assertEquals(1, otherAppAdminConsent.getGrantedRoles().size());
|
Assert.assertEquals(1, otherAppAdminConsent.getGrantedRoles().size());
|
||||||
Assert.assertEquals(1, otherAppAdminConsent.getGrantedProtocolMappers().size());
|
Assert.assertEquals(1, otherAppAdminConsent.getGrantedProtocolMappers().size());
|
||||||
Assert.assertTrue(otherAppAdminConsent.isRoleGranted(realm.getRole("admin")));
|
Assert.assertTrue(otherAppAdminConsent.isRoleGranted(realm.getRole("admin")));
|
||||||
|
|
|
||||||
|
|
@ -67,7 +67,7 @@ public class UserConsentModelTest extends AbstractModelTest {
|
||||||
johnFooGrant.addGrantedRole(realmRole);
|
johnFooGrant.addGrantedRole(realmRole);
|
||||||
johnFooGrant.addGrantedRole(barClientRole);
|
johnFooGrant.addGrantedRole(barClientRole);
|
||||||
johnFooGrant.addGrantedProtocolMapper(fooMapper);
|
johnFooGrant.addGrantedProtocolMapper(fooMapper);
|
||||||
realmManager.getSession().users().addConsent(realm, john, johnFooGrant);
|
realmManager.getSession().users().addConsent(realm, john.getId(), johnFooGrant);
|
||||||
|
|
||||||
UserConsentModel johnBarGrant = new UserConsentModel(barClient);
|
UserConsentModel johnBarGrant = new UserConsentModel(barClient);
|
||||||
johnBarGrant.addGrantedProtocolMapper(barMapper);
|
johnBarGrant.addGrantedProtocolMapper(barMapper);
|
||||||
|
|
@ -75,17 +75,17 @@ public class UserConsentModelTest extends AbstractModelTest {
|
||||||
|
|
||||||
// Update should fail as grant doesn't yet exists
|
// Update should fail as grant doesn't yet exists
|
||||||
try {
|
try {
|
||||||
realmManager.getSession().users().updateConsent(realm, john, johnBarGrant);
|
realmManager.getSession().users().updateConsent(realm, john.getId(), johnBarGrant);
|
||||||
Assert.fail("Not expected to end here");
|
Assert.fail("Not expected to end here");
|
||||||
} catch (ModelException expected) {
|
} catch (ModelException expected) {
|
||||||
}
|
}
|
||||||
|
|
||||||
realmManager.getSession().users().addConsent(realm, john, johnBarGrant);
|
realmManager.getSession().users().addConsent(realm, john.getId(), johnBarGrant);
|
||||||
|
|
||||||
UserConsentModel maryFooGrant = new UserConsentModel(fooClient);
|
UserConsentModel maryFooGrant = new UserConsentModel(fooClient);
|
||||||
maryFooGrant.addGrantedRole(realmRole);
|
maryFooGrant.addGrantedRole(realmRole);
|
||||||
maryFooGrant.addGrantedProtocolMapper(fooMapper);
|
maryFooGrant.addGrantedProtocolMapper(fooMapper);
|
||||||
realmManager.getSession().users().addConsent(realm, mary, maryFooGrant);
|
realmManager.getSession().users().addConsent(realm, mary.getId(), maryFooGrant);
|
||||||
|
|
||||||
commit();
|
commit();
|
||||||
}
|
}
|
||||||
|
|
@ -99,7 +99,7 @@ public class UserConsentModelTest extends AbstractModelTest {
|
||||||
UserModel john = session.users().getUserByUsername("john", realm);
|
UserModel john = session.users().getUserByUsername("john", realm);
|
||||||
UserModel mary = session.users().getUserByUsername("mary", realm);
|
UserModel mary = session.users().getUserByUsername("mary", realm);
|
||||||
|
|
||||||
UserConsentModel johnFooConsent = realmManager.getSession().users().getConsentByClient(realm, john, fooClient.getId());
|
UserConsentModel johnFooConsent = realmManager.getSession().users().getConsentByClient(realm, john.getId(), fooClient.getId());
|
||||||
Assert.assertEquals(johnFooConsent.getGrantedRoles().size(), 2);
|
Assert.assertEquals(johnFooConsent.getGrantedRoles().size(), 2);
|
||||||
Assert.assertEquals(johnFooConsent.getGrantedProtocolMappers().size(), 1);
|
Assert.assertEquals(johnFooConsent.getGrantedProtocolMappers().size(), 1);
|
||||||
Assert.assertTrue(isRoleGranted(realm, "realm-role", johnFooConsent));
|
Assert.assertTrue(isRoleGranted(realm, "realm-role", johnFooConsent));
|
||||||
|
|
@ -108,7 +108,7 @@ public class UserConsentModelTest extends AbstractModelTest {
|
||||||
Assert.assertNotNull("Created Date should be set", johnFooConsent.getCreatedDate());
|
Assert.assertNotNull("Created Date should be set", johnFooConsent.getCreatedDate());
|
||||||
Assert.assertNotNull("Last Updated Date should be set", johnFooConsent.getLastUpdatedDate());
|
Assert.assertNotNull("Last Updated Date should be set", johnFooConsent.getLastUpdatedDate());
|
||||||
|
|
||||||
UserConsentModel johnBarConsent = realmManager.getSession().users().getConsentByClient(realm, john, barClient.getId());
|
UserConsentModel johnBarConsent = realmManager.getSession().users().getConsentByClient(realm, john.getId(), barClient.getId());
|
||||||
Assert.assertEquals(johnBarConsent.getGrantedRoles().size(), 1);
|
Assert.assertEquals(johnBarConsent.getGrantedRoles().size(), 1);
|
||||||
Assert.assertEquals(johnBarConsent.getGrantedProtocolMappers().size(), 1);
|
Assert.assertEquals(johnBarConsent.getGrantedProtocolMappers().size(), 1);
|
||||||
Assert.assertTrue(isRoleGranted(realm, "realm-role", johnBarConsent));
|
Assert.assertTrue(isRoleGranted(realm, "realm-role", johnBarConsent));
|
||||||
|
|
@ -116,7 +116,7 @@ public class UserConsentModelTest extends AbstractModelTest {
|
||||||
Assert.assertNotNull("Created Date should be set", johnBarConsent.getCreatedDate());
|
Assert.assertNotNull("Created Date should be set", johnBarConsent.getCreatedDate());
|
||||||
Assert.assertNotNull("Last Updated Date should be set", johnBarConsent.getLastUpdatedDate());
|
Assert.assertNotNull("Last Updated Date should be set", johnBarConsent.getLastUpdatedDate());
|
||||||
|
|
||||||
UserConsentModel maryConsent = realmManager.getSession().users().getConsentByClient(realm, mary, fooClient.getId());
|
UserConsentModel maryConsent = realmManager.getSession().users().getConsentByClient(realm, mary.getId(), fooClient.getId());
|
||||||
Assert.assertEquals(maryConsent.getGrantedRoles().size(), 1);
|
Assert.assertEquals(maryConsent.getGrantedRoles().size(), 1);
|
||||||
Assert.assertEquals(maryConsent.getGrantedProtocolMappers().size(), 1);
|
Assert.assertEquals(maryConsent.getGrantedProtocolMappers().size(), 1);
|
||||||
Assert.assertTrue(isRoleGranted(realm, "realm-role", maryConsent));
|
Assert.assertTrue(isRoleGranted(realm, "realm-role", maryConsent));
|
||||||
|
|
@ -125,7 +125,7 @@ public class UserConsentModelTest extends AbstractModelTest {
|
||||||
Assert.assertNotNull("Created Date should be set", maryConsent.getCreatedDate());
|
Assert.assertNotNull("Created Date should be set", maryConsent.getCreatedDate());
|
||||||
Assert.assertNotNull("Last Updated Date should be set", maryConsent.getLastUpdatedDate());
|
Assert.assertNotNull("Last Updated Date should be set", maryConsent.getLastUpdatedDate());
|
||||||
|
|
||||||
Assert.assertNull(realmManager.getSession().users().getConsentByClient(realm, mary, barClient.getId()));
|
Assert.assertNull(realmManager.getSession().users().getConsentByClient(realm, mary.getId(), barClient.getId()));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
@ -136,10 +136,10 @@ public class UserConsentModelTest extends AbstractModelTest {
|
||||||
UserModel john = session.users().getUserByUsername("john", realm);
|
UserModel john = session.users().getUserByUsername("john", realm);
|
||||||
UserModel mary = session.users().getUserByUsername("mary", realm);
|
UserModel mary = session.users().getUserByUsername("mary", realm);
|
||||||
|
|
||||||
List<UserConsentModel> johnConsents = realmManager.getSession().users().getConsents(realm, john);
|
List<UserConsentModel> johnConsents = realmManager.getSession().users().getConsents(realm, john.getId());
|
||||||
Assert.assertEquals(2, johnConsents.size());
|
Assert.assertEquals(2, johnConsents.size());
|
||||||
|
|
||||||
List<UserConsentModel> maryConsents = realmManager.getSession().users().getConsents(realm, mary);
|
List<UserConsentModel> maryConsents = realmManager.getSession().users().getConsents(realm, mary.getId());
|
||||||
Assert.assertEquals(1, maryConsents.size());
|
Assert.assertEquals(1, maryConsents.size());
|
||||||
UserConsentModel maryConsent = maryConsents.get(0);
|
UserConsentModel maryConsent = maryConsents.get(0);
|
||||||
Assert.assertEquals(maryConsent.getClient().getId(), fooClient.getId());
|
Assert.assertEquals(maryConsent.getClient().getId(), fooClient.getId());
|
||||||
|
|
@ -155,7 +155,7 @@ public class UserConsentModelTest extends AbstractModelTest {
|
||||||
ClientModel fooClient = realm.getClientByClientId("foo-client");
|
ClientModel fooClient = realm.getClientByClientId("foo-client");
|
||||||
UserModel john = session.users().getUserByUsername("john", realm);
|
UserModel john = session.users().getUserByUsername("john", realm);
|
||||||
|
|
||||||
UserConsentModel johnConsent = realmManager.getSession().users().getConsentByClient(realm, john, fooClient.getId());
|
UserConsentModel johnConsent = realmManager.getSession().users().getConsentByClient(realm, john.getId(), fooClient.getId());
|
||||||
|
|
||||||
// Remove foo protocol mapper from johnConsent
|
// Remove foo protocol mapper from johnConsent
|
||||||
ProtocolMapperModel protMapperModel = fooClient.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, "foo");
|
ProtocolMapperModel protMapperModel = fooClient.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, "foo");
|
||||||
|
|
@ -168,14 +168,14 @@ public class UserConsentModelTest extends AbstractModelTest {
|
||||||
RoleModel newRealmRole = realm.addRole("new-realm-role");
|
RoleModel newRealmRole = realm.addRole("new-realm-role");
|
||||||
johnConsent.addGrantedRole(newRealmRole);
|
johnConsent.addGrantedRole(newRealmRole);
|
||||||
|
|
||||||
realmManager.getSession().users().updateConsent(realm, john, johnConsent);
|
realmManager.getSession().users().updateConsent(realm, john.getId(), johnConsent);
|
||||||
|
|
||||||
commit();
|
commit();
|
||||||
|
|
||||||
realm = realmManager.getRealm("original");
|
realm = realmManager.getRealm("original");
|
||||||
fooClient = realm.getClientByClientId("foo-client");
|
fooClient = realm.getClientByClientId("foo-client");
|
||||||
john = session.users().getUserByUsername("john", realm);
|
john = session.users().getUserByUsername("john", realm);
|
||||||
johnConsent = realmManager.getSession().users().getConsentByClient(realm, john, fooClient.getId());
|
johnConsent = realmManager.getSession().users().getConsentByClient(realm, john.getId(), fooClient.getId());
|
||||||
|
|
||||||
Assert.assertEquals(johnConsent.getGrantedRoles().size(), 2);
|
Assert.assertEquals(johnConsent.getGrantedRoles().size(), 2);
|
||||||
Assert.assertEquals(johnConsent.getGrantedProtocolMappers().size(), 0);
|
Assert.assertEquals(johnConsent.getGrantedProtocolMappers().size(), 0);
|
||||||
|
|
@ -191,13 +191,13 @@ public class UserConsentModelTest extends AbstractModelTest {
|
||||||
ClientModel fooClient = realm.getClientByClientId("foo-client");
|
ClientModel fooClient = realm.getClientByClientId("foo-client");
|
||||||
UserModel john = session.users().getUserByUsername("john", realm);
|
UserModel john = session.users().getUserByUsername("john", realm);
|
||||||
|
|
||||||
realmManager.getSession().users().revokeConsentForClient(realm, john, fooClient.getId());
|
realmManager.getSession().users().revokeConsentForClient(realm, john.getId(), fooClient.getId());
|
||||||
|
|
||||||
commit();
|
commit();
|
||||||
|
|
||||||
realm = realmManager.getRealm("original");
|
realm = realmManager.getRealm("original");
|
||||||
john = session.users().getUserByUsername("john", realm);
|
john = session.users().getUserByUsername("john", realm);
|
||||||
Assert.assertNull(realmManager.getSession().users().getConsentByClient(realm, john, fooClient.getId()));
|
Assert.assertNull(realmManager.getSession().users().getConsentByClient(realm, john.getId(), fooClient.getId()));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
@ -220,7 +220,7 @@ public class UserConsentModelTest extends AbstractModelTest {
|
||||||
realm = realmManager.getRealm("original");
|
realm = realmManager.getRealm("original");
|
||||||
fooClient = realm.getClientByClientId("foo-client");
|
fooClient = realm.getClientByClientId("foo-client");
|
||||||
UserModel john = session.users().getUserByUsername("john", realm);
|
UserModel john = session.users().getUserByUsername("john", realm);
|
||||||
UserConsentModel johnConsent = realmManager.getSession().users().getConsentByClient(realm, john, fooClient.getId());
|
UserConsentModel johnConsent = realmManager.getSession().users().getConsentByClient(realm, john.getId(), fooClient.getId());
|
||||||
|
|
||||||
Assert.assertEquals(johnConsent.getGrantedRoles().size(), 2);
|
Assert.assertEquals(johnConsent.getGrantedRoles().size(), 2);
|
||||||
Assert.assertEquals(johnConsent.getGrantedProtocolMappers().size(), 0);
|
Assert.assertEquals(johnConsent.getGrantedProtocolMappers().size(), 0);
|
||||||
|
|
@ -239,7 +239,7 @@ public class UserConsentModelTest extends AbstractModelTest {
|
||||||
ClientModel fooClient = realm.getClientByClientId("foo-client");
|
ClientModel fooClient = realm.getClientByClientId("foo-client");
|
||||||
ClientModel barClient = realm.getClientByClientId("bar-client");
|
ClientModel barClient = realm.getClientByClientId("bar-client");
|
||||||
UserModel john = session.users().getUserByUsername("john", realm);
|
UserModel john = session.users().getUserByUsername("john", realm);
|
||||||
UserConsentModel johnConsent = realmManager.getSession().users().getConsentByClient(realm, john, fooClient.getId());
|
UserConsentModel johnConsent = realmManager.getSession().users().getConsentByClient(realm, john.getId(), fooClient.getId());
|
||||||
|
|
||||||
Assert.assertEquals(johnConsent.getGrantedRoles().size(), 1);
|
Assert.assertEquals(johnConsent.getGrantedRoles().size(), 1);
|
||||||
Assert.assertEquals(johnConsent.getGrantedProtocolMappers().size(), 1);
|
Assert.assertEquals(johnConsent.getGrantedProtocolMappers().size(), 1);
|
||||||
|
|
@ -261,13 +261,13 @@ public class UserConsentModelTest extends AbstractModelTest {
|
||||||
|
|
||||||
UserModel john = session.users().getUserByUsername("john", realm);
|
UserModel john = session.users().getUserByUsername("john", realm);
|
||||||
|
|
||||||
UserConsentModel johnFooConsent = realmManager.getSession().users().getConsentByClient(realm, john, fooClient.getId());
|
UserConsentModel johnFooConsent = realmManager.getSession().users().getConsentByClient(realm, john.getId(), fooClient.getId());
|
||||||
Assert.assertEquals(johnFooConsent.getGrantedRoles().size(), 1);
|
Assert.assertEquals(johnFooConsent.getGrantedRoles().size(), 1);
|
||||||
Assert.assertEquals(johnFooConsent.getGrantedProtocolMappers().size(), 1);
|
Assert.assertEquals(johnFooConsent.getGrantedProtocolMappers().size(), 1);
|
||||||
Assert.assertTrue(isRoleGranted(realm, "realm-role", johnFooConsent));
|
Assert.assertTrue(isRoleGranted(realm, "realm-role", johnFooConsent));
|
||||||
Assert.assertTrue(isMapperGranted(fooClient, "foo", johnFooConsent));
|
Assert.assertTrue(isMapperGranted(fooClient, "foo", johnFooConsent));
|
||||||
|
|
||||||
Assert.assertNull(realmManager.getSession().users().getConsentByClient(realm, john, barClient.getId()));
|
Assert.assertNull(realmManager.getSession().users().getConsentByClient(realm, john.getId(), barClient.getId()));
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean isRoleGranted(RoleContainerModel roleContainer, String roleName, UserConsentModel consentModel) {
|
private boolean isRoleGranted(RoleContainerModel roleContainer, String roleName, UserConsentModel consentModel) {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue