Deprecate IDP related methods in RealmModel
- delegate to the new provider Closes #31253 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
This commit is contained in:
parent
c16e88bcee
commit
f45529de8c
7 changed files with 55 additions and 233 deletions
|
@ -906,20 +906,16 @@ public class RealmAdapter implements CachedRealmModel {
|
|||
|
||||
@Override
|
||||
public Stream<IdentityProviderModel> getIdentityProvidersStream() {
|
||||
if (isUpdated()) return updated.getIdentityProvidersStream().map(this::createOrganizationAwareIdentityProviderModel);
|
||||
return cached.getIdentityProviders().stream().map(this::createOrganizationAwareIdentityProviderModel);
|
||||
return session.identityProviders().getAllStream().map(this::createOrganizationAwareIdentityProviderModel);
|
||||
}
|
||||
|
||||
@Override
|
||||
public IdentityProviderModel getIdentityProviderByAlias(String alias) {
|
||||
if (isUpdated()) return createOrganizationAwareIdentityProviderModel(updated.getIdentityProviderByAlias(alias));
|
||||
return getIdentityProvidersStream()
|
||||
.filter(model -> Objects.equals(model.getAlias(), alias))
|
||||
.findFirst()
|
||||
.map(this::createOrganizationAwareIdentityProviderModel)
|
||||
.orElse(null);
|
||||
IdentityProviderModel idp = session.identityProviders().getByAlias(alias);
|
||||
return idp != null ? createOrganizationAwareIdentityProviderModel(idp) : null;
|
||||
}
|
||||
|
||||
// TODO move this to the infinispan IDPProvider implementation.
|
||||
private IdentityProviderModel createOrganizationAwareIdentityProviderModel(IdentityProviderModel idp) {
|
||||
if (!Profile.isFeatureEnabled(Profile.Feature.ORGANIZATION)) return idp;
|
||||
return new IdentityProviderModel(idp) {
|
||||
|
@ -938,20 +934,17 @@ public class RealmAdapter implements CachedRealmModel {
|
|||
|
||||
@Override
|
||||
public void addIdentityProvider(IdentityProviderModel identityProvider) {
|
||||
getDelegateForUpdate();
|
||||
updated.addIdentityProvider(identityProvider);
|
||||
session.identityProviders().create(identityProvider);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void updateIdentityProvider(IdentityProviderModel identityProvider) {
|
||||
getDelegateForUpdate();
|
||||
updated.updateIdentityProvider(identityProvider);
|
||||
session.identityProviders().update(identityProvider);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removeIdentityProviderByAlias(String alias) {
|
||||
getDelegateForUpdate();
|
||||
updated.removeIdentityProviderByAlias(alias);
|
||||
session.identityProviders().remove(alias);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -1147,8 +1140,7 @@ public class RealmAdapter implements CachedRealmModel {
|
|||
|
||||
@Override
|
||||
public boolean isIdentityFederationEnabled() {
|
||||
if (isUpdated()) return updated.isIdentityFederationEnabled();
|
||||
return cached.isIdentityFederationEnabled();
|
||||
return session.identityProviders().isIdentityFederationEnabled();
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -40,7 +40,6 @@ import org.keycloak.models.ClientModel;
|
|||
import org.keycloak.models.ClientScopeModel;
|
||||
import org.keycloak.models.GroupModel;
|
||||
import org.keycloak.models.IdentityProviderMapperModel;
|
||||
import org.keycloak.models.IdentityProviderModel;
|
||||
import org.keycloak.models.OAuth2DeviceConfig;
|
||||
import org.keycloak.models.OTPPolicy;
|
||||
import org.keycloak.models.ParConfig;
|
||||
|
@ -127,7 +126,6 @@ public class CachedRealm extends AbstractExtendableRevisioned {
|
|||
protected MultivaluedMap<String, ComponentModel> componentsByParent = new MultivaluedHashMap<>();
|
||||
protected MultivaluedMap<String, ComponentModel> componentsByParentAndType = new ConcurrentMultivaluedHashMap<>();
|
||||
protected Map<String, ComponentModel> components;
|
||||
protected List<IdentityProviderModel> identityProviders;
|
||||
|
||||
protected Map<String, String> browserSecurityHeaders;
|
||||
protected Map<String, String> smtpConfig;
|
||||
|
@ -145,7 +143,6 @@ public class CachedRealm extends AbstractExtendableRevisioned {
|
|||
|
||||
protected AuthenticationFlowModel browserFlow;
|
||||
protected AuthenticationFlowModel registrationFlow;
|
||||
protected AuthenticationFlowModel orgRegistrationFlow;
|
||||
protected AuthenticationFlowModel directGrantFlow;
|
||||
protected AuthenticationFlowModel resetCredentialsFlow;
|
||||
protected AuthenticationFlowModel clientAuthenticationFlow;
|
||||
|
@ -195,7 +192,6 @@ public class CachedRealm extends AbstractExtendableRevisioned {
|
|||
loginWithEmailAllowed = model.isLoginWithEmailAllowed();
|
||||
duplicateEmailsAllowed = model.isDuplicateEmailsAllowed();
|
||||
resetPasswordAllowed = model.isResetPasswordAllowed();
|
||||
identityFederationEnabled = model.isIdentityFederationEnabled();
|
||||
editUsernameAllowed = model.isEditUsernameAllowed();
|
||||
organizationsEnabled = model.isOrganizationsEnabled();
|
||||
//--- brute force settings
|
||||
|
@ -249,10 +245,6 @@ public class CachedRealm extends AbstractExtendableRevisioned {
|
|||
requiredCredentials = model.getRequiredCredentialsStream().collect(Collectors.toList());
|
||||
userActionTokenLifespans = Collections.unmodifiableMap(new HashMap<>(model.getUserActionTokenLifespans()));
|
||||
|
||||
this.identityProviders = model.getIdentityProvidersStream().map(IdentityProviderModel::new)
|
||||
.collect(Collectors.toList());
|
||||
this.identityProviders = Collections.unmodifiableList(this.identityProviders);
|
||||
|
||||
this.identityProviderMapperSet = model.getIdentityProviderMappersStream().collect(Collectors.toSet());
|
||||
for (IdentityProviderMapperModel mapper : identityProviderMapperSet) {
|
||||
identityProviderMappers.add(mapper.getIdentityProviderAlias(), mapper);
|
||||
|
@ -561,10 +553,6 @@ public class CachedRealm extends AbstractExtendableRevisioned {
|
|||
return passwordPolicy;
|
||||
}
|
||||
|
||||
public boolean isIdentityFederationEnabled() {
|
||||
return identityFederationEnabled;
|
||||
}
|
||||
|
||||
public Map<String, String> getSmtpConfig() {
|
||||
return smtpConfig;
|
||||
}
|
||||
|
@ -617,10 +605,6 @@ public class CachedRealm extends AbstractExtendableRevisioned {
|
|||
return adminEventsDetailsEnabled;
|
||||
}
|
||||
|
||||
public List<IdentityProviderModel> getIdentityProviders() {
|
||||
return identityProviders;
|
||||
}
|
||||
|
||||
public boolean isInternationalizationEnabled() {
|
||||
return internationalizationEnabled;
|
||||
}
|
||||
|
|
|
@ -194,6 +194,8 @@ public class JpaRealmProvider implements RealmProvider, ClientProvider, ClientSc
|
|||
.setParameter("realmId", realm.getId()).executeUpdate();
|
||||
session.groups().preRemove(adapter);
|
||||
|
||||
session.identityProviders().removeAll();
|
||||
|
||||
em.createNamedQuery("removeClientInitialAccessByRealm")
|
||||
.setParameter("realm", realm).executeUpdate();
|
||||
|
||||
|
|
|
@ -21,9 +21,6 @@ import org.keycloak.Config;
|
|||
import org.jboss.logging.Logger;
|
||||
import org.keycloak.authentication.RequiredActionFactory;
|
||||
import org.keycloak.authentication.RequiredActionProvider;
|
||||
import org.keycloak.broker.provider.IdentityProvider;
|
||||
import org.keycloak.broker.provider.IdentityProviderFactory;
|
||||
import org.keycloak.broker.social.SocialIdentityProvider;
|
||||
import org.keycloak.common.enums.SslRequired;
|
||||
import org.keycloak.common.util.MultivaluedHashMap;
|
||||
import org.keycloak.common.util.Time;
|
||||
|
@ -50,7 +47,6 @@ import java.util.ArrayList;
|
|||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Arrays;
|
||||
import java.util.Optional;
|
||||
import java.util.function.Predicate;
|
||||
import java.util.stream.Stream;
|
||||
|
||||
|
@ -1220,157 +1216,32 @@ public class RealmAdapter implements StorageProviderRealmModel, JpaModel<RealmEn
|
|||
|
||||
@Override
|
||||
public Stream<IdentityProviderModel> getIdentityProvidersStream() {
|
||||
return realm.getIdentityProviders().stream().map(this::entityToModel);
|
||||
}
|
||||
|
||||
private IdentityProviderModel entityToModel(IdentityProviderEntity entity) {
|
||||
IdentityProviderModel identityProviderModel = getModelFromProviderFactory(entity.getProviderId());
|
||||
identityProviderModel.setProviderId(entity.getProviderId());
|
||||
identityProviderModel.setAlias(entity.getAlias());
|
||||
identityProviderModel.setDisplayName(entity.getDisplayName());
|
||||
|
||||
identityProviderModel.setInternalId(entity.getInternalId());
|
||||
Map<String, String> config = entity.getConfig();
|
||||
Map<String, String> copy = new HashMap<>();
|
||||
copy.putAll(config);
|
||||
identityProviderModel.setConfig(copy);
|
||||
identityProviderModel.setEnabled(entity.isEnabled());
|
||||
identityProviderModel.setLinkOnly(entity.isLinkOnly());
|
||||
identityProviderModel.setTrustEmail(entity.isTrustEmail());
|
||||
identityProviderModel.setAuthenticateByDefault(entity.isAuthenticateByDefault());
|
||||
identityProviderModel.setFirstBrokerLoginFlowId(entity.getFirstBrokerLoginFlowId());
|
||||
identityProviderModel.setPostBrokerLoginFlowId(entity.getPostBrokerLoginFlowId());
|
||||
identityProviderModel.setStoreToken(entity.isStoreToken());
|
||||
identityProviderModel.setAddReadTokenRoleOnCreate(entity.isAddReadTokenRoleOnCreate());
|
||||
return identityProviderModel;
|
||||
}
|
||||
|
||||
private IdentityProviderModel getModelFromProviderFactory(String providerId) {
|
||||
Optional<IdentityProviderFactory> factory = Stream.concat(session.getKeycloakSessionFactory().getProviderFactoriesStream(IdentityProvider.class),
|
||||
session.getKeycloakSessionFactory().getProviderFactoriesStream(SocialIdentityProvider.class))
|
||||
.filter(providerFactory -> Objects.equals(providerFactory.getId(), providerId))
|
||||
.map(IdentityProviderFactory.class::cast)
|
||||
.findFirst();
|
||||
|
||||
if (factory.isPresent()) {
|
||||
return factory.get().createConfig();
|
||||
} else {
|
||||
logger.warn("Couldn't find a suitable identity provider factory for " + providerId);
|
||||
return new IdentityProviderModel();
|
||||
}
|
||||
return session.identityProviders().getAllStream();
|
||||
}
|
||||
|
||||
@Override
|
||||
public IdentityProviderModel getIdentityProviderByAlias(String alias) {
|
||||
return getIdentityProvidersStream()
|
||||
.filter(model -> Objects.equals(model.getAlias(), alias))
|
||||
.findFirst()
|
||||
.orElse(null);
|
||||
return session.identityProviders().getByAlias(alias);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addIdentityProvider(IdentityProviderModel identityProvider) {
|
||||
IdentityProviderEntity entity = new IdentityProviderEntity();
|
||||
|
||||
if (identityProvider.getInternalId() == null) {
|
||||
entity.setInternalId(KeycloakModelUtils.generateId());
|
||||
} else {
|
||||
entity.setInternalId(identityProvider.getInternalId());
|
||||
}
|
||||
entity.setAlias(identityProvider.getAlias());
|
||||
entity.setDisplayName(identityProvider.getDisplayName());
|
||||
entity.setProviderId(identityProvider.getProviderId());
|
||||
entity.setEnabled(identityProvider.isEnabled());
|
||||
entity.setStoreToken(identityProvider.isStoreToken());
|
||||
entity.setAddReadTokenRoleOnCreate(identityProvider.isAddReadTokenRoleOnCreate());
|
||||
entity.setTrustEmail(identityProvider.isTrustEmail());
|
||||
entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault());
|
||||
entity.setFirstBrokerLoginFlowId(identityProvider.getFirstBrokerLoginFlowId());
|
||||
entity.setPostBrokerLoginFlowId(identityProvider.getPostBrokerLoginFlowId());
|
||||
entity.setConfig(identityProvider.getConfig());
|
||||
entity.setLinkOnly(identityProvider.isLinkOnly());
|
||||
|
||||
realm.addIdentityProvider(entity);
|
||||
|
||||
identityProvider.setInternalId(entity.getInternalId());
|
||||
|
||||
em.persist(entity);
|
||||
em.flush();
|
||||
session.identityProviders().create(identityProvider);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removeIdentityProviderByAlias(String alias) {
|
||||
for (IdentityProviderEntity entity : realm.getIdentityProviders()) {
|
||||
if (entity.getAlias().equals(alias)) {
|
||||
|
||||
IdentityProviderModel model = entityToModel(entity);
|
||||
em.remove(entity);
|
||||
em.flush();
|
||||
|
||||
session.getKeycloakSessionFactory().publish(new RealmModel.IdentityProviderRemovedEvent() {
|
||||
|
||||
@Override
|
||||
public RealmModel getRealm() {
|
||||
return RealmAdapter.this;
|
||||
}
|
||||
|
||||
@Override
|
||||
public IdentityProviderModel getRemovedIdentityProvider() {
|
||||
return model;
|
||||
}
|
||||
|
||||
@Override
|
||||
public KeycloakSession getKeycloakSession() {
|
||||
return session;
|
||||
}
|
||||
});
|
||||
|
||||
}
|
||||
}
|
||||
session.identityProviders().remove(alias);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void updateIdentityProvider(IdentityProviderModel identityProvider) {
|
||||
for (IdentityProviderEntity entity : this.realm.getIdentityProviders()) {
|
||||
if (entity.getInternalId().equals(identityProvider.getInternalId())) {
|
||||
entity.setAlias(identityProvider.getAlias());
|
||||
entity.setDisplayName(identityProvider.getDisplayName());
|
||||
entity.setEnabled(identityProvider.isEnabled());
|
||||
entity.setTrustEmail(identityProvider.isTrustEmail());
|
||||
entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault());
|
||||
entity.setFirstBrokerLoginFlowId(identityProvider.getFirstBrokerLoginFlowId());
|
||||
entity.setPostBrokerLoginFlowId(identityProvider.getPostBrokerLoginFlowId());
|
||||
entity.setAddReadTokenRoleOnCreate(identityProvider.isAddReadTokenRoleOnCreate());
|
||||
entity.setStoreToken(identityProvider.isStoreToken());
|
||||
entity.setConfig(identityProvider.getConfig());
|
||||
entity.setLinkOnly(identityProvider.isLinkOnly());
|
||||
}
|
||||
}
|
||||
|
||||
em.flush();
|
||||
|
||||
session.getKeycloakSessionFactory().publish(new RealmModel.IdentityProviderUpdatedEvent() {
|
||||
|
||||
@Override
|
||||
public RealmModel getRealm() {
|
||||
return RealmAdapter.this;
|
||||
}
|
||||
|
||||
@Override
|
||||
public IdentityProviderModel getUpdatedIdentityProvider() {
|
||||
return identityProvider;
|
||||
}
|
||||
|
||||
@Override
|
||||
public KeycloakSession getKeycloakSession() {
|
||||
return session;
|
||||
}
|
||||
});
|
||||
session.identityProviders().update(identityProvider);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isIdentityFederationEnabled() {
|
||||
return !this.realm.getIdentityProviders().isEmpty();
|
||||
return session.identityProviders().isIdentityFederationEnabled();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -186,9 +186,6 @@ public class RealmEntity {
|
|||
@Column(name="DEFAULT_ROLE")
|
||||
protected String defaultRoleId;
|
||||
|
||||
@OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true)
|
||||
protected List<IdentityProviderEntity> identityProviders = new LinkedList<>();
|
||||
|
||||
@OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "realm")
|
||||
Collection<IdentityProviderMapperEntity> identityProviderMappers = new LinkedList<>();
|
||||
|
||||
|
@ -615,22 +612,6 @@ public class RealmEntity {
|
|||
this.attributes = attributes;
|
||||
}
|
||||
|
||||
public List<IdentityProviderEntity> getIdentityProviders() {
|
||||
if (identityProviders == null) {
|
||||
identityProviders = new LinkedList<>();
|
||||
}
|
||||
return this.identityProviders;
|
||||
}
|
||||
|
||||
public void setIdentityProviders(List<IdentityProviderEntity> identityProviders) {
|
||||
this.identityProviders = identityProviders;
|
||||
}
|
||||
|
||||
public void addIdentityProvider(IdentityProviderEntity entity) {
|
||||
entity.setRealmId(this.id);
|
||||
getIdentityProviders().add(entity);
|
||||
}
|
||||
|
||||
public boolean isInternationalizationEnabled() {
|
||||
return internationalizationEnabled;
|
||||
}
|
||||
|
|
|
@ -441,13 +441,35 @@ public interface RealmModel extends RoleContainerModel {
|
|||
|
||||
/**
|
||||
* Returns identity providers as a stream.
|
||||
*
|
||||
* @return Stream of {@link IdentityProviderModel}. Never returns {@code null}.
|
||||
* @deprecated Use {@link IDPProvider#getAllStream()} instead.
|
||||
*/
|
||||
@Deprecated
|
||||
Stream<IdentityProviderModel> getIdentityProvidersStream();
|
||||
|
||||
/**
|
||||
* @deprecated Use {@link IDPProvider#getByAlias(String)} instead.
|
||||
*/
|
||||
@Deprecated
|
||||
IdentityProviderModel getIdentityProviderByAlias(String alias);
|
||||
|
||||
/**
|
||||
* @deprecated Use {@link IDPProvider#create(IdentityProviderModel)} instead.
|
||||
*/
|
||||
@Deprecated
|
||||
void addIdentityProvider(IdentityProviderModel identityProvider);
|
||||
|
||||
/**
|
||||
* @deprecated Use {@link IDPProvider#remove(String)} instead.
|
||||
*/
|
||||
@Deprecated
|
||||
void removeIdentityProviderByAlias(String alias);
|
||||
|
||||
/**
|
||||
* @deprecated Use {@link IDPProvider#update(IdentityProviderModel)} instead.
|
||||
*/
|
||||
@Deprecated
|
||||
void updateIdentityProvider(IdentityProviderModel identityProvider);
|
||||
|
||||
/**
|
||||
|
@ -616,6 +638,10 @@ public interface RealmModel extends RoleContainerModel {
|
|||
*/
|
||||
void setDefaultRole(RoleModel role);
|
||||
|
||||
/**
|
||||
* @deprecated use {@link IDPProvider#isIdentityFederationEnabled()} instead.
|
||||
*/
|
||||
@Deprecated
|
||||
boolean isIdentityFederationEnabled();
|
||||
|
||||
boolean isInternationalizationEnabled();
|
||||
|
|
|
@ -43,7 +43,6 @@ import org.keycloak.services.ErrorResponse;
|
|||
import org.keycloak.services.resources.KeycloakOpenAPI;
|
||||
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
|
||||
import org.keycloak.utils.ReservedCharValidator;
|
||||
import org.keycloak.utils.StringUtil;
|
||||
|
||||
import jakarta.ws.rs.BadRequestException;
|
||||
import jakarta.ws.rs.Consumes;
|
||||
|
@ -57,11 +56,9 @@ import jakarta.ws.rs.core.MediaType;
|
|||
import jakarta.ws.rs.core.MultivaluedMap;
|
||||
import jakarta.ws.rs.core.Response;
|
||||
import java.io.IOException;
|
||||
import java.util.Comparator;
|
||||
import java.util.Map;
|
||||
import java.util.Objects;
|
||||
import java.util.function.Function;
|
||||
import java.util.function.Predicate;
|
||||
import java.util.stream.Stream;
|
||||
|
||||
import static jakarta.ws.rs.core.Response.Status.BAD_REQUEST;
|
||||
|
@ -186,36 +183,14 @@ public class IdentityProvidersResource {
|
|||
this.auth.realm().requireViewIdentityProviders();
|
||||
|
||||
if (maxResults == null) {
|
||||
maxResults = 100; // always set a maximum of 100
|
||||
maxResults = 100; // always set a maximum of 100 by default
|
||||
}
|
||||
|
||||
Function<IdentityProviderModel, IdentityProviderRepresentation> toRepresentation = briefRepresentation != null && briefRepresentation
|
||||
? m -> ModelToRepresentation.toBriefRepresentation(realm, m)
|
||||
: m -> StripSecretsUtils.stripSecrets(session, ModelToRepresentation.toRepresentation(realm, m));
|
||||
|
||||
Stream<IdentityProviderModel> stream = realm.getIdentityProvidersStream().sorted(new IdPComparator());
|
||||
if (!StringUtil.isBlank(search)) {
|
||||
stream = stream.filter(predicateByName(search));
|
||||
}
|
||||
if (firstResult != null) {
|
||||
stream = stream.skip(firstResult);
|
||||
}
|
||||
return stream.limit(maxResults).map(toRepresentation);
|
||||
}
|
||||
|
||||
private Predicate<IdentityProviderModel> predicateByName(final String search) {
|
||||
if (search.startsWith("\"") && search.endsWith("\"")) {
|
||||
final String name = search.substring(1, search.length() - 1);
|
||||
return (m) -> m.getAlias().equals(name);
|
||||
} else if (search.startsWith("*") && search.endsWith("*")) {
|
||||
final String name = search.substring(1, search.length() - 1);
|
||||
return (m) -> m.getAlias().contains(name);
|
||||
} else if (search.endsWith("*")) {
|
||||
final String name = search.substring(0, search.length() - 1);
|
||||
return (m) -> m.getAlias().startsWith(name);
|
||||
} else {
|
||||
return (m) -> m.getAlias().startsWith(search);
|
||||
}
|
||||
return session.identityProviders().getAllStream(search, firstResult, maxResults).map(toRepresentation);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -278,13 +253,4 @@ public class IdentityProvidersResource {
|
|||
return Stream.concat(session.getKeycloakSessionFactory().getProviderFactoriesStream(IdentityProvider.class),
|
||||
session.getKeycloakSessionFactory().getProviderFactoriesStream(SocialIdentityProvider.class));
|
||||
}
|
||||
|
||||
// TODO: for the moment just sort the identity provider list. But the
|
||||
// idea is modifying the Model API to get the result already ordered.
|
||||
private static class IdPComparator implements Comparator<IdentityProviderModel> {
|
||||
@Override
|
||||
public int compare(IdentityProviderModel idp1, IdentityProviderModel idp2) {
|
||||
return idp1.getAlias().compareTo(idp2.getAlias());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue