import spi
This commit is contained in:
Bill Burke
parent
db05dc6ee4
commit
fbaa731dfa
4 changed files with 57 additions and 10 deletions
|
|
@ -49,6 +49,7 @@ import org.keycloak.representations.idm.OAuthClientRepresentation;
|
|||
import org.keycloak.representations.idm.RealmEventsConfigRepresentation;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
import org.keycloak.storage.UserStorageProviderModel;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
|
|
@ -491,6 +492,13 @@ public class RealmManager implements RealmImporter {
|
|||
usersSyncManager.notifyToRefreshPeriodicSync(session, realm, fedProvider, false);
|
||||
}
|
||||
|
||||
// Refresh periodic sync tasks for configured storageProviders
|
||||
List<UserStorageProviderModel> storageProviders = realm.getUserStorageProviders();
|
||||
UserStorageSyncManager storageSync = new UserStorageSyncManager();
|
||||
for (UserStorageProviderModel provider : storageProviders) {
|
||||
storageSync.notifyToRefreshPeriodicSync(session, realm, provider, false);
|
||||
}
|
||||
|
||||
setupAuthorizationServices(realm);
|
||||
fireRealmPostCreate(realm);
|
||||
|
||||
|
|
|
|||
|
|
@ -165,6 +165,11 @@ public class UserStorageSyncManager {
|
|||
|
||||
// Ensure all cluster nodes are notified
|
||||
public void notifyToRefreshPeriodicSync(KeycloakSession session, RealmModel realm, UserStorageProviderModel provider, boolean removed) {
|
||||
UserStorageProviderFactory factory = (UserStorageProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(UserStorageProvider.class, provider.getProviderId());
|
||||
if (!(factory instanceof ImportSynchronization) || !provider.isImportEnabled()) {
|
||||
return;
|
||||
|
||||
}
|
||||
UserStorageProviderClusterEvent event = UserStorageProviderClusterEvent.createEvent(removed, realm.getId(), provider);
|
||||
session.getProvider(ClusterProvider.class).notify(USER_STORAGE_TASK_KEY, event);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -44,6 +44,7 @@ import org.keycloak.services.ServicesLogger;
|
|||
import org.keycloak.services.filters.KeycloakTransactionCommitter;
|
||||
import org.keycloak.services.managers.ApplianceBootstrap;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.managers.UserStorageSyncManager;
|
||||
import org.keycloak.services.managers.UsersSyncManager;
|
||||
import org.keycloak.services.resources.admin.AdminRoot;
|
||||
import org.keycloak.services.scheduled.ClearExpiredEvents;
|
||||
|
|
@ -319,6 +320,7 @@ public class KeycloakApplication extends Application {
|
|||
timer.schedule(new ClusterAwareScheduledTaskRunner(sessionFactory, new ClearExpiredEvents(), interval), interval, "ClearExpiredEvents");
|
||||
timer.schedule(new ClusterAwareScheduledTaskRunner(sessionFactory, new ClearExpiredUserSessions(), interval), interval, "ClearExpiredUserSessions");
|
||||
new UsersSyncManager().bootstrapPeriodic(sessionFactory, timer);
|
||||
new UserStorageSyncManager().bootstrapPeriodic(sessionFactory, timer);
|
||||
} finally {
|
||||
session.close();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -38,6 +38,8 @@ import org.keycloak.models.cache.CachedUserModel;
|
|||
import org.keycloak.models.cache.OnUserCache;
|
||||
import org.keycloak.storage.federated.UserFederatedStorageProvider;
|
||||
import org.keycloak.credential.CredentialAuthentication;
|
||||
import org.keycloak.storage.user.ImportSynchronization;
|
||||
import org.keycloak.storage.user.ImportedUserValidation;
|
||||
import org.keycloak.storage.user.UserLookupProvider;
|
||||
import org.keycloak.storage.user.UserQueryProvider;
|
||||
import org.keycloak.storage.user.UserRegistrationProvider;
|
||||
|
|
@ -225,11 +227,31 @@ public class UserStorageManager implements UserProvider, OnUserCache {
|
|||
}
|
||||
}
|
||||
|
||||
protected UserModel importValidation(RealmModel realm, UserModel user) {
|
||||
if (user == null || user.getFederationLink() == null) return user;
|
||||
UserStorageProvider provider = getStorageProvider(session, realm, user.getFederationLink());
|
||||
if (provider != null && provider instanceof ImportedUserValidation) {
|
||||
return ((ImportedUserValidation)provider).validate(realm, user);
|
||||
} else {
|
||||
return user;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
protected List<UserModel> importValidation(RealmModel realm, List<UserModel> users) {
|
||||
List<UserModel> tmp = new LinkedList<>();
|
||||
for (UserModel user : users) {
|
||||
tmp.add(importValidation(realm, user));
|
||||
}
|
||||
return tmp;
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserById(String id, RealmModel realm) {
|
||||
StorageId storageId = new StorageId(id);
|
||||
if (storageId.getProviderId() == null) {
|
||||
return localStorage().getUserById(id, realm);
|
||||
UserModel user = localStorage().getUserById(id, realm);
|
||||
return importValidation(realm, user);
|
||||
}
|
||||
UserLookupProvider provider = (UserLookupProvider)getStorageProvider(session, realm, storageId.getProviderId());
|
||||
return provider.getUserById(id, realm);
|
||||
|
|
@ -243,7 +265,9 @@ public class UserStorageManager implements UserProvider, OnUserCache {
|
|||
@Override
|
||||
public UserModel getUserByUsername(String username, RealmModel realm) {
|
||||
UserModel user = localStorage().getUserByUsername(username, realm);
|
||||
if (user != null) return user;
|
||||
if (user != null) {
|
||||
return importValidation(realm, user);
|
||||
}
|
||||
for (UserLookupProvider provider : getStorageProviders(session, realm, UserLookupProvider.class)) {
|
||||
user = provider.getUserByUsername(username, realm);
|
||||
if (user != null) return user;
|
||||
|
|
@ -257,7 +281,9 @@ public class UserStorageManager implements UserProvider, OnUserCache {
|
|||
if (user != null) return user;
|
||||
for (UserLookupProvider provider : getStorageProviders(session, realm, UserLookupProvider.class)) {
|
||||
user = provider.getUserByEmail(email, realm);
|
||||
if (user != null) return user;
|
||||
if (user != null) {
|
||||
return importValidation(realm, user);
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
|
@ -266,7 +292,7 @@ public class UserStorageManager implements UserProvider, OnUserCache {
|
|||
public UserModel getUserByFederatedIdentity(FederatedIdentityModel socialLink, RealmModel realm) {
|
||||
UserModel user = localStorage().getUserByFederatedIdentity(socialLink, realm);
|
||||
if (user != null) {
|
||||
return user;
|
||||
return importValidation(realm, user);
|
||||
}
|
||||
if (getFederatedStorage() == null) return null;
|
||||
String id = getFederatedStorage().getUserByFederatedIdentity(socialLink, realm);
|
||||
|
|
@ -354,7 +380,7 @@ public class UserStorageManager implements UserProvider, OnUserCache {
|
|||
|
||||
@Override
|
||||
public List<UserModel> getUsers(final RealmModel realm, int firstResult, int maxResults, final boolean includeServiceAccounts) {
|
||||
return query((provider, first, max) -> {
|
||||
List<UserModel> results = query((provider, first, max) -> {
|
||||
if (provider instanceof UserProvider) { // it is local storage
|
||||
return ((UserProvider) provider).getUsers(realm, first, max, includeServiceAccounts);
|
||||
} else if (provider instanceof UserQueryProvider) {
|
||||
|
|
@ -364,6 +390,7 @@ public class UserStorageManager implements UserProvider, OnUserCache {
|
|||
return Collections.EMPTY_LIST;
|
||||
}
|
||||
, realm, firstResult, maxResults);
|
||||
return importValidation(realm, results);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -373,23 +400,26 @@ public class UserStorageManager implements UserProvider, OnUserCache {
|
|||
|
||||
@Override
|
||||
public List<UserModel> searchForUser(String search, RealmModel realm, int firstResult, int maxResults) {
|
||||
return query((provider, first, max) -> {
|
||||
List<UserModel> results = query((provider, first, max) -> {
|
||||
if (provider instanceof UserQueryProvider) {
|
||||
return ((UserQueryProvider)provider).searchForUser(search, realm, first, max);
|
||||
|
||||
}
|
||||
return Collections.EMPTY_LIST;
|
||||
}, realm, firstResult, maxResults);
|
||||
return importValidation(realm, results);
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserModel> searchForUser(Map<String, String> attributes, RealmModel realm) {
|
||||
return searchForUser(attributes, realm, 0, Integer.MAX_VALUE - 1);
|
||||
List<UserModel> results = searchForUser(attributes, realm, 0, Integer.MAX_VALUE - 1);
|
||||
return importValidation(realm, results);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserModel> searchForUser(Map<String, String> attributes, RealmModel realm, int firstResult, int maxResults) {
|
||||
return query((provider, first, max) -> {
|
||||
List<UserModel> results = query((provider, first, max) -> {
|
||||
if (provider instanceof UserQueryProvider) {
|
||||
return ((UserQueryProvider)provider).searchForUser(attributes, realm, first, max);
|
||||
|
||||
|
|
@ -397,6 +427,8 @@ public class UserStorageManager implements UserProvider, OnUserCache {
|
|||
return Collections.EMPTY_LIST;
|
||||
}
|
||||
, realm, firstResult, maxResults);
|
||||
return importValidation(realm, results);
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -417,7 +449,7 @@ public class UserStorageManager implements UserProvider, OnUserCache {
|
|||
}
|
||||
return Collections.EMPTY_LIST;
|
||||
}, realm,0, Integer.MAX_VALUE - 1);
|
||||
return results;
|
||||
return importValidation(realm, results);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -472,7 +504,7 @@ public class UserStorageManager implements UserProvider, OnUserCache {
|
|||
}
|
||||
return Collections.EMPTY_LIST;
|
||||
}, realm, firstResult, maxResults);
|
||||
return results;
|
||||
return importValidation(realm, results);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue