From e7f6c780e2d0d0c6c68f4e42981547b4faf63157 Mon Sep 17 00:00:00 2001 From: mposolda Date: Thu, 8 Dec 2016 18:35:46 +0100 Subject: [PATCH] KEYCLOAK-4058 Improve LDAPStorageMapper and remove LDAPStorageMapperBridge --- .../storage/ldap/LDAPStorageProvider.java | 8 +- .../ldap/LDAPStorageProviderFactory.java | 6 +- .../org/keycloak/storage/ldap/LDAPUtils.java | 2 +- .../ldap/idm/query/internal/LDAPQuery.java | 2 +- .../mappers/AbstractLDAPStorageMapper.java | 52 ++++------ .../AbstractLDAPStorageMapperFactory.java | 11 ++- .../mappers/FullNameLDAPStorageMapper.java | 10 +- .../FullNameLDAPStorageMapperFactory.java | 4 +- .../HardcodedLDAPRoleStorageMapper.java | 22 ++--- ...HardcodedLDAPRoleStorageMapperFactory.java | 4 +- .../ldap/mappers/LDAPStorageMapper.java | 39 ++------ .../ldap/mappers/LDAPStorageMapperBridge.java | 98 ------------------- .../UserAttributeLDAPStorageMapper.java | 10 +- ...UserAttributeLDAPStorageMapperFactory.java | 4 +- .../mappers/membership/MembershipType.java | 9 +- .../group/GroupLDAPStorageMapper.java | 66 +++++++------ .../group/GroupLDAPStorageMapperFactory.java | 4 +- .../role/RoleLDAPStorageMapper.java | 30 +++--- .../role/RoleLDAPStorageMapperFactory.java | 4 +- .../MSADUserAccountControlStorageMapper.java | 12 +-- ...serAccountControlStorageMapperFactory.java | 4 +- ...SADLDSUserAccountControlStorageMapper.java | 12 +-- ...serAccountControlStorageMapperFactory.java | 4 +- .../services/DefaultKeycloakSession.java | 2 +- .../admin/UserStorageProviderResource.java | 10 +- .../ldap/LDAPGroupMapper2WaySyncTest.java | 12 +-- .../storage/ldap/LDAPGroupMapperSyncTest.java | 16 +-- .../storage/ldap/LDAPGroupMapperTest.java | 12 +-- .../storage/ldap/LDAPTestUtils.java | 8 +- 29 files changed, 174 insertions(+), 303 deletions(-) delete mode 100644 federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/LDAPStorageMapperBridge.java diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java index d1ae1f839b..77131ff309 100755 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java @@ -152,7 +152,7 @@ public class LDAPStorageProvider implements UserStorageProvider, List sortedMappers = sortMappersAsc(mappers); for (ComponentModel mapperModel : sortedMappers) { LDAPStorageMapper ldapMapper = getMapper(mapperModel); - proxied = ldapMapper.proxy(mapperModel, this, ldapObject, proxied, realm); + proxied = ldapMapper.proxy(ldapObject, proxied, realm); } return proxied; @@ -283,7 +283,7 @@ public class LDAPStorageProvider implements UserStorageProvider, List sortedMappers = sortMappersAsc(mappers); for (ComponentModel mapperModel : sortedMappers) { LDAPStorageMapper ldapMapper = getMapper(mapperModel); - List users = ldapMapper.getGroupMembers(mapperModel, this, realm, group, firstResult, maxResults); + List users = ldapMapper.getGroupMembers(realm, group, firstResult, maxResults); // Sufficient for now if (users.size() > 0) { @@ -387,7 +387,7 @@ public class LDAPStorageProvider implements UserStorageProvider, logger.tracef("Using mapper %s during import user from LDAP", mapperModel); } LDAPStorageMapper ldapMapper = getMapper(mapperModel); - ldapMapper.onImportUserFromLDAP(mapperModel, this, ldapUser, imported, realm, true); + ldapMapper.onImportUserFromLDAP(ldapUser, imported, realm, true); } String userDN = ldapUser.getDn().toString(); @@ -469,7 +469,7 @@ public class LDAPStorageProvider implements UserStorageProvider, logger.tracef("Using mapper %s during import user from LDAP", mapperModel); } LDAPStorageMapper ldapMapper = getMapper(mapperModel); - processed = processed || ldapMapper.onAuthenticationFailure(mapperModel, this, ldapUser, user, ae, realm); + processed = processed || ldapMapper.onAuthenticationFailure(ldapUser, user, ae, realm); } return processed; } diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java index 6d4ceb6007..09a4aba805 100755 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java @@ -360,12 +360,12 @@ public class LDAPStorageProviderFactory implements UserStorageProviderFactory mappers = realm.getComponents(model.getId(), LDAPStorageMapper.class.getName()); for (ComponentModel mapperModel : mappers) { LDAPStorageMapper ldapMapper = session.getProvider(LDAPStorageMapper.class, mapperModel); - SynchronizationResult syncResult = ldapMapper.syncDataFromFederationProviderToKeycloak(mapperModel, ldapProvider, session, realm); + SynchronizationResult syncResult = ldapMapper.syncDataFromFederationProviderToKeycloak(realm); if (syncResult.getAdded() > 0 || syncResult.getUpdated() > 0 || syncResult.getRemoved() > 0 || syncResult.getFailed() > 0) { logger.infof("Sync of federation mapper '%s' finished. Status: %s", mapperModel.getName(), syncResult.toString()); } @@ -461,7 +461,7 @@ public class LDAPStorageProviderFactory implements UserStorageProviderFactory sortedMappers = ldapFedProvider.sortMappersDesc(federationMappers); for (ComponentModel mapperModel : sortedMappers) { LDAPStorageMapper ldapMapper = ldapFedProvider.getMapper(mapperModel); - ldapMapper.onImportUserFromLDAP(mapperModel, ldapFedProvider, ldapUser, currentUser, currentRealm, false); + ldapMapper.onImportUserFromLDAP(ldapUser, currentUser, currentRealm, false); } logger.debugf("Updated user from LDAP: %s", currentUser.getUsername()); diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPUtils.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPUtils.java index 567f15e822..a5e48a7439 100755 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPUtils.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPUtils.java @@ -64,7 +64,7 @@ public class LDAPUtils { List sortedMappers = ldapProvider.sortMappersAsc(federationMappers); for (ComponentModel mapperModel : sortedMappers) { LDAPStorageMapper ldapMapper = ldapProvider.getMapper(mapperModel); - ldapMapper.onRegisterUserToLDAP(mapperModel, ldapProvider, ldapUser, user, realm); + ldapMapper.onRegisterUserToLDAP(ldapUser, user, realm); } LDAPUtils.computeAndSetDn(ldapConfig, ldapUser); diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/query/internal/LDAPQuery.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/query/internal/LDAPQuery.java index eb7ff1bb9a..d86a2381cb 100644 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/query/internal/LDAPQuery.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/query/internal/LDAPQuery.java @@ -155,7 +155,7 @@ public class LDAPQuery { List sortedMappers = ldapFedProvider.sortMappersAsc(mappers); for (ComponentModel mapperModel : sortedMappers) { LDAPStorageMapper fedMapper = ldapFedProvider.getMapper(mapperModel); - fedMapper.beforeLDAPQuery(mapperModel, this); + fedMapper.beforeLDAPQuery(this); } List result = new ArrayList(); diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/AbstractLDAPStorageMapper.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/AbstractLDAPStorageMapper.java index c6edd96ef6..fb09d1df09 100644 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/AbstractLDAPStorageMapper.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/AbstractLDAPStorageMapper.java @@ -36,57 +36,35 @@ import java.util.List; * * @author Marek Posolda */ -public abstract class AbstractLDAPStorageMapper { +public abstract class AbstractLDAPStorageMapper implements LDAPStorageMapper { + protected final KeycloakSession session; protected final ComponentModel mapperModel; protected final LDAPStorageProvider ldapProvider; - protected final RealmModel realm; - public AbstractLDAPStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, RealmModel realm) { + public AbstractLDAPStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider) { this.mapperModel = mapperModel; this.ldapProvider = ldapProvider; - this.realm = realm; + this.session = ldapProvider.getSession(); } - /** - * @see LDAPStorageMapper#syncDataFromFederationProviderToKeycloak(ComponentModel, LDAPStorageProvider, KeycloakSession, RealmModel) - */ - public SynchronizationResult syncDataFromFederationProviderToKeycloak() { + + public SynchronizationResult syncDataFromFederationProviderToKeycloak(RealmModel realm) { return new SynchronizationResult(); } - /** - * @see LDAPStorageMapper#syncDataFromKeycloakToFederationProvider(ComponentModel, LDAPStorageProvider, KeycloakSession, RealmModel) - */ - public SynchronizationResult syncDataFromKeycloakToFederationProvider() { + + public SynchronizationResult syncDataFromKeycloakToFederationProvider(RealmModel realm) { return new SynchronizationResult(); } - /** - * @see LDAPStorageMapper#beforeLDAPQuery(ComponentModel, LDAPQuery) - */ - public abstract void beforeLDAPQuery(LDAPQuery query); - /** - * @see LDAPStorageMapper#proxy(ComponentModel, LDAPStorageProvider, LDAPObject, UserModel, RealmModel) - */ - public abstract UserModel proxy(LDAPObject ldapUser, UserModel delegate); - - /** - * @see LDAPStorageMapper#onRegisterUserToLDAP(ComponentModel, LDAPStorageProvider, LDAPObject, UserModel, RealmModel) - */ - public abstract void onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser); - - /** - * @see LDAPStorageMapper#onImportUserFromLDAP(ComponentModel, LDAPStorageProvider, LDAPObject, UserModel, RealmModel, boolean) - */ - public abstract void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, boolean isCreate); - - public List getGroupMembers(GroupModel group, int firstResult, int maxResults) { + public List getGroupMembers(RealmModel realm, GroupModel group, int firstResult, int maxResults) { return Collections.emptyList(); } - public boolean onAuthenticationFailure(LDAPObject ldapUser, UserModel user, AuthenticationException ldapException) { + + public boolean onAuthenticationFailure(LDAPObject ldapUser, UserModel user, AuthenticationException ldapException, RealmModel realm) { return false; } @@ -96,11 +74,15 @@ public abstract class AbstractLDAPStorageMapper { return Boolean.parseBoolean(paramm); } + public LDAPStorageProvider getLdapProvider() { return ldapProvider; } - public RealmModel getRealm() { - return realm; + + @Override + public void close() { + } + } diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/AbstractLDAPStorageMapperFactory.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/AbstractLDAPStorageMapperFactory.java index a6ba2d2651..c18263dcc7 100755 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/AbstractLDAPStorageMapperFactory.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/AbstractLDAPStorageMapperFactory.java @@ -22,9 +22,7 @@ import org.keycloak.component.ComponentModel; import org.keycloak.component.ComponentValidationException; import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSessionFactory; -import org.keycloak.models.RealmModel; import org.keycloak.provider.ProviderConfigProperty; -import org.keycloak.representations.idm.UserFederationMapperSyncConfigRepresentation; import org.keycloak.storage.ldap.LDAPStorageProvider; import java.util.HashMap; @@ -52,10 +50,15 @@ public abstract class AbstractLDAPStorageMapperFactory implements LDAPStorageMap @Override public LDAPStorageMapper create(KeycloakSession session, ComponentModel model) { - return new LDAPStorageMapperBridge(this); } + // LDAPStorageProvider is in the session already as mappers are always called from it + String ldapProviderModelId = model.getParentId(); + LDAPStorageProvider ldapProvider = (LDAPStorageProvider) session.getAttribute(ldapProviderModelId); + + return createMapper(model, ldapProvider); + } // Used just by LDAPFederationMapperBridge. - protected abstract AbstractLDAPStorageMapper createMapper(ComponentModel mapperModel, LDAPStorageProvider federationProvider, RealmModel realm); + protected abstract AbstractLDAPStorageMapper createMapper(ComponentModel mapperModel, LDAPStorageProvider federationProvider); @Override public void postInit(KeycloakSessionFactory factory) { diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/FullNameLDAPStorageMapper.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/FullNameLDAPStorageMapper.java index ba43bc6368..45ee17a3b5 100644 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/FullNameLDAPStorageMapper.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/FullNameLDAPStorageMapper.java @@ -43,12 +43,12 @@ public class FullNameLDAPStorageMapper extends AbstractLDAPStorageMapper { public static final String WRITE_ONLY = "write.only"; - public FullNameLDAPStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, RealmModel realm) { - super(mapperModel, ldapProvider, realm); + public FullNameLDAPStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider) { + super(mapperModel, ldapProvider); } @Override - public void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, boolean isCreate) { + public void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate) { if (isWriteOnly()) { return; } @@ -72,7 +72,7 @@ public class FullNameLDAPStorageMapper extends AbstractLDAPStorageMapper { } @Override - public void onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser) { + public void onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser, RealmModel realm) { String ldapFullNameAttrName = getLdapFullNameAttrName(); String fullName = getFullName(localUser.getFirstName(), localUser.getLastName()); ldapUser.setSingleAttribute(ldapFullNameAttrName, fullName); @@ -83,7 +83,7 @@ public class FullNameLDAPStorageMapper extends AbstractLDAPStorageMapper { } @Override - public UserModel proxy(LDAPObject ldapUser, UserModel delegate) { + public UserModel proxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm) { if (ldapProvider.getEditMode() == UserStorageProvider.EditMode.WRITABLE && !isReadOnly()) { diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/FullNameLDAPStorageMapperFactory.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/FullNameLDAPStorageMapperFactory.java index aed520d808..12fc079bdc 100755 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/FullNameLDAPStorageMapperFactory.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/FullNameLDAPStorageMapperFactory.java @@ -114,7 +114,7 @@ public class FullNameLDAPStorageMapperFactory extends AbstractLDAPStorageMapperF } @Override - protected AbstractLDAPStorageMapper createMapper(ComponentModel mapperModel, LDAPStorageProvider federationProvider, RealmModel realm) { - return new FullNameLDAPStorageMapper(mapperModel, federationProvider, realm); + protected AbstractLDAPStorageMapper createMapper(ComponentModel mapperModel, LDAPStorageProvider federationProvider) { + return new FullNameLDAPStorageMapper(mapperModel, federationProvider); } } diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/HardcodedLDAPRoleStorageMapper.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/HardcodedLDAPRoleStorageMapper.java index ca79a1905e..56fb541195 100644 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/HardcodedLDAPRoleStorageMapper.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/HardcodedLDAPRoleStorageMapper.java @@ -41,8 +41,8 @@ public class HardcodedLDAPRoleStorageMapper extends AbstractLDAPStorageMapper { public static final String ROLE = "role"; - public HardcodedLDAPRoleStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, RealmModel realm) { - super(mapperModel, ldapProvider, realm); + public HardcodedLDAPRoleStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider) { + super(mapperModel, ldapProvider); } @Override @@ -50,14 +50,14 @@ public class HardcodedLDAPRoleStorageMapper extends AbstractLDAPStorageMapper { } @Override - public UserModel proxy(LDAPObject ldapUser, UserModel delegate) { + public UserModel proxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm) { return new UserModelDelegate(delegate) { @Override public Set getRealmRoleMappings() { Set roles = super.getRealmRoleMappings(); - RoleModel role = getRole(); + RoleModel role = getRole(realm); if (role != null && role.getContainer().equals(realm)) { roles.add(role); } @@ -69,7 +69,7 @@ public class HardcodedLDAPRoleStorageMapper extends AbstractLDAPStorageMapper { public Set getClientRoleMappings(ClientModel app) { Set roles = super.getClientRoleMappings(app); - RoleModel role = getRole(); + RoleModel role = getRole(realm); if (role != null && role.getContainer().equals(app)) { roles.add(role); } @@ -79,14 +79,14 @@ public class HardcodedLDAPRoleStorageMapper extends AbstractLDAPStorageMapper { @Override public boolean hasRole(RoleModel role) { - return super.hasRole(role) || role.equals(getRole()); + return super.hasRole(role) || role.equals(getRole(realm)); } @Override public Set getRoleMappings() { Set roles = super.getRoleMappings(); - RoleModel role = getRole(); + RoleModel role = getRole(realm); if (role != null) { roles.add(role); } @@ -96,7 +96,7 @@ public class HardcodedLDAPRoleStorageMapper extends AbstractLDAPStorageMapper { @Override public void deleteRoleMapping(RoleModel role) { - if (role.equals(getRole())) { + if (role.equals(getRole(realm))) { throw new ModelException("Not possible to delete role. It's hardcoded by LDAP mapper"); } else { super.deleteRoleMapping(role); @@ -106,16 +106,16 @@ public class HardcodedLDAPRoleStorageMapper extends AbstractLDAPStorageMapper { } @Override - public void onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser) { + public void onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser, RealmModel realm) { } @Override - public void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, boolean isCreate) { + public void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate) { } - private RoleModel getRole() { + private RoleModel getRole(RealmModel realm) { String roleName = mapperModel.getConfig().getFirst(HardcodedLDAPRoleStorageMapper.ROLE); RoleModel role = KeycloakModelUtils.getRoleFromString(realm, roleName); if (role == null) { diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/HardcodedLDAPRoleStorageMapperFactory.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/HardcodedLDAPRoleStorageMapperFactory.java index c833504f20..e61db57947 100644 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/HardcodedLDAPRoleStorageMapperFactory.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/HardcodedLDAPRoleStorageMapperFactory.java @@ -72,7 +72,7 @@ public class HardcodedLDAPRoleStorageMapperFactory extends AbstractLDAPStorageMa } @Override - protected AbstractLDAPStorageMapper createMapper(ComponentModel mapperModel, LDAPStorageProvider federationProvider, RealmModel realm) { - return new HardcodedLDAPRoleStorageMapper(mapperModel, federationProvider, realm); + protected AbstractLDAPStorageMapper createMapper(ComponentModel mapperModel, LDAPStorageProvider federationProvider) { + return new HardcodedLDAPRoleStorageMapper(mapperModel, federationProvider); } } diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/LDAPStorageMapper.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/LDAPStorageMapper.java index 39831e1749..6749633ba0 100644 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/LDAPStorageMapper.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/LDAPStorageMapper.java @@ -17,13 +17,10 @@ package org.keycloak.storage.ldap.mappers; -import org.keycloak.component.ComponentModel; import org.keycloak.models.GroupModel; -import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; import org.keycloak.provider.Provider; -import org.keycloak.storage.ldap.LDAPStorageProvider; import org.keycloak.storage.ldap.idm.model.LDAPObject; import org.keycloak.storage.ldap.idm.query.internal.LDAPQuery; import org.keycloak.storage.user.SynchronizationResult; @@ -42,84 +39,66 @@ public interface LDAPStorageMapper extends Provider { * * Applicable just if sync is supported * - * @param mapperModel - * @param provider - * @param session - * @param realm */ - SynchronizationResult syncDataFromFederationProviderToKeycloak(ComponentModel mapperModel, LDAPStorageProvider provider, KeycloakSession session, RealmModel realm); + SynchronizationResult syncDataFromFederationProviderToKeycloak(RealmModel realm); /** * Sync data from Keycloak back to federated storage * - * @param mapperModel - * @param provider - * @param session - * @param realm - */ - SynchronizationResult syncDataFromKeycloakToFederationProvider(ComponentModel mapperModel, LDAPStorageProvider provider, KeycloakSession session, RealmModel realm); + **/ + SynchronizationResult syncDataFromKeycloakToFederationProvider(RealmModel realm); /** * Return empty list if doesn't support storing of groups */ - List getGroupMembers(ComponentModel mapperModel, LDAPStorageProvider provider, RealmModel realm, GroupModel group, int firstResult, int maxResults); + List getGroupMembers(RealmModel realm, GroupModel group, int firstResult, int maxResults); /** * Called when importing user from LDAP to local keycloak DB. * - * @param mapperModel - * @param ldapProvider * @param ldapUser * @param user * @param realm * @param isCreate true if we importing new user from LDAP. False if user already exists in Keycloak, but we are upgrading (syncing) it from LDAP */ - void onImportUserFromLDAP(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate); + void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate); /** * Called when register new user to LDAP - just after user was created in Keycloak DB * - * @param mapperModel - * @param ldapProvider * @param ldapUser * @param localUser * @param realm */ - void onRegisterUserToLDAP(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, LDAPObject ldapUser, UserModel localUser, RealmModel realm); + void onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser, RealmModel realm); /** * Called when invoke proxy on LDAP federation provider * - * @param mapperModel - * @param ldapProvider * @param ldapUser * @param delegate * @param realm * @return */ - UserModel proxy(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, LDAPObject ldapUser, UserModel delegate, RealmModel realm); + UserModel proxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm); /** * Called before LDAP Identity query for retrieve LDAP users was executed. It allows to change query somehow (add returning attributes from LDAP, change conditions etc) * - * @param mapperModel * @param query */ - void beforeLDAPQuery(ComponentModel mapperModel, LDAPQuery query); + void beforeLDAPQuery(LDAPQuery query); /** * Called when LDAP authentication of specified user fails. If any mapper returns true from this method, AuthenticationException won't be rethrown! * - * @param mapperModel - * @param ldapProvider - * @param realm * @param user * @param ldapUser * @param ldapException * @return true if mapper processed the AuthenticationException and did some actions based on that. In that case, AuthenticationException won't be rethrown! */ - boolean onAuthenticationFailure(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, LDAPObject ldapUser, UserModel user, AuthenticationException ldapException, RealmModel realm); + boolean onAuthenticationFailure(LDAPObject ldapUser, UserModel user, AuthenticationException ldapException, RealmModel realm); } diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/LDAPStorageMapperBridge.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/LDAPStorageMapperBridge.java deleted file mode 100644 index f3919cc76c..0000000000 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/LDAPStorageMapperBridge.java +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.storage.ldap.mappers; - -import org.keycloak.component.ComponentModel; -import org.keycloak.models.GroupModel; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.RealmModel; -import org.keycloak.models.UserModel; -import org.keycloak.storage.ldap.LDAPStorageProvider; -import org.keycloak.storage.ldap.idm.model.LDAPObject; -import org.keycloak.storage.ldap.idm.query.internal.LDAPQuery; -import org.keycloak.storage.user.SynchronizationResult; - -import javax.naming.AuthenticationException; -import java.util.List; - -/** - * Sufficient if mapper implementation is stateless and doesn't need to "close" any state - * - * @author Marek Posolda - */ -public class LDAPStorageMapperBridge implements LDAPStorageMapper { - - private final AbstractLDAPStorageMapperFactory factory; - - public LDAPStorageMapperBridge(AbstractLDAPStorageMapperFactory factory) { - this.factory = factory; - } - - // Sync groups from LDAP to Keycloak DB - @Override - public SynchronizationResult syncDataFromFederationProviderToKeycloak(ComponentModel mapperModel, LDAPStorageProvider federationProvider, KeycloakSession session, RealmModel realm) { - return getDelegate(mapperModel, federationProvider, realm).syncDataFromFederationProviderToKeycloak(); - } - - @Override - public SynchronizationResult syncDataFromKeycloakToFederationProvider(ComponentModel mapperModel, LDAPStorageProvider federationProvider, KeycloakSession session, RealmModel realm) { - return getDelegate(mapperModel, federationProvider, realm).syncDataFromKeycloakToFederationProvider(); - } - - @Override - public void onImportUserFromLDAP(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate) { - getDelegate(mapperModel, ldapProvider, realm).onImportUserFromLDAP(ldapUser, user, isCreate); - } - - @Override - public void onRegisterUserToLDAP(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, LDAPObject ldapUser, UserModel localUser, RealmModel realm) { - getDelegate(mapperModel, ldapProvider, realm).onRegisterUserToLDAP(ldapUser, localUser); - } - - @Override - public UserModel proxy(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, LDAPObject ldapUser, UserModel delegate, RealmModel realm) { - return getDelegate(mapperModel, ldapProvider, realm).proxy(ldapUser, delegate); - } - - @Override - public void beforeLDAPQuery(ComponentModel mapperModel, LDAPQuery query) { - // Improve if needed - getDelegate(mapperModel, query.getLdapProvider(), null).beforeLDAPQuery(query); - } - - - @Override - public List getGroupMembers(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, RealmModel realm, GroupModel group, int firstResult, int maxResults) { - return getDelegate(mapperModel, ldapProvider, realm).getGroupMembers(group, firstResult, maxResults); - } - - @Override - public boolean onAuthenticationFailure(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, LDAPObject ldapUser, UserModel user, AuthenticationException ldapException, RealmModel realm) { - return getDelegate(mapperModel, ldapProvider, realm).onAuthenticationFailure(ldapUser, user, ldapException); - } - - private AbstractLDAPStorageMapper getDelegate(ComponentModel mapperModel, LDAPStorageProvider federationProvider, RealmModel realm) { - LDAPStorageProvider ldapProvider = (LDAPStorageProvider) federationProvider; - return factory.createMapper(mapperModel, ldapProvider, realm); - } - - @Override - public void close() { - - } -} diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/UserAttributeLDAPStorageMapper.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/UserAttributeLDAPStorageMapper.java index 5767c05262..3b29091e1d 100644 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/UserAttributeLDAPStorageMapper.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/UserAttributeLDAPStorageMapper.java @@ -81,12 +81,12 @@ public class UserAttributeLDAPStorageMapper extends AbstractLDAPStorageMapper { public static final String ALWAYS_READ_VALUE_FROM_LDAP = "always.read.value.from.ldap"; public static final String IS_MANDATORY_IN_LDAP = "is.mandatory.in.ldap"; - public UserAttributeLDAPStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, RealmModel realm) { - super(mapperModel, ldapProvider, realm); + public UserAttributeLDAPStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider) { + super(mapperModel, ldapProvider); } @Override - public void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, boolean isCreate) { + public void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate) { String userModelAttrName = mapperModel.getConfig().getFirst(USER_MODEL_ATTRIBUTE); String ldapAttrName = mapperModel.getConfig().getFirst(LDAP_ATTRIBUTE); @@ -113,7 +113,7 @@ public class UserAttributeLDAPStorageMapper extends AbstractLDAPStorageMapper { } @Override - public void onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser) { + public void onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser, RealmModel realm) { String userModelAttrName = mapperModel.getConfig().getFirst(USER_MODEL_ATTRIBUTE); String ldapAttrName = mapperModel.getConfig().getFirst(LDAP_ATTRIBUTE); boolean isMandatoryInLdap = parseBooleanParameter(mapperModel, IS_MANDATORY_IN_LDAP); @@ -172,7 +172,7 @@ public class UserAttributeLDAPStorageMapper extends AbstractLDAPStorageMapper { } @Override - public UserModel proxy(final LDAPObject ldapUser, UserModel delegate) { + public UserModel proxy(final LDAPObject ldapUser, UserModel delegate, RealmModel realm) { final String userModelAttrName = mapperModel.getConfig().getFirst(USER_MODEL_ATTRIBUTE); final String ldapAttrName = mapperModel.getConfig().getFirst(LDAP_ATTRIBUTE); boolean isAlwaysReadValueFromLDAP = parseBooleanParameter(mapperModel, ALWAYS_READ_VALUE_FROM_LDAP); diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/UserAttributeLDAPStorageMapperFactory.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/UserAttributeLDAPStorageMapperFactory.java index 42ad869278..fcc5525f70 100755 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/UserAttributeLDAPStorageMapperFactory.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/UserAttributeLDAPStorageMapperFactory.java @@ -95,8 +95,8 @@ public class UserAttributeLDAPStorageMapperFactory extends AbstractLDAPStorageMa } @Override - protected AbstractLDAPStorageMapper createMapper(ComponentModel mapperModel, LDAPStorageProvider federationProvider, RealmModel realm) { - return new UserAttributeLDAPStorageMapper(mapperModel, federationProvider, realm); + protected AbstractLDAPStorageMapper createMapper(ComponentModel mapperModel, LDAPStorageProvider federationProvider) { + return new UserAttributeLDAPStorageMapper(mapperModel, federationProvider); } @Override diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/MembershipType.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/MembershipType.java index f62e40eff7..7c171ead56 100644 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/MembershipType.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/MembershipType.java @@ -68,8 +68,7 @@ public enum MembershipType { } @Override - public List getGroupMembers(GroupLDAPStorageMapper groupMapper, LDAPObject ldapGroup, int firstResult, int maxResults) { - RealmModel realm = groupMapper.getRealm(); + public List getGroupMembers(RealmModel realm, GroupLDAPStorageMapper groupMapper, LDAPObject ldapGroup, int firstResult, int maxResults) { LDAPStorageProvider ldapProvider = groupMapper.getLdapProvider(); CommonLDAPGroupMapperConfig config = groupMapper.getConfig(); @@ -134,7 +133,7 @@ public enum MembershipType { } @Override - public List getGroupMembers(GroupLDAPStorageMapper groupMapper, LDAPObject ldapGroup, int firstResult, int maxResults) { + public List getGroupMembers(RealmModel realm, GroupLDAPStorageMapper groupMapper, LDAPObject ldapGroup, int firstResult, int maxResults) { String memberAttrName = groupMapper.getConfig().getMembershipLdapAttribute(); Set memberUids = LDAPUtils.getExistingMemberships(memberAttrName, ldapGroup); @@ -146,12 +145,12 @@ public enum MembershipType { int max = Math.min(memberUids.size(), firstResult + maxResults); uids = uids.subList(firstResult, max); - return groupMapper.getLdapProvider().loadUsersByUsernames(uids, groupMapper.getRealm()); + return groupMapper.getLdapProvider().loadUsersByUsernames(uids, realm); } }; public abstract Set getLDAPSubgroups(GroupLDAPStorageMapper groupMapper, LDAPObject ldapGroup); - public abstract List getGroupMembers(GroupLDAPStorageMapper groupMapper, LDAPObject ldapGroup, int firstResult, int maxResults); + public abstract List getGroupMembers(RealmModel realm, GroupLDAPStorageMapper groupMapper, LDAPObject ldapGroup, int firstResult, int maxResults); } diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/group/GroupLDAPStorageMapper.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/group/GroupLDAPStorageMapper.java index 515ce1643d..16c5b62846 100644 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/group/GroupLDAPStorageMapper.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/group/GroupLDAPStorageMapper.java @@ -64,8 +64,8 @@ public class GroupLDAPStorageMapper extends AbstractLDAPStorageMapper implements // Flag to avoid syncing multiple times per transaction private boolean syncFromLDAPPerformedInThisTransaction = false; - public GroupLDAPStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, RealmModel realm, GroupLDAPStorageMapperFactory factory) { - super(mapperModel, ldapProvider, realm); + public GroupLDAPStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, GroupLDAPStorageMapperFactory factory) { + super(mapperModel, ldapProvider); this.config = new GroupMapperConfig(mapperModel); this.factory = factory; } @@ -139,7 +139,7 @@ public class GroupLDAPStorageMapper extends AbstractLDAPStorageMapper implements // Sync from Ldap to KC @Override - public SynchronizationResult syncDataFromFederationProviderToKeycloak() { + public SynchronizationResult syncDataFromFederationProviderToKeycloak(RealmModel realm) { SynchronizationResult syncResult = new SynchronizationResult() { @Override @@ -176,7 +176,7 @@ public class GroupLDAPStorageMapper extends AbstractLDAPStorageMapper implements try { List groupTrees = new GroupTreeResolver().resolveGroupTree(ldapGroupsRep); - updateKeycloakGroupTree(groupTrees, ldapGroupsMap, syncResult); + updateKeycloakGroupTree(realm, groupTrees, ldapGroupsMap, syncResult); } catch (GroupTreeResolver.GroupTreeResolveException gre) { throw new ModelException("Couldn't resolve groups from LDAP. Fix LDAP or skip preserve inheritance. Details: " + gre.getMessage(), gre); } @@ -203,7 +203,7 @@ public class GroupLDAPStorageMapper extends AbstractLDAPStorageMapper implements // Possibly remove keycloak groups, which doesn't exists in LDAP if (config.isDropNonExistingGroupsDuringSync()) { - dropNonExistingKcGroups(syncResult, visitedGroupIds); + dropNonExistingKcGroups(realm, syncResult, visitedGroupIds); } } @@ -212,20 +212,20 @@ public class GroupLDAPStorageMapper extends AbstractLDAPStorageMapper implements return syncResult; } - private void updateKeycloakGroupTree(List groupTrees, Map ldapGroups, SynchronizationResult syncResult) { + private void updateKeycloakGroupTree(RealmModel realm, List groupTrees, Map ldapGroups, SynchronizationResult syncResult) { Set visitedGroupIds = new HashSet<>(); for (GroupTreeResolver.GroupTreeEntry groupEntry : groupTrees) { - updateKeycloakGroupTreeEntry(groupEntry, ldapGroups, null, syncResult, visitedGroupIds); + updateKeycloakGroupTreeEntry(realm, groupEntry, ldapGroups, null, syncResult, visitedGroupIds); } // Possibly remove keycloak groups, which doesn't exists in LDAP if (config.isDropNonExistingGroupsDuringSync()) { - dropNonExistingKcGroups(syncResult, visitedGroupIds); + dropNonExistingKcGroups(realm, syncResult, visitedGroupIds); } } - private void updateKeycloakGroupTreeEntry(GroupTreeResolver.GroupTreeEntry groupTreeEntry, Map ldapGroups, GroupModel kcParent, SynchronizationResult syncResult, Set visitedGroupIds) { + private void updateKeycloakGroupTreeEntry(RealmModel realm, GroupTreeResolver.GroupTreeEntry groupTreeEntry, Map ldapGroups, GroupModel kcParent, SynchronizationResult syncResult, Set visitedGroupIds) { String groupName = groupTreeEntry.getGroupName(); // Check if group already exists @@ -259,11 +259,11 @@ public class GroupLDAPStorageMapper extends AbstractLDAPStorageMapper implements visitedGroupIds.add(kcGroup.getId()); for (GroupTreeResolver.GroupTreeEntry childEntry : groupTreeEntry.getChildren()) { - updateKeycloakGroupTreeEntry(childEntry, ldapGroups, kcGroup, syncResult, visitedGroupIds); + updateKeycloakGroupTreeEntry(realm, childEntry, ldapGroups, kcGroup, syncResult, visitedGroupIds); } } - private void dropNonExistingKcGroups(SynchronizationResult syncResult, Set visitedGroupIds) { + private void dropNonExistingKcGroups(RealmModel realm, SynchronizationResult syncResult, Set visitedGroupIds) { // Remove keycloak groups, which doesn't exists in LDAP List allGroups = realm.getGroups(); for (GroupModel kcGroup : allGroups) { @@ -289,7 +289,7 @@ public class GroupLDAPStorageMapper extends AbstractLDAPStorageMapper implements } - protected GroupModel findKcGroupByLDAPGroup(LDAPObject ldapGroup) { + protected GroupModel findKcGroupByLDAPGroup(RealmModel realm, LDAPObject ldapGroup) { String groupNameAttr = config.getGroupNameLdapAttribute(); String groupName = ldapGroup.getAttributeAsString(groupNameAttr); @@ -309,8 +309,8 @@ public class GroupLDAPStorageMapper extends AbstractLDAPStorageMapper implements } } - protected GroupModel findKcGroupOrSyncFromLDAP(LDAPObject ldapGroup, UserModel user) { - GroupModel kcGroup = findKcGroupByLDAPGroup(ldapGroup); + protected GroupModel findKcGroupOrSyncFromLDAP(RealmModel realm, LDAPObject ldapGroup, UserModel user) { + GroupModel kcGroup = findKcGroupByLDAPGroup(realm, ldapGroup); if (kcGroup == null) { @@ -318,8 +318,8 @@ public class GroupLDAPStorageMapper extends AbstractLDAPStorageMapper implements // Better to sync all groups from LDAP with preserved inheritance if (!syncFromLDAPPerformedInThisTransaction) { - syncDataFromFederationProviderToKeycloak(); - kcGroup = findKcGroupByLDAPGroup(ldapGroup); + syncDataFromFederationProviderToKeycloak(realm); + kcGroup = findKcGroupByLDAPGroup(realm, ldapGroup); } } else { String groupNameAttr = config.getGroupNameLdapAttribute(); @@ -348,8 +348,8 @@ public class GroupLDAPStorageMapper extends AbstractLDAPStorageMapper implements // Sync from Keycloak to LDAP - - public SynchronizationResult syncDataFromKeycloakToFederationProvider() { + @Override + public SynchronizationResult syncDataFromKeycloakToFederationProvider(RealmModel realm) { SynchronizationResult syncResult = new SynchronizationResult() { @Override @@ -480,20 +480,20 @@ public class GroupLDAPStorageMapper extends AbstractLDAPStorageMapper implements @Override - public List getGroupMembers(GroupModel kcGroup, int firstResult, int maxResults) { + public List getGroupMembers(RealmModel realm, GroupModel kcGroup, int firstResult, int maxResults) { LDAPObject ldapGroup = loadLDAPGroupByName(kcGroup.getName()); if (ldapGroup == null) { return Collections.emptyList(); } MembershipType membershipType = config.getMembershipTypeLdapAttribute(); - return membershipType.getGroupMembers(this, ldapGroup, firstResult, maxResults); + return membershipType.getGroupMembers(realm, this, ldapGroup, firstResult, maxResults); } - public void addGroupMappingInLDAP(String groupName, LDAPObject ldapUser) { + public void addGroupMappingInLDAP(RealmModel realm, String groupName, LDAPObject ldapUser) { LDAPObject ldapGroup = loadLDAPGroupByName(groupName); if (ldapGroup == null) { - syncDataFromKeycloakToFederationProvider(); + syncDataFromKeycloakToFederationProvider(realm); ldapGroup = loadLDAPGroupByName(groupName); } @@ -510,27 +510,31 @@ public class GroupLDAPStorageMapper extends AbstractLDAPStorageMapper implements return strategy.getLDAPRoleMappings(this, ldapUser); } + @Override public void beforeLDAPQuery(LDAPQuery query) { String strategyKey = config.getUserGroupsRetrieveStrategy(); UserRolesRetrieveStrategy strategy = factory.getUserGroupsRetrieveStrategy(strategyKey); strategy.beforeUserLDAPQuery(query); } - public UserModel proxy(LDAPObject ldapUser, UserModel delegate) { + @Override + public UserModel proxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm) { final LDAPGroupMapperMode mode = config.getMode(); // For IMPORT mode, all operations are performed against local DB if (mode == LDAPGroupMapperMode.IMPORT) { return delegate; } else { - return new LDAPGroupMappingsUserDelegate(delegate, ldapUser); + return new LDAPGroupMappingsUserDelegate(realm, delegate, ldapUser); } } - public void onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser) { + @Override + public void onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser, RealmModel realm) { } - public void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, boolean isCreate) { + @Override + public void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate) { LDAPGroupMapperMode mode = config.getMode(); // For now, import LDAP group mappings just during create @@ -541,7 +545,7 @@ public class GroupLDAPStorageMapper extends AbstractLDAPStorageMapper implements // Import role mappings from LDAP into Keycloak DB for (LDAPObject ldapGroup : ldapGroups) { - GroupModel kcGroup = findKcGroupOrSyncFromLDAP(ldapGroup, user); + GroupModel kcGroup = findKcGroupOrSyncFromLDAP(realm, ldapGroup, user); if (kcGroup != null) { logger.debugf("User '%s' joins group '%s' during import from LDAP", user.getUsername(), kcGroup.getName()); user.joinGroup(kcGroup); @@ -553,13 +557,15 @@ public class GroupLDAPStorageMapper extends AbstractLDAPStorageMapper implements public class LDAPGroupMappingsUserDelegate extends UserModelDelegate { + private final RealmModel realm; private final LDAPObject ldapUser; // Avoid loading group mappings from LDAP more times per-request private Set cachedLDAPGroupMappings; - public LDAPGroupMappingsUserDelegate(UserModel user, LDAPObject ldapUser) { + public LDAPGroupMappingsUserDelegate(RealmModel realm, UserModel user, LDAPObject ldapUser) { super(user); + this.realm = realm; this.ldapUser = ldapUser; } @@ -587,7 +593,7 @@ public class GroupLDAPStorageMapper extends AbstractLDAPStorageMapper implements if (config.getMode() == LDAPGroupMapperMode.LDAP_ONLY) { // We need to create new role mappings in LDAP cachedLDAPGroupMappings = null; - addGroupMappingInLDAP(group.getName(), ldapUser); + addGroupMappingInLDAP(realm, group.getName(), ldapUser); } else { super.joinGroup(group); } @@ -635,7 +641,7 @@ public class GroupLDAPStorageMapper extends AbstractLDAPStorageMapper implements Set result = new HashSet<>(); for (LDAPObject ldapGroup : ldapGroups) { - GroupModel kcGroup = findKcGroupOrSyncFromLDAP(ldapGroup, this); + GroupModel kcGroup = findKcGroupOrSyncFromLDAP(realm, ldapGroup, this); if (kcGroup != null) { result.add(kcGroup); } diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/group/GroupLDAPStorageMapperFactory.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/group/GroupLDAPStorageMapperFactory.java index 6c01c308b7..3f018b7022 100644 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/group/GroupLDAPStorageMapperFactory.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/group/GroupLDAPStorageMapperFactory.java @@ -200,8 +200,8 @@ public class GroupLDAPStorageMapperFactory extends AbstractLDAPStorageMapperFact } @Override - protected AbstractLDAPStorageMapper createMapper(ComponentModel mapperModel, LDAPStorageProvider federationProvider, RealmModel realm) { - return new GroupLDAPStorageMapper(mapperModel, federationProvider, realm, this); + protected AbstractLDAPStorageMapper createMapper(ComponentModel mapperModel, LDAPStorageProvider federationProvider) { + return new GroupLDAPStorageMapper(mapperModel, federationProvider, this); } protected UserRolesRetrieveStrategy getUserGroupsRetrieveStrategy(String strategyKey) { diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/role/RoleLDAPStorageMapper.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/role/RoleLDAPStorageMapper.java index f98a4397f5..e3a524fec9 100644 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/role/RoleLDAPStorageMapper.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/role/RoleLDAPStorageMapper.java @@ -58,8 +58,8 @@ public class RoleLDAPStorageMapper extends AbstractLDAPStorageMapper implements private final RoleMapperConfig config; private final RoleLDAPStorageMapperFactory factory; - public RoleLDAPStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, RealmModel realm, RoleLDAPStorageMapperFactory factory) { - super(mapperModel, ldapProvider, realm); + public RoleLDAPStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, RoleLDAPStorageMapperFactory factory) { + super(mapperModel, ldapProvider); this.config = new RoleMapperConfig(mapperModel); this.factory = factory; } @@ -77,7 +77,7 @@ public class RoleLDAPStorageMapper extends AbstractLDAPStorageMapper implements @Override - public void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, boolean isCreate) { + public void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate) { LDAPGroupMapperMode mode = config.getMode(); // For now, import LDAP role mappings just during create @@ -90,7 +90,7 @@ public class RoleLDAPStorageMapper extends AbstractLDAPStorageMapper implements for (LDAPObject ldapRole : ldapRoles) { String roleName = ldapRole.getAttributeAsString(roleNameAttr); - RoleContainerModel roleContainer = getTargetRoleContainer(); + RoleContainerModel roleContainer = getTargetRoleContainer(realm); RoleModel role = roleContainer.getRole(roleName); if (role == null) { @@ -104,13 +104,13 @@ public class RoleLDAPStorageMapper extends AbstractLDAPStorageMapper implements } @Override - public void onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser) { + public void onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser, RealmModel realm) { } // Sync roles from LDAP to Keycloak DB @Override - public SynchronizationResult syncDataFromFederationProviderToKeycloak() { + public SynchronizationResult syncDataFromFederationProviderToKeycloak(RealmModel realm) { SynchronizationResult syncResult = new SynchronizationResult() { @Override @@ -126,7 +126,7 @@ public class RoleLDAPStorageMapper extends AbstractLDAPStorageMapper implements LDAPQuery ldapRoleQuery = createRoleQuery(); List ldapRoles = LDAPUtils.loadAllLDAPObjects(ldapRoleQuery, ldapProvider); - RoleContainerModel roleContainer = getTargetRoleContainer(); + RoleContainerModel roleContainer = getTargetRoleContainer(realm); String rolesRdnAttr = config.getRoleNameLdapAttribute(); for (LDAPObject ldapRole : ldapRoles) { String roleName = ldapRole.getAttributeAsString(rolesRdnAttr); @@ -146,7 +146,7 @@ public class RoleLDAPStorageMapper extends AbstractLDAPStorageMapper implements // Sync roles from Keycloak back to LDAP @Override - public SynchronizationResult syncDataFromKeycloakToFederationProvider() { + public SynchronizationResult syncDataFromKeycloakToFederationProvider(RealmModel realm) { SynchronizationResult syncResult = new SynchronizationResult() { @Override @@ -175,7 +175,7 @@ public class RoleLDAPStorageMapper extends AbstractLDAPStorageMapper implements } - RoleContainerModel roleContainer = getTargetRoleContainer(); + RoleContainerModel roleContainer = getTargetRoleContainer(realm); Set keycloakRoles = roleContainer.getRoles(); for (RoleModel keycloakRole : keycloakRoles) { @@ -220,7 +220,7 @@ public class RoleLDAPStorageMapper extends AbstractLDAPStorageMapper implements return ldapQuery; } - protected RoleContainerModel getTargetRoleContainer() { + protected RoleContainerModel getTargetRoleContainer(RealmModel realm) { boolean realmRolesMapping = config.isRealmRolesMapping(); if (realmRolesMapping) { return realm; @@ -273,14 +273,14 @@ public class RoleLDAPStorageMapper extends AbstractLDAPStorageMapper implements } @Override - public UserModel proxy(LDAPObject ldapUser, UserModel delegate) { + public UserModel proxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm) { final LDAPGroupMapperMode mode = config.getMode(); // For IMPORT mode, all operations are performed against local DB if (mode == LDAPGroupMapperMode.IMPORT) { return delegate; } else { - return new LDAPRoleMappingsUserDelegate(delegate, ldapUser); + return new LDAPRoleMappingsUserDelegate(realm, delegate, ldapUser); } } @@ -295,16 +295,18 @@ public class RoleLDAPStorageMapper extends AbstractLDAPStorageMapper implements public class LDAPRoleMappingsUserDelegate extends UserModelDelegate { + private final RealmModel realm; private final LDAPObject ldapUser; private final RoleContainerModel roleContainer; // Avoid loading role mappings from LDAP more times per-request private Set cachedLDAPRoleMappings; - public LDAPRoleMappingsUserDelegate(UserModel user, LDAPObject ldapUser) { + public LDAPRoleMappingsUserDelegate(RealmModel realm, UserModel user, LDAPObject ldapUser) { super(user); + this.realm = realm; this.ldapUser = ldapUser; - this.roleContainer = getTargetRoleContainer(); + this.roleContainer = getTargetRoleContainer(realm); } @Override diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/role/RoleLDAPStorageMapperFactory.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/role/RoleLDAPStorageMapperFactory.java index fe4ee3fd23..f5c8dfe752 100644 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/role/RoleLDAPStorageMapperFactory.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/role/RoleLDAPStorageMapperFactory.java @@ -194,8 +194,8 @@ public class RoleLDAPStorageMapperFactory extends AbstractLDAPStorageMapperFacto } @Override - protected AbstractLDAPStorageMapper createMapper(ComponentModel mapperModel, LDAPStorageProvider federationProvider, RealmModel realm) { - return new RoleLDAPStorageMapper(mapperModel, federationProvider, realm, this); + protected AbstractLDAPStorageMapper createMapper(ComponentModel mapperModel, LDAPStorageProvider federationProvider) { + return new RoleLDAPStorageMapper(mapperModel, federationProvider, this); } protected UserRolesRetrieveStrategy getUserRolesRetrieveStrategy(String strategyKey) { diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapper.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapper.java index 1614fefb47..57164e6bfb 100644 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapper.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapper.java @@ -51,8 +51,8 @@ public class MSADUserAccountControlStorageMapper extends AbstractLDAPStorageMapp private static final Pattern AUTH_EXCEPTION_REGEX = Pattern.compile(".*AcceptSecurityContext error, data ([0-9a-f]*), v.*"); private static final Pattern AUTH_INVALID_NEW_PASSWORD = Pattern.compile(".*error code ([0-9a-f]+) .*WILL_NOT_PERFORM.*"); - public MSADUserAccountControlStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, RealmModel realm) { - super(mapperModel, ldapProvider, realm); + public MSADUserAccountControlStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider) { + super(mapperModel, ldapProvider); ldapProvider.setUpdater(this); } @@ -95,22 +95,22 @@ public class MSADUserAccountControlStorageMapper extends AbstractLDAPStorageMapp } @Override - public UserModel proxy(LDAPObject ldapUser, UserModel delegate) { + public UserModel proxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm) { return new MSADUserModelDelegate(delegate, ldapUser); } @Override - public void onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser) { + public void onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser, RealmModel realm) { } @Override - public void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, boolean isCreate) { + public void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate) { } @Override - public boolean onAuthenticationFailure(LDAPObject ldapUser, UserModel user, AuthenticationException ldapException) { + public boolean onAuthenticationFailure(LDAPObject ldapUser, UserModel user, AuthenticationException ldapException, RealmModel realm) { String exceptionMessage = ldapException.getMessage(); Matcher m = AUTH_EXCEPTION_REGEX.matcher(exceptionMessage); if (m.matches()) { diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapperFactory.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapperFactory.java index 560eff0b87..9dc1e5a66e 100644 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapperFactory.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapperFactory.java @@ -56,7 +56,7 @@ public class MSADUserAccountControlStorageMapperFactory extends AbstractLDAPStor } @Override - protected AbstractLDAPStorageMapper createMapper(ComponentModel mapperModel, LDAPStorageProvider federationProvider, RealmModel realm) { - return new MSADUserAccountControlStorageMapper(mapperModel, federationProvider, realm); + protected AbstractLDAPStorageMapper createMapper(ComponentModel mapperModel, LDAPStorageProvider federationProvider) { + return new MSADUserAccountControlStorageMapper(mapperModel, federationProvider); } } diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msadlds/MSADLDSUserAccountControlStorageMapper.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msadlds/MSADLDSUserAccountControlStorageMapper.java index 301ad3a646..517a3c004b 100644 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msadlds/MSADLDSUserAccountControlStorageMapper.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msadlds/MSADLDSUserAccountControlStorageMapper.java @@ -52,8 +52,8 @@ public class MSADLDSUserAccountControlStorageMapper extends AbstractLDAPStorageM private static final Pattern AUTH_EXCEPTION_REGEX = Pattern.compile(".*AcceptSecurityContext error, data ([0-9a-f]*), v.*"); private static final Pattern AUTH_INVALID_NEW_PASSWORD = Pattern.compile("(?s).*problem 1005 \\(CONSTRAINT_ATT_TYPE\\), data [0-9a-f]*, Att 23 \\(userPassword\\).*"); - public MSADLDSUserAccountControlStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, RealmModel realm) { - super(mapperModel, ldapProvider, realm); + public MSADLDSUserAccountControlStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider) { + super(mapperModel, ldapProvider); ldapProvider.setUpdater(this); } @@ -94,22 +94,22 @@ public class MSADLDSUserAccountControlStorageMapper extends AbstractLDAPStorageM } @Override - public UserModel proxy(LDAPObject ldapUser, UserModel delegate) { + public UserModel proxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm) { return new MSADUserModelDelegate(delegate, ldapUser); } @Override - public void onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser) { + public void onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser, RealmModel realm) { } @Override - public void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, boolean isCreate) { + public void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate) { } @Override - public boolean onAuthenticationFailure(LDAPObject ldapUser, UserModel user, AuthenticationException ldapException) { + public boolean onAuthenticationFailure(LDAPObject ldapUser, UserModel user, AuthenticationException ldapException, RealmModel realm) { String exceptionMessage = ldapException.getMessage(); Matcher m = AUTH_EXCEPTION_REGEX.matcher(exceptionMessage); if (m.matches()) { diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msadlds/MSADLDSUserAccountControlStorageMapperFactory.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msadlds/MSADLDSUserAccountControlStorageMapperFactory.java index fc456cdddf..5f5d12e965 100644 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msadlds/MSADLDSUserAccountControlStorageMapperFactory.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msadlds/MSADLDSUserAccountControlStorageMapperFactory.java @@ -57,7 +57,7 @@ public class MSADLDSUserAccountControlStorageMapperFactory extends AbstractLDAPS } @Override - protected AbstractLDAPStorageMapper createMapper(ComponentModel mapperModel, LDAPStorageProvider federationProvider, RealmModel realm) { - return new MSADLDSUserAccountControlStorageMapper(mapperModel, federationProvider, realm); + protected AbstractLDAPStorageMapper createMapper(ComponentModel mapperModel, LDAPStorageProvider federationProvider) { + return new MSADLDSUserAccountControlStorageMapper(mapperModel, federationProvider); } } diff --git a/services/src/main/java/org/keycloak/services/DefaultKeycloakSession.java b/services/src/main/java/org/keycloak/services/DefaultKeycloakSession.java index 13b3bdae82..9d615a5c36 100644 --- a/services/src/main/java/org/keycloak/services/DefaultKeycloakSession.java +++ b/services/src/main/java/org/keycloak/services/DefaultKeycloakSession.java @@ -182,7 +182,7 @@ public class DefaultKeycloakSession implements KeycloakSession { @Override public T getProvider(Class clazz, ComponentModel componentModel) { - String modelId = componentModel.getProviderType() + "::" + componentModel.getId(); + String modelId = componentModel.getId(); Object found = getAttribute(modelId); if (found != null) { diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UserStorageProviderResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UserStorageProviderResource.java index 5deaf32226..4f12322160 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/UserStorageProviderResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/UserStorageProviderResource.java @@ -147,19 +147,17 @@ public class UserStorageProviderResource { if (parentModel == null) throw new NotFoundException("Parent model not found"); ComponentModel mapperModel = realm.getComponent(mapperId); if (mapperModel == null) throw new NotFoundException("Mapper model not found"); - LDAPStorageMapper mapper = session.getProvider(LDAPStorageMapper.class, mapperModel); - ProviderFactory factory = session.getKeycloakSessionFactory().getProviderFactory(UserStorageProvider.class, parentModel.getProviderId()); - LDAPStorageProviderFactory providerFactory = (LDAPStorageProviderFactory)factory; - LDAPStorageProvider federationProvider = providerFactory.create(session, parentModel); + LDAPStorageProvider ldapProvider = (LDAPStorageProvider) session.getProvider(UserStorageProvider.class, parentModel); + LDAPStorageMapper mapper = session.getProvider(LDAPStorageMapper.class, mapperModel); ServicesLogger.LOGGER.syncingDataForMapper(mapperModel.getName(), mapperModel.getProviderId(), direction); SynchronizationResult syncResult; if ("fedToKeycloak".equals(direction)) { - syncResult = mapper.syncDataFromFederationProviderToKeycloak(mapperModel, federationProvider, session, realm); + syncResult = mapper.syncDataFromFederationProviderToKeycloak(realm); } else if ("keycloakToFed".equals(direction)) { - syncResult = mapper.syncDataFromKeycloakToFederationProvider(mapperModel, federationProvider, session, realm); + syncResult = mapper.syncDataFromKeycloakToFederationProvider(realm); } else { throw new BadRequestException("Unknown direction: " + direction); } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapper2WaySyncTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapper2WaySyncTest.java index 78e690731d..6cc66a3dc1 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapper2WaySyncTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapper2WaySyncTest.java @@ -115,7 +115,7 @@ public class LDAPGroupMapper2WaySyncTest { realm.updateComponent(mapperModel); // Sync from Keycloak into LDAP - SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromKeycloakToFederationProvider(mapperModel, ldapProvider, session, realm); + SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromKeycloakToFederationProvider(realm); LDAPTestUtils.assertSyncEquals(syncResult, 4, 0, 0, 0); } finally { keycloakRule.stopSession(session, true); @@ -143,7 +143,7 @@ public class LDAPGroupMapper2WaySyncTest { LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); // Sync from LDAP back into Keycloak - SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(mapperModel, ldapProvider, session, realm); + SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm); LDAPTestUtils.assertSyncEquals(syncResult, 4, 0, 0, 0); // Assert groups are imported to keycloak. All are at top level @@ -179,7 +179,7 @@ public class LDAPGroupMapper2WaySyncTest { realm.updateComponent(mapperModel); // Sync from Keycloak into LDAP - SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromKeycloakToFederationProvider(mapperModel, ldapProvider, session, realm); + SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromKeycloakToFederationProvider(realm); LDAPTestUtils.assertSyncEquals(syncResult, 4, 0, 0, 0); } finally { keycloakRule.stopSession(session, true); @@ -207,7 +207,7 @@ public class LDAPGroupMapper2WaySyncTest { LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); // Sync from LDAP back into Keycloak - SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(mapperModel, ldapProvider, session, realm); + SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm); LDAPTestUtils.assertSyncEquals(syncResult, 4, 0, 0, 0); // Assert groups are imported to keycloak. All are at top level @@ -242,7 +242,7 @@ public class LDAPGroupMapper2WaySyncTest { LDAPTestUtils.createLDAPGroup(session, realm, ldapModel, "group3"); // Sync and assert our group is still in LDAP - SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromKeycloakToFederationProvider(mapperModel, ldapProvider, session, realm); + SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromKeycloakToFederationProvider(realm); LDAPTestUtils.assertSyncEquals(syncResult, 0, 4, 0, 0); Assert.assertNotNull(LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, realm).loadLDAPGroupByName("group3")); @@ -251,7 +251,7 @@ public class LDAPGroupMapper2WaySyncTest { realm.updateComponent(mapperModel); // Sync and assert group removed from LDAP - syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromKeycloakToFederationProvider(mapperModel, ldapProvider, session, realm); + syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromKeycloakToFederationProvider(realm); LDAPTestUtils.assertSyncEquals(syncResult, 0, 4, 1, 0); Assert.assertNull(LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, realm).loadLDAPGroupByName("group3")); } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapperSyncTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapperSyncTest.java index 9b41bb6433..cc29081a6b 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapperSyncTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapperSyncTest.java @@ -147,7 +147,7 @@ public class LDAPGroupMapperSyncTest { LDAPUtils.addMember(ldapProvider, MembershipType.DN, LDAPConstants.MEMBER, group12, group1, true); try { - new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(mapperModel, ldapProvider, session, realm); + new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm); Assert.fail("Not expected group sync to pass"); } catch (ModelException expected) { Assert.assertTrue(expected.getMessage().contains("Recursion detected")); @@ -157,7 +157,7 @@ public class LDAPGroupMapperSyncTest { LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.PRESERVE_GROUP_INHERITANCE, "false"); realm.updateComponent(mapperModel); - new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(mapperModel, ldapProvider, session, realm); + new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm); // Assert groups are imported to keycloak. All are at top level GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, "/group1"); @@ -206,7 +206,7 @@ public class LDAPGroupMapperSyncTest { GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, realm); // Sync groups with inheritance - SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(mapperModel, ldapProvider, session, realm); + SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm); LDAPTestUtils.assertSyncEquals(syncResult, 3, 0, 0, 0); // Assert groups are imported to keycloak including their inheritance from LDAP @@ -232,7 +232,7 @@ public class LDAPGroupMapperSyncTest { ldapProvider.getLdapIdentityStore().update(group12); // Sync and assert groups updated - syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(mapperModel, ldapProvider, session, realm); + syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm); LDAPTestUtils.assertSyncEquals(syncResult, 0, 3, 0, 0); // Assert attributes changed in keycloak @@ -254,7 +254,7 @@ public class LDAPGroupMapperSyncTest { LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); // Sync groups with inheritance - SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(mapperModel, ldapProvider, session, realm); + SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm); LDAPTestUtils.assertSyncEquals(syncResult, 3, 0, 0, 0); // Assert groups are imported to keycloak including their inheritance from LDAP @@ -271,7 +271,7 @@ public class LDAPGroupMapperSyncTest { realm.moveGroup(model2, kcGroup1); // Sync groups again from LDAP. Nothing deleted - syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(mapperModel, ldapProvider, session, realm); + syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm); LDAPTestUtils.assertSyncEquals(syncResult, 0, 3, 0, 0); Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/group11")); @@ -284,7 +284,7 @@ public class LDAPGroupMapperSyncTest { realm.updateComponent(mapperModel); // Sync groups again from LDAP. Assert LDAP non-existing groups deleted - syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(mapperModel, ldapProvider, session, realm); + syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm); Assert.assertEquals(3, syncResult.getUpdated()); Assert.assertTrue(syncResult.getRemoved() == 2); @@ -317,7 +317,7 @@ public class LDAPGroupMapperSyncTest { LDAPTestUtils.removeAllLDAPUsers(ldapProvider, realm); LDAPObject johnLdap = LDAPTestUtils.addLDAPUser(ldapProvider, realm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234"); LDAPTestUtils.updateLDAPPassword(ldapProvider, johnLdap, "Password1"); - groupMapper.addGroupMappingInLDAP("group11", johnLdap); + groupMapper.addGroupMappingInLDAP(realm, "group11", johnLdap); // Assert groups not yet imported to Keycloak DB Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group1")); diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapperTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapperTest.java index 5157b1f682..1371d7bba8 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapperTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapperTest.java @@ -103,7 +103,7 @@ public class LDAPGroupMapperTest { // Sync LDAP groups to Keycloak DB ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm,ldapModel, "groupsMapper"); - new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(mapperModel, ldapFedProvider, session, appRealm); + new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(appRealm); // Delete all LDAP users LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm); @@ -220,8 +220,8 @@ public class LDAPGroupMapperTest { GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, appRealm); LDAPObject maryLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "marykeycloak"); - groupMapper.addGroupMappingInLDAP("group1", maryLdap); - groupMapper.addGroupMappingInLDAP("group11", maryLdap); + groupMapper.addGroupMappingInLDAP(appRealm, "group1", maryLdap); + groupMapper.addGroupMappingInLDAP(appRealm, "group11", maryLdap); // Add some group mapping to model mary.joinGroup(group12); @@ -282,8 +282,8 @@ public class LDAPGroupMapperTest { GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, appRealm); LDAPObject robLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "robkeycloak"); - groupMapper.addGroupMappingInLDAP("group11", robLdap); - groupMapper.addGroupMappingInLDAP("group12", robLdap); + groupMapper.addGroupMappingInLDAP(appRealm, "group11", robLdap); + groupMapper.addGroupMappingInLDAP(appRealm, "group12", robLdap); // Get user and check that he has requested groupa from LDAP UserModel rob = session.users().getUserByUsername("robkeycloak", appRealm); @@ -349,7 +349,7 @@ public class LDAPGroupMapperTest { LDAPUtils.addMember(ldapProvider, MembershipType.DN, LDAPConstants.MEMBER, group2, nonExistentLdapUser, true); // 4 - Check group members. Just existing user rob should be present - groupMapper.syncDataFromFederationProviderToKeycloak(); + groupMapper.syncDataFromFederationProviderToKeycloak(appRealm); GroupModel kcGroup2 = KeycloakModelUtils.findGroupByPath(appRealm, "/group2"); List groupUsers = session.users().getGroupMembers(appRealm, kcGroup2, 0, 5); Assert.assertEquals(1, groupUsers.size()); diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPTestUtils.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPTestUtils.java index db69be7a10..8338c486f4 100644 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPTestUtils.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPTestUtils.java @@ -238,11 +238,11 @@ public class LDAPTestUtils { ComponentModel mapperModel = getSubcomponentByName(realm, providerModel, "realmRolesMapper"); RoleLDAPStorageMapper roleMapper = getRoleMapper(mapperModel, ldapProvider, realm); - roleMapper.syncDataFromFederationProviderToKeycloak(); + roleMapper.syncDataFromFederationProviderToKeycloak(realm); mapperModel = getSubcomponentByName(realm, providerModel, "financeRolesMapper"); roleMapper = getRoleMapper(mapperModel, ldapProvider, realm); - roleMapper.syncDataFromFederationProviderToKeycloak(); + roleMapper.syncDataFromFederationProviderToKeycloak(realm); } public static void removeAllLDAPUsers(LDAPStorageProvider ldapProvider, RealmModel realm) { @@ -296,11 +296,11 @@ public class LDAPTestUtils { } public static GroupLDAPStorageMapper getGroupMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, RealmModel realm) { - return new GroupLDAPStorageMapper(mapperModel, ldapProvider, realm, new GroupLDAPStorageMapperFactory()); + return new GroupLDAPStorageMapper(mapperModel, ldapProvider, new GroupLDAPStorageMapperFactory()); } public static RoleLDAPStorageMapper getRoleMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, RealmModel realm) { - return new RoleLDAPStorageMapper(mapperModel, ldapProvider, realm, new RoleLDAPStorageMapperFactory()); + return new RoleLDAPStorageMapper(mapperModel, ldapProvider, new RoleLDAPStorageMapperFactory()); }