libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-2431 Ensure users removed through UserManager to properly invoke callbacks. Make UserSessionPersister implementations more resistent when user was not properly removed

Browse source
This commit is contained in:
mposolda 2016-02-03 10:16:31 +01:00
parent 1edbf96cae
commit db76655717
8 changed files with 90 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java
View file

@ -22,6 +22,7 @@ import org.keycloak.models.UserFederationProvider;
import org.keycloak.models.UserFederationProviderModel; import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.common.constants.KerberosConstants; import org.keycloak.common.constants.KerberosConstants;
import org.keycloak.services.managers.UserManager;
/** /**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a> * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
@ -242,7 +243,7 @@ public class KerberosFederationProvider implements UserFederationProvider {
logger.warn("User with username " + username + " already exists and is linked to provider [" + model.getDisplayName() + logger.warn("User with username " + username + " already exists and is linked to provider [" + model.getDisplayName() +
"] but kerberos principal is not correct. Kerberos principal on user is: " + user.getFirstAttribute(KERBEROS_PRINCIPAL)); "] but kerberos principal is not correct. Kerberos principal on user is: " + user.getFirstAttribute(KERBEROS_PRINCIPAL));
logger.warn("Will re-create user"); logger.warn("Will re-create user");
session.userStorage().removeUser(realm, user); new UserManager(session).removeUser(realm, user, session.userStorage());
} }
} }
} }

3
federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProvider.java
View file

@ -26,6 +26,7 @@ import org.keycloak.models.UserFederationProvider;
import org.keycloak.models.UserFederationProviderModel; import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.common.constants.KerberosConstants; import org.keycloak.common.constants.KerberosConstants;
import org.keycloak.services.managers.UserManager;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
@ -465,7 +466,7 @@ public class LDAPFederationProvider implements UserFederationProvider {
logger.warnf("User with username [%s] aready exists and is linked to provider [%s] but is not valid. Stale LDAP_ID on local user is: %s", logger.warnf("User with username [%s] aready exists and is linked to provider [%s] but is not valid. Stale LDAP_ID on local user is: %s",
username, model.getDisplayName(), user.getFirstAttribute(LDAPConstants.LDAP_ID)); username, model.getDisplayName(), user.getFirstAttribute(LDAPConstants.LDAP_ID));
logger.warn("Will re-create user"); logger.warn("Will re-create user");
session.userStorage().removeUser(realm, user); new UserManager(session).removeUser(realm, user, session.userStorage());
} }
} }
} }

24
model/jpa/src/main/java/org/keycloak/models/jpa/session/JpaUserSessionPersisterProvider.java
View file

@ -150,8 +150,12 @@ public class JpaUserSessionPersisterProvider implements UserSessionPersisterProv
@Override @Override
public void onUserRemoved(RealmModel realm, UserModel user) { public void onUserRemoved(RealmModel realm, UserModel user) {
int num = em.createNamedQuery("deleteClientSessionsByUser").setParameter("userId", user.getId()).executeUpdate(); onUserRemoved(realm, user.getId());
num = em.createNamedQuery("deleteUserSessionsByUser").setParameter("userId", user.getId()).executeUpdate(); }
private void onUserRemoved(RealmModel realm, String userId) {
int num = em.createNamedQuery("deleteClientSessionsByUser").setParameter("userId", userId).executeUpdate();
num = em.createNamedQuery("deleteUserSessionsByUser").setParameter("userId", userId).executeUpdate();
} }
@Override @Override
@ -184,7 +188,16 @@ public class JpaUserSessionPersisterProvider implements UserSessionPersisterProv
List<UserSessionModel> result = new ArrayList<>(); List<UserSessionModel> result = new ArrayList<>();
List<String> userSessionIds = new ArrayList<>(); List<String> userSessionIds = new ArrayList<>();
for (PersistentUserSessionEntity entity : results) { for (PersistentUserSessionEntity entity : results) {
result.add(toAdapter(entity)); RealmModel realm = session.realms().getRealm(entity.getRealmId());
UserModel user = session.users().getUserById(entity.getUserId(), realm);
// Case when user was deleted in the meantime
if (user == null) {
onUserRemoved(realm, entity.getUserId());
return loadUserSessions(firstResult, maxResults, offline);
}
result.add(toAdapter(realm, user, entity));
userSessionIds.add(entity.getUserSessionId()); userSessionIds.add(entity.getUserSessionId());
} }
@ -217,10 +230,7 @@ public class JpaUserSessionPersisterProvider implements UserSessionPersisterProv
return result; return result;
} }
private PersistentUserSessionAdapter toAdapter(PersistentUserSessionEntity entity) { private PersistentUserSessionAdapter toAdapter(RealmModel realm, UserModel user, PersistentUserSessionEntity entity) {
RealmModel realm = session.realms().getRealm(entity.getRealmId());
UserModel user = session.users().getUserById(entity.getUserId(), realm);
PersistentUserSessionModel model = new PersistentUserSessionModel(); PersistentUserSessionModel model = new PersistentUserSessionModel();
model.setUserSessionId(entity.getUserSessionId()); model.setUserSessionId(entity.getUserSessionId());
model.setLastSessionRefresh(entity.getLastSessionRefresh()); model.setLastSessionRefresh(entity.getLastSessionRefresh());

22
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/MongoUserSessionPersisterProvider.java
View file

@ -191,8 +191,12 @@ public class MongoUserSessionPersisterProvider implements UserSessionPersisterPr
@Override @Override
public void onUserRemoved(RealmModel realm, UserModel user) { public void onUserRemoved(RealmModel realm, UserModel user) {
onUserRemoved(realm, user.getId());
}
private void onUserRemoved(RealmModel realm, String userId) {
DBObject query = new QueryBuilder() DBObject query = new QueryBuilder()
.and("userId").is(user.getId()) .and("userId").is(userId)
.get(); .get();
getMongoStore().removeEntities(MongoOnlineUserSessionEntity.class, query, false, invocationContext); getMongoStore().removeEntities(MongoOnlineUserSessionEntity.class, query, false, invocationContext);
getMongoStore().removeEntities(MongoOfflineUserSessionEntity.class, query, false, invocationContext); getMongoStore().removeEntities(MongoOfflineUserSessionEntity.class, query, false, invocationContext);
@ -263,16 +267,22 @@ public class MongoUserSessionPersisterProvider implements UserSessionPersisterPr
List<UserSessionModel> results = new LinkedList<>(); List<UserSessionModel> results = new LinkedList<>();
for (MongoUserSessionEntity entity : entities) { for (MongoUserSessionEntity entity : entities) {
PersistentUserSessionAdapter userSession = toAdapter(entity); RealmModel realm = session.realms().getRealm(entity.getRealmId());
UserModel user = session.users().getUserById(entity.getUserId(), realm);
// Case when user was deleted in the meantime
if (user == null) {
onUserRemoved(realm, entity.getUserId());
return loadUserSessions(firstResult, maxResults, offline);
}
PersistentUserSessionAdapter userSession = toAdapter(realm, user, entity);
results.add(userSession); results.add(userSession);
} }
return results; return results;
} }
private PersistentUserSessionAdapter toAdapter(PersistentUserSessionEntity entity) { private PersistentUserSessionAdapter toAdapter(RealmModel realm, UserModel user, PersistentUserSessionEntity entity) {
RealmModel realm = session.realms().getRealm(entity.getRealmId());
UserModel user = session.users().getUserById(entity.getUserId(), realm);
PersistentUserSessionModel model = new PersistentUserSessionModel(); PersistentUserSessionModel model = new PersistentUserSessionModel();
model.setUserSessionId(entity.getId()); model.setUserSessionId(entity.getId());
model.setLastSessionRefresh(entity.getLastSessionRefresh()); model.setLastSessionRefresh(entity.getLastSessionRefresh());

3
server-spi/src/main/java/org/keycloak/models/UserFederationManager.java
View file

@ -2,6 +2,7 @@ package org.keycloak.models;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.services.managers.UserManager;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
@ -113,7 +114,7 @@ public class UserFederationManager implements UserProvider {
RealmModel realmModel = session.realms().getRealm(realm.getId()); RealmModel realmModel = session.realms().getRealm(realm.getId());
if (realmModel == null) return; if (realmModel == null) return;
UserModel deletedUser = session.userStorage().getUserById(user.getId(), realmModel); UserModel deletedUser = session.userStorage().getUserById(user.getId(), realmModel);
session.userStorage().removeUser(realmModel, deletedUser); new UserManager(session).removeUser(realmModel, deletedUser, session.userStorage());
logger.debugf("Removed invalid user '%s'", user.getUsername()); logger.debugf("Removed invalid user '%s'", user.getUsername());
} }

7
services/src/main/java/org/keycloak/services/managers/UserManager.java → server-spi/src/main/java/org/keycloak/services/managers/UserManager.java
View file

@ -3,6 +3,7 @@ package org.keycloak.services.managers;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.models.UserProvider;
import org.keycloak.models.UserSessionProvider; import org.keycloak.models.UserSessionProvider;
import org.keycloak.models.session.UserSessionPersisterProvider; import org.keycloak.models.session.UserSessionPersisterProvider;
@ -18,6 +19,10 @@ public class UserManager {
} }
public boolean removeUser(RealmModel realm, UserModel user) { public boolean removeUser(RealmModel realm, UserModel user) {
return removeUser(realm, user, session.users());
}
public boolean removeUser(RealmModel realm, UserModel user, UserProvider userProvider) {
UserSessionProvider sessions = session.sessions(); UserSessionProvider sessions = session.sessions();
if (sessions != null) { if (sessions != null) {
sessions.onUserRemoved(realm, user); sessions.onUserRemoved(realm, user);
@ -28,7 +33,7 @@ public class UserManager {
sessionsPersister.onUserRemoved(realm, user); sessionsPersister.onUserRemoved(realm, user);
} }
if (session.users().removeUser(realm, user)) { if (userProvider.removeUser(realm, user)) {
return true; return true;
} }
return false; return false;

2
services/src/main/java/org/keycloak/services/managers/ClientManager.java
View file

@ -104,7 +104,7 @@ public class ClientManager {
UserModel serviceAccountUser = realmManager.getSession().users().getUserByServiceAccountClient(client); UserModel serviceAccountUser = realmManager.getSession().users().getUserByServiceAccountClient(client);
if (serviceAccountUser != null) { if (serviceAccountUser != null) {
realmManager.getSession().users().removeUser(realm, serviceAccountUser); new UserManager(realmManager.getSession()).removeUser(realm, serviceAccountUser);
} }
return true; return true;

48
testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserSessionPersisterProviderTest.java
View file

@ -53,8 +53,12 @@ public class UserSessionPersisterProviderTest {
UserModel user2 = session.users().getUserByUsername("user2", realm); UserModel user2 = session.users().getUserByUsername("user2", realm);
UserManager um = new UserManager(session); UserManager um = new UserManager(session);
um.removeUser(realm, user1); if (user1 != null) {
um.removeUser(realm, user2); um.removeUser(realm, user1);
}
if (user2 != null) {
um.removeUser(realm, user2);
}
kc.stopSession(session, true); kc.stopSession(session, true);
} }
@ -290,6 +294,43 @@ public class UserSessionPersisterProviderTest {
realmMgr.removeRealm(realmMgr.getRealm("foo")); realmMgr.removeRealm(realmMgr.getRealm("foo"));
} }
@Test
public void testOnUserRemoved() {
// Create some sessions in infinispan
int started = Time.currentTime();
UserSessionModel[] origSessions = createSessions();
resetSession();
// Persist 2 offline sessions of 2 users
UserSessionModel userSession1 = session.sessions().getUserSession(realm, origSessions[1].getId());
UserSessionModel userSession2 = session.sessions().getUserSession(realm, origSessions[2].getId());
persistUserSession(userSession1, true);
persistUserSession(userSession2, true);
resetSession();
// Load offline sessions
List<UserSessionModel> loadedSessions = loadPersistedSessionsPaginated(true, 10, 1, 2);
// Properly delete user and assert his offlineSession removed
UserModel user1 = session.users().getUserByUsername("user1", realm);
new UserManager(session).removeUser(realm, user1);
resetSession();
loadedSessions = loadPersistedSessionsPaginated(true, 10, 1, 1);
UserSessionModel persistedSession = loadedSessions.get(0);
UserSessionProviderTest.assertSession(persistedSession, session.users().getUserByUsername("user2", realm), "127.0.0.3", started, started, "test-app");
// KEYCLOAK-2431 Assert that userSessionPersister is resistent even to situation, when users are deleted "directly"
UserModel user2 = session.users().getUserByUsername("user2", realm);
session.users().removeUser(realm, user2);
loadedSessions = loadPersistedSessionsPaginated(true, 10, 0, 0);
}
// KEYCLOAK-1999 // KEYCLOAK-1999
@Test @Test
public void testNoSessions() { public void testNoSessions() {
@ -376,8 +417,7 @@ public class UserSessionPersisterProviderTest {
} }
Assert.assertEquals(pageCount, expectedPageCount); Assert.assertEquals(pageCount, expectedPageCount);
Assert.assertEquals(count, expectedSessionsCount); Assert.assertEquals(result.size(), expectedSessionsCount);
Assert.assertEquals(count, result.size());
return result; return result;
} }
} }