KEYCLOAK-2005 Fixed migration to take less time. Added UserProvider.grantToAllUsers

This commit is contained in:
mposolda 2015-10-26 11:05:38 +01:00
parent 44f56e1d74
commit f8f4de9389
9 changed files with 76 additions and 6 deletions

View file

@ -63,10 +63,8 @@ public class MigrateTo1_6_0 {
KeycloakModelUtils.setupOfflineTokens(realm); KeycloakModelUtils.setupOfflineTokens(realm);
RoleModel role = realm.getRole(Constants.OFFLINE_ACCESS_ROLE); RoleModel role = realm.getRole(Constants.OFFLINE_ACCESS_ROLE);
// Check if possible to avoid iterating over users // Bulk grant of offline_access role to all users
for (UserModel user : session.userStorage().getUsers(realm, true)) { session.users().grantToAllUsers(realm, role);
user.grantRole(role);
}
} }
ClientModel adminConsoleClient = realm.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID); ClientModel adminConsoleClient = realm.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID);

View file

@ -333,6 +333,12 @@ public class UserFederationManager implements UserProvider {
return session.userStorage().getFederatedIdentity(user, socialProvider, realm); return session.userStorage().getFederatedIdentity(user, socialProvider, realm);
} }
@Override
public void grantToAllUsers(RealmModel realm, RoleModel role) {
// not federation-aware for now
session.userStorage().grantToAllUsers(realm, role);
}
@Override @Override
public void preRemove(RealmModel realm) { public void preRemove(RealmModel realm) {
for (UserFederationProviderModel federation : realm.getUserFederationProviders()) { for (UserFederationProviderModel federation : realm.getUserFederationProviders()) {

View file

@ -43,6 +43,8 @@ public interface UserProvider extends Provider {
Set<FederatedIdentityModel> getFederatedIdentities(UserModel user, RealmModel realm); Set<FederatedIdentityModel> getFederatedIdentities(UserModel user, RealmModel realm);
FederatedIdentityModel getFederatedIdentity(UserModel user, String socialProvider, RealmModel realm); FederatedIdentityModel getFederatedIdentity(UserModel user, String socialProvider, RealmModel realm);
void grantToAllUsers(RealmModel realm, RoleModel role);
void preRemove(RealmModel realm); void preRemove(RealmModel realm);
void preRemove(RealmModel realm, UserFederationProviderModel link); void preRemove(RealmModel realm, UserFederationProviderModel link);

View file

@ -422,6 +422,13 @@ public class FileUserProvider implements UserProvider {
return this.addUser(realm, KeycloakModelUtils.generateId(), username.toLowerCase(), true, true); return this.addUser(realm, KeycloakModelUtils.generateId(), username.toLowerCase(), true, true);
} }
@Override
public void grantToAllUsers(RealmModel realm, RoleModel role) {
for (UserModel user : inMemoryModel.getUsers(realm.getId())) {
user.grantRole(role);
}
}
@Override @Override
public void preRemove(RealmModel realm) { public void preRemove(RealmModel realm) {
// Nothing to do here? Federation links are attached to users, which are removed by InMemoryModel // Nothing to do here? Federation links are attached to users, which are removed by InMemoryModel

View file

@ -303,6 +303,12 @@ public class DefaultCacheUserProvider implements CacheUserProvider {
return getDelegate().validCredentials(realm, input); return getDelegate().validCredentials(realm, input);
} }
@Override
public void grantToAllUsers(RealmModel realm, RoleModel role) {
realmInvalidations.add(realm.getId()); // easier to just invalidate whole realm
getDelegate().grantToAllUsers(realm, role);
}
@Override @Override
public void preRemove(RealmModel realm) { public void preRemove(RealmModel realm) {
realmInvalidations.add(realm.getId()); realmInvalidations.add(realm.getId());

View file

@ -147,7 +147,13 @@ public class JpaUserProvider implements UserProvider {
} }
} }
@Override
public void grantToAllUsers(RealmModel realm, RoleModel role) {
int num = em.createNamedQuery("grantRoleToAllUsers")
.setParameter("realmId", realm.getId())
.setParameter("roleId", role.getId())
.executeUpdate();
}
@Override @Override
public void preRemove(RealmModel realm) { public void preRemove(RealmModel realm) {

View file

@ -23,7 +23,8 @@ import java.io.Serializable;
@NamedQuery(name="deleteUserRoleMappingsByRealm", query="delete from UserRoleMappingEntity mapping where mapping.user IN (select u from UserEntity u where u.realmId=:realmId)"), @NamedQuery(name="deleteUserRoleMappingsByRealm", query="delete from UserRoleMappingEntity mapping where mapping.user IN (select u from UserEntity u where u.realmId=:realmId)"),
@NamedQuery(name="deleteUserRoleMappingsByRealmAndLink", query="delete from UserRoleMappingEntity mapping where mapping.user IN (select u from UserEntity u where u.realmId=:realmId and u.federationLink=:link)"), @NamedQuery(name="deleteUserRoleMappingsByRealmAndLink", query="delete from UserRoleMappingEntity mapping where mapping.user IN (select u from UserEntity u where u.realmId=:realmId and u.federationLink=:link)"),
@NamedQuery(name="deleteUserRoleMappingsByRole", query="delete from UserRoleMappingEntity m where m.roleId = :roleId"), @NamedQuery(name="deleteUserRoleMappingsByRole", query="delete from UserRoleMappingEntity m where m.roleId = :roleId"),
@NamedQuery(name="deleteUserRoleMappingsByUser", query="delete from UserRoleMappingEntity m where m.user = :user") @NamedQuery(name="deleteUserRoleMappingsByUser", query="delete from UserRoleMappingEntity m where m.user = :user"),
@NamedQuery(name="grantRoleToAllUsers", query="insert into UserRoleMappingEntity (roleId, user) select role.id, user from RoleEntity role, UserEntity user where role.id = :roleId AND role.realm.id = :realmId AND user.realmId = :realmId")
}) })
@Table(name="USER_ROLE_MAPPING") @Table(name="USER_ROLE_MAPPING")

View file

@ -368,6 +368,19 @@ public class MongoUserProvider implements UserProvider {
return this.addUser(realm, null, username, true, true); return this.addUser(realm, null, username, true, true);
} }
@Override
public void grantToAllUsers(RealmModel realm, RoleModel role) {
DBObject query = new QueryBuilder()
.and("realmId").is(realm.getId())
.get();
DBObject update = new QueryBuilder()
.and("$push").is(new BasicDBObject("roleIds", role.getId()))
.get();
int count = getMongoStore().updateEntities(MongoUserEntity.class, query, update, invocationContext);
}
@Override @Override
public void preRemove(RealmModel realm) { public void preRemove(RealmModel realm) {
DBObject query = new QueryBuilder() DBObject query = new QueryBuilder()

View file

@ -5,6 +5,7 @@ import org.junit.Test;
import org.keycloak.models.ClientModel; import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.models.UserModel.RequiredAction; import org.keycloak.models.UserModel.RequiredAction;
import org.keycloak.services.managers.ClientManager; import org.keycloak.services.managers.ClientManager;
@ -283,6 +284,36 @@ public class UserModelTest extends AbstractModelTest {
Assert.assertNull(session.users().getUserByUsername("user1", realm)); Assert.assertNull(session.users().getUserByUsername("user1", realm));
} }
@Test
public void testGrantToAll() {
RealmModel realm1 = realmManager.createRealm("realm1");
RoleModel role1 = realm1.addRole("role1");
UserModel user1 = realmManager.getSession().users().addUser(realm1, "user1");
UserModel user2 = realmManager.getSession().users().addUser(realm1, "user2");
RealmModel realm2 = realmManager.createRealm("realm2");
UserModel realm2User1 = realmManager.getSession().users().addUser(realm2, "user1");
commit();
realm1 = realmManager.getRealmByName("realm1");
role1 = realm1.getRole("role1");
realmManager.getSession().users().grantToAllUsers(realm1, role1);
commit();
realm1 = realmManager.getRealmByName("realm1");
role1 = realm1.getRole("role1");
user1 = realmManager.getSession().users().getUserByUsername("user1", realm1);
user2 = realmManager.getSession().users().getUserByUsername("user2", realm1);
Assert.assertTrue(user1.hasRole(role1));
Assert.assertTrue(user2.hasRole(role1));
realm2 = realmManager.getRealmByName("realm2");
realm2User1 = realmManager.getSession().users().getUserByUsername("user1", realm2);
Assert.assertFalse(realm2User1.hasRole(role1));
}
public static void assertEquals(UserModel expected, UserModel actual) { public static void assertEquals(UserModel expected, UserModel actual) {
Assert.assertEquals(expected.getUsername(), actual.getUsername()); Assert.assertEquals(expected.getUsername(), actual.getUsername());
Assert.assertEquals(expected.getCreatedTimestamp(), actual.getCreatedTimestamp()); Assert.assertEquals(expected.getCreatedTimestamp(), actual.getCreatedTimestamp());