libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Deprecate IDP related methods in RealmModel

Browse source 
- delegate to the new provider

Closes #31253

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
This commit is contained in:
Stefan Guilhen 2024-07-23 13:18:12 -03:00 committed by Alexander Schwartz
parent c16e88bcee
commit f45529de8c
7 changed files with 55 additions and 233 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmAdapter.java vendored
View file

@ -906,20 +906,16 @@ public class RealmAdapter implements CachedRealmModel {
@Override
public Stream<IdentityProviderModel> getIdentityProvidersStream() {
if (isUpdated()) return updated.getIdentityProvidersStream().map(this::createOrganizationAwareIdentityProviderModel);
return cached.getIdentityProviders().stream().map(this::createOrganizationAwareIdentityProviderModel);
return session.identityProviders().getAllStream().map(this::createOrganizationAwareIdentityProviderModel);
}
@Override
public IdentityProviderModel getIdentityProviderByAlias(String alias) {
if (isUpdated()) return createOrganizationAwareIdentityProviderModel(updated.getIdentityProviderByAlias(alias));
return getIdentityProvidersStream()
.filter(model -> Objects.equals(model.getAlias(), alias))
.findFirst()
.map(this::createOrganizationAwareIdentityProviderModel)
.orElse(null);
IdentityProviderModel idp = session.identityProviders().getByAlias(alias);
return idp != null ? createOrganizationAwareIdentityProviderModel(idp) : null;
}
// TODO move this to the infinispan IDPProvider implementation.
private IdentityProviderModel createOrganizationAwareIdentityProviderModel(IdentityProviderModel idp) {
if (!Profile.isFeatureEnabled(Profile.Feature.ORGANIZATION)) return idp;
return new IdentityProviderModel(idp) {
@ -938,20 +934,17 @@ public class RealmAdapter implements CachedRealmModel {
@Override
public void addIdentityProvider(IdentityProviderModel identityProvider) {
getDelegateForUpdate();
updated.addIdentityProvider(identityProvider);
session.identityProviders().create(identityProvider);
}
@Override
public void updateIdentityProvider(IdentityProviderModel identityProvider) {
getDelegateForUpdate();
updated.updateIdentityProvider(identityProvider);
session.identityProviders().update(identityProvider);
}
@Override
public void removeIdentityProviderByAlias(String alias) {
getDelegateForUpdate();
updated.removeIdentityProviderByAlias(alias);
session.identityProviders().remove(alias);
}
@Override
@ -1147,8 +1140,7 @@ public class RealmAdapter implements CachedRealmModel {
@Override
public boolean isIdentityFederationEnabled() {
if (isUpdated()) return updated.isIdentityFederationEnabled();
return cached.isIdentityFederationEnabled();
return session.identityProviders().isIdentityFederationEnabled();
}

16
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedRealm.java vendored
View file

@ -40,7 +40,6 @@ import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.GroupModel;
import org.keycloak.models.IdentityProviderMapperModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.OAuth2DeviceConfig;
import org.keycloak.models.OTPPolicy;
import org.keycloak.models.ParConfig;
@ -127,7 +126,6 @@ public class CachedRealm extends AbstractExtendableRevisioned {
protected MultivaluedMap<String, ComponentModel> componentsByParent = new MultivaluedHashMap<>();
protected MultivaluedMap<String, ComponentModel> componentsByParentAndType = new ConcurrentMultivaluedHashMap<>();
protected Map<String, ComponentModel> components;
protected List<IdentityProviderModel> identityProviders;
protected Map<String, String> browserSecurityHeaders;
protected Map<String, String> smtpConfig;
@ -145,7 +143,6 @@ public class CachedRealm extends AbstractExtendableRevisioned {
protected AuthenticationFlowModel browserFlow;
protected AuthenticationFlowModel registrationFlow;
protected AuthenticationFlowModel orgRegistrationFlow;
protected AuthenticationFlowModel directGrantFlow;
protected AuthenticationFlowModel resetCredentialsFlow;
protected AuthenticationFlowModel clientAuthenticationFlow;
@ -195,7 +192,6 @@ public class CachedRealm extends AbstractExtendableRevisioned {
loginWithEmailAllowed = model.isLoginWithEmailAllowed();
duplicateEmailsAllowed = model.isDuplicateEmailsAllowed();
resetPasswordAllowed = model.isResetPasswordAllowed();
identityFederationEnabled = model.isIdentityFederationEnabled();
editUsernameAllowed = model.isEditUsernameAllowed();
organizationsEnabled = model.isOrganizationsEnabled();
//--- brute force settings
@ -249,10 +245,6 @@ public class CachedRealm extends AbstractExtendableRevisioned {
requiredCredentials = model.getRequiredCredentialsStream().collect(Collectors.toList());
userActionTokenLifespans = Collections.unmodifiableMap(new HashMap<>(model.getUserActionTokenLifespans()));
this.identityProviders = model.getIdentityProvidersStream().map(IdentityProviderModel::new)
.collect(Collectors.toList());
this.identityProviders = Collections.unmodifiableList(this.identityProviders);
this.identityProviderMapperSet = model.getIdentityProviderMappersStream().collect(Collectors.toSet());
for (IdentityProviderMapperModel mapper : identityProviderMapperSet) {
identityProviderMappers.add(mapper.getIdentityProviderAlias(), mapper);
@ -561,10 +553,6 @@ public class CachedRealm extends AbstractExtendableRevisioned {
return passwordPolicy;
}
public boolean isIdentityFederationEnabled() {
return identityFederationEnabled;
}
public Map<String, String> getSmtpConfig() {
return smtpConfig;
}
@ -617,10 +605,6 @@ public class CachedRealm extends AbstractExtendableRevisioned {
return adminEventsDetailsEnabled;
}
public List<IdentityProviderModel> getIdentityProviders() {
return identityProviders;
}
public boolean isInternationalizationEnabled() {
return internationalizationEnabled;
}

2
model/jpa/src/main/java/org/keycloak/models/jpa/JpaRealmProvider.java
View file

@ -194,6 +194,8 @@ public class JpaRealmProvider implements RealmProvider, ClientProvider, ClientSc
.setParameter("realmId", realm.getId()).executeUpdate();
session.groups().preRemove(adapter);
session.identityProviders().removeAll();
em.createNamedQuery("removeClientInitialAccessByRealm")
.setParameter("realm", realm).executeUpdate();

141
model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
View file

@ -21,9 +21,6 @@ import org.keycloak.Config;
import org.jboss.logging.Logger;
import org.keycloak.authentication.RequiredActionFactory;
import org.keycloak.authentication.RequiredActionProvider;
import org.keycloak.broker.provider.IdentityProvider;
import org.keycloak.broker.provider.IdentityProviderFactory;
import org.keycloak.broker.social.SocialIdentityProvider;
import org.keycloak.common.enums.SslRequired;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.common.util.Time;
@ -50,7 +47,6 @@ import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Arrays;
import java.util.Optional;
import java.util.function.Predicate;
import java.util.stream.Stream;
@ -1220,157 +1216,32 @@ public class RealmAdapter implements StorageProviderRealmModel, JpaModel<RealmEn
@Override
public Stream<IdentityProviderModel> getIdentityProvidersStream() {
return realm.getIdentityProviders().stream().map(this::entityToModel);
}
private IdentityProviderModel entityToModel(IdentityProviderEntity entity) {
IdentityProviderModel identityProviderModel = getModelFromProviderFactory(entity.getProviderId());
identityProviderModel.setProviderId(entity.getProviderId());
identityProviderModel.setAlias(entity.getAlias());
identityProviderModel.setDisplayName(entity.getDisplayName());
identityProviderModel.setInternalId(entity.getInternalId());
Map<String, String> config = entity.getConfig();
Map<String, String> copy = new HashMap<>();
copy.putAll(config);
identityProviderModel.setConfig(copy);
identityProviderModel.setEnabled(entity.isEnabled());
identityProviderModel.setLinkOnly(entity.isLinkOnly());
identityProviderModel.setTrustEmail(entity.isTrustEmail());
identityProviderModel.setAuthenticateByDefault(entity.isAuthenticateByDefault());
identityProviderModel.setFirstBrokerLoginFlowId(entity.getFirstBrokerLoginFlowId());
identityProviderModel.setPostBrokerLoginFlowId(entity.getPostBrokerLoginFlowId());
identityProviderModel.setStoreToken(entity.isStoreToken());
identityProviderModel.setAddReadTokenRoleOnCreate(entity.isAddReadTokenRoleOnCreate());
return identityProviderModel;
}
private IdentityProviderModel getModelFromProviderFactory(String providerId) {
Optional<IdentityProviderFactory> factory = Stream.concat(session.getKeycloakSessionFactory().getProviderFactoriesStream(IdentityProvider.class),
session.getKeycloakSessionFactory().getProviderFactoriesStream(SocialIdentityProvider.class))
.filter(providerFactory -> Objects.equals(providerFactory.getId(), providerId))
.map(IdentityProviderFactory.class::cast)
.findFirst();
if (factory.isPresent()) {
return factory.get().createConfig();
} else {
logger.warn("Couldn't find a suitable identity provider factory for " + providerId);
return new IdentityProviderModel();
}
return session.identityProviders().getAllStream();
}
@Override
public IdentityProviderModel getIdentityProviderByAlias(String alias) {
return getIdentityProvidersStream()
.filter(model -> Objects.equals(model.getAlias(), alias))
.findFirst()
.orElse(null);
return session.identityProviders().getByAlias(alias);
}
@Override
public void addIdentityProvider(IdentityProviderModel identityProvider) {
IdentityProviderEntity entity = new IdentityProviderEntity();
if (identityProvider.getInternalId() == null) {
entity.setInternalId(KeycloakModelUtils.generateId());
} else {
entity.setInternalId(identityProvider.getInternalId());
}
entity.setAlias(identityProvider.getAlias());
entity.setDisplayName(identityProvider.getDisplayName());
entity.setProviderId(identityProvider.getProviderId());
entity.setEnabled(identityProvider.isEnabled());
entity.setStoreToken(identityProvider.isStoreToken());
entity.setAddReadTokenRoleOnCreate(identityProvider.isAddReadTokenRoleOnCreate());
entity.setTrustEmail(identityProvider.isTrustEmail());
entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault());
entity.setFirstBrokerLoginFlowId(identityProvider.getFirstBrokerLoginFlowId());
entity.setPostBrokerLoginFlowId(identityProvider.getPostBrokerLoginFlowId());
entity.setConfig(identityProvider.getConfig());
entity.setLinkOnly(identityProvider.isLinkOnly());
realm.addIdentityProvider(entity);
identityProvider.setInternalId(entity.getInternalId());
em.persist(entity);
em.flush();
session.identityProviders().create(identityProvider);
}
@Override
public void removeIdentityProviderByAlias(String alias) {
for (IdentityProviderEntity entity : realm.getIdentityProviders()) {
if (entity.getAlias().equals(alias)) {
IdentityProviderModel model = entityToModel(entity);
em.remove(entity);
em.flush();
session.getKeycloakSessionFactory().publish(new RealmModel.IdentityProviderRemovedEvent() {
@Override
public RealmModel getRealm() {
return RealmAdapter.this;
}
@Override
public IdentityProviderModel getRemovedIdentityProvider() {
return model;
}
@Override
public KeycloakSession getKeycloakSession() {
return session;
}
});
}
}
session.identityProviders().remove(alias);
}
@Override
public void updateIdentityProvider(IdentityProviderModel identityProvider) {
for (IdentityProviderEntity entity : this.realm.getIdentityProviders()) {
if (entity.getInternalId().equals(identityProvider.getInternalId())) {
entity.setAlias(identityProvider.getAlias());
entity.setDisplayName(identityProvider.getDisplayName());
entity.setEnabled(identityProvider.isEnabled());
entity.setTrustEmail(identityProvider.isTrustEmail());
entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault());
entity.setFirstBrokerLoginFlowId(identityProvider.getFirstBrokerLoginFlowId());
entity.setPostBrokerLoginFlowId(identityProvider.getPostBrokerLoginFlowId());
entity.setAddReadTokenRoleOnCreate(identityProvider.isAddReadTokenRoleOnCreate());
entity.setStoreToken(identityProvider.isStoreToken());
entity.setConfig(identityProvider.getConfig());
entity.setLinkOnly(identityProvider.isLinkOnly());
}
}
em.flush();
session.getKeycloakSessionFactory().publish(new RealmModel.IdentityProviderUpdatedEvent() {
@Override
public RealmModel getRealm() {
return RealmAdapter.this;
}
@Override
public IdentityProviderModel getUpdatedIdentityProvider() {
return identityProvider;
}
@Override
public KeycloakSession getKeycloakSession() {
return session;
}
});
session.identityProviders().update(identityProvider);
}
@Override
public boolean isIdentityFederationEnabled() {
return !this.realm.getIdentityProviders().isEmpty();
return session.identityProviders().isIdentityFederationEnabled();
}
@Override

19
model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
View file

@ -186,9 +186,6 @@ public class RealmEntity {
@Column(name="DEFAULT_ROLE")
protected String defaultRoleId;
@OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true)
protected List<IdentityProviderEntity> identityProviders = new LinkedList<>();
@OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "realm")
Collection<IdentityProviderMapperEntity> identityProviderMappers = new LinkedList<>();
@ -615,22 +612,6 @@ public class RealmEntity {
this.attributes = attributes;
}
public List<IdentityProviderEntity> getIdentityProviders() {
if (identityProviders == null) {
identityProviders = new LinkedList<>();
}
return this.identityProviders;
}
public void setIdentityProviders(List<IdentityProviderEntity> identityProviders) {
this.identityProviders = identityProviders;
}
public void addIdentityProvider(IdentityProviderEntity entity) {
entity.setRealmId(this.id);
getIdentityProviders().add(entity);
}
public boolean isInternationalizationEnabled() {
return internationalizationEnabled;
}

40
server-spi/src/main/java/org/keycloak/models/RealmModel.java
View file

@ -441,13 +441,35 @@ public interface RealmModel extends RoleContainerModel {
/**
* Returns identity providers as a stream.
*
* @return Stream of {@link IdentityProviderModel}. Never returns {@code null}.
* @deprecated Use {@link IDPProvider#getAllStream()} instead.
*/
@Deprecated
Stream<IdentityProviderModel> getIdentityProvidersStream();
/**
* @deprecated Use {@link IDPProvider#getByAlias(String)} instead.
*/
@Deprecated
IdentityProviderModel getIdentityProviderByAlias(String alias);
/**
* @deprecated Use {@link IDPProvider#create(IdentityProviderModel)} instead.
*/
@Deprecated
void addIdentityProvider(IdentityProviderModel identityProvider);
/**
* @deprecated Use {@link IDPProvider#remove(String)} instead.
*/
@Deprecated
void removeIdentityProviderByAlias(String alias);
/**
* @deprecated Use {@link IDPProvider#update(IdentityProviderModel)} instead.
*/
@Deprecated
void updateIdentityProvider(IdentityProviderModel identityProvider);
/**
@ -495,7 +517,7 @@ public interface RealmModel extends RoleContainerModel {
/**
* Removes given component. Will call preRemove() method of ComponentFactory.
* Also calls {@code this.removeComponents(component.getId())}.
*
*
* @param component to be removed
*/
void removeComponent(ComponentModel component);
@ -616,6 +638,10 @@ public interface RealmModel extends RoleContainerModel {
*/
void setDefaultRole(RoleModel role);
/**
* @deprecated use {@link IDPProvider#isIdentityFederationEnabled()} instead.
*/
@Deprecated
boolean isIdentityFederationEnabled();
boolean isInternationalizationEnabled();
@ -693,7 +719,7 @@ public interface RealmModel extends RoleContainerModel {
ClientScopeModel addClientScope(String name);
/**
* Creates new client scope with the given internal ID and name.
* Creates new client scope with the given internal ID and name.
* If given name contains spaces, those are replaced by underscores.
* @param id {@code String} id of the client scope.
* @param name {@code String} name of the client scope.
@ -716,10 +742,10 @@ public interface RealmModel extends RoleContainerModel {
ClientScopeModel getClientScopeById(String id);
/**
* Adds given client scope among default/optional client scopes of this realm.
* Adds given client scope among default/optional client scopes of this realm.
* The scope will be assigned to each new client.
* @param clientScope to be added
* @param defaultScope if {@code true} the scope will be added among default client scopes,
* @param defaultScope if {@code true} the scope will be added among default client scopes,
* if {@code false} it will be added among optional client scopes
*/
void addDefaultClientScope(ClientScopeModel clientScope, boolean defaultScope);
@ -742,16 +768,16 @@ public interface RealmModel extends RoleContainerModel {
/**
* Returns default client scopes of this realm either default ones or optional ones.
* @param defaultScope if {@code true} default client scopes are returned,
* @param defaultScope if {@code true} default client scopes are returned,
* if {@code false} optional client scopes are returned.
* @return Stream of {@link ClientScopeModel}. Never returns {@code null}.
*/
Stream<ClientScopeModel> getDefaultClientScopesStream(boolean defaultScope);
/**
* Adds a role as a composite to default role of this realm.
* Adds a role as a composite to default role of this realm.
* @param role to be added
*/
*/
default void addToDefaultRoles(RoleModel role) {
getDefaultRole().addCompositeRole(role);
}

46
services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java
View file

@ -43,7 +43,6 @@ import org.keycloak.services.ErrorResponse;
import org.keycloak.services.resources.KeycloakOpenAPI;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.utils.ReservedCharValidator;
import org.keycloak.utils.StringUtil;
import jakarta.ws.rs.BadRequestException;
import jakarta.ws.rs.Consumes;
@ -57,11 +56,9 @@ import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.MultivaluedMap;
import jakarta.ws.rs.core.Response;
import java.io.IOException;
import java.util.Comparator;
import java.util.Map;
import java.util.Objects;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.stream.Stream;
import static jakarta.ws.rs.core.Response.Status.BAD_REQUEST;
@ -186,36 +183,14 @@ public class IdentityProvidersResource {
this.auth.realm().requireViewIdentityProviders();
if (maxResults == null) {
maxResults = 100; // always set a maximum of 100
maxResults = 100; // always set a maximum of 100 by default
}
Function<IdentityProviderModel, IdentityProviderRepresentation> toRepresentation = briefRepresentation != null && briefRepresentation
? m -> ModelToRepresentation.toBriefRepresentation(realm, m)
: m -> StripSecretsUtils.stripSecrets(session, ModelToRepresentation.toRepresentation(realm, m));
Stream<IdentityProviderModel> stream = realm.getIdentityProvidersStream().sorted(new IdPComparator());
if (!StringUtil.isBlank(search)) {
stream = stream.filter(predicateByName(search));
}
if (firstResult != null) {
stream = stream.skip(firstResult);
}
return stream.limit(maxResults).map(toRepresentation);
}
private Predicate<IdentityProviderModel> predicateByName(final String search) {
if (search.startsWith("\"") && search.endsWith("\"")) {
final String name = search.substring(1, search.length() - 1);
return (m) -> m.getAlias().equals(name);
} else if (search.startsWith("*") && search.endsWith("*")) {
final String name = search.substring(1, search.length() - 1);
return (m) -> m.getAlias().contains(name);
} else if (search.endsWith("*")) {
final String name = search.substring(0, search.length() - 1);
return (m) -> m.getAlias().startsWith(name);
} else {
return (m) -> m.getAlias().startsWith(search);
}
return session.identityProviders().getAllStream(search, firstResult, maxResults).map(toRepresentation);
}
/**
@ -233,7 +208,7 @@ public class IdentityProvidersResource {
this.auth.realm().requireManageIdentityProviders();
ReservedCharValidator.validateNoSpace(representation.getAlias());
try {
IdentityProviderModel identityProvider = RepresentationToModel.toModel(realm, representation, session);
this.realm.addIdentityProvider(identityProvider);
@ -241,15 +216,15 @@ public class IdentityProvidersResource {
representation.setInternalId(identityProvider.getInternalId());
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), identityProvider.getAlias())
.representation(StripSecretsUtils.stripSecrets(session, representation)).success();
return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(representation.getAlias()).build()).build();
} catch (IllegalArgumentException e) {
String message = e.getMessage();
if (message == null) {
message = "Invalid request";
}
throw ErrorResponse.error(message, BAD_REQUEST);
} catch (ModelDuplicateException e) {
throw ErrorResponse.exists("Identity Provider " + representation.getAlias() + " already exists");
@ -278,13 +253,4 @@ public class IdentityProvidersResource {
return Stream.concat(session.getKeycloakSessionFactory().getProviderFactoriesStream(IdentityProvider.class),
session.getKeycloakSessionFactory().getProviderFactoriesStream(SocialIdentityProvider.class));
}
// TODO: for the moment just sort the identity provider list. But the
// idea is modifying the Model API to get the result already ordered.
private static class IdPComparator implements Comparator<IdentityProviderModel> {
@Override
public int compare(IdentityProviderModel idp1, IdentityProviderModel idp2) {
return idp1.getAlias().compareTo(idp2.getAlias());
}
}
}