From fe8395bff755416e4a357b8c7358554ffb95394c Mon Sep 17 00:00:00 2001 From: mposolda Date: Fri, 20 Mar 2015 16:10:01 +0100 Subject: [PATCH] Fix databases, mongo, infinispan and active directory --- ...ltInfinispanConnectionProviderFactory.java | 3 + .../META-INF/jpa-changelog-1.2.0.Beta1.xml | 78 ++++++++++++++----- .../impl/updates/Update1_2_0_Beta1.java | 3 + .../ClientIdentityProviderMappingEntity.java | 2 +- .../jpa/entities/IdentityProviderEntity.java | 4 +- .../models/jpa/entities/RealmEntity.java | 2 +- .../keycloak/entities/MongoRoleEntity.java | 4 +- .../picketlink/idm/KeycloakEventBridge.java | 7 +- .../broker/AbstractIdentityProviderTest.java | 20 ++++- .../OIDCKeyCloakServerBrokerBasicTest.java | 5 ++ .../SAMLKeyCloakServerBrokerBasicTest.java | 5 ++ ...KeyCloakServerBrokerWithSignatureTest.java | 5 ++ .../model/UserSessionProviderTest.java | 15 ++++ 13 files changed, 121 insertions(+), 32 deletions(-) diff --git a/connections/infinispan/src/main/java/org/keycloak/connections/infinispan/DefaultInfinispanConnectionProviderFactory.java b/connections/infinispan/src/main/java/org/keycloak/connections/infinispan/DefaultInfinispanConnectionProviderFactory.java index 6f1d632f18..58962dc5c3 100755 --- a/connections/infinispan/src/main/java/org/keycloak/connections/infinispan/DefaultInfinispanConnectionProviderFactory.java +++ b/connections/infinispan/src/main/java/org/keycloak/connections/infinispan/DefaultInfinispanConnectionProviderFactory.java @@ -87,10 +87,13 @@ public class DefaultInfinispanConnectionProviderFactory implements InfinispanCon boolean clustered = config.getBoolean("clustered", false); boolean async = config.getBoolean("async", true); + boolean allowDuplicateJMXDomains = config.getBoolean("allowDuplicateJMXDomains", true); if (clustered) { gcb.transport().defaultTransport(); } + gcb.globalJmxStatistics().allowDuplicateDomains(allowDuplicateJMXDomains); + cacheManager = new DefaultCacheManager(gcb.build()); containerManaged = false; diff --git a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.2.0.Beta1.xml b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.2.0.Beta1.xml index 27eb99f8f9..abdff0bc3b 100755 --- a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.2.0.Beta1.xml +++ b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.2.0.Beta1.xml @@ -1,6 +1,11 @@ + + + + + @@ -14,8 +19,12 @@ - - + + + + + + @@ -46,12 +55,20 @@ - + + + - - - + + + + + + + + + @@ -63,14 +80,16 @@ - + - + + + @@ -78,30 +97,49 @@ + + + + + + + + + - + + + + + + - - - - - - - + + + + + + + + + - - + - + + + - + + + diff --git a/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_2_0_Beta1.java b/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_2_0_Beta1.java index 13a79a32a7..5dcb1e755e 100644 --- a/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_2_0_Beta1.java +++ b/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_2_0_Beta1.java @@ -33,6 +33,9 @@ public class Update1_2_0_Beta1 extends Update { @Override public void update(KeycloakSession session) { + deleteEntries("clientSessions"); + deleteEntries("sessions"); + convertSocialToIdFedRealms(); convertSocialToIdFedUsers(); addAccessCodeLoginTimeout(); diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ClientIdentityProviderMappingEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ClientIdentityProviderMappingEntity.java index e760b3c32c..2fd87ae241 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ClientIdentityProviderMappingEntity.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ClientIdentityProviderMappingEntity.java @@ -13,7 +13,7 @@ import java.io.Serializable; /** * @author pedroigor */ -@Table(name="CLIENT_IDENTITY_PROVIDER_MAPPING") +@Table(name="CLIENT_IDENTITY_PROV_MAPPING") @Entity @IdClass(ClientIdentityProviderMappingEntity.Key.class) public class ClientIdentityProviderMappingEntity { diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/IdentityProviderEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/IdentityProviderEntity.java index d2e159a6e8..00671fb32f 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/IdentityProviderEntity.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/IdentityProviderEntity.java @@ -51,8 +51,8 @@ public class IdentityProviderEntity { private boolean authenticateByDefault; @ElementCollection - @MapKeyColumn(name="name") - @Column(name="value", columnDefinition = "TEXT") + @MapKeyColumn(name="NAME") + @Column(name="VALUE", columnDefinition = "TEXT") @CollectionTable(name="IDENTITY_PROVIDER_CONFIG", joinColumns={ @JoinColumn(name="IDENTITY_PROVIDER_ID") }) private Map config; diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java index 563791eaa0..81d21d5363 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java @@ -47,7 +47,7 @@ public class RealmEntity { protected String sslRequired; @Column(name="REGISTRATION_ALLOWED") protected boolean registrationAllowed; - @Column(name = "REGISTRATION_EMAIL_AS_USERNAME") + @Column(name = "REG_EMAIL_AS_USERNAME") protected boolean registrationEmailAsUsername; @Column(name="PASSWORD_CRED_GRANT_ALLOWED") protected boolean passwordCredentialGrantAllowed; diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/MongoRoleEntity.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/MongoRoleEntity.java index 1de58a88d7..4b4e80f861 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/MongoRoleEntity.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/entities/MongoRoleEntity.java @@ -69,7 +69,7 @@ public class MongoRoleEntity extends RoleEntity implements MongoIdentifiableEnti // Realm might be already removed at this point if (realmEntity != null) { - mongoStore.pullItemFromList(realmEntity, "defaultRoles", getId(), invContext); + mongoStore.pullItemFromList(realmEntity, "defaultRoles", getName(), invContext); } } @@ -79,7 +79,7 @@ public class MongoRoleEntity extends RoleEntity implements MongoIdentifiableEnti // Application might be already removed at this point if (appEntity != null) { - mongoStore.pullItemFromList(appEntity, "defaultRoles", getId(), invContext); + mongoStore.pullItemFromList(appEntity, "defaultRoles", getName(), invContext); } } diff --git a/picketlink/keycloak-picketlink-ldap/src/main/java/org/keycloak/picketlink/idm/KeycloakEventBridge.java b/picketlink/keycloak-picketlink-ldap/src/main/java/org/keycloak/picketlink/idm/KeycloakEventBridge.java index 3e8be5a505..1fd7f159d8 100755 --- a/picketlink/keycloak-picketlink-ldap/src/main/java/org/keycloak/picketlink/idm/KeycloakEventBridge.java +++ b/picketlink/keycloak-picketlink-ldap/src/main/java/org/keycloak/picketlink/idm/KeycloakEventBridge.java @@ -1,9 +1,11 @@ package org.keycloak.picketlink.idm; import org.jboss.logging.Logger; +import org.picketlink.idm.IdentityManager; import org.picketlink.idm.PartitionManager; import org.picketlink.idm.event.CredentialUpdatedEvent; import org.picketlink.idm.event.EventBridge; +import org.picketlink.idm.internal.ContextualIdentityManager; import org.picketlink.idm.ldap.internal.LDAPIdentityStore; import org.picketlink.idm.ldap.internal.LDAPOperationManager; import org.picketlink.idm.model.basic.User; @@ -37,9 +39,10 @@ public class KeycloakEventBridge implements EventBridge { if (updateUserAccountAfterPasswordUpdate && event instanceof CredentialUpdatedEvent) { CredentialUpdatedEvent credEvent = ((CredentialUpdatedEvent) event); PartitionManager partitionManager = credEvent.getPartitionMananger(); - IdentityContext identityCtx = (IdentityContext)partitionManager.createIdentityManager(); + ContextualIdentityManager identityManager = (ContextualIdentityManager) partitionManager.createIdentityManager(); + IdentityContext identityCtx = identityManager.getIdentityContext(); - CredentialStore store = ((StoreSelector)partitionManager).getStoreForCredentialOperation(identityCtx, credEvent.getCredential().getClass()); + CredentialStore store = identityManager.getStoreSelector().getStoreForCredentialOperation(identityCtx, credEvent.getCredential().getClass()); if (store instanceof LDAPIdentityStore) { LDAPIdentityStore ldapStore = (LDAPIdentityStore)store; LDAPOperationManager operationManager = ldapStore.getOperationManager(); diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java index 2630878d2f..e6dbfcd7a5 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java @@ -176,6 +176,9 @@ public abstract class AbstractIdentityProviderTest { // authenticated and redirected to app assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/test-app")); + brokerServerRule.stopSession(session, true); + session = brokerServerRule.startSession(); + // check correct user is created with email as username and bound to correct federated identity RealmModel realm = getRealm(); @@ -218,6 +221,9 @@ public abstract class AbstractIdentityProviderTest { authenticateWithIdentityProvider(identityProviderModel, "test-user-noemail"); + brokerServerRule.stopSession(session, true); + session = brokerServerRule.startSession(); + // check correct user is created with username from provider as email is not available RealmModel realm = getRealm(); UserModel federatedUser = getFederatedUser(); @@ -562,6 +568,9 @@ public abstract class AbstractIdentityProviderTest { doAssertFederatedUser(federatedUser, identityProviderModel, expectedEmail); + brokerServerRule.stopSession(session, true); + session = brokerServerRule.startSession(); + RealmModel realm = getRealm(); Set federatedIdentities = this.session.users().getFederatedIdentities(federatedUser, realm); @@ -610,9 +619,12 @@ public abstract class AbstractIdentityProviderTest { UserSessionStatus userSessionStatus = retrieveSessionStatus(); IDToken idToken = userSessionStatus.getIdToken(); KeycloakSession samlServerSession = brokerServerRule.startSession(); - RealmModel brokerRealm = samlServerSession.realms().getRealm("realm-with-broker"); - - return samlServerSession.users().getUserById(idToken.getSubject(), brokerRealm); + try { + RealmModel brokerRealm = samlServerSession.realms().getRealm("realm-with-broker"); + return samlServerSession.users().getUserById(idToken.getSubject(), brokerRealm); + } finally { + brokerServerRule.stopSession(samlServerSession, false); + } } protected void doAfterProviderAuthentication() { @@ -677,7 +689,7 @@ public abstract class AbstractIdentityProviderTest { this.session.users().removeFederatedIdentity(realm, user, fedIdentity.getIdentityProvider()); } - if (!user.getUsername().equals("pedroigor")) { + if (!"pedroigor".equals(user.getUsername())) { this.session.users().removeUser(realm, user); } } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/OIDCKeyCloakServerBrokerBasicTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/OIDCKeyCloakServerBrokerBasicTest.java index 66e4b7183d..1f318540b8 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/OIDCKeyCloakServerBrokerBasicTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/OIDCKeyCloakServerBrokerBasicTest.java @@ -33,6 +33,11 @@ public class OIDCKeyCloakServerBrokerBasicTest extends AbstractIdentityProviderT protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) { server.importRealm(getClass().getResourceAsStream("/broker-test/test-broker-realm-with-kc-oidc.json")); } + + @Override + protected String[] getTestRealms() { + return new String[] { "realm-with-oidc-identity-provider" }; + } }; @WebResource diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java index 2c57f04f31..4b235eb12e 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java @@ -38,6 +38,11 @@ public class SAMLKeyCloakServerBrokerBasicTest extends AbstractIdentityProviderT protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) { server.importRealm(getClass().getResourceAsStream("/broker-test/test-broker-realm-with-saml.json")); } + + @Override + protected String[] getTestRealms() { + return new String[] { "realm-with-saml-idp-basic" }; + } }; @Override diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java index 124d7f0fba..5c7ac76ae1 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java @@ -37,6 +37,11 @@ public class SAMLKeyCloakServerBrokerWithSignatureTest extends AbstractIdentityP protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) { server.importRealm(getClass().getResourceAsStream("/broker-test/test-broker-realm-with-saml-with-signature.json")); } + + @Override + protected String[] getTestRealms() { + return new String[] { "realm-with-saml-signed-idp" }; + } }; @Override diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserSessionProviderTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserSessionProviderTest.java index 228416d829..2d173aeccb 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserSessionProviderTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserSessionProviderTest.java @@ -302,13 +302,18 @@ public class UserSessionProviderTest { // Login lifespan is largest String clientSessionId = session.sessions().createClientSession(realm, realm.findClient("test-app")).getId(); + resetSession(); Time.setOffset(25); session.sessions().removeExpiredUserSessions(realm); + resetSession(); + assertNotNull(session.sessions().getClientSession(clientSessionId)); Time.setOffset(35); session.sessions().removeExpiredUserSessions(realm); + resetSession(); + assertNull(session.sessions().getClientSession(clientSessionId)); // User action is largest @@ -316,13 +321,18 @@ public class UserSessionProviderTest { Time.setOffset(0); clientSessionId = session.sessions().createClientSession(realm, realm.findClient("test-app")).getId(); + resetSession(); Time.setOffset(35); session.sessions().removeExpiredUserSessions(realm); + resetSession(); + assertNotNull(session.sessions().getClientSession(clientSessionId)); Time.setOffset(45); session.sessions().removeExpiredUserSessions(realm); + resetSession(); + assertNull(session.sessions().getClientSession(clientSessionId)); // Access code is largest @@ -330,13 +340,18 @@ public class UserSessionProviderTest { Time.setOffset(0); clientSessionId = session.sessions().createClientSession(realm, realm.findClient("test-app")).getId(); + resetSession(); Time.setOffset(45); session.sessions().removeExpiredUserSessions(realm); + resetSession(); + assertNotNull(session.sessions().getClientSession(clientSessionId)); Time.setOffset(55); session.sessions().removeExpiredUserSessions(realm); + resetSession(); + assertNull(session.sessions().getClientSession(clientSessionId)); } finally { Time.setOffset(0);