Merge pull request #1577 from mposolda/master

KEYCLOAK-1789 KEYCLOAK-1759 Export/import fixes
This commit is contained in:
Marek Posolda 2015-09-02 14:49:23 +02:00
commit dfc34d99c5
14 changed files with 158 additions and 88 deletions

View file

@ -14,6 +14,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.models.RealmProvider;
import org.keycloak.models.RoleModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.RealmImporter;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
@ -76,11 +77,8 @@ public class ImportUtils {
}
}
realm = rep.getId() != null ? model.createRealm(rep.getId(), realmName) : model.createRealm(realmName);
RepresentationToModel.importRealm(session, rep, realm);
refreshMasterAdminApps(model, realm);
RealmImporter realmManager = session.getContext().getRealmManager();
realm = realmManager.importRealm(rep);
if (System.getProperty(ExportImportConfig.ACTION) != null) {
logger.infof("Realm '%s' imported", realmName);
@ -89,64 +87,6 @@ public class ImportUtils {
return;
}
private static void refreshMasterAdminApps(RealmProvider model, RealmModel realm) {
String adminRealmId = Config.getAdminRealm();
if (adminRealmId.equals(realm.getId())) {
// We just imported master realm. All 'masterAdminApps' need to be refreshed
RealmModel adminRealm = realm;
for (RealmModel currentRealm : model.getRealms()) {
ClientModel masterApp = adminRealm.getClientByClientId(KeycloakModelUtils.getMasterRealmAdminApplicationClientId(currentRealm));
if (masterApp != null) {
currentRealm.setMasterAdminClient(masterApp);
} else {
setupMasterAdminManagement(model, currentRealm);
}
}
} else {
// Need to refresh masterApp for current realm
RealmModel adminRealm = model.getRealm(adminRealmId);
ClientModel masterApp = adminRealm.getClientByClientId(KeycloakModelUtils.getMasterRealmAdminApplicationClientId(realm));
if (masterApp != null) {
realm.setMasterAdminClient(masterApp);
} else {
setupMasterAdminManagement(model, realm);
}
}
}
// TODO: We need method here, so we are able to refresh masterAdmin applications after import. Should be RealmManager moved to model/api instead?
public static void setupMasterAdminManagement(RealmProvider model, RealmModel realm) {
RealmModel adminRealm;
RoleModel adminRole;
if (realm.getName().equals(Config.getAdminRealm())) {
adminRealm = realm;
adminRole = realm.addRole(AdminRoles.ADMIN);
RoleModel createRealmRole = realm.addRole(AdminRoles.CREATE_REALM);
adminRole.addCompositeRole(createRealmRole);
createRealmRole.setDescription("${role_"+AdminRoles.CREATE_REALM+"}");
} else {
adminRealm = model.getRealmByName(Config.getAdminRealm());
adminRole = adminRealm.getRole(AdminRoles.ADMIN);
}
adminRole.setDescription("${role_"+AdminRoles.ADMIN+"}");
ClientModel realmAdminApp = KeycloakModelUtils.createClient(adminRealm, KeycloakModelUtils.getMasterRealmAdminApplicationClientId(realm));
// No localized name for now
realmAdminApp.setName(realm.getName() + " Realm");
realmAdminApp.setBearerOnly(true);
realm.setMasterAdminClient(realmAdminApp);
for (String r : AdminRoles.ALL_REALM_ROLES) {
RoleModel role = realmAdminApp.addRole(r);
role.setDescription("${role_"+r+"}");
adminRole.addCompositeRole(role);
}
}
/**
* Fully import realm (or more realms from particular stream)
*
@ -187,12 +127,12 @@ public class ImportUtils {
}
for (RealmRepresentation realmRep : realmReps) {
result.put(realmRep.getId(), realmRep);
result.put(realmRep.getRealm(), realmRep);
}
} else if (parser.getCurrentToken() == JsonToken.START_OBJECT) {
// Case with single realm in stream
RealmRepresentation realmRep = parser.readValueAs(RealmRepresentation.class);
result.put(realmRep.getId(), realmRep);
result.put(realmRep.getRealm(), realmRep);
}
} finally {
parser.close();

View file

@ -22,7 +22,7 @@ public class ImpersonationConstants {
adminRealm = model.getRealmByName(Config.getAdminRealm());
adminRole = adminRealm.getRole(AdminRoles.ADMIN);
}
ClientModel realmAdminApp = adminRealm.getClientByClientId(KeycloakModelUtils.getMasterRealmAdminApplicationClientId(realm));
ClientModel realmAdminApp = adminRealm.getClientByClientId(KeycloakModelUtils.getMasterRealmAdminApplicationClientId(realm.getName()));
if (realmAdminApp.getRole(IMPERSONATION_ROLE) != null) return;
RoleModel impersonationRole = realmAdminApp.addRole(IMPERSONATION_ROLE);
impersonationRole.setDescription("${role_" + IMPERSONATION_ROLE + "}");

View file

@ -1,6 +1,7 @@
package org.keycloak.models;
import org.keycloak.ClientConnection;
import org.keycloak.models.utils.RealmImporter;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.UriInfo;
@ -30,4 +31,6 @@ public interface KeycloakContext {
void setConnection(ClientConnection connection);
RealmImporter getRealmManager();
}

View file

@ -257,8 +257,8 @@ public final class KeycloakModelUtils {
}
}
public static String getMasterRealmAdminApplicationClientId(RealmModel realm) {
return realm.getName() + "-realm";
public static String getMasterRealmAdminApplicationClientId(String realmName) {
return realmName + "-realm";
}
/**

View file

@ -0,0 +1,14 @@
package org.keycloak.models.utils;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.RealmRepresentation;
/**
* Helper interface used just because RealmManager is in keycloak-services and not accessible for ImportUtils
*
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public interface RealmImporter {
RealmModel importRealm(RealmRepresentation rep);
}

View file

@ -779,7 +779,7 @@ public class RealmAdapter implements RealmModel {
@Override
public ClientModel getMasterAdminClient() {
return cacheSession.getRealm(Config.getAdminRealm()).getClientById(cached.getMasterAdminClient());
return cached.getMasterAdminClient()==null ? null : cacheSession.getRealm(Config.getAdminRealm()).getClientById(cached.getMasterAdminClient());
}
@Override

View file

@ -187,7 +187,8 @@ public class CachedRealm implements Serializable {
adminEventsDetailsEnabled = model.isAdminEventsDetailsEnabled();
defaultRoles.addAll(model.getDefaultRoles());
masterAdminClient = model.getMasterAdminClient().getId();
ClientModel masterAdminClient = model.getMasterAdminClient();
this.masterAdminClient = (masterAdminClient != null) ? masterAdminClient.getId() : null;
for (RoleModel role : model.getRoles()) {
realmRoles.put(role.getName(), role.getId());

View file

@ -1171,7 +1171,8 @@ public class RealmAdapter implements RealmModel {
@Override
public ClientModel getMasterAdminClient() {
return new ClientAdapter(this, em, session, realm.getMasterAdminClient());
ClientEntity client = realm.getMasterAdminClient();
return client!=null ? new ClientAdapter(this, em, session, realm.getMasterAdminClient()) : null;
}
@Override

View file

@ -35,6 +35,9 @@ public class ExportImportManager {
if (export) {
ExportProvider exportProvider = session.getProvider(ExportProvider.class, exportImportProviderId);
if (exportProvider == null) {
logger.errorf("Invalid Export Provider %s", exportImportProviderId);
} else {
if (realmName == null) {
logger.info("Full model export requested");
exportProvider.exportModel(sessionFactory);
@ -43,6 +46,7 @@ public class ExportImportManager {
exportProvider.exportRealm(sessionFactory, realmName);
}
logger.info("Export finished successfully");
}
} else {
ImportProvider importProvider = session.getProvider(ImportProvider.class, exportImportProviderId);

View file

@ -4,7 +4,10 @@ import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.ClientConnection;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakContext;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.RealmImporter;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.resources.KeycloakApplication;
import javax.ws.rs.core.HttpHeaders;
@ -21,6 +24,12 @@ public class DefaultKeycloakContext implements KeycloakContext {
private ClientConnection connection;
private KeycloakSession session;
public DefaultKeycloakContext(KeycloakSession session) {
this.session = session;
}
@Override
public String getContextPath() {
KeycloakApplication app = getContextObject(KeycloakApplication.class);
@ -71,4 +80,11 @@ public class DefaultKeycloakContext implements KeycloakContext {
public void setConnection(ClientConnection connection) {
this.connection = connection;
}
@Override
public RealmImporter getRealmManager() {
RealmManager manager = new RealmManager(session);
manager.setContextPath(getContextPath());
return manager;
}
}

View file

@ -46,7 +46,7 @@ public class DefaultKeycloakSession implements KeycloakSession {
this.factory = factory;
this.transactionManager = new DefaultKeycloakTransactionManager();
federationManager = new UserFederationManager(this);
context = new DefaultKeycloakContext();
context = new DefaultKeycloakContext(this);
}
@Override

View file

@ -3,7 +3,7 @@ package org.keycloak.services.managers;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.enums.SslRequired;
import org.keycloak.exportimport.util.ImportUtils;
import org.keycloak.models.utils.RealmImporter;
import org.keycloak.models.AccountRoles;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.ClientModel;
@ -39,7 +39,7 @@ import java.util.List;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class RealmManager {
public class RealmManager implements RealmImporter {
protected static final Logger logger = Logger.getLogger(RealmManager.class);
protected KeycloakSession session;
@ -161,7 +161,9 @@ public class RealmManager {
boolean removed = model.removeRealm(realm.getId());
if (removed) {
if (realm.getMasterAdminClient() != null) {
new ClientManager(this).removeClient(getKeycloakAdminstrationRealm(), realm.getMasterAdminClient());
}
UserSessionProvider sessions = session.sessions();
if (sessions != null) {
@ -191,9 +193,47 @@ public class RealmManager {
realm.setAdminEventsDetailsEnabled(rep.isAdminEventsDetailsEnabled());
}
// Should be RealmManager moved to model/api instead of referencing methods this way?
private void setupMasterAdminManagement(RealmModel realm) {
ImportUtils.setupMasterAdminManagement(model, realm);
// Need to refresh masterApp for current realm
String adminRealmId = Config.getAdminRealm();
RealmModel adminRealm = model.getRealm(adminRealmId);
ClientModel masterApp = adminRealm.getClientByClientId(KeycloakModelUtils.getMasterRealmAdminApplicationClientId(realm.getName()));
if (masterApp != null) {
realm.setMasterAdminClient(masterApp);
} else {
createMasterAdminManagement(model, realm);
}
}
private void createMasterAdminManagement(RealmProvider model, RealmModel realm) {
RealmModel adminRealm;
RoleModel adminRole;
if (realm.getName().equals(Config.getAdminRealm())) {
adminRealm = realm;
adminRole = realm.addRole(AdminRoles.ADMIN);
RoleModel createRealmRole = realm.addRole(AdminRoles.CREATE_REALM);
adminRole.addCompositeRole(createRealmRole);
createRealmRole.setDescription("${role_"+AdminRoles.CREATE_REALM+"}");
} else {
adminRealm = model.getRealmByName(Config.getAdminRealm());
adminRole = adminRealm.getRole(AdminRoles.ADMIN);
}
adminRole.setDescription("${role_"+AdminRoles.ADMIN+"}");
ClientModel realmAdminApp = KeycloakModelUtils.createClient(adminRealm, KeycloakModelUtils.getMasterRealmAdminApplicationClientId(realm.getName()));
// No localized name for now
realmAdminApp.setName(realm.getName() + " Realm");
realmAdminApp.setBearerOnly(true);
realm.setMasterAdminClient(realmAdminApp);
for (String r : AdminRoles.ALL_REALM_ROLES) {
RoleModel role = realmAdminApp.addRole(r);
role.setDescription("${role_"+r+"}");
adminRole.addCompositeRole(role);
}
}
private void setupRealmAdminManagement(RealmModel realm) {
@ -257,6 +297,7 @@ public class RealmManager {
}
}
@Override
public RealmModel importRealm(RealmRepresentation rep) {
String id = rep.getId();
if (id == null) {
@ -268,7 +309,12 @@ public class RealmManager {
// setup defaults
setupRealmDefaults(realm);
boolean postponeMasterClientSetup = postponeMasterClientSetup(rep);
if (!postponeMasterClientSetup) {
setupMasterAdminManagement(realm);
}
if (!hasRealmAdminManagementClient(rep)) setupRealmAdminManagement(realm);
if (!hasAccountManagementClient(rep)) setupAccountManagement(realm);
@ -286,6 +332,10 @@ public class RealmManager {
RepresentationToModel.importRealm(session, rep, realm);
if (postponeMasterClientSetup) {
setupMasterAdminManagement(realm);
}
// Could happen when migrating from older version and I have exported JSON file, which contains "realm-management" client but not "impersonation" client
// I need to postpone impersonation because it needs "realm-management" client and it's roles set
if (postponeImpersonationSetup) {
@ -304,8 +354,16 @@ public class RealmManager {
return realm;
}
private boolean postponeMasterClientSetup(RealmRepresentation rep) {
if (!Config.getAdminRealm().equals(rep.getRealm())) {
return false;
}
return hasRealmAdminManagementClient(rep);
}
private boolean hasRealmAdminManagementClient(RealmRepresentation rep) {
String realmAdminClientId = getRealmAdminClientId(rep);
String realmAdminClientId = Config.getAdminRealm().equals(rep.getRealm()) ? KeycloakModelUtils.getMasterRealmAdminApplicationClientId(rep.getRealm()) : getRealmAdminClientId(rep);
return hasClient(rep, realmAdminClientId);
}

View file

@ -77,7 +77,7 @@ public class ImpersonationTest {
{
UserModel masterImpersonator = manager.getSession().users().addUser(adminstrationRealm, "master-impersonator");
masterImpersonator.setEnabled(true);
ClientModel adminRealmClient = adminstrationRealm.getClientByClientId(KeycloakModelUtils.getMasterRealmAdminApplicationClientId(appRealm));
ClientModel adminRealmClient = adminstrationRealm.getClientByClientId(KeycloakModelUtils.getMasterRealmAdminApplicationClientId(appRealm.getName()));
RoleModel masterImpersonatorRole = adminRealmClient.getRole(ImpersonationConstants.IMPERSONATION_ROLE);
masterImpersonator.grantRole(masterImpersonatorRole);
}

View file

@ -26,6 +26,7 @@ import org.keycloak.testsuite.rule.KeycloakRule;
import java.io.File;
import java.io.IOException;
import java.net.URL;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
@ -185,6 +186,37 @@ public class ExportImportTest {
testRealmExportImport();
}
@Test
public void testSingleFileRealmWithoutBuiltinsImport() throws Throwable {
// Remove test realm
KeycloakSession session = keycloakRule.startSession();
try {
new RealmManager(session).removeRealm(session.realms().getRealmByName("test-realm"));
} finally {
keycloakRule.stopSession(session, true);
}
// Set the realm, which doesn't have builtin clients/roles inside JSON
ExportImportConfig.setProvider(SingleFileExportProviderFactory.PROVIDER_ID);
URL url = ExportImportTest.class.getResource("/model/testrealm.json");
String targetFilePath = new File(url.getFile()).getAbsolutePath();
ExportImportConfig.setFile(targetFilePath);
ExportImportConfig.setAction(ExportImportConfig.ACTION_IMPORT);
// Restart server to trigger import
keycloakRule.restartServer();
// Ensure realm imported
session = keycloakRule.startSession();
try {
RealmModel testRealmRealm = session.realms().getRealmByName("test-realm");
ImportTest.assertDataImportedInRealm(session, testRealmRealm);
} finally {
keycloakRule.stopSession(session, true);
}
}
@Test
public void testZipFullExportImport() throws Throwable {
ExportImportConfig.setProvider(ZipExportProviderFactory.PROVIDER_ID);
@ -222,7 +254,8 @@ public class ExportImportTest {
RealmProvider realmProvider = session.realms();
UserProvider userProvider = session.users();
new RealmManager(session).removeRealm(realmProvider.getRealmByName("test"));
Assert.assertEquals(2, realmProvider.getRealms().size());
new RealmManager(session).removeRealm(realmProvider.getRealmByName("test-realm"));
Assert.assertEquals(1, realmProvider.getRealms().size());
assertNotAuthenticated(userProvider, realmProvider, "test", "test-user@localhost", "password");
assertNotAuthenticated(userProvider, realmProvider, "test", "user1", "password");
@ -250,7 +283,7 @@ public class ExportImportTest {
assertAuthenticated(userProvider, model, "test", "user2", "password");
assertAuthenticated(userProvider, model, "test", "user3", "password");
RealmModel testRealmRealm = model.getRealm("test-realm");
RealmModel testRealmRealm = model.getRealmByName("test-realm");
ImportTest.assertDataImportedInRealm(session, testRealmRealm);
} finally {
keycloakRule.stopSession(session, true);