KEYCLOAK-2005 Fixed migration to take less time. Added UserProvider.grantToAllUsers
This commit is contained in:
parent
44f56e1d74
commit
f8f4de9389
9 changed files with 76 additions and 6 deletions
|
@ -63,10 +63,8 @@ public class MigrateTo1_6_0 {
|
||||||
KeycloakModelUtils.setupOfflineTokens(realm);
|
KeycloakModelUtils.setupOfflineTokens(realm);
|
||||||
RoleModel role = realm.getRole(Constants.OFFLINE_ACCESS_ROLE);
|
RoleModel role = realm.getRole(Constants.OFFLINE_ACCESS_ROLE);
|
||||||
|
|
||||||
// Check if possible to avoid iterating over users
|
// Bulk grant of offline_access role to all users
|
||||||
for (UserModel user : session.userStorage().getUsers(realm, true)) {
|
session.users().grantToAllUsers(realm, role);
|
||||||
user.grantRole(role);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
ClientModel adminConsoleClient = realm.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID);
|
ClientModel adminConsoleClient = realm.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID);
|
||||||
|
|
|
@ -333,6 +333,12 @@ public class UserFederationManager implements UserProvider {
|
||||||
return session.userStorage().getFederatedIdentity(user, socialProvider, realm);
|
return session.userStorage().getFederatedIdentity(user, socialProvider, realm);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void grantToAllUsers(RealmModel realm, RoleModel role) {
|
||||||
|
// not federation-aware for now
|
||||||
|
session.userStorage().grantToAllUsers(realm, role);
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void preRemove(RealmModel realm) {
|
public void preRemove(RealmModel realm) {
|
||||||
for (UserFederationProviderModel federation : realm.getUserFederationProviders()) {
|
for (UserFederationProviderModel federation : realm.getUserFederationProviders()) {
|
||||||
|
|
|
@ -43,6 +43,8 @@ public interface UserProvider extends Provider {
|
||||||
Set<FederatedIdentityModel> getFederatedIdentities(UserModel user, RealmModel realm);
|
Set<FederatedIdentityModel> getFederatedIdentities(UserModel user, RealmModel realm);
|
||||||
FederatedIdentityModel getFederatedIdentity(UserModel user, String socialProvider, RealmModel realm);
|
FederatedIdentityModel getFederatedIdentity(UserModel user, String socialProvider, RealmModel realm);
|
||||||
|
|
||||||
|
void grantToAllUsers(RealmModel realm, RoleModel role);
|
||||||
|
|
||||||
void preRemove(RealmModel realm);
|
void preRemove(RealmModel realm);
|
||||||
|
|
||||||
void preRemove(RealmModel realm, UserFederationProviderModel link);
|
void preRemove(RealmModel realm, UserFederationProviderModel link);
|
||||||
|
|
|
@ -422,6 +422,13 @@ public class FileUserProvider implements UserProvider {
|
||||||
return this.addUser(realm, KeycloakModelUtils.generateId(), username.toLowerCase(), true, true);
|
return this.addUser(realm, KeycloakModelUtils.generateId(), username.toLowerCase(), true, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void grantToAllUsers(RealmModel realm, RoleModel role) {
|
||||||
|
for (UserModel user : inMemoryModel.getUsers(realm.getId())) {
|
||||||
|
user.grantRole(role);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void preRemove(RealmModel realm) {
|
public void preRemove(RealmModel realm) {
|
||||||
// Nothing to do here? Federation links are attached to users, which are removed by InMemoryModel
|
// Nothing to do here? Federation links are attached to users, which are removed by InMemoryModel
|
||||||
|
|
|
@ -303,6 +303,12 @@ public class DefaultCacheUserProvider implements CacheUserProvider {
|
||||||
return getDelegate().validCredentials(realm, input);
|
return getDelegate().validCredentials(realm, input);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void grantToAllUsers(RealmModel realm, RoleModel role) {
|
||||||
|
realmInvalidations.add(realm.getId()); // easier to just invalidate whole realm
|
||||||
|
getDelegate().grantToAllUsers(realm, role);
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void preRemove(RealmModel realm) {
|
public void preRemove(RealmModel realm) {
|
||||||
realmInvalidations.add(realm.getId());
|
realmInvalidations.add(realm.getId());
|
||||||
|
|
|
@ -147,7 +147,13 @@ public class JpaUserProvider implements UserProvider {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void grantToAllUsers(RealmModel realm, RoleModel role) {
|
||||||
|
int num = em.createNamedQuery("grantRoleToAllUsers")
|
||||||
|
.setParameter("realmId", realm.getId())
|
||||||
|
.setParameter("roleId", role.getId())
|
||||||
|
.executeUpdate();
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void preRemove(RealmModel realm) {
|
public void preRemove(RealmModel realm) {
|
||||||
|
|
|
@ -23,7 +23,8 @@ import java.io.Serializable;
|
||||||
@NamedQuery(name="deleteUserRoleMappingsByRealm", query="delete from UserRoleMappingEntity mapping where mapping.user IN (select u from UserEntity u where u.realmId=:realmId)"),
|
@NamedQuery(name="deleteUserRoleMappingsByRealm", query="delete from UserRoleMappingEntity mapping where mapping.user IN (select u from UserEntity u where u.realmId=:realmId)"),
|
||||||
@NamedQuery(name="deleteUserRoleMappingsByRealmAndLink", query="delete from UserRoleMappingEntity mapping where mapping.user IN (select u from UserEntity u where u.realmId=:realmId and u.federationLink=:link)"),
|
@NamedQuery(name="deleteUserRoleMappingsByRealmAndLink", query="delete from UserRoleMappingEntity mapping where mapping.user IN (select u from UserEntity u where u.realmId=:realmId and u.federationLink=:link)"),
|
||||||
@NamedQuery(name="deleteUserRoleMappingsByRole", query="delete from UserRoleMappingEntity m where m.roleId = :roleId"),
|
@NamedQuery(name="deleteUserRoleMappingsByRole", query="delete from UserRoleMappingEntity m where m.roleId = :roleId"),
|
||||||
@NamedQuery(name="deleteUserRoleMappingsByUser", query="delete from UserRoleMappingEntity m where m.user = :user")
|
@NamedQuery(name="deleteUserRoleMappingsByUser", query="delete from UserRoleMappingEntity m where m.user = :user"),
|
||||||
|
@NamedQuery(name="grantRoleToAllUsers", query="insert into UserRoleMappingEntity (roleId, user) select role.id, user from RoleEntity role, UserEntity user where role.id = :roleId AND role.realm.id = :realmId AND user.realmId = :realmId")
|
||||||
|
|
||||||
})
|
})
|
||||||
@Table(name="USER_ROLE_MAPPING")
|
@Table(name="USER_ROLE_MAPPING")
|
||||||
|
|
|
@ -368,6 +368,19 @@ public class MongoUserProvider implements UserProvider {
|
||||||
return this.addUser(realm, null, username, true, true);
|
return this.addUser(realm, null, username, true, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void grantToAllUsers(RealmModel realm, RoleModel role) {
|
||||||
|
DBObject query = new QueryBuilder()
|
||||||
|
.and("realmId").is(realm.getId())
|
||||||
|
.get();
|
||||||
|
|
||||||
|
DBObject update = new QueryBuilder()
|
||||||
|
.and("$push").is(new BasicDBObject("roleIds", role.getId()))
|
||||||
|
.get();
|
||||||
|
|
||||||
|
int count = getMongoStore().updateEntities(MongoUserEntity.class, query, update, invocationContext);
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void preRemove(RealmModel realm) {
|
public void preRemove(RealmModel realm) {
|
||||||
DBObject query = new QueryBuilder()
|
DBObject query = new QueryBuilder()
|
||||||
|
|
|
@ -5,6 +5,7 @@ import org.junit.Test;
|
||||||
import org.keycloak.models.ClientModel;
|
import org.keycloak.models.ClientModel;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
|
import org.keycloak.models.RoleModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.models.UserModel.RequiredAction;
|
import org.keycloak.models.UserModel.RequiredAction;
|
||||||
import org.keycloak.services.managers.ClientManager;
|
import org.keycloak.services.managers.ClientManager;
|
||||||
|
@ -283,6 +284,36 @@ public class UserModelTest extends AbstractModelTest {
|
||||||
Assert.assertNull(session.users().getUserByUsername("user1", realm));
|
Assert.assertNull(session.users().getUserByUsername("user1", realm));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testGrantToAll() {
|
||||||
|
RealmModel realm1 = realmManager.createRealm("realm1");
|
||||||
|
RoleModel role1 = realm1.addRole("role1");
|
||||||
|
UserModel user1 = realmManager.getSession().users().addUser(realm1, "user1");
|
||||||
|
UserModel user2 = realmManager.getSession().users().addUser(realm1, "user2");
|
||||||
|
|
||||||
|
RealmModel realm2 = realmManager.createRealm("realm2");
|
||||||
|
UserModel realm2User1 = realmManager.getSession().users().addUser(realm2, "user1");
|
||||||
|
|
||||||
|
commit();
|
||||||
|
|
||||||
|
realm1 = realmManager.getRealmByName("realm1");
|
||||||
|
role1 = realm1.getRole("role1");
|
||||||
|
realmManager.getSession().users().grantToAllUsers(realm1, role1);
|
||||||
|
|
||||||
|
commit();
|
||||||
|
|
||||||
|
realm1 = realmManager.getRealmByName("realm1");
|
||||||
|
role1 = realm1.getRole("role1");
|
||||||
|
user1 = realmManager.getSession().users().getUserByUsername("user1", realm1);
|
||||||
|
user2 = realmManager.getSession().users().getUserByUsername("user2", realm1);
|
||||||
|
Assert.assertTrue(user1.hasRole(role1));
|
||||||
|
Assert.assertTrue(user2.hasRole(role1));
|
||||||
|
|
||||||
|
realm2 = realmManager.getRealmByName("realm2");
|
||||||
|
realm2User1 = realmManager.getSession().users().getUserByUsername("user1", realm2);
|
||||||
|
Assert.assertFalse(realm2User1.hasRole(role1));
|
||||||
|
}
|
||||||
|
|
||||||
public static void assertEquals(UserModel expected, UserModel actual) {
|
public static void assertEquals(UserModel expected, UserModel actual) {
|
||||||
Assert.assertEquals(expected.getUsername(), actual.getUsername());
|
Assert.assertEquals(expected.getUsername(), actual.getUsername());
|
||||||
Assert.assertEquals(expected.getCreatedTimestamp(), actual.getCreatedTimestamp());
|
Assert.assertEquals(expected.getCreatedTimestamp(), actual.getCreatedTimestamp());
|
||||||
|
|
Loading…
Reference in a new issue