libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

userprovider split

Browse source
This commit is contained in:
Bill Burke 2014-07-15 12:11:12 -04:00
parent 8f7efd5b67
commit ff86bdc35f
110 changed files with 1467 additions and 1428 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
audit/email/src/main/java/org/keycloak/audit/email/EmailAuditListener.java Normal file → Executable file
View file

@ -37,7 +37,7 @@ public class EmailAuditListener implements AuditListener {
if (includedEvents.contains(event.getEvent())) {
if (event.getRealmId() != null && event.getUserId() != null) {
RealmModel realm = model.getRealm(event.getRealmId());
UserModel user = realm.getUserById(event.getUserId());
UserModel user = session.users().getUserById(event.getUserId(), realm);
if (user != null && user.getEmail() != null && user.isEmailVerified()) {
try {
emailProvider.setRealm(realm).setUser(user).sendEvent(event);

15
authentication/authentication-model/src/main/java/org/keycloak/authentication/model/AbstractModelAuthenticationProvider.java
View file

@ -3,6 +3,7 @@ package org.keycloak.authentication.model;
import java.util.Map;
import org.jboss.logging.Logger;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
@ -22,17 +23,23 @@ public abstract class AbstractModelAuthenticationProvider implements Authenticat
private static final Logger logger = Logger.getLogger(AbstractModelAuthenticationProvider.class);
protected KeycloakSession keycloakSession;
protected AbstractModelAuthenticationProvider(KeycloakSession keycloakSession) {
this.keycloakSession = keycloakSession;
}
@Override
public AuthUser getUser(RealmModel currentRealm, Map<String, String> config, String username) throws AuthenticationProviderException {
RealmModel realm = getRealm(currentRealm, config);
UserModel user = KeycloakModelUtils.findUserByNameOrEmail(realm, username);
UserModel user = KeycloakModelUtils.findUserByNameOrEmail(keycloakSession, realm, username);
return user == null ? null : createAuthenticatedUserInstance(user);
}
@Override
public String registerUser(RealmModel currentRealm, Map<String, String> config, UserModel user) throws AuthenticationProviderException {
RealmModel realm = getRealm(currentRealm, config);
UserModel newUser = realm.addUser(user.getUsername());
UserModel newUser = keycloakSession.users().addUser(realm, user.getUsername());
newUser.setFirstName(user.getFirstName());
newUser.setLastName(user.getLastName());
newUser.setEmail(user.getEmail());
@ -43,7 +50,7 @@ public abstract class AbstractModelAuthenticationProvider implements Authenticat
@Override
public AuthProviderStatus validatePassword(RealmModel currentRealm, Map<String, String> config, String username, String password) throws AuthenticationProviderException {
RealmModel realm = getRealm(currentRealm, config);
UserModel user = KeycloakModelUtils.findUserByNameOrEmail(realm, username);
UserModel user = KeycloakModelUtils.findUserByNameOrEmail(keycloakSession, realm, username);
boolean result = realm.validatePassword(user, password);
return result ? AuthProviderStatus.SUCCESS : AuthProviderStatus.INVALID_CREDENTIALS;
@ -59,7 +66,7 @@ public abstract class AbstractModelAuthenticationProvider implements Authenticat
throw new AuthenticationProviderException(error);
}
UserModel user = realm.getUser(username);
UserModel user = keycloakSession.users().getUserByUsername(username, realm);
if (user == null) {
logger.warnf("User '%s' doesn't exists. Skip password update", username);
return false;

5
authentication/authentication-model/src/main/java/org/keycloak/authentication/model/ExternalModelAuthenticationProvider.java Normal file → Executable file
View file

@ -17,10 +17,9 @@ import java.util.Map;
*/
public class ExternalModelAuthenticationProvider extends AbstractModelAuthenticationProvider {
private ModelProvider model;
public ExternalModelAuthenticationProvider(KeycloakSession session) {
this.model = session.model();
super(session);
}
@Override
@ -40,7 +39,7 @@ public class ExternalModelAuthenticationProvider extends AbstractModelAuthentica
throw new AuthenticationProviderException("Option '" + AuthProviderConstants.EXTERNAL_REALM_ID + "' not specified in configuration");
}
RealmModel realm = model.getRealm(realmId);
RealmModel realm = keycloakSession.model().getRealm(realmId);
if (realm == null) {
throw new AuthenticationProviderException("Realm with id '" + realmId + "' doesn't exists");
}

5
authentication/authentication-model/src/main/java/org/keycloak/authentication/model/ModelAuthenticationProvider.java Normal file → Executable file
View file

@ -4,6 +4,7 @@ import java.util.Collections;
import java.util.List;
import java.util.Map;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.authentication.AuthProviderConstants;
@ -14,6 +15,10 @@ import org.keycloak.authentication.AuthProviderConstants;
*/
public class ModelAuthenticationProvider extends AbstractModelAuthenticationProvider {
public ModelAuthenticationProvider(KeycloakSession keycloakSession) {
super(keycloakSession);
}
@Override
public String getName() {
return AuthProviderConstants.PROVIDER_NAME_MODEL;

2
authentication/authentication-model/src/main/java/org/keycloak/authentication/model/ModelAuthenticationProviderFactory.java Normal file → Executable file
View file

@ -13,7 +13,7 @@ public class ModelAuthenticationProviderFactory implements AuthenticationProvide
@Override
public AuthenticationProvider create(KeycloakSession session) {
return new ModelAuthenticationProvider();
return new ModelAuthenticationProvider(session);
}
@Override

4
export-import/export-import-impl/src/main/java/org/keycloak/exportimport/ExportImportProviderImpl.java Normal file → Executable file
View file

@ -41,11 +41,11 @@ public class ExportImportProviderImpl implements ExportImportProvider {
if (export) {
ExportWriter exportWriter = getProvider().getExportWriter();
new ModelExporter().exportModel(session.model(), exportWriter);
new ModelExporter().exportModel(session.users(), session.model(), exportWriter);
logger.infof("Export finished successfully");
} else {
ImportReader importReader = getProvider().getImportReader();
new ModelImporter().importModel(session.model(), importReader);
new ModelImporter().importModel(session.users(), session.model(), importReader);
logger.infof("Import finished successfully");
}

11
export-import/export-import-impl/src/main/java/org/keycloak/exportimport/ModelExporter.java
View file

@ -21,6 +21,7 @@ import org.keycloak.models.RoleModel;
import org.keycloak.models.SocialLinkModel;
import org.keycloak.models.UserCredentialValueModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserProvider;
import org.keycloak.models.UsernameLoginFailureModel;
import org.keycloak.models.entities.ApplicationEntity;
import org.keycloak.models.entities.AuthenticationLinkEntity;
@ -44,7 +45,7 @@ public class ModelExporter {
private ExportWriter exportWriter;
private ExportImportPropertiesManager propertiesManager;
public void exportModel(ModelProvider model, ExportWriter exportWriter) {
public void exportModel(UserProvider userProvider, ModelProvider model, ExportWriter exportWriter) {
// Initialize needed objects
this.exportWriter = exportWriter;
this.propertiesManager = new ExportImportPropertiesManager();
@ -54,7 +55,7 @@ public class ModelExporter {
exportApplications(model, "applications.json");
exportOAuthClients(model, "oauthClients.json");
exportRoles(model, "roles.json");
exportUsers(model, "users.json");
exportUsers(userProvider, model, "users.json");
// exportUserFailures(model, "userFailures.json");
this.exportWriter.closeExportWriter();
@ -199,12 +200,12 @@ public class ModelExporter {
}
}
protected void exportUsers(ModelProvider model, String fileName) {
protected void exportUsers(UserProvider userProvider, ModelProvider model, String fileName) {
List<RealmModel> realms = model.getRealms();
List<UserEntity> result = new LinkedList<UserEntity>();
for (RealmModel realm : realms) {
List<UserModel> userModels = realm.getUsers();
List<UserModel> userModels = userProvider.getUsers(realm);
for (UserModel userModel : userModels) {
UserEntity userEntity = new UserEntity();
userEntity.setId(userModel.getId());
@ -225,7 +226,7 @@ public class ModelExporter {
}
// social links
Set<SocialLinkModel> socialLinks = realm.getSocialLinks(userModel);
Set<SocialLinkModel> socialLinks = userProvider.getSocialLinks(userModel, realm);
if (socialLinks != null && !socialLinks.isEmpty()) {
List<SocialLinkEntity> socialLinkEntities = new ArrayList<SocialLinkEntity>();
for (SocialLinkModel socialLink : socialLinks) {

11
export-import/export-import-impl/src/main/java/org/keycloak/exportimport/ModelImporter.java
View file

@ -24,6 +24,7 @@ import org.keycloak.models.RoleModel;
import org.keycloak.models.SocialLinkModel;
import org.keycloak.models.UserCredentialValueModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserProvider;
import org.keycloak.models.UsernameLoginFailureModel;
import org.keycloak.models.entities.ApplicationEntity;
import org.keycloak.models.entities.AuthenticationLinkEntity;
@ -48,7 +49,7 @@ public class ModelImporter {
private ImportReader importReader;
private ExportImportPropertiesManager propertiesManager;
public void importModel(ModelProvider model, ImportReader importReader) {
public void importModel(UserProvider userModel, ModelProvider model, ImportReader importReader) {
// Initialize needed objects
this.importReader = importReader;
this.propertiesManager = new ExportImportPropertiesManager();
@ -62,7 +63,7 @@ public class ModelImporter {
importApplicationsStep2(model, "applications.json");
importOAuthClients(model, "oauthClients.json");
importUsers(model, "users.json");
importUsers(userModel, model, "users.json");
// importUserFailures(model, "userFailures.json");
this.importReader.closeImportReader();
@ -237,11 +238,11 @@ public class ModelImporter {
return null;
}
public void importUsers(ModelProvider model, String fileName) {
public void importUsers(UserProvider userModel, ModelProvider model, String fileName) {
List<UserEntity> users = this.importReader.readEntities(fileName, UserEntity.class);
for (UserEntity userEntity : users) {
RealmModel realm = model.getRealm(userEntity.getRealmId());
UserModel user = realm.addUser(userEntity.getId(), userEntity.getUsername(), false);
UserModel user = userModel.addUser(realm, userEntity.getId(), userEntity.getUsername(), false);
// We need to remove defaultRoles here as realm.addUser is automatically adding them. We may add them later during roles mapping processing
for (RoleModel role : user.getRoleMappings()) {
@ -266,7 +267,7 @@ public class ModelImporter {
SocialLinkModel socialLink = new SocialLinkModel();
this.propertiesManager.setBasicPropertiesToModel(socialLink, socialLinkEntity);
realm.addSocialLink(user, socialLink);
userModel.addSocialLink(realm, user, socialLink);
}
}

6
export-import/export-import-impl/src/test/java/org/keycloak/exportimport/ExportImportTestBase.java Normal file → Executable file
View file

@ -56,7 +56,7 @@ public abstract class ExportImportTestBase {
beginTransaction();
realm = session.model().getRealm("demo");
String wburkeId = realm.getUser("wburke").getId();
String wburkeId = session.users().getUserByUsername("wburke", realm).getId();
String appId = realm.getApplicationByName("Application").getId();
// Commit transaction and close JPA now
@ -75,9 +75,9 @@ public abstract class ExportImportTestBase {
RealmModel importedRealm = session.model().getRealm("demo");
System.out.println("Exported realm: " + realm + ", Imported realm: " + importedRealm);
Assert.assertEquals(wburkeId, importedRealm.getUser("wburke").getId());
Assert.assertEquals(wburkeId, session.users().getUserByUsername("wburke", importedRealm).getId());
Assert.assertEquals(appId, importedRealm.getApplicationByName("Application").getId());
ImportTest.assertDataImportedInRealm(importedRealm);
ImportTest.assertDataImportedInRealm(session, importedRealm);
// Commit and close Mongo
commitTransaction();

2
forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/FreeMarkerAccountProvider.java
View file

@ -124,7 +124,7 @@ public class FreeMarkerAccountProvider implements AccountProvider {
attributes.put("totp", new TotpBean(user, baseUri));
break;
case SOCIAL:
attributes.put("social", new AccountSocialBean(realm, user, uriInfo.getBaseUri()));
attributes.put("social", new AccountSocialBean(session, realm, user, uriInfo.getBaseUri()));
break;
case LOG:
attributes.put("log", new LogBean(events));

7
forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/AccountSocialBean.java
View file

@ -8,6 +8,7 @@ import java.util.Set;
import javax.ws.rs.core.UriBuilder;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.SocialLinkModel;
import org.keycloak.models.UserModel;
@ -22,13 +23,15 @@ public class AccountSocialBean {
private final List<SocialLinkEntry> socialLinks;
private final boolean removeLinkPossible;
private final KeycloakSession session;
public AccountSocialBean(RealmModel realm, UserModel user, URI baseUri) {
public AccountSocialBean(KeycloakSession session, RealmModel realm, UserModel user, URI baseUri) {
this.session = session;
URI accountSocialUpdateUri = Urls.accountSocialUpdate(baseUri, realm.getName());
this.socialLinks = new LinkedList<SocialLinkEntry>();
Map<String, String> socialConfig = realm.getSocialConfig();
Set<SocialLinkModel> userSocialLinks = realm.getSocialLinks(user);
Set<SocialLinkModel> userSocialLinks = session.users().getSocialLinks(user, realm);
int availableLinks = 0;
if (socialConfig != null && !socialConfig.isEmpty()) {

1
model/api/src/main/java/org/keycloak/models/KeycloakSession.java
View file

@ -42,4 +42,5 @@ public interface KeycloakSession {
void close();
UserProvider users();
}

11
model/api/src/main/java/org/keycloak/models/ModelProvider.java
View file

@ -18,17 +18,6 @@ public interface ModelProvider extends Provider {
RealmModel getRealm(String id);
RealmModel getRealmByName(String name);
UserModel getUserById(String id, RealmModel realm);
UserModel getUserByUsername(String username, RealmModel realm);
UserModel getUserByEmail(String email, RealmModel realm);
UserModel getUserBySocialLink(SocialLinkModel socialLink, RealmModel realm);
List<UserModel> getUsers(RealmModel realm);
List<UserModel> searchForUser(String search, RealmModel realm);
List<UserModel> searchForUserByAttributes(Map<String, String> attributes, RealmModel realm);
Set<SocialLinkModel> getSocialLinks(UserModel user, RealmModel realm);
SocialLinkModel getSocialLink(UserModel user, String socialProvider, RealmModel realm);
RoleModel getRoleById(String id, RealmModel realm);
ApplicationModel getApplicationById(String id, RealmModel realm);
OAuthClientModel getOAuthClientById(String id, RealmModel realm);

28
model/api/src/main/java/org/keycloak/models/RealmModel.java
View file

@ -110,18 +110,6 @@ public interface RealmModel extends RoleContainerModel {
boolean validateTOTP(UserModel user, String password, String token);
UserModel getUser(String name);
UserModel getUserByEmail(String email);
UserModel getUserById(String name);
UserModel addUser(String id, String username, boolean addDefaultRoles);
UserModel addUser(String username);
boolean removeUser(String name);
RoleModel getRoleById(String id);
List<String> getDefaultRoles();
@ -147,16 +135,6 @@ public interface RealmModel extends RoleContainerModel {
void updateRequiredCredentials(Set<String> creds);
UserModel getUserBySocialLink(SocialLinkModel socialLink);
Set<SocialLinkModel> getSocialLinks(UserModel user);
SocialLinkModel getSocialLink(UserModel user, String socialProvider);
void addSocialLink(UserModel user, SocialLinkModel socialLink);
boolean removeSocialLink(UserModel user, String socialProvider);
boolean isSocial();
void setSocial(boolean social);
@ -165,12 +143,6 @@ public interface RealmModel extends RoleContainerModel {
void setUpdateProfileOnInitialSocialLogin(boolean updateProfileOnInitialSocialLogin);
List<UserModel> getUsers();
List<UserModel> searchForUser(String search);
List<UserModel> searchForUserByAttributes(Map<String, String> attributes);
OAuthClientModel addOAuthClient(String name);
OAuthClientModel addOAuthClient(String id, String name);

5
model/api/src/main/java/org/keycloak/models/UserProvider.java
View file

@ -13,12 +13,13 @@ import java.util.Set;
public interface UserProvider extends Provider {
// Note: The reason there are so many query methods here is for layering a cache on top of an persistent KeycloakSession
KeycloakTransaction getTransaction();
UserModel addUser(RealmModel realm, String id, String username, boolean addDefaultRoles);
UserModel addUser(RealmModel realm, String username);
boolean removeUser(RealmModel realm, String name);
public void addSocialLink(RealmModel realm, UserModel user, SocialLinkModel socialLink);
public boolean removeSocialLink(RealmModel realm, UserModel user, String socialProvider);
UserModel getUserById(String id, RealmModel realm);
UserModel getUserByUsername(String username, RealmModel realm);
UserModel getUserByEmail(String email, RealmModel realm);

27
model/api/src/main/java/org/keycloak/models/UserSpi.java Executable file
View file

@ -0,0 +1,27 @@
package org.keycloak.models;
import org.keycloak.provider.Provider;
import org.keycloak.provider.ProviderFactory;
import org.keycloak.provider.Spi;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class UserSpi implements Spi {
@Override
public String getName() {
return "user";
}
@Override
public Class<? extends Provider> getProviderClass() {
return UserProvider.class;
}
@Override
public Class<? extends ProviderFactory> getProviderFactoryClass() {
return UserProviderFactory.class;
}
}

7
model/api/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java Normal file → Executable file
View file

@ -10,6 +10,7 @@ import java.util.UUID;
import java.util.concurrent.atomic.AtomicLong;
import org.bouncycastle.openssl.PEMWriter;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
@ -92,10 +93,10 @@ public final class KeycloakModelUtils {
* @param username username or email of user
* @return found user
*/
public static UserModel findUserByNameOrEmail(RealmModel realm, String username) {
UserModel user = realm.getUser(username);
public static UserModel findUserByNameOrEmail(KeycloakSession session, RealmModel realm, String username) {
UserModel user = session.users().getUserByUsername(username, realm);
if (user == null && username.contains("@")) {
user = realm.getUserByEmail(username);
user = session.users().getUserByEmail(username, realm);
}
return user;
}

1
model/api/src/main/resources/META-INF/services/org.keycloak.provider.Spi Normal file → Executable file
View file

@ -1,2 +1,3 @@
org.keycloak.models.ModelSpi
org.keycloak.models.UserSessionSpi
org.keycloak.models.UserSpi

2
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/ApplicationAdapter.java vendored
View file

@ -19,7 +19,7 @@ public class ApplicationAdapter extends ClientAdapter implements ApplicationMode
protected ApplicationModel updated;
protected CachedApplication cached;
public ApplicationAdapter(RealmModel cachedRealm, CachedApplication cached, CacheModelProvider cacheSession, KeycloakCache cache) {
public ApplicationAdapter(RealmModel cachedRealm, CachedApplication cached, CacheModelProvider cacheSession, RealmCache cache) {
super(cachedRealm, cached, cache, cacheSession);
this.cached = cached;
}

15
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheUserProvider.java vendored Executable file
View file

@ -0,0 +1,15 @@
package org.keycloak.models.cache;
import org.keycloak.models.ModelProvider;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserProvider;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface CacheUserProvider extends UserProvider {
UserProvider getDelegate();
void registerUserInvalidation(RealmModel realm, String id);
}

11
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheUserProviderFactory.java vendored Executable file
View file

@ -0,0 +1,11 @@
package org.keycloak.models.cache;
import org.keycloak.provider.ProviderFactory;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface CacheUserProviderFactory extends ProviderFactory<CacheUserProvider> {
}

27
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheUserProviderSpi.java vendored Executable file
View file

@ -0,0 +1,27 @@
package org.keycloak.models.cache;
import org.keycloak.provider.Provider;
import org.keycloak.provider.ProviderFactory;
import org.keycloak.provider.Spi;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class CacheUserProviderSpi implements Spi {
@Override
public String getName() {
return "userCache";
}
@Override
public Class<? extends Provider> getProviderClass() {
return CacheUserProvider.class;
}
@Override
public Class<? extends ProviderFactory> getProviderFactoryClass() {
return CacheUserProviderFactory.class;
}
}

5
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/ClientAdapter.java vendored
View file

@ -4,7 +4,6 @@ import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.cache.entities.CachedClient;
import java.util.HashSet;
@ -19,9 +18,9 @@ public abstract class ClientAdapter implements ClientModel {
protected CacheModelProvider cacheSession;
protected ClientModel updatedClient;
protected RealmModel cachedRealm;
protected KeycloakCache cache;
protected RealmCache cache;
public ClientAdapter(RealmModel cachedRealm, CachedClient cached, KeycloakCache cache, CacheModelProvider cacheSession) {
public ClientAdapter(RealmModel cachedRealm, CachedClient cached, RealmCache cache, CacheModelProvider cacheSession) {
this.cachedRealm = cachedRealm;
this.cache = cache;
this.cacheSession = cacheSession;

98
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/DefaultCacheModelProvider.java vendored
View file

@ -1,7 +1,6 @@
package org.keycloak.models.cache;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakTransaction;
import org.keycloak.models.ModelProvider;
@ -10,8 +9,6 @@ import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.SocialLinkModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.UsernameLoginFailureModel;
import org.keycloak.models.cache.entities.CachedApplication;
import org.keycloak.models.cache.entities.CachedApplicationRole;
import org.keycloak.models.cache.entities.CachedOAuthClient;
@ -31,7 +28,7 @@ import java.util.Set;
* @version $Revision: 1 $
*/
public class DefaultCacheModelProvider implements CacheModelProvider {
protected KeycloakCache cache;
protected RealmCache cache;
protected KeycloakSession session;
protected ModelProvider delegate;
protected boolean transactionActive;
@ -50,7 +47,7 @@ public class DefaultCacheModelProvider implements CacheModelProvider {
protected boolean clearAll;
public DefaultCacheModelProvider(KeycloakCache cache, KeycloakSession session) {
public DefaultCacheModelProvider(RealmCache cache, KeycloakSession session) {
this.cache = cache;
this.session = session;
@ -103,10 +100,6 @@ public class DefaultCacheModelProvider implements CacheModelProvider {
for (String id : clientInvalidations) {
cache.invalidateCachedOAuthClientById(id);
}
for (String id : userInvalidations) {
cache.invalidateCachedUserById(id);
}
}
private KeycloakTransaction getTransaction() {
@ -200,63 +193,6 @@ public class DefaultCacheModelProvider implements CacheModelProvider {
return adapter;
}
@Override
public UserModel getUserById(String id, RealmModel realm) {
CachedUser cached = cache.getCachedUser(id);
if (cached == null) {
UserModel model = getDelegate().getUserById(id, realm);
if (model == null) return null;
if (userInvalidations.contains(id)) return model;
cached = new CachedUser(realm, model);
cache.addCachedUser(cached);
} else if (userInvalidations.contains(id)) {
return getDelegate().getUserById(id, realm);
} else if (managedUsers.containsKey(id)) {
return managedUsers.get(id);
}
UserAdapter adapter = new UserAdapter(cached, cache, this, realm);
managedUsers.put(id, adapter);
return adapter;
}
@Override
public UserModel getUserByUsername(String username, RealmModel realm) {
CachedUser cached = cache.getCachedUserByUsername(username, realm);
if (cached == null) {
UserModel model = getDelegate().getUserByUsername(username, realm);
if (model == null) return null;
if (userInvalidations.contains(model.getId())) return model;
cached = new CachedUser(realm, model);
cache.addCachedUser(cached);
} else if (userInvalidations.contains(cached.getId())) {
return getDelegate().getUserById(cached.getId(), realm);
} else if (managedUsers.containsKey(cached.getId())) {
return managedUsers.get(cached.getId());
}
UserAdapter adapter = new UserAdapter(cached, cache, this, realm);
managedUsers.put(cached.getId(), adapter);
return adapter;
}
@Override
public UserModel getUserByEmail(String email, RealmModel realm) {
CachedUser cached = cache.getCachedUserByEmail(email, realm);
if (cached == null) {
UserModel model = getDelegate().getUserByEmail(email, realm);
if (model == null) return null;
if (userInvalidations.contains(model.getId())) return model;
cached = new CachedUser(realm, model);
cache.addCachedUser(cached);
} else if (userInvalidations.contains(cached.getId())) {
return getDelegate().getUserByEmail(email, realm);
} else if (managedUsers.containsKey(cached.getId())) {
return managedUsers.get(cached.getId());
}
UserAdapter adapter = new UserAdapter(cached, cache, this, realm);
managedUsers.put(cached.getId(), adapter);
return adapter;
}
@Override
public List<RealmModel> getRealms() {
// we don't cache this for now
@ -277,36 +213,6 @@ public class DefaultCacheModelProvider implements CacheModelProvider {
if (delegate != null) delegate.close();
}
@Override
public UserModel getUserBySocialLink(SocialLinkModel socialLink, RealmModel realm) {
return getDelegate().getUserBySocialLink(socialLink, realm);
}
@Override
public List<UserModel> getUsers(RealmModel realm) {
return getDelegate().getUsers(realm);
}
@Override
public List<UserModel> searchForUser(String search, RealmModel realm) {
return getDelegate().searchForUser(search, realm);
}
@Override
public List<UserModel> searchForUserByAttributes(Map<String, String> attributes, RealmModel realm) {
return getDelegate().searchForUserByAttributes(attributes, realm);
}
@Override
public Set<SocialLinkModel> getSocialLinks(UserModel user, RealmModel realm) {
return getDelegate().getSocialLinks(user, realm);
}
@Override
public SocialLinkModel getSocialLink(UserModel user, String socialProvider, RealmModel realm) {
return getDelegate().getSocialLink(user, socialProvider, realm);
}
@Override
public RoleModel getRoleById(String id, RealmModel realm) {
CachedRole cached = cache.getRole(id);

241
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/DefaultCacheUserProvider.java vendored Executable file
View file

@ -0,0 +1,241 @@
package org.keycloak.models.cache;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakTransaction;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.SocialLinkModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserProvider;
import org.keycloak.models.cache.entities.CachedUser;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class DefaultCacheUserProvider implements CacheUserProvider {
protected UserCache cache;
protected KeycloakSession session;
protected UserProvider delegate;
protected boolean transactionActive;
protected boolean setRollbackOnly;
protected Map<String, String> userInvalidations = new HashMap<String, String>();
protected Set<String> realmInvalidations = new HashSet<String>();
protected Map<String, UserModel> managedUsers = new HashMap<String, UserModel>();
protected boolean clearAll;
public DefaultCacheUserProvider(UserCache cache, KeycloakSession session) {
this.cache = cache;
this.session = session;
session.getTransaction().enlistAfterCompletion(getTransaction());
}
@Override
public UserProvider getDelegate() {
if (!transactionActive) throw new IllegalStateException("Cannot access delegate without a transaction");
if (delegate != null) return delegate;
delegate = session.getProvider(UserProvider.class);
return delegate;
}
@Override
public void registerUserInvalidation(RealmModel realm, String id) {
userInvalidations.put(id, realm.getId());
}
protected void runInvalidations() {
for (Map.Entry<String, String> invalidation : userInvalidations.entrySet()) {
cache.invalidateCachedUserById(invalidation.getValue(), invalidation.getKey());
}
for (String realmId : realmInvalidations) {
cache.invalidateRealmUsers(realmId);
}
}
private KeycloakTransaction getTransaction() {
return new KeycloakTransaction() {
@Override
public void begin() {
transactionActive = true;
}
@Override
public void commit() {
if (delegate == null) return;
if (clearAll) {
cache.clear();
}
runInvalidations();
}
@Override
public void rollback() {
setRollbackOnly = true;
runInvalidations();
}
@Override
public void setRollbackOnly() {
setRollbackOnly = true;
}
@Override
public boolean getRollbackOnly() {
return setRollbackOnly;
}
@Override
public boolean isActive() {
return transactionActive;
}
};
}
@Override
public UserModel getUserById(String id, RealmModel realm) {
if (realmInvalidations.contains(realm.getId())) {
return getDelegate().getUserById(id, realm);
}
if (userInvalidations.containsKey(id)) {
return getDelegate().getUserById(id, realm);
}
CachedUser cached = cache.getCachedUser(realm.getId(), id);
if (cached == null) {
UserModel model = getDelegate().getUserById(id, realm);
if (model == null) return null;
if (userInvalidations.containsKey(id)) return model;
cached = new CachedUser(realm, model);
cache.addCachedUser(realm.getId(), cached);
} else if (managedUsers.containsKey(id)) {
return managedUsers.get(id);
}
UserAdapter adapter = new UserAdapter(cached, this, session, realm);
managedUsers.put(id, adapter);
return adapter;
}
@Override
public UserModel getUserByUsername(String username, RealmModel realm) {
if (realmInvalidations.contains(realm.getId())) {
return getDelegate().getUserByUsername(username, realm);
}
CachedUser cached = cache.getCachedUserByUsername(realm.getId(), username);
if (cached == null) {
UserModel model = getDelegate().getUserByUsername(username, realm);
if (model == null) return null;
if (userInvalidations.containsKey(model.getId())) return model;
cached = new CachedUser(realm, model);
cache.addCachedUser(realm.getId(), cached);
} else if (userInvalidations.containsKey(cached.getId())) {
return getDelegate().getUserById(cached.getId(), realm);
} else if (managedUsers.containsKey(cached.getId())) {
return managedUsers.get(cached.getId());
}
UserAdapter adapter = new UserAdapter(cached, this, session, realm);
managedUsers.put(cached.getId(), adapter);
return adapter;
}
@Override
public UserModel getUserByEmail(String email, RealmModel realm) {
if (realmInvalidations.contains(realm.getId())) {
return getDelegate().getUserByEmail(email, realm);
}
CachedUser cached = cache.getCachedUserByEmail(realm.getId(), email);
if (cached == null) {
UserModel model = getDelegate().getUserByEmail(email, realm);
if (model == null) return null;
if (userInvalidations.containsKey(model.getId())) return model;
cached = new CachedUser(realm, model);
cache.addCachedUser(realm.getId(), cached);
} else if (userInvalidations.containsKey(cached.getId())) {
return getDelegate().getUserByEmail(email, realm);
} else if (managedUsers.containsKey(cached.getId())) {
return managedUsers.get(cached.getId());
}
UserAdapter adapter = new UserAdapter(cached, this, session, realm);
managedUsers.put(cached.getId(), adapter);
return adapter;
}
@Override
public void close() {
if (delegate != null) delegate.close();
}
@Override
public UserModel getUserBySocialLink(SocialLinkModel socialLink, RealmModel realm) {
return getDelegate().getUserBySocialLink(socialLink, realm);
}
@Override
public List<UserModel> getUsers(RealmModel realm) {
return getDelegate().getUsers(realm);
}
@Override
public List<UserModel> searchForUser(String search, RealmModel realm) {
return getDelegate().searchForUser(search, realm);
}
@Override
public List<UserModel> searchForUserByAttributes(Map<String, String> attributes, RealmModel realm) {
return getDelegate().searchForUserByAttributes(attributes, realm);
}
@Override
public Set<SocialLinkModel> getSocialLinks(UserModel user, RealmModel realm) {
return getDelegate().getSocialLinks(user, realm);
}
@Override
public SocialLinkModel getSocialLink(UserModel user, String socialProvider, RealmModel realm) {
return getDelegate().getSocialLink(user, socialProvider, realm);
}
@Override
public UserModel addUser(RealmModel realm, String id, String username, boolean addDefaultRoles) {
return getDelegate().addUser(realm, id, username, addDefaultRoles);
}
@Override
public UserModel addUser(RealmModel realm, String username) {
return getDelegate().addUser(realm, username);
}
@Override
public boolean removeUser(RealmModel realm, String name) {
return getDelegate().removeUser(realm, name);
}
@Override
public void addSocialLink(RealmModel realm, UserModel user, SocialLinkModel socialLink) {
getDelegate().addSocialLink(realm, user, socialLink);
}
@Override
public boolean removeSocialLink(RealmModel realm, UserModel user, String socialProvider) {
return getDelegate().removeSocialLink(realm, user, socialProvider);
}
@Override
public void preRemove(RealmModel realm) {
realmInvalidations.add(realm.getId());
getDelegate().preRemove(realm);
}
@Override
public void preRemove(RoleModel role) {
getDelegate().preRemove(role);
}
}

45
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/NoCacheModelProvider.java vendored
View file

@ -83,21 +83,6 @@ public class NoCacheModelProvider implements CacheModelProvider {
return getDelegate().getRealmByName(name);
}
@Override
public UserModel getUserById(String id, RealmModel realm) {
return getDelegate().getUserById(id, realm);
}
@Override
public UserModel getUserByUsername(String username, RealmModel realm) {
return getDelegate().getUserByUsername(username, realm);
}
@Override
public UserModel getUserByEmail(String email, RealmModel realm) {
return getDelegate().getUserByEmail(email, realm);
}
@Override
public List<RealmModel> getRealms() {
// we don't cache this for now
@ -114,36 +99,6 @@ public class NoCacheModelProvider implements CacheModelProvider {
if (delegate != null) delegate.close();
}
@Override
public UserModel getUserBySocialLink(SocialLinkModel socialLink, RealmModel realm) {
return getDelegate().getUserBySocialLink(socialLink, realm);
}
@Override
public List<UserModel> getUsers(RealmModel realm) {
return getDelegate().getUsers(realm);
}
@Override
public List<UserModel> searchForUser(String search, RealmModel realm) {
return getDelegate().searchForUser(search, realm);
}
@Override
public List<UserModel> searchForUserByAttributes(Map<String, String> attributes, RealmModel realm) {
return getDelegate().searchForUserByAttributes(attributes, realm);
}
@Override
public Set<SocialLinkModel> getSocialLinks(UserModel user, RealmModel realm) {
return getDelegate().getSocialLinks(user, realm);
}
@Override
public SocialLinkModel getSocialLink(UserModel user, String socialProvider, RealmModel realm) {
return getDelegate().getSocialLink(user, socialProvider, realm);
}
@Override
public RoleModel getRoleById(String id, RealmModel realm) {
return getDelegate().getRoleById(id, realm);

2
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/OAuthClientAdapter.java vendored
View file

@ -12,7 +12,7 @@ public class OAuthClientAdapter extends ClientAdapter implements OAuthClientMode
protected OAuthClientModel updated;
protected CachedOAuthClient cached;
public OAuthClientAdapter(RealmModel cachedRealm, CachedOAuthClient cached, CacheModelProvider cacheSession, KeycloakCache cache) {
public OAuthClientAdapter(RealmModel cachedRealm, CachedOAuthClient cached, CacheModelProvider cacheSession, RealmCache cache) {
super(cachedRealm, cached, cache, cacheSession);
this.cached = cached;
}

86
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java vendored
View file

@ -13,11 +13,8 @@ import org.keycloak.models.SocialLinkModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserCredentialValueModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.UsernameLoginFailureModel;
import org.keycloak.models.cache.entities.CachedRealm;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.Pbkdf2PasswordEncoder;
import org.keycloak.models.utils.TimeBasedOTP;
import java.security.PrivateKey;
@ -37,7 +34,7 @@ public class RealmAdapter implements RealmModel {
protected CachedRealm cached;
protected CacheModelProvider cacheSession;
protected RealmModel updated;
protected KeycloakCache cache;
protected RealmCache cache;
protected volatile transient PublicKey publicKey;
protected volatile transient PrivateKey privateKey;
@ -395,39 +392,6 @@ public class RealmAdapter implements RealmModel {
return false;
}
@Override
public UserModel getUser(String name) {
return cacheSession.getUserByUsername(name, this);
}
@Override
public UserModel getUserByEmail(String email) {
return cacheSession.getUserByEmail(email, this);
}
@Override
public UserModel getUserById(String id) {
return cacheSession.getUserById(id, this);
}
@Override
public UserModel addUser(String id, String username, boolean addDefaultRoles) {
getDelegateForUpdate();
return updated.addUser(id, username, addDefaultRoles);
}
@Override
public UserModel addUser(String username) {
getDelegateForUpdate();
return updated.addUser(username);
}
@Override
public boolean removeUser(String name) {
getDelegateForUpdate();
return updated.removeUser(name);
}
@Override
public RoleModel getRoleById(String id) {
if (updated != null) return updated.getRoleById(id);
@ -538,36 +502,6 @@ public class RealmAdapter implements RealmModel {
updated.updateRequiredCredentials(creds);
}
@Override
public UserModel getUserBySocialLink(SocialLinkModel socialLink) {
if (updated != null) return updated.getUserBySocialLink(socialLink);
return cacheSession.getUserBySocialLink(socialLink, this);
}
@Override
public Set<SocialLinkModel> getSocialLinks(UserModel user) {
if (updated != null) return updated.getSocialLinks(user);
return cacheSession.getSocialLinks(user, this);
}
@Override
public SocialLinkModel getSocialLink(UserModel user, String socialProvider) {
if (updated != null) return updated.getSocialLink(user, socialProvider);
return cacheSession.getSocialLink(user, socialProvider, this);
}
@Override
public void addSocialLink(UserModel user, SocialLinkModel socialLink) {
getDelegateForUpdate();
updated.addSocialLink(user, socialLink);
}
@Override
public boolean removeSocialLink(UserModel user, String socialProvider) {
getDelegateForUpdate();
return updated.removeSocialLink(user, socialProvider);
}
@Override
public boolean isSocial() {
if (updated != null) return updated.isSocial();
@ -592,24 +526,6 @@ public class RealmAdapter implements RealmModel {
updated.setUpdateProfileOnInitialSocialLogin(updateProfileOnInitialSocialLogin);
}
@Override
public List<UserModel> getUsers() {
if (updated != null) return updated.getUsers();
return cacheSession.getUsers(this);
}
@Override
public List<UserModel> searchForUser(String search) {
if (updated != null) return updated.searchForUser(search);
return cacheSession.searchForUser(search, this);
}
@Override
public List<UserModel> searchForUserByAttributes(Map<String, String> attributes) {
if (updated != null) return updated.searchForUserByAttributes(attributes);
return cacheSession.searchForUserByAttributes(attributes, this);
}
@Override
public OAuthClientModel addOAuthClient(String name) {
getDelegateForUpdate();

14
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/KeycloakCache.java → model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmCache.java vendored
View file

@ -11,7 +11,7 @@ import org.keycloak.models.cache.entities.CachedUser;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface KeycloakCache {
public interface RealmCache {
void clear();
CachedRealm getCachedRealm(String id);
@ -51,16 +51,4 @@ public interface KeycloakCache {
void invalidateRoleById(String id);
CachedUser getCachedUser(String id);
void invalidateCachedUser(CachedUser user);
void addCachedUser(CachedUser user);
CachedUser getCachedUserByUsername(String name, RealmModel realm);
CachedUser getCachedUserByEmail(String name, RealmModel realm);
void invalidedCachedUserById(String id);
void invalidateCachedUserById(String id);
}

4
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RoleAdapter.java vendored
View file

@ -19,11 +19,11 @@ public class RoleAdapter implements RoleModel {
protected RoleModel updated;
protected CachedRole cached;
protected KeycloakCache cache;
protected RealmCache cache;
protected CacheModelProvider cacheSession;
protected RealmModel realm;
public RoleAdapter(CachedRole cached, KeycloakCache cache, CacheModelProvider session, RealmModel realm) {
public RoleAdapter(CachedRole cached, RealmCache cache, CacheModelProvider session, RealmModel realm) {
this.cached = cached;
this.cache = cache;
this.cacheSession = session;

246
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/SimpleCache.java vendored
View file

@ -1,246 +0,0 @@
package org.keycloak.models.cache;
import org.keycloak.models.RealmModel;
import org.keycloak.models.cache.entities.CachedApplication;
import org.keycloak.models.cache.entities.CachedOAuthClient;
import org.keycloak.models.cache.entities.CachedRealm;
import org.keycloak.models.cache.entities.CachedRole;
import org.keycloak.models.cache.entities.CachedUser;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class SimpleCache implements KeycloakCache {
protected ConcurrentHashMap<String, CachedRealm> realmCache = new ConcurrentHashMap<String, CachedRealm>();
protected ConcurrentHashMap<String, CachedRealm> realmCacheByName = new ConcurrentHashMap<String, CachedRealm>();
protected ConcurrentHashMap<String, CachedApplication> applicationCache = new ConcurrentHashMap<String, CachedApplication>();
protected ConcurrentHashMap<String, CachedOAuthClient> clientCache = new ConcurrentHashMap<String, CachedOAuthClient>();
protected ConcurrentHashMap<String, CachedRole> roleCache = new ConcurrentHashMap<String, CachedRole>();
protected int maxUserCacheSize = 10000;
protected boolean userCacheEnabled = true;
protected Map<String, CachedUser> usersById = Collections.synchronizedMap(new LRUCache());
protected Map<String, CachedUser> usersByUsername = new ConcurrentHashMap<String, CachedUser>();
protected Map<String, CachedUser> usersByEmail = new ConcurrentHashMap<String, CachedUser>();
protected class LRUCache extends LinkedHashMap<String, CachedUser> {
public LRUCache() {
super(1000, 1.1F, true);
}
@Override
public CachedUser put(String key, CachedUser value) {
usersByUsername.put(value.getUsernameKey(), value);
if (value.getEmail() != null) {
usersByEmail.put(value.getEmailKey(), value);
}
return super.put(key, value);
}
@Override
public CachedUser remove(Object key) {
CachedUser user = super.remove(key);
if (user == null) return null;
removeUser(user);
return user;
}
@Override
public void clear() {
super.clear();
usersByUsername.clear();
usersByEmail.clear();
}
@Override
protected boolean removeEldestEntry(Map.Entry<String, CachedUser> eldest) {
boolean evict = size() > maxUserCacheSize;
if (evict) {
removeUser(eldest.getValue());
}
return evict;
}
private void removeUser(CachedUser value) {
usersByUsername.remove(value.getUsernameKey());
if (value.getEmail() != null) usersByEmail.remove(value.getEmailKey());
}
}
public int getMaxUserCacheSize() {
return maxUserCacheSize;
}
public void setMaxUserCacheSize(int maxUserCacheSize) {
this.maxUserCacheSize = maxUserCacheSize;
}
public boolean isUserCacheEnabled() {
return userCacheEnabled;
}
public void setUserCacheEnabled(boolean userCacheEnabled) {
this.userCacheEnabled = userCacheEnabled;
}
@Override
public CachedUser getCachedUser(String id) {
if (!userCacheEnabled) return null;
return usersById.get(id);
}
@Override
public void invalidateCachedUser(CachedUser user) {
if (!userCacheEnabled) return;
usersById.remove(user.getId());
}
@Override
public void invalidateCachedUserById(String id) {
if (!userCacheEnabled) return;
usersById.remove(id);
}
@Override
public void addCachedUser(CachedUser user) {
if (!userCacheEnabled) return;
usersById.put(user.getId(), user);
}
@Override
public CachedUser getCachedUserByUsername(String name, RealmModel realm) {
if (!userCacheEnabled) return null;
CachedUser user = usersByUsername.get(realm.getId() + "." +name);
if (user == null) return null;
usersById.get(user.getId()); // refresh cache entry age
return user;
}
@Override
public CachedUser getCachedUserByEmail(String name, RealmModel realm) {
if (!userCacheEnabled) return null;
CachedUser user = usersByEmail.get(realm.getId() + "." +name);
if (user == null) return null;
usersById.get(user.getId()); // refresh cache entry age
return user;
}
@Override
public void invalidedCachedUserById(String id) {
if (!userCacheEnabled) return;
usersById.remove(id);
}
@Override
public void clear() {
realmCache.clear();
realmCacheByName.clear();
applicationCache.clear();
clientCache.clear();
roleCache.clear();
usersById.clear();
}
@Override
public CachedRealm getCachedRealm(String id) {
return realmCache.get(id);
}
@Override
public void invalidateCachedRealm(CachedRealm realm) {
realmCache.remove(realm.getId());
realmCacheByName.remove(realm.getName());
}
@Override
public void invalidateCachedRealmById(String id) {
CachedRealm cached = realmCache.remove(id);
if (cached != null) realmCacheByName.remove(cached.getName());
}
@Override
public void addCachedRealm(CachedRealm realm) {
realmCache.put(realm.getId(), realm);
realmCacheByName.put(realm.getName(), realm);
}
@Override
public CachedRealm getCachedRealmByName(String name) {
return realmCacheByName.get(name);
}
@Override
public CachedApplication getApplication(String id) {
return applicationCache.get(id);
}
@Override
public void invalidateApplication(CachedApplication app) {
applicationCache.remove(app.getId());
}
@Override
public void addCachedApplication(CachedApplication app) {
applicationCache.put(app.getId(), app);
}
@Override
public void invalidateCachedApplicationById(String id) {
applicationCache.remove(id);
}
@Override
public CachedOAuthClient getOAuthClient(String id) {
return clientCache.get(id);
}
@Override
public void invalidateOAuthClient(CachedOAuthClient client) {
clientCache.remove(client.getId());
}
@Override
public void addCachedOAuthClient(CachedOAuthClient client) {
clientCache.put(client.getId(), client);
}
@Override
public void invalidateCachedOAuthClientById(String id) {
clientCache.remove(id);
}
@Override
public CachedRole getRole(String id) {
return roleCache.get(id);
}
@Override
public void invalidateRole(CachedRole role) {
roleCache.remove(role);
}
@Override
public void invalidateRoleById(String id) {
roleCache.remove(id);
}
@Override
public void addCachedRole(CachedRole role) {
roleCache.put(role.getId(), role);
}
@Override
public void invalidateCachedRoleById(String id) {
roleCache.remove(id);
}
}

2
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/SimpleCacheModelProviderFactory.java vendored
View file

@ -8,7 +8,7 @@ import org.keycloak.models.KeycloakSession;
* @version $Revision: 1 $
*/
public class SimpleCacheModelProviderFactory implements CacheModelProviderFactory {
protected KeycloakCache cache = new SimpleCache();
protected RealmCache cache = new SimpleRealmCache();
@Override
public CacheModelProvider create(KeycloakSession session) {

33
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/SimpleCacheUserProviderFactory.java vendored Executable file
View file

@ -0,0 +1,33 @@
package org.keycloak.models.cache;
import org.keycloak.Config;
import org.keycloak.models.KeycloakSession;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class SimpleCacheUserProviderFactory implements CacheUserProviderFactory {
protected UserCache cache = new SimpleUserCache();
@Override
public CacheUserProvider create(KeycloakSession session) {
return new DefaultCacheUserProvider(cache, session);
}
@Override
public void init(Config.Scope config) {
config.get("");
}
@Override
public void close() {
//To change body of implemented methods use File | Settings | File Templates.
}
@Override
public String getId() {
return "simple";
}
}

130
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/SimpleRealmCache.java vendored Executable file
View file

@ -0,0 +1,130 @@
package org.keycloak.models.cache;
import org.keycloak.models.RealmModel;
import org.keycloak.models.cache.entities.CachedApplication;
import org.keycloak.models.cache.entities.CachedOAuthClient;
import org.keycloak.models.cache.entities.CachedRealm;
import org.keycloak.models.cache.entities.CachedRole;
import org.keycloak.models.cache.entities.CachedUser;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class SimpleRealmCache implements RealmCache {
protected ConcurrentHashMap<String, CachedRealm> realmCache = new ConcurrentHashMap<String, CachedRealm>();
protected ConcurrentHashMap<String, CachedRealm> realmCacheByName = new ConcurrentHashMap<String, CachedRealm>();
protected ConcurrentHashMap<String, CachedApplication> applicationCache = new ConcurrentHashMap<String, CachedApplication>();
protected ConcurrentHashMap<String, CachedOAuthClient> clientCache = new ConcurrentHashMap<String, CachedOAuthClient>();
protected ConcurrentHashMap<String, CachedRole> roleCache = new ConcurrentHashMap<String, CachedRole>();
@Override
public void clear() {
realmCache.clear();
realmCacheByName.clear();
applicationCache.clear();
clientCache.clear();
roleCache.clear();
}
@Override
public CachedRealm getCachedRealm(String id) {
return realmCache.get(id);
}
@Override
public void invalidateCachedRealm(CachedRealm realm) {
realmCache.remove(realm.getId());
realmCacheByName.remove(realm.getName());
}
@Override
public void invalidateCachedRealmById(String id) {
CachedRealm cached = realmCache.remove(id);
if (cached != null) realmCacheByName.remove(cached.getName());
}
@Override
public void addCachedRealm(CachedRealm realm) {
realmCache.put(realm.getId(), realm);
realmCacheByName.put(realm.getName(), realm);
}
@Override
public CachedRealm getCachedRealmByName(String name) {
return realmCacheByName.get(name);
}
@Override
public CachedApplication getApplication(String id) {
return applicationCache.get(id);
}
@Override
public void invalidateApplication(CachedApplication app) {
applicationCache.remove(app.getId());
}
@Override
public void addCachedApplication(CachedApplication app) {
applicationCache.put(app.getId(), app);
}
@Override
public void invalidateCachedApplicationById(String id) {
applicationCache.remove(id);
}
@Override
public CachedOAuthClient getOAuthClient(String id) {
return clientCache.get(id);
}
@Override
public void invalidateOAuthClient(CachedOAuthClient client) {
clientCache.remove(client.getId());
}
@Override
public void addCachedOAuthClient(CachedOAuthClient client) {
clientCache.put(client.getId(), client);
}
@Override
public void invalidateCachedOAuthClientById(String id) {
clientCache.remove(id);
}
@Override
public CachedRole getRole(String id) {
return roleCache.get(id);
}
@Override
public void invalidateRole(CachedRole role) {
roleCache.remove(role);
}
@Override
public void invalidateRoleById(String id) {
roleCache.remove(id);
}
@Override
public void addCachedRole(CachedRole role) {
roleCache.put(role.getId(), role);
}
@Override
public void invalidateCachedRoleById(String id) {
roleCache.remove(id);
}
}

148
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/SimpleUserCache.java vendored Executable file
View file

@ -0,0 +1,148 @@
package org.keycloak.models.cache;
import org.keycloak.models.RealmModel;
import org.keycloak.models.cache.entities.CachedApplication;
import org.keycloak.models.cache.entities.CachedOAuthClient;
import org.keycloak.models.cache.entities.CachedRealm;
import org.keycloak.models.cache.entities.CachedRole;
import org.keycloak.models.cache.entities.CachedUser;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class SimpleUserCache implements UserCache {
protected int maxUserCacheSize = 10000;
protected class RealmUsers {
protected class LRUCache extends LinkedHashMap<String, CachedUser> {
public LRUCache() {
super(1000, 1.1F, true);
}
@Override
public CachedUser put(String key, CachedUser value) {
usersByUsername.put(value.getUsername(), value);
if (value.getEmail() != null) {
usersByEmail.put(value.getEmail(), value);
}
return super.put(key, value);
}
@Override
public CachedUser remove(Object key) {
CachedUser user = super.remove(key);
if (user == null) return null;
removeUser(user);
return user;
}
@Override
public void clear() {
super.clear();
usersByUsername.clear();
usersByEmail.clear();
}
@Override
protected boolean removeEldestEntry(Map.Entry<String, CachedUser> eldest) {
boolean evict = size() > maxUserCacheSize;
if (evict) {
removeUser(eldest.getValue());
}
return evict;
}
private void removeUser(CachedUser value) {
usersByUsername.remove(value.getUsername());
if (value.getEmail() != null) usersByEmail.remove(value.getEmail());
}
}
protected Map<String, CachedUser> usersById = Collections.synchronizedMap(new LRUCache());
protected Map<String, CachedUser> usersByUsername = new ConcurrentHashMap<String, CachedUser>();
protected Map<String, CachedUser> usersByEmail = new ConcurrentHashMap<String, CachedUser>();
}
protected ConcurrentHashMap<String, RealmUsers> realmUsers = new ConcurrentHashMap<String, RealmUsers>();
public int getMaxUserCacheSize() {
return maxUserCacheSize;
}
public void setMaxUserCacheSize(int maxUserCacheSize) {
this.maxUserCacheSize = maxUserCacheSize;
}
@Override
public CachedUser getCachedUser(String realmId, String id) {
if (realmId == null || id == null) return null;
RealmUsers users = realmUsers.get(realmId);
if (users == null) return null;
return users.usersById.get(id);
}
@Override
public void invalidateCachedUser(String realmId, CachedUser user) {
RealmUsers users = realmUsers.get(realmId);
if (users == null) return;
users.usersById.remove(user.getId());
}
@Override
public void invalidateCachedUserById(String realmId, String id) {
RealmUsers users = realmUsers.get(realmId);
if (users == null) return;
users.usersById.remove(id);
}
@Override
public void addCachedUser(String realmId, CachedUser user) {
RealmUsers users = realmUsers.get(realmId);
if (users == null) {
users = new RealmUsers();
realmUsers.put(realmId, users);
}
users.usersById.put(user.getId(), user);
}
@Override
public CachedUser getCachedUserByUsername(String realmId, String name) {
if (realmId == null || name == null) return null;
RealmUsers users = realmUsers.get(realmId);
if (users == null) return null;
CachedUser user = users.usersByUsername.get(name);
if (user == null) return null;
users.usersById.get(user.getId()); // refresh cache entry age
return user;
}
@Override
public CachedUser getCachedUserByEmail(String realmId, String email) {
if (realmId == null || email == null) return null;
RealmUsers users = realmUsers.get(realmId);
if (users == null) return null;
CachedUser user = users.usersByEmail.get(email);
if (user == null) return null;
users.usersById.get(user.getId()); // refresh cache entry age
return user;
}
@Override
public void invalidateRealmUsers(String realmId) {
realmUsers.remove(realmId);
}
@Override
public void clear() {
realmUsers.clear();
}
}

24
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/UserAdapter.java vendored
View file

@ -2,6 +2,8 @@ package org.keycloak.models.cache;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.AuthenticationLinkModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelProvider;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
@ -22,21 +24,21 @@ import java.util.Set;
public class UserAdapter implements UserModel {
protected UserModel updated;
protected CachedUser cached;
protected KeycloakCache cache;
protected CacheModelProvider cacheSession;
protected CacheUserProvider userProviderCache;
protected KeycloakSession keycloakSession;
protected RealmModel realm;
public UserAdapter(CachedUser cached, KeycloakCache cache, CacheModelProvider session, RealmModel realm) {
public UserAdapter(CachedUser cached, CacheUserProvider userProvider, KeycloakSession keycloakSession, RealmModel realm) {
this.cached = cached;
this.cache = cache;
this.cacheSession = session;
this.userProviderCache = userProvider;
this.keycloakSession = keycloakSession;
this.realm = realm;
}
protected void getDelegateForUpdate() {
if (updated == null) {
cacheSession.registerUserInvalidation(getId());
updated = cacheSession.getDelegate().getUserById(getId(), realm);
userProviderCache.registerUserInvalidation(realm, getId());
updated = userProviderCache.getDelegate().getUserById(getId(), realm);
if (updated == null) throw new IllegalStateException("Not found in database");
}
}
@ -257,7 +259,13 @@ public class UserAdapter implements UserModel {
if (updated != null) return updated.getRoleMappings();
Set<RoleModel> roles = new HashSet<RoleModel>();
for (String id : cached.getRoleMappings()) {
roles.add(cacheSession.getRoleById(id, realm));
RoleModel roleById = keycloakSession.model().getRoleById(id, realm);
if (roleById == null) {
// chance that role was removed, so just delete to persistence and get user invalidated
getDelegateForUpdate();
return updated.getRoleMappings();
}
roles.add(roleById);
}
return roles;

26
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/UserCache.java vendored Executable file
View file

@ -0,0 +1,26 @@
package org.keycloak.models.cache;
import org.keycloak.models.RealmModel;
import org.keycloak.models.cache.entities.CachedUser;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface UserCache {
void clear();
CachedUser getCachedUser(String realmId, String id);
void invalidateCachedUser(String realmId, CachedUser user);
void addCachedUser(String realmId, CachedUser user);
CachedUser getCachedUserByUsername(String realmId, String name);
CachedUser getCachedUserByEmail(String realmId, String name);
void invalidateCachedUserById(String realmId, String id);
void invalidateRealmUsers(String realmId);
}

10
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedApplication.java vendored
View file

@ -1,21 +1,15 @@
package org.keycloak.models.cache.entities;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelProvider;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.cache.KeycloakCache;
import org.keycloak.models.cache.RealmCache;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@ -29,7 +23,7 @@ public class CachedApplication extends CachedClient {
private boolean bearerOnly;
private Map<String, String> roles = new HashMap<String, String>();
public CachedApplication(KeycloakCache cache, ModelProvider delegate, RealmModel realm, ApplicationModel model) {
public CachedApplication(RealmCache cache, ModelProvider delegate, RealmModel realm, ApplicationModel model) {
super(cache, delegate, realm, model);
surrogateAuthRequired = model.isSurrogateAuthRequired();
managementUrl = model.getManagementUrl();

6
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedClient.java vendored
View file

@ -1,12 +1,10 @@
package org.keycloak.models.cache.entities;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelProvider;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.cache.KeycloakCache;
import org.keycloak.models.cache.RealmCache;
import java.util.HashSet;
import java.util.Set;
@ -28,7 +26,7 @@ public class CachedClient {
protected Set<String> scope = new HashSet<String>();
protected Set<String> webOrigins = new HashSet<String>();
public CachedClient(KeycloakCache cache, ModelProvider delegate, RealmModel realm, ClientModel model) {
public CachedClient(RealmCache cache, ModelProvider delegate, RealmModel realm, ClientModel model) {
id = model.getId();
secret = model.getSecret();
name = model.getClientId();

5
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedOAuthClient.java vendored
View file

@ -1,17 +1,16 @@
package org.keycloak.models.cache.entities;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelProvider;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.cache.KeycloakCache;
import org.keycloak.models.cache.RealmCache;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class CachedOAuthClient extends CachedClient {
public CachedOAuthClient(KeycloakCache cache, ModelProvider delegate, RealmModel realm, OAuthClientModel model) {
public CachedOAuthClient(RealmCache cache, ModelProvider delegate, RealmModel realm, OAuthClientModel model) {
super(cache, delegate, realm, model);
}

5
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java vendored
View file

@ -2,14 +2,13 @@ package org.keycloak.models.cache.entities;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.AuthenticationProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelProvider;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredCredentialModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.cache.KeycloakCache;
import org.keycloak.models.cache.RealmCache;
import java.util.ArrayList;
import java.util.HashMap;
@ -81,7 +80,7 @@ public class CachedRealm {
public CachedRealm() {
}
public CachedRealm(KeycloakCache cache, ModelProvider delegate, RealmModel model) {
public CachedRealm(RealmCache cache, ModelProvider delegate, RealmModel model) {
id = model.getId();
name = model.getName();
enabled = model.isEnabled();

14
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedUser.java vendored
View file

@ -20,11 +20,9 @@ import java.util.Set;
public class CachedUser {
private String id;
private String username;
private String usernameKey;
private String firstName;
private String lastName;
private String email;
private String emailKey;
private boolean emailVerified;
private List<UserCredentialValueModel> credentials = new LinkedList<UserCredentialValueModel>();
private boolean enabled;
@ -38,14 +36,10 @@ public class CachedUser {
public CachedUser(RealmModel realm, UserModel user) {
this.id = user.getId();
this.username = user.getUsername();
this.usernameKey = realm.getId() + "." + this.username;
this.firstName = user.getFirstName();
this.lastName = user.getLastName();
this.attributes.putAll(user.getAttributes());
this.email = user.getEmail();
if (this.email != null) {
this.emailKey = realm.getId() + "." + this.email;
}
this.emailVerified = user.isEmailVerified();
this.credentials.addAll(user.getCredentialsDirectly());
this.enabled = user.isEnabled();
@ -65,14 +59,6 @@ public class CachedUser {
return username;
}
public String getUsernameKey() {
return usernameKey;
}
public String getEmailKey() {
return emailKey;
}
public String getFirstName() {
return firstName;
}

1
model/invalidation-cache/model-adapters/src/main/resources/META-INF/services/org.keycloak.models.cache.CacheUserProviderFactory Executable file
View file

@ -0,0 +1 @@
org.keycloak.models.cache.SimpleCacheUserProviderFactory

1
model/invalidation-cache/model-adapters/src/main/resources/META-INF/services/org.keycloak.provider.Spi
View file

@ -1 +1,2 @@
org.keycloak.models.cache.CacheModelProviderSpi
org.keycloak.models.cache.CacheUserProviderSpi

7
model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java
View file

@ -2,6 +2,7 @@ package org.keycloak.models.jpa;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
@ -25,10 +26,12 @@ import java.util.Set;
public class ApplicationAdapter extends ClientAdapter implements ApplicationModel {
protected EntityManager em;
protected KeycloakSession session;
protected ApplicationEntity applicationEntity;
public ApplicationAdapter(RealmModel realm, EntityManager em, ApplicationEntity applicationEntity) {
public ApplicationAdapter(RealmModel realm, EntityManager em, KeycloakSession session, ApplicationEntity applicationEntity) {
super(realm, applicationEntity, em);
this.session = session;
this.realm = realm;
this.em = em;
this.applicationEntity = applicationEntity;
@ -135,6 +138,7 @@ public class ApplicationAdapter extends ClientAdapter implements ApplicationMode
}
if (!roleModel.getContainer().equals(this)) return false;
session.users().preRemove(roleModel);
RoleEntity role = RoleAdapter.toRoleEntity(roleModel, em);
if (!role.isApplicationRole()) return false;
@ -143,7 +147,6 @@ public class ApplicationAdapter extends ClientAdapter implements ApplicationMode
applicationEntity.getDefaultRoles().remove(role);
em.createNativeQuery("delete from CompositeRole where childRole = :role").setParameter("role", role).executeUpdate();
em.createQuery("delete from " + ScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
em.createQuery("delete from " + UserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
role.setApplication(null);
em.flush();
em.remove(role);

144
model/jpa/src/main/java/org/keycloak/models/jpa/JpaModelProvider.java
View file

@ -84,38 +84,6 @@ public class JpaModelProvider implements ModelProvider {
return new RealmAdapter(session, em, realm);
}
@Override
public UserModel getUserById(String id, RealmModel realmModel) {
TypedQuery<UserEntity> query = em.createNamedQuery("getRealmUserById", UserEntity.class);
query.setParameter("id", id);
RealmEntity realm = em.getReference(RealmEntity.class, realmModel.getId());
query.setParameter("realm", realm);
List<UserEntity> entities = query.getResultList();
if (entities.size() == 0) return null;
return new UserAdapter(realmModel, em, entities.get(0));
}
@Override
public UserModel getUserByUsername(String username, RealmModel realmModel) {
TypedQuery<UserEntity> query = em.createNamedQuery("getRealmUserByUsername", UserEntity.class);
query.setParameter("username", username);
RealmEntity realm = em.getReference(RealmEntity.class, realmModel.getId());
query.setParameter("realm", realm);
List<UserEntity> results = query.getResultList();
if (results.size() == 0) return null;
return new UserAdapter(realmModel, em, results.get(0));
}
@Override
public UserModel getUserByEmail(String email, RealmModel realmModel) {
TypedQuery<UserEntity> query = em.createNamedQuery("getRealmUserByEmail", UserEntity.class);
query.setParameter("email", email);
RealmEntity realm = em.getReference(RealmEntity.class, realmModel.getId());
query.setParameter("realm", realm);
List<UserEntity> results = query.getResultList();
return results.isEmpty() ? null : new UserAdapter(realmModel, em, results.get(0));
}
@Override
public boolean removeRealm(String id) {
RealmEntity realm = em.find(RealmEntity.class, id);
@ -124,6 +92,7 @@ public class JpaModelProvider implements ModelProvider {
}
RealmAdapter adapter = new RealmAdapter(session, em, realm);
session.users().preRemove(adapter);
for (ApplicationEntity a : new LinkedList<ApplicationEntity>(realm.getApplications())) {
adapter.removeApplication(a.getId());
}
@ -132,10 +101,6 @@ public class JpaModelProvider implements ModelProvider {
adapter.removeOAuthClient(oauth.getId());
}
for (UserEntity u : em.createQuery("from UserEntity u where u.realm = :realm", UserEntity.class).setParameter("realm", realm).getResultList()) {
adapter.removeUser(u.getUsername());
}
em.remove(realm);
return true;
}
@ -144,111 +109,6 @@ public class JpaModelProvider implements ModelProvider {
public void close() {
}
@Override
public UserModel getUserBySocialLink(SocialLinkModel socialLink, RealmModel realm) {
TypedQuery<UserEntity> query = em.createNamedQuery("findUserByLinkAndRealm", UserEntity.class);
RealmEntity realmEntity = em.getReference(RealmEntity.class, realm.getId());
query.setParameter("realm", realmEntity);
query.setParameter("socialProvider", socialLink.getSocialProvider());
query.setParameter("socialUserId", socialLink.getSocialUserId());
List<UserEntity> results = query.getResultList();
if (results.isEmpty()) {
return null;
} else if (results.size() > 1) {
throw new IllegalStateException("More results found for socialProvider=" + socialLink.getSocialProvider() +
", socialUserId=" + socialLink.getSocialUserId() + ", results=" + results);
} else {
UserEntity user = results.get(0);
return new UserAdapter(realm, em, user);
}
}
@Override
public List<UserModel> getUsers(RealmModel realm) {
TypedQuery<UserEntity> query = em.createQuery("select u from UserEntity u where u.realm = :realm", UserEntity.class);
RealmEntity realmEntity = em.getReference(RealmEntity.class, realm.getId());
query.setParameter("realm", realmEntity);
List<UserEntity> results = query.getResultList();
List<UserModel> users = new ArrayList<UserModel>();
for (UserEntity entity : results) users.add(new UserAdapter(realm, em, entity));
return users;
}
@Override
public List<UserModel> searchForUser(String search, RealmModel realm) {
TypedQuery<UserEntity> query = em.createQuery("select u from UserEntity u where u.realm = :realm and ( lower(u.username) like :search or lower(concat(u.firstName, ' ', u.lastName)) like :search or u.email like :search )", UserEntity.class);
RealmEntity realmEntity = em.getReference(RealmEntity.class, realm.getId());
query.setParameter("realm", realmEntity);
query.setParameter("search", "%" + search.toLowerCase() + "%");
List<UserEntity> results = query.getResultList();
List<UserModel> users = new ArrayList<UserModel>();
for (UserEntity entity : results) users.add(new UserAdapter(realm, em, entity));
return users;
}
@Override
public List<UserModel> searchForUserByAttributes(Map<String, String> attributes, RealmModel realm) {
StringBuilder builder = new StringBuilder("select u from UserEntity u");
boolean first = true;
for (Map.Entry<String, String> entry : attributes.entrySet()) {
String attribute = null;
if (entry.getKey().equals(UserModel.LOGIN_NAME)) {
attribute = "lower(username)";
} else if (entry.getKey().equalsIgnoreCase(UserModel.FIRST_NAME)) {
attribute = "lower(firstName)";
} else if (entry.getKey().equalsIgnoreCase(UserModel.LAST_NAME)) {
attribute = "lower(lastName)";
} else if (entry.getKey().equalsIgnoreCase(UserModel.EMAIL)) {
attribute = "lower(email)";
}
if (attribute == null) continue;
if (first) {
first = false;
builder.append(" where realm = :realm");
} else {
builder.append(" and ");
}
builder.append(attribute).append(" like '%").append(entry.getValue().toLowerCase()).append("%'");
}
String q = builder.toString();
TypedQuery<UserEntity> query = em.createQuery(q, UserEntity.class);
RealmEntity realmEntity = em.getReference(RealmEntity.class, realm.getId());
query.setParameter("realm", realmEntity);
List<UserEntity> results = query.getResultList();
List<UserModel> users = new ArrayList<UserModel>();
for (UserEntity entity : results) users.add(new UserAdapter(realm, em, entity));
return users;
}
private SocialLinkEntity findSocialLink(UserModel user, String socialProvider) {
TypedQuery<SocialLinkEntity> query = em.createNamedQuery("findSocialLinkByUserAndProvider", SocialLinkEntity.class);
UserEntity userEntity = em.getReference(UserEntity.class, user.getId());
query.setParameter("user", userEntity);
query.setParameter("socialProvider", socialProvider);
List<SocialLinkEntity> results = query.getResultList();
return results.size() > 0 ? results.get(0) : null;
}
@Override
public Set<SocialLinkModel> getSocialLinks(UserModel user, RealmModel realm) {
TypedQuery<SocialLinkEntity> query = em.createNamedQuery("findSocialLinkByUser", SocialLinkEntity.class);
UserEntity userEntity = em.getReference(UserEntity.class, user.getId());
query.setParameter("user", userEntity);
List<SocialLinkEntity> results = query.getResultList();
Set<SocialLinkModel> set = new HashSet<SocialLinkModel>();
for (SocialLinkEntity entity : results) {
set.add(new SocialLinkModel(entity.getSocialProvider(), entity.getSocialUserId(), entity.getSocialUsername()));
}
return set;
}
@Override
public SocialLinkModel getSocialLink(UserModel user, String socialProvider, RealmModel realm) {
SocialLinkEntity entity = findSocialLink(user, socialProvider);
return (entity != null) ? new SocialLinkModel(entity.getSocialProvider(), entity.getSocialUserId(), entity.getSocialUsername()) : null;
}
@Override
public RoleModel getRoleById(String id, RealmModel realm) {
RoleEntity entity = em.find(RoleEntity.class, id);
@ -263,7 +123,7 @@ public class JpaModelProvider implements ModelProvider {
// Check if application belongs to this realm
if (app == null || !realm.getId().equals(app.getRealm().getId())) return null;
return new ApplicationAdapter(realm, em, app);
return new ApplicationAdapter(realm, em, session, app);
}
@Override

37
model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java
View file

@ -39,7 +39,6 @@ public class JpaUserProvider implements UserProvider {
public JpaUserProvider(KeycloakSession session, EntityManager em) {
this.session = session;
this.em = em;
this.em = PersistenceExceptionConverter.create(em);
}
@Override
@ -98,6 +97,34 @@ public class JpaUserProvider implements UserProvider {
em.remove(user);
}
@Override
public void addSocialLink(RealmModel realm, UserModel user, SocialLinkModel socialLink) {
SocialLinkEntity entity = new SocialLinkEntity();
RealmEntity realmEntity = em.getReference(RealmEntity.class, realm.getId());
entity.setRealm(realmEntity);
entity.setSocialProvider(socialLink.getSocialProvider());
entity.setSocialUserId(socialLink.getSocialUserId());
entity.setSocialUsername(socialLink.getSocialUsername());
UserEntity userEntity = em.getReference(UserEntity.class, user.getId());
entity.setUser(userEntity);
em.persist(entity);
em.flush();
}
@Override
public boolean removeSocialLink(RealmModel realm, UserModel user, String socialProvider) {
SocialLinkEntity entity = findSocialLink(user, socialProvider);
if (entity != null) {
em.remove(entity);
em.flush();
return true;
} else {
return false;
}
}
@Override
public void preRemove(RealmModel realm) {
TypedQuery<UserEntity> query = em.createQuery("select u from UserEntity u where u.realm = :realm", UserEntity.class);
@ -114,12 +141,6 @@ public class JpaUserProvider implements UserProvider {
em.createQuery("delete from " + UserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", roleEntity).executeUpdate();
}
@Override
public KeycloakTransaction getTransaction() {
return new JpaKeycloakTransaction(em);
}
@Override
public UserModel getUserById(String id, RealmModel realmModel) {
TypedQuery<UserEntity> query = em.createNamedQuery("getRealmUserById", UserEntity.class);
@ -154,8 +175,6 @@ public class JpaUserProvider implements UserProvider {
@Override
public void close() {
if (em.getTransaction().isActive()) em.getTransaction().rollback();
if (em.isOpen()) em.close();
}
@Override

38
model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProviderFactory.java Executable file
View file

@ -0,0 +1,38 @@
package org.keycloak.models.jpa;
import org.keycloak.Config;
import org.keycloak.connections.jpa.JpaConnectionProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelProvider;
import org.keycloak.models.ModelProviderFactory;
import org.keycloak.models.UserProvider;
import org.keycloak.models.UserProviderFactory;
import javax.persistence.EntityManager;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class JpaUserProviderFactory implements UserProviderFactory {
@Override
public void init(Config.Scope config) {
}
@Override
public String getId() {
return "jpa";
}
@Override
public UserProvider create(KeycloakSession session) {
EntityManager em = session.getProvider(JpaConnectionProvider.class).getEntityManager();
return new JpaUserProvider(session, em);
}
@Override
public void close() {
}
}

147
model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
View file

@ -22,9 +22,6 @@ import org.keycloak.models.jpa.entities.RealmEntity;
import org.keycloak.models.jpa.entities.RequiredCredentialEntity;
import org.keycloak.models.jpa.entities.RoleEntity;
import org.keycloak.models.jpa.entities.ScopeMappingEntity;
import org.keycloak.models.jpa.entities.SocialLinkEntity;
import org.keycloak.models.jpa.entities.UserEntity;
import org.keycloak.models.jpa.entities.UserRoleMappingEntity;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.TimeBasedOTP;
@ -411,75 +408,6 @@ public class RealmAdapter implements RealmModel {
}
@Override
public UserModel getUser(String name) {
return session.model().getUserByUsername(name, this);
}
@Override
public UserModel getUserByEmail(String email) {
return session.model().getUserByEmail(email, this);
}
@Override
public UserModel getUserById(String id) {
return session.model().getUserById(id, this);
}
@Override
public UserModel addUser(String username) {
return this.addUser(KeycloakModelUtils.generateId(), username, true);
}
@Override
public UserModel addUser(String id, String username, boolean addDefaultRoles) {
if (id == null) {
id = KeycloakModelUtils.generateId();
}
UserEntity entity = new UserEntity();
entity.setId(id);
entity.setUsername(username);
entity.setRealm(realm);
em.persist(entity);
em.flush();
UserModel userModel = new UserAdapter(this, em, entity);
if (addDefaultRoles) {
for (String r : getDefaultRoles()) {
userModel.grantRole(getRole(r));
}
for (ApplicationModel application : getApplications()) {
for (String r : application.getDefaultRoles()) {
userModel.grantRole(application.getRole(r));
}
}
}
return userModel;
}
@Override
public boolean removeUser(String name) {
TypedQuery<UserEntity> query = em.createNamedQuery("getRealmUserByUsername", UserEntity.class);
query.setParameter("username", name);
query.setParameter("realm", realm);
List<UserEntity> results = query.getResultList();
if (results.size() == 0) return false;
removeUser(results.get(0));
return true;
}
private void removeUser(UserEntity user) {
em.createQuery("delete from " + UserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate();
em.createQuery("delete from " + SocialLinkEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate();
if (user.getAuthenticationLink() != null) {
em.remove(user.getAuthenticationLink());
}
em.remove(user);
}
@Override
public List<String> getDefaultRoles() {
Collection<RoleEntity> entities = realm.getDefaultRoles();
@ -567,7 +495,7 @@ public class RealmAdapter implements RealmModel {
List<ApplicationModel> list = new ArrayList<ApplicationModel>();
if (realm.getApplications() == null) return list;
for (ApplicationEntity entity : realm.getApplications()) {
list.add(new ApplicationAdapter(this, em, entity));
list.add(new ApplicationAdapter(this, em, session, entity));
}
return list;
}
@ -587,7 +515,7 @@ public class RealmAdapter implements RealmModel {
realm.getApplications().add(applicationData);
em.persist(applicationData);
em.flush();
ApplicationModel resource = new ApplicationAdapter(this, em, applicationData);
ApplicationModel resource = new ApplicationAdapter(this, em, session, applicationData);
em.flush();
return resource;
}
@ -636,57 +564,6 @@ public class RealmAdapter implements RealmModel {
return getApplicationNameMap().get(name);
}
@Override
public UserModel getUserBySocialLink(SocialLinkModel socialLink) {
return session.model().getUserBySocialLink(socialLink, this);
}
@Override
public Set<SocialLinkModel> getSocialLinks(UserModel user) {
return session.model().getSocialLinks(user, this);
}
@Override
public SocialLinkModel getSocialLink(UserModel user, String socialProvider) {
return session.model().getSocialLink(user, socialProvider, this);
}
@Override
public void addSocialLink(UserModel user, SocialLinkModel socialLink) {
SocialLinkEntity entity = new SocialLinkEntity();
entity.setRealm(realm);
entity.setSocialProvider(socialLink.getSocialProvider());
entity.setSocialUserId(socialLink.getSocialUserId());
entity.setSocialUsername(socialLink.getSocialUsername());
UserEntity userEntity = em.getReference(UserEntity.class, user.getId());
entity.setUser(userEntity);
em.persist(entity);
em.flush();
}
private SocialLinkEntity findSocialLink(UserModel user, String socialProvider) {
TypedQuery<SocialLinkEntity> query = em.createNamedQuery("findSocialLinkByUserAndProvider", SocialLinkEntity.class);
UserEntity userEntity = em.getReference(UserEntity.class, user.getId());
query.setParameter("user", userEntity);
query.setParameter("socialProvider", socialProvider);
List<SocialLinkEntity> results = query.getResultList();
return results.size() > 0 ? results.get(0) : null;
}
@Override
public boolean removeSocialLink(UserModel user, String socialProvider) {
SocialLinkEntity entity = findSocialLink(user, socialProvider);
if (entity != null) {
em.remove(entity);
em.flush();
return true;
} else {
return false;
}
}
@Override
public boolean isSocial() {
return realm.isSocial();
@ -709,21 +586,6 @@ public class RealmAdapter implements RealmModel {
em.flush();
}
@Override
public List<UserModel> getUsers() {
return session.model().getUsers(this);
}
@Override
public List<UserModel> searchForUser(String search) {
return session.model().searchForUser(search, this);
}
@Override
public List<UserModel> searchForUserByAttributes(Map<String, String> attributes) {
return session.model().searchForUserByAttributes(attributes, this);
}
@Override
public OAuthClientModel addOAuthClient(String name) {
return this.addOAuthClient(KeycloakModelUtils.generateId(), name);
@ -899,13 +761,12 @@ public class RealmAdapter implements RealmModel {
return false;
}
if (!role.getContainer().equals(this)) return false;
session.users().preRemove(role);
RoleEntity roleEntity = RoleAdapter.toRoleEntity(role, em);
realm.getRoles().remove(role);
realm.getDefaultRoles().remove(role);
em.createNativeQuery("delete from CompositeRole where childRole = :role").setParameter("role", roleEntity).executeUpdate();
em.createQuery("delete from " + UserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", roleEntity).executeUpdate();
em.createQuery("delete from " + ScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", roleEntity).executeUpdate();
em.remove(roleEntity);
@ -1060,7 +921,7 @@ public class RealmAdapter implements RealmModel {
@Override
public ApplicationModel getMasterAdminApp() {
return new ApplicationAdapter(this, em, realm.getMasterAdminApp());
return new ApplicationAdapter(this, em, session, realm.getMasterAdminApp());
}
@Override

1
model/jpa/src/main/resources/META-INF/services/org.keycloak.models.UserProviderFactory Executable file
View file

@ -0,0 +1 @@
org.keycloak.models.jpa.JpaUserProviderFactory

1
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java
View file

@ -141,6 +141,7 @@ public class ApplicationAdapter extends ClientAdapter<MongoApplicationEntity> im
@Override
public boolean removeRole(RoleModel role) {
session.users().preRemove(role);
return getMongoStore().removeEntity(MongoRoleEntity.class, role.getId(), invocationContext);
}

177
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/MongoModelProvider.java
View file

@ -94,50 +94,11 @@ public class MongoModelProvider implements ModelProvider {
return new RealmAdapter(session, realm, invocationContext);
}
@Override
public UserModel getUserById(String id, RealmModel realm) {
MongoUserEntity user = getMongoStore().loadEntity(MongoUserEntity.class, id, invocationContext);
// Check that it's user from this realm
if (user == null || !realm.getId().equals(user.getRealmId())) {
return null;
} else {
return new UserAdapter(session, realm, user, invocationContext);
}
}
@Override
public UserModel getUserByUsername(String username, RealmModel realm) {
DBObject query = new QueryBuilder()
.and("username").is(username)
.and("realmId").is(realm.getId())
.get();
MongoUserEntity user = getMongoStore().loadSingleEntity(MongoUserEntity.class, query, invocationContext);
if (user == null) {
return null;
} else {
return new UserAdapter(session, realm, user, invocationContext);
}
}
@Override
public UserModel getUserByEmail(String email, RealmModel realm) {
DBObject query = new QueryBuilder()
.and("email").is(email)
.and("realmId").is(realm.getId())
.get();
MongoUserEntity user = getMongoStore().loadSingleEntity(MongoUserEntity.class, query, invocationContext);
if (user == null) {
return null;
} else {
return new UserAdapter(session, realm, user, invocationContext);
}
}
@Override
public boolean removeRealm(String id) {
RealmModel realm = getRealm(id);
if (realm == null) return false;
session.users().preRemove(realm);
return getMongoStore().removeEntity(MongoRealmEntity.class, id, invocationContext);
}
@ -145,138 +106,6 @@ public class MongoModelProvider implements ModelProvider {
return invocationContext.getMongoStore();
}
@Override
public UserModel getUserBySocialLink(SocialLinkModel socialLink, RealmModel realm) {
DBObject query = new QueryBuilder()
.and("socialLinks.socialProvider").is(socialLink.getSocialProvider())
.and("socialLinks.socialUserId").is(socialLink.getSocialUserId())
.and("realmId").is(realm.getId())
.get();
MongoUserEntity userEntity = getMongoStore().loadSingleEntity(MongoUserEntity.class, query, invocationContext);
return userEntity == null ? null : new UserAdapter(session, realm, userEntity, invocationContext);
}
protected List<UserModel> convertUserEntities(RealmModel realm, List<MongoUserEntity> userEntities) {
List<UserModel> userModels = new ArrayList<UserModel>();
for (MongoUserEntity user : userEntities) {
userModels.add(new UserAdapter(session, realm, user, invocationContext));
}
return userModels;
}
@Override
public List<UserModel> getUsers(RealmModel realm) {
DBObject query = new QueryBuilder()
.and("realmId").is(realm.getId())
.get();
List<MongoUserEntity> users = getMongoStore().loadEntities(MongoUserEntity.class, query, invocationContext);
return convertUserEntities(realm, users);
}
@Override
public List<UserModel> searchForUser(String search, RealmModel realm) {
search = search.trim();
Pattern caseInsensitivePattern = Pattern.compile("(?i:" + search + ")");
QueryBuilder nameBuilder;
int spaceInd = search.lastIndexOf(" ");
// Case when we have search string like "ohn Bow". Then firstName must end with "ohn" AND lastName must start with "bow" (everything case-insensitive)
if (spaceInd != -1) {
String firstName = search.substring(0, spaceInd);
String lastName = search.substring(spaceInd + 1);
Pattern firstNamePattern = Pattern.compile("(?i:" + firstName + "$)");
Pattern lastNamePattern = Pattern.compile("(?i:^" + lastName + ")");
nameBuilder = new QueryBuilder().and(
new QueryBuilder().put("firstName").regex(firstNamePattern).get(),
new QueryBuilder().put("lastName").regex(lastNamePattern).get()
);
} else {
// Case when we have search without spaces like "foo". The firstName OR lastName could be "foo" (everything case-insensitive)
nameBuilder = new QueryBuilder().or(
new QueryBuilder().put("firstName").regex(caseInsensitivePattern).get(),
new QueryBuilder().put("lastName").regex(caseInsensitivePattern).get()
);
}
QueryBuilder builder = new QueryBuilder().and(
new QueryBuilder().and("realmId").is(realm.getId()).get(),
new QueryBuilder().or(
new QueryBuilder().put("username").regex(caseInsensitivePattern).get(),
new QueryBuilder().put("email").regex(caseInsensitivePattern).get(),
nameBuilder.get()
).get()
);
List<MongoUserEntity> users = getMongoStore().loadEntities(MongoUserEntity.class, builder.get(), invocationContext);
return convertUserEntities(realm, users); }
@Override
public List<UserModel> searchForUserByAttributes(Map<String, String> attributes, RealmModel realm) {
QueryBuilder queryBuilder = new QueryBuilder()
.and("realmId").is(realm.getId());
for (Map.Entry<String, String> entry : attributes.entrySet()) {
if (entry.getKey().equals(UserModel.LOGIN_NAME)) {
queryBuilder.and("username").regex(Pattern.compile("(?i:" + entry.getValue() + "$)"));
} else if (entry.getKey().equalsIgnoreCase(UserModel.FIRST_NAME)) {
queryBuilder.and(UserModel.FIRST_NAME).regex(Pattern.compile("(?i:" + entry.getValue() + "$)"));
} else if (entry.getKey().equalsIgnoreCase(UserModel.LAST_NAME)) {
queryBuilder.and(UserModel.LAST_NAME).regex(Pattern.compile("(?i:" + entry.getValue() + "$)"));
} else if (entry.getKey().equalsIgnoreCase(UserModel.EMAIL)) {
queryBuilder.and(UserModel.EMAIL).regex(Pattern.compile("(?i:" + entry.getValue() + "$)"));
}
}
List<MongoUserEntity> users = getMongoStore().loadEntities(MongoUserEntity.class, queryBuilder.get(), invocationContext);
return convertUserEntities(realm, users);
}
@Override
public Set<SocialLinkModel> getSocialLinks(UserModel userModel, RealmModel realm) {
UserModel user = getUserById(userModel.getId(), realm);
MongoUserEntity userEntity = ((UserAdapter) user).getUser();
List<SocialLinkEntity> linkEntities = userEntity.getSocialLinks();
if (linkEntities == null) {
return Collections.EMPTY_SET;
}
Set<SocialLinkModel> result = new HashSet<SocialLinkModel>();
for (SocialLinkEntity socialLinkEntity : linkEntities) {
SocialLinkModel model = new SocialLinkModel(socialLinkEntity.getSocialProvider(),
socialLinkEntity.getSocialUserId(), socialLinkEntity.getSocialUsername());
result.add(model);
}
return result;
}
private SocialLinkEntity findSocialLink(UserModel userModel, String socialProvider, RealmModel realm) {
UserModel user = getUserById(userModel.getId(), realm);
MongoUserEntity userEntity = ((UserAdapter) user).getUser();
List<SocialLinkEntity> linkEntities = userEntity.getSocialLinks();
if (linkEntities == null) {
return null;
}
for (SocialLinkEntity socialLinkEntity : linkEntities) {
if (socialLinkEntity.getSocialProvider().equals(socialProvider)) {
return socialLinkEntity;
}
}
return null;
}
@Override
public SocialLinkModel getSocialLink(UserModel user, String socialProvider, RealmModel realm) {
SocialLinkEntity socialLinkEntity = findSocialLink(user, socialProvider, realm);
return socialLinkEntity != null ? new SocialLinkModel(socialLinkEntity.getSocialProvider(), socialLinkEntity.getSocialUserId(), socialLinkEntity.getSocialUsername()) : null;
}
@Override
public RoleModel getRoleById(String id, RealmModel realm) {
MongoRoleEntity role = getMongoStore().loadEntity(MongoRoleEntity.class, id, invocationContext);

322
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/MongoUserProvider.java Executable file
View file

@ -0,0 +1,322 @@
package org.keycloak.models.mongo.keycloak.adapters;
import com.mongodb.BasicDBObject;
import com.mongodb.DBObject;
import com.mongodb.QueryBuilder;
import org.keycloak.connections.mongo.api.MongoStore;
import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelProvider;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.SocialLinkModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserProvider;
import org.keycloak.models.entities.SocialLinkEntity;
import org.keycloak.models.mongo.keycloak.entities.MongoApplicationEntity;
import org.keycloak.models.mongo.keycloak.entities.MongoOAuthClientEntity;
import org.keycloak.models.mongo.keycloak.entities.MongoRealmEntity;
import org.keycloak.models.mongo.keycloak.entities.MongoRoleEntity;
import org.keycloak.models.mongo.keycloak.entities.MongoUserEntity;
import org.keycloak.models.utils.KeycloakModelUtils;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class MongoUserProvider implements UserProvider {
private final MongoStoreInvocationContext invocationContext;
private final KeycloakSession session;
private final MongoStore mongoStore;
public MongoUserProvider(KeycloakSession session, MongoStore mongoStore, MongoStoreInvocationContext invocationContext) {
this.session = session;
this.mongoStore = mongoStore;
this.invocationContext = invocationContext;
}
@Override
public void close() {
// TODO
}
@Override
public UserModel getUserById(String id, RealmModel realm) {
MongoUserEntity user = getMongoStore().loadEntity(MongoUserEntity.class, id, invocationContext);
// Check that it's user from this realm
if (user == null || !realm.getId().equals(user.getRealmId())) {
return null;
} else {
return new UserAdapter(session, realm, user, invocationContext);
}
}
@Override
public UserModel getUserByUsername(String username, RealmModel realm) {
DBObject query = new QueryBuilder()
.and("username").is(username)
.and("realmId").is(realm.getId())
.get();
MongoUserEntity user = getMongoStore().loadSingleEntity(MongoUserEntity.class, query, invocationContext);
if (user == null) {
return null;
} else {
return new UserAdapter(session, realm, user, invocationContext);
}
}
@Override
public UserModel getUserByEmail(String email, RealmModel realm) {
DBObject query = new QueryBuilder()
.and("email").is(email)
.and("realmId").is(realm.getId())
.get();
MongoUserEntity user = getMongoStore().loadSingleEntity(MongoUserEntity.class, query, invocationContext);
if (user == null) {
return null;
} else {
return new UserAdapter(session, realm, user, invocationContext);
}
}
protected MongoStore getMongoStore() {
return invocationContext.getMongoStore();
}
@Override
public UserModel getUserBySocialLink(SocialLinkModel socialLink, RealmModel realm) {
DBObject query = new QueryBuilder()
.and("socialLinks.socialProvider").is(socialLink.getSocialProvider())
.and("socialLinks.socialUserId").is(socialLink.getSocialUserId())
.and("realmId").is(realm.getId())
.get();
MongoUserEntity userEntity = getMongoStore().loadSingleEntity(MongoUserEntity.class, query, invocationContext);
return userEntity == null ? null : new UserAdapter(session, realm, userEntity, invocationContext);
}
protected List<UserModel> convertUserEntities(RealmModel realm, List<MongoUserEntity> userEntities) {
List<UserModel> userModels = new ArrayList<UserModel>();
for (MongoUserEntity user : userEntities) {
userModels.add(new UserAdapter(session, realm, user, invocationContext));
}
return userModels;
}
@Override
public List<UserModel> getUsers(RealmModel realm) {
DBObject query = new QueryBuilder()
.and("realmId").is(realm.getId())
.get();
List<MongoUserEntity> users = getMongoStore().loadEntities(MongoUserEntity.class, query, invocationContext);
return convertUserEntities(realm, users);
}
@Override
public List<UserModel> searchForUser(String search, RealmModel realm) {
search = search.trim();
Pattern caseInsensitivePattern = Pattern.compile("(?i:" + search + ")");
QueryBuilder nameBuilder;
int spaceInd = search.lastIndexOf(" ");
// Case when we have search string like "ohn Bow". Then firstName must end with "ohn" AND lastName must start with "bow" (everything case-insensitive)
if (spaceInd != -1) {
String firstName = search.substring(0, spaceInd);
String lastName = search.substring(spaceInd + 1);
Pattern firstNamePattern = Pattern.compile("(?i:" + firstName + "$)");
Pattern lastNamePattern = Pattern.compile("(?i:^" + lastName + ")");
nameBuilder = new QueryBuilder().and(
new QueryBuilder().put("firstName").regex(firstNamePattern).get(),
new QueryBuilder().put("lastName").regex(lastNamePattern).get()
);
} else {
// Case when we have search without spaces like "foo". The firstName OR lastName could be "foo" (everything case-insensitive)
nameBuilder = new QueryBuilder().or(
new QueryBuilder().put("firstName").regex(caseInsensitivePattern).get(),
new QueryBuilder().put("lastName").regex(caseInsensitivePattern).get()
);
}
QueryBuilder builder = new QueryBuilder().and(
new QueryBuilder().and("realmId").is(realm.getId()).get(),
new QueryBuilder().or(
new QueryBuilder().put("username").regex(caseInsensitivePattern).get(),
new QueryBuilder().put("email").regex(caseInsensitivePattern).get(),
nameBuilder.get()
).get()
);
List<MongoUserEntity> users = getMongoStore().loadEntities(MongoUserEntity.class, builder.get(), invocationContext);
return convertUserEntities(realm, users); }
@Override
public List<UserModel> searchForUserByAttributes(Map<String, String> attributes, RealmModel realm) {
QueryBuilder queryBuilder = new QueryBuilder()
.and("realmId").is(realm.getId());
for (Map.Entry<String, String> entry : attributes.entrySet()) {
if (entry.getKey().equals(UserModel.LOGIN_NAME)) {
queryBuilder.and("username").regex(Pattern.compile("(?i:" + entry.getValue() + "$)"));
} else if (entry.getKey().equalsIgnoreCase(UserModel.FIRST_NAME)) {
queryBuilder.and(UserModel.FIRST_NAME).regex(Pattern.compile("(?i:" + entry.getValue() + "$)"));
} else if (entry.getKey().equalsIgnoreCase(UserModel.LAST_NAME)) {
queryBuilder.and(UserModel.LAST_NAME).regex(Pattern.compile("(?i:" + entry.getValue() + "$)"));
} else if (entry.getKey().equalsIgnoreCase(UserModel.EMAIL)) {
queryBuilder.and(UserModel.EMAIL).regex(Pattern.compile("(?i:" + entry.getValue() + "$)"));
}
}
List<MongoUserEntity> users = getMongoStore().loadEntities(MongoUserEntity.class, queryBuilder.get(), invocationContext);
return convertUserEntities(realm, users);
}
@Override
public Set<SocialLinkModel> getSocialLinks(UserModel userModel, RealmModel realm) {
UserModel user = getUserById(userModel.getId(), realm);
MongoUserEntity userEntity = ((UserAdapter) user).getUser();
List<SocialLinkEntity> linkEntities = userEntity.getSocialLinks();
if (linkEntities == null) {
return Collections.EMPTY_SET;
}
Set<SocialLinkModel> result = new HashSet<SocialLinkModel>();
for (SocialLinkEntity socialLinkEntity : linkEntities) {
SocialLinkModel model = new SocialLinkModel(socialLinkEntity.getSocialProvider(),
socialLinkEntity.getSocialUserId(), socialLinkEntity.getSocialUsername());
result.add(model);
}
return result;
}
private SocialLinkEntity findSocialLink(UserModel userModel, String socialProvider, RealmModel realm) {
UserModel user = getUserById(userModel.getId(), realm);
MongoUserEntity userEntity = ((UserAdapter) user).getUser();
List<SocialLinkEntity> linkEntities = userEntity.getSocialLinks();
if (linkEntities == null) {
return null;
}
for (SocialLinkEntity socialLinkEntity : linkEntities) {
if (socialLinkEntity.getSocialProvider().equals(socialProvider)) {
return socialLinkEntity;
}
}
return null;
}
@Override
public SocialLinkModel getSocialLink(UserModel user, String socialProvider, RealmModel realm) {
SocialLinkEntity socialLinkEntity = findSocialLink(user, socialProvider, realm);
return socialLinkEntity != null ? new SocialLinkModel(socialLinkEntity.getSocialProvider(), socialLinkEntity.getSocialUserId(), socialLinkEntity.getSocialUsername()) : null;
}
@Override
public UserAdapter addUser(RealmModel realm, String id, String username, boolean addDefaultRoles) {
UserAdapter userModel = addUserEntity(realm, id, username);
if (addDefaultRoles) {
for (String r : realm.getDefaultRoles()) {
userModel.grantRole(realm.getRole(r));
}
for (ApplicationModel application : realm.getApplications()) {
for (String r : application.getDefaultRoles()) {
userModel.grantRole(application.getRole(r));
}
}
}
return userModel;
}
protected UserAdapter addUserEntity(RealmModel realm, String id, String username) {
MongoUserEntity userEntity = new MongoUserEntity();
userEntity.setId(id);
userEntity.setUsername(username);
// Compatibility with JPA model, which has user disabled by default
// userEntity.setEnabled(true);
userEntity.setRealmId(realm.getId());
getMongoStore().insertEntity(userEntity, invocationContext);
return new UserAdapter(session, realm, userEntity, invocationContext);
}
@Override
public boolean removeUser(RealmModel realm, String name) {
DBObject query = new QueryBuilder()
.and("username").is(name)
.and("realmId").is(realm.getId())
.get();
return getMongoStore().removeEntities(MongoUserEntity.class, query, invocationContext);
}
@Override
public void addSocialLink(RealmModel realm, UserModel user, SocialLinkModel socialLink) {
MongoUserEntity userEntity = ((UserAdapter) user).getUser();
SocialLinkEntity socialLinkEntity = new SocialLinkEntity();
socialLinkEntity.setSocialProvider(socialLink.getSocialProvider());
socialLinkEntity.setSocialUserId(socialLink.getSocialUserId());
socialLinkEntity.setSocialUsername(socialLink.getSocialUsername());
getMongoStore().pushItemToList(userEntity, "socialLinks", socialLinkEntity, true, invocationContext);
}
@Override
public boolean removeSocialLink(RealmModel realm, UserModel userModel, String socialProvider) {
UserModel user = getUserById(userModel.getId(), realm);
MongoUserEntity userEntity = ((UserAdapter) user).getUser();
SocialLinkEntity socialLinkEntity = findSocialLink(userEntity, socialProvider);
if (socialLinkEntity == null) {
return false;
}
return getMongoStore().pullItemFromList(userEntity, "socialLinks", socialLinkEntity, invocationContext);
}
private SocialLinkEntity findSocialLink(MongoUserEntity userEntity, String socialProvider) {
List<SocialLinkEntity> linkEntities = userEntity.getSocialLinks();
if (linkEntities == null) {
return null;
}
for (SocialLinkEntity socialLinkEntity : linkEntities) {
if (socialLinkEntity.getSocialProvider().equals(socialProvider)) {
return socialLinkEntity;
}
}
return null;
}
@Override
public UserModel addUser(RealmModel realm, String username) {
return this.addUser(realm, null, username, true);
}
@Override
public void preRemove(RealmModel realm) {
// todo not sure what to do for this
}
@Override
public void preRemove(RoleModel role) {
// todo not sure what to do for this
}
}

40
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/MongoUserProviderFactory.java Executable file
View file

@ -0,0 +1,40 @@
package org.keycloak.models.mongo.keycloak.adapters;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.connections.mongo.MongoConnectionProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelProvider;
import org.keycloak.models.ModelProviderFactory;
import org.keycloak.models.UserProvider;
import org.keycloak.models.UserProviderFactory;
/**
* KeycloakSessionFactory implementation based on MongoDB
*
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class MongoUserProviderFactory implements UserProviderFactory {
protected static final Logger logger = Logger.getLogger(MongoUserProviderFactory.class);
@Override
public String getId() {
return "mongo";
}
@Override
public void init(Config.Scope config) {
}
@Override
public UserProvider create(KeycloakSession session) {
MongoConnectionProvider connection = session.getProvider(MongoConnectionProvider.class);
return new MongoUserProvider(session, connection.getMongoStore(), connection.getInvocationContext());
}
@Override
public void close() {
}
}

134
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
View file

@ -438,66 +438,6 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
updateRealm();
}
@Override
public UserModel getUser(String name) {
return model.getUserByUsername(name, this);
}
@Override
public UserModel getUserByEmail(String email) {
return model.getUserByEmail(email, this);
}
@Override
public UserModel getUserById(String id) {
return model.getUserById(id, this);
}
@Override
public UserAdapter addUser(String username) {
return this.addUser(null, username, true);
}
@Override
public UserAdapter addUser(String id, String username, boolean addDefaultRoles) {
UserAdapter userModel = addUserEntity(id, username);
if (addDefaultRoles) {
for (String r : getDefaultRoles()) {
userModel.grantRole(getRole(r));
}
for (ApplicationModel application : getApplications()) {
for (String r : application.getDefaultRoles()) {
userModel.grantRole(application.getRole(r));
}
}
}
return userModel;
}
protected UserAdapter addUserEntity(String id, String username) {
MongoUserEntity userEntity = new MongoUserEntity();
userEntity.setId(id);
userEntity.setUsername(username);
// Compatibility with JPA model, which has user disabled by default
// userEntity.setEnabled(true);
userEntity.setRealmId(getId());
getMongoStore().insertEntity(userEntity, invocationContext);
return new UserAdapter(session, this, userEntity, invocationContext);
}
@Override
public boolean removeUser(String name) {
DBObject query = new QueryBuilder()
.and("username").is(name)
.and("realmId").is(getId())
.get();
return getMongoStore().removeEntities(MongoUserEntity.class, query, invocationContext);
}
@Override
public RoleAdapter getRole(String name) {
DBObject query = new QueryBuilder()
@ -536,6 +476,9 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
@Override
public boolean removeRoleById(String id) {
RoleModel role = getRoleById(id);
if (role == null) return false;
session.users().preRemove(role);
return getMongoStore().removeEntity(MongoRoleEntity.class, id, invocationContext);
}
@ -799,60 +742,6 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
return false;
}
@Override
public UserModel getUserBySocialLink(SocialLinkModel socialLink) {
return model.getUserBySocialLink(socialLink, this);
}
@Override
public Set<SocialLinkModel> getSocialLinks(UserModel user) {
return model.getSocialLinks(user, this);
}
@Override
public SocialLinkModel getSocialLink(UserModel user, String socialProvider) {
return model.getSocialLink(user, socialProvider, this);
}
@Override
public void addSocialLink(UserModel user, SocialLinkModel socialLink) {
MongoUserEntity userEntity = ((UserAdapter) user).getUser();
SocialLinkEntity socialLinkEntity = new SocialLinkEntity();
socialLinkEntity.setSocialProvider(socialLink.getSocialProvider());
socialLinkEntity.setSocialUserId(socialLink.getSocialUserId());
socialLinkEntity.setSocialUsername(socialLink.getSocialUsername());
getMongoStore().pushItemToList(userEntity, "socialLinks", socialLinkEntity, true, invocationContext);
}
@Override
public boolean removeSocialLink(UserModel userModel, String socialProvider) {
UserModel user = getUserById(userModel.getId());
MongoUserEntity userEntity = ((UserAdapter) user).getUser();
SocialLinkEntity socialLinkEntity = findSocialLink(userEntity, socialProvider);
if (socialLinkEntity == null) {
return false;
}
return getMongoStore().pullItemFromList(userEntity, "socialLinks", socialLinkEntity, invocationContext);
}
private SocialLinkEntity findSocialLink(MongoUserEntity userEntity, String socialProvider) {
List<SocialLinkEntity> linkEntities = userEntity.getSocialLinks();
if (linkEntities == null) {
return null;
}
for (SocialLinkEntity socialLinkEntity : linkEntities) {
if (socialLinkEntity.getSocialProvider().equals(socialProvider)) {
return socialLinkEntity;
}
}
return null;
}
protected void updateRealm() {
super.updateMongoEntity();
}
@ -865,23 +754,6 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
return model;
}
@Override
public List<UserModel> getUsers() {
return model.getUsers(this);
}
@Override
public List<UserModel> searchForUser(String search) {
return model.searchForUser(search, this);
}
@Override
public List<UserModel> searchForUserByAttributes(Map<String, String> attributes) {
return model.searchForUserByAttributes(attributes, this);
}
@Override
public Map<String, String> getSmtpConfig() {
return realm.getSmtpConfig();

1
model/mongo/src/main/resources/META-INF/services/org.keycloak.models.UserProviderFactory Executable file
View file

@ -0,0 +1 @@
org.keycloak.models.mongo.keycloak.adapters.MongoUserProviderFactory

2
model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/UserSessionAdapter.java
View file

@ -45,7 +45,7 @@ public class UserSessionAdapter implements UserSessionModel {
@Override
public UserModel getUser() {
return realm.getUserById(entity.getUserId());
return session.users().getUserById(entity.getUserId(), realm);
}
@Override

2
model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/UserSessionAdapter.java Normal file → Executable file
View file

@ -36,7 +36,7 @@ public class UserSessionAdapter implements UserSessionModel {
}
public UserModel getUser() {
return realm.getUserById(entity.getUser());
return session.users().getUserById(entity.getUser(), realm);
}
public void setUser(UserModel user) {

10
model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/MongoUserSessionProvider.java Normal file → Executable file
View file

@ -47,7 +47,7 @@ public class MongoUserSessionProvider implements UserSessionProvider {
entity.setLastSessionRefresh(currentTime);
mongoStore.insertEntity(entity, invocationContext);
return new UserSessionAdapter(entity, realm, invocationContext);
return new UserSessionAdapter(session, entity, realm, invocationContext);
}
@Override
@ -56,7 +56,7 @@ public class MongoUserSessionProvider implements UserSessionProvider {
if (entity == null) {
return null;
} else {
return new UserSessionAdapter(entity, realm, invocationContext);
return new UserSessionAdapter(session, entity, realm, invocationContext);
}
}
@ -65,7 +65,7 @@ public class MongoUserSessionProvider implements UserSessionProvider {
DBObject query = new BasicDBObject("user", user.getId());
List<UserSessionModel> sessions = new LinkedList<UserSessionModel>();
for (MongoUserSessionEntity e : mongoStore.loadEntities(MongoUserSessionEntity.class, query, invocationContext)) {
sessions.add(new UserSessionAdapter(e, realm, invocationContext));
sessions.add(new UserSessionAdapter(session, e, realm, invocationContext));
}
return sessions;
}
@ -79,7 +79,7 @@ public class MongoUserSessionProvider implements UserSessionProvider {
List<UserSessionModel> result = new LinkedList<UserSessionModel>();
for (MongoUserSessionEntity session : sessions) {
result.add(new UserSessionAdapter(session, realm, invocationContext));
result.add(new UserSessionAdapter(this.session, session, realm, invocationContext));
}
return result;
}
@ -93,7 +93,7 @@ public class MongoUserSessionProvider implements UserSessionProvider {
List<MongoUserSessionEntity> sessions = mongoStore.loadEntities(MongoUserSessionEntity.class, query, sort, invocationContext, firstResult, maxResults);
List<UserSessionModel> result = new LinkedList<UserSessionModel>();
for (MongoUserSessionEntity session : sessions) {
result.add(new UserSessionAdapter(session, realm, invocationContext));
result.add(new UserSessionAdapter(this.session, session, realm, invocationContext));
}
return result;
}

7
model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/UserSessionAdapter.java
View file

@ -3,6 +3,7 @@ package org.keycloak.models.sessions.mongo;
import org.jboss.logging.Logger;
import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
@ -20,12 +21,14 @@ public class UserSessionAdapter extends AbstractMongoAdapter<MongoUserSessionEnt
private MongoUserSessionEntity entity;
private RealmModel realm;
private KeycloakSession keycloakSession;
public UserSessionAdapter(MongoUserSessionEntity entity, RealmModel realm, MongoStoreInvocationContext invContext)
public UserSessionAdapter(KeycloakSession keycloakSession, MongoUserSessionEntity entity, RealmModel realm, MongoStoreInvocationContext invContext)
{
super(invContext);
this.entity = entity;
this.realm = realm;
this.keycloakSession = keycloakSession;
}
@Override
@ -46,7 +49,7 @@ public class UserSessionAdapter extends AbstractMongoAdapter<MongoUserSessionEnt
@Override
public UserModel getUser() {
return realm.getUserById(entity.getUser());
return keycloakSession.users().getUserById(entity.getUser(), realm);
}
@Override

66
model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java
View file

@ -132,7 +132,7 @@ public class AdapterTest extends AbstractModelTest {
@Test
public void testCredentialValidation() throws Exception {
test1CreateRealm();
UserModel user = realmModel.addUser("bburke");
UserModel user = realmManager.getSession().users().addUser(realmModel, "bburke");
UserCredentialModel cred = new UserCredentialModel();
cred.setType(CredentialRepresentation.PASSWORD);
cred.setValue("geheim");
@ -159,7 +159,7 @@ public class AdapterTest extends AbstractModelTest {
public void testDeleteUser() throws Exception {
test1CreateRealm();
UserModel user = realmModel.addUser("bburke");
UserModel user = realmManager.getSession().users().addUser(realmModel, "bburke");
user.setAttribute("attr1", "val1");
user.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
@ -171,7 +171,7 @@ public class AdapterTest extends AbstractModelTest {
user.grantRole(appRole);
SocialLinkModel socialLink = new SocialLinkModel("google", "google1", user.getUsername());
realmModel.addSocialLink(user, socialLink);
realmManager.getSession().users().addSocialLink(realmModel, user, socialLink);
UserCredentialModel cred = new UserCredentialModel();
cred.setType(CredentialRepresentation.PASSWORD);
@ -181,16 +181,16 @@ public class AdapterTest extends AbstractModelTest {
commit();
realmModel = model.getRealm("JUGGLER");
Assert.assertTrue(realmModel.removeUser("bburke"));
Assert.assertFalse(realmModel.removeUser("bburke"));
assertNull(realmModel.getUser("bburke"));
Assert.assertTrue(realmManager.getSession().users().removeUser(realmModel, "bburke"));
Assert.assertFalse(realmManager.getSession().users().removeUser(realmModel, "bburke"));
assertNull(realmManager.getSession().users().getUserByUsername("bburke", realmModel));
}
@Test
public void testRemoveApplication() throws Exception {
test1CreateRealm();
UserModel user = realmModel.addUser("bburke");
UserModel user = realmManager.getSession().users().addUser(realmModel, "bburke");
OAuthClientModel client = realmModel.addOAuthClient("client");
@ -213,7 +213,7 @@ public class AdapterTest extends AbstractModelTest {
public void testRemoveRealm() throws Exception {
test1CreateRealm();
UserModel user = realmModel.addUser("bburke");
UserModel user = realmManager.getSession().users().addUser(realmModel, "bburke");
UserCredentialModel cred = new UserCredentialModel();
cred.setType(CredentialRepresentation.PASSWORD);
@ -248,7 +248,7 @@ public class AdapterTest extends AbstractModelTest {
public void testRemoveRole() throws Exception {
test1CreateRealm();
UserModel user = realmModel.addUser("bburke");
UserModel user = realmManager.getSession().users().addUser(realmModel, "bburke");
OAuthClientModel client = realmModel.addOAuthClient("client");
@ -278,17 +278,17 @@ public class AdapterTest extends AbstractModelTest {
public void testUserSearch() throws Exception {
test1CreateRealm();
{
UserModel user = realmModel.addUser("bburke");
UserModel user = realmManager.getSession().users().addUser(realmModel, "bburke");
user.setLastName("Burke");
user.setFirstName("Bill");
user.setEmail("bburke@redhat.com");
UserModel user2 = realmModel.addUser("doublefirst");
UserModel user2 = realmManager.getSession().users().addUser(realmModel, "doublefirst");
user2.setFirstName("Knut Ole");
user2.setLastName("Alver");
user2.setEmail("knut@redhat.com");
UserModel user3 = realmModel.addUser("doublelast");
UserModel user3 = realmManager.getSession().users().addUser(realmModel, "doublelast");
user3.setFirstName("Ole");
user3.setLastName("Alver Veland");
user3.setEmail("knut2@redhat.com");
@ -375,14 +375,14 @@ public class AdapterTest extends AbstractModelTest {
}
{
UserModel user = realmModel.addUser("mburke");
UserModel user = realmManager.getSession().users().addUser(realmModel, "mburke");
user.setLastName("Burke");
user.setFirstName("Monica");
user.setEmail("mburke@redhat.com");
}
{
UserModel user = realmModel.addUser("thor");
UserModel user = realmManager.getSession().users().addUser(realmModel, "thor");
user.setLastName("Thorgersen");
user.setFirstName("Stian");
user.setEmail("thor@redhat.com");
@ -430,10 +430,10 @@ public class AdapterTest extends AbstractModelTest {
}
RealmModel otherRealm = adapter.createRealm("other");
otherRealm.addUser("bburke");
realmManager.getSession().users().addUser(otherRealm, "bburke");
Assert.assertEquals(1, otherRealm.getUsers().size());
Assert.assertEquals(1, otherRealm.searchForUser("bu").size());
Assert.assertEquals(1, realmManager.getSession().users().getUsers(otherRealm).size());
Assert.assertEquals(1, realmManager.getSession().users().searchForUser("bu", otherRealm).size());
}
@ -444,7 +444,7 @@ public class AdapterTest extends AbstractModelTest {
realmModel.addRole("user");
Set<RoleModel> roles = realmModel.getRoles();
Assert.assertEquals(3, roles.size());
UserModel user = realmModel.addUser("bburke");
UserModel user = realmManager.getSession().users().addUser(realmModel, "bburke");
RoleModel realmUserRole = realmModel.getRole("user");
user.grantRole(realmUserRole);
Assert.assertTrue(user.hasRole(realmUserRole));
@ -618,13 +618,16 @@ public class AdapterTest extends AbstractModelTest {
@Test
public void testUsernameCollisions() throws Exception {
realmManager.createRealm("JUGGLER1").addUser("user1");
realmManager.createRealm("JUGGLER2").addUser("user1");
RealmModel juggler1 = realmManager.createRealm("JUGGLER1");
realmManager.getSession().users().addUser(juggler1, "user1");
RealmModel juggler2 = realmManager.createRealm("JUGGLER2");
realmManager.getSession().users().addUser(juggler2, "user1");
commit();
// Try to create user with duplicate login name
try {
realmManager.getRealmByName("JUGGLER1").addUser("user1");
juggler1 = realmManager.getRealmByName("JUGGLER1");
realmManager.getSession().users().addUser(juggler1, "user1");
commit();
Assert.fail("Expected exception");
} catch (ModelDuplicateException e) {
@ -632,10 +635,12 @@ public class AdapterTest extends AbstractModelTest {
commit(true);
// Ty to rename user to duplicate login name
realmManager.getRealmByName("JUGGLER1").addUser("user2");
juggler1 = realmManager.getRealmByName("JUGGLER1");
realmManager.getSession().users().addUser(juggler1, "user2");
commit();
try {
realmManager.getRealmByName("JUGGLER1").getUser("user2").setUsername("user1");
juggler1 = realmManager.getRealmByName("JUGGLER1");
realmManager.getSession().users().getUserByUsername("user2", juggler1).setUsername("user1");
commit();
Assert.fail("Expected exception");
} catch (ModelDuplicateException e) {
@ -646,13 +651,16 @@ public class AdapterTest extends AbstractModelTest {
@Test
public void testEmailCollisions() throws Exception {
realmManager.createRealm("JUGGLER1").addUser("user1").setEmail("email@example.com");
realmManager.createRealm("JUGGLER2").addUser("user1").setEmail("email@example.com");
RealmModel juggler1 = realmManager.createRealm("JUGGLER1");
realmManager.getSession().users().addUser(juggler1, "user1").setEmail("email@example.com");
RealmModel juggler2 = realmManager.createRealm("JUGGLER2");
realmManager.getSession().users().addUser(juggler2, "user1").setEmail("email@example.com");
commit();
// Try to create user with duplicate email
juggler1 = realmManager.getRealmByName("JUGGLER1");
try {
realmManager.getRealmByName("JUGGLER1").addUser("user2").setEmail("email@example.com");
realmManager.getSession().users().addUser(juggler1, "user2").setEmail("email@example.com");
commit();
Assert.fail("Expected exception");
} catch (ModelDuplicateException e) {
@ -661,10 +669,12 @@ public class AdapterTest extends AbstractModelTest {
resetSession();
// Ty to rename user to duplicate email
realmManager.getRealmByName("JUGGLER1").addUser("user3").setEmail("email2@example.com");
juggler1 = realmManager.getRealmByName("JUGGLER1");
realmManager.getSession().users().addUser(juggler1, "user3").setEmail("email2@example.com");
commit();
try {
realmManager.getRealmByName("JUGGLER1").getUser("user3").setEmail("email@example.com");
juggler1 = realmManager.getRealmByName("JUGGLER1");
realmManager.getSession().users().getUserByUsername("user3", juggler1).setEmail("email@example.com");
commit();
Assert.fail("Expected exception");
} catch (ModelDuplicateException e) {

12
model/tests/src/test/java/org/keycloak/model/test/AuthProvidersExternalModelTest.java
View file

@ -54,7 +54,7 @@ public class AuthProvidersExternalModelTest extends AbstractModelTest {
realm1.setAuthenticationProviders(Arrays.asList(AuthenticationProviderModel.DEFAULT_PROVIDER));
realm2.setAuthenticationProviders(Arrays.asList(AuthenticationProviderModel.DEFAULT_PROVIDER));
UserModel john = realm1.addUser("john");
UserModel john = realmManager.getSession().users().addUser(realm1, "john");
john.setEnabled(true);
john.setFirstName("John");
john.setLastName("Doe");
@ -78,7 +78,7 @@ public class AuthProvidersExternalModelTest extends AbstractModelTest {
// Verify that user doesn't exists in realm2 and can't authenticate here
Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_USER, am.authenticateForm(session, null, realm2, formData));
Assert.assertNull(realm2.getUser("john"));
Assert.assertNull(realmManager.getSession().users().getUserByUsername("john", realm2));
// Add externalModel authenticationProvider into realm2 and point to realm1
setupAuthenticationProviders();
@ -89,7 +89,7 @@ public class AuthProvidersExternalModelTest extends AbstractModelTest {
// Authenticate john in realm2 and verify that now he exists here.
Assert.assertEquals(AuthenticationManager.AuthenticationStatus.SUCCESS, am.authenticateForm(session, null, realm2, formData));
UserModel john2 = realm2.getUser("john");
UserModel john2 = realmManager.getSession().users().getUserByUsername("john", realm2);
Assert.assertNotNull(john2);
Assert.assertEquals("john", john2.getUsername());
Assert.assertEquals("John", john2.getFirstName());
@ -100,7 +100,7 @@ public class AuthProvidersExternalModelTest extends AbstractModelTest {
AuthenticationLinkModel authLink = john2.getAuthenticationLink();
Assert.assertNotNull(authLink);
Assert.assertEquals(authLink.getAuthProvider(), AuthProviderConstants.PROVIDER_NAME_EXTERNAL_MODEL);
Assert.assertEquals(authLink.getAuthUserId(), realm1.getUser("john").getId());
Assert.assertEquals(authLink.getAuthUserId(), realmManager.getSession().users().getUserByUsername("john", realm1).getId());
} finally {
ResteasyProviderFactory.clearContextData();
}
@ -113,9 +113,9 @@ public class AuthProvidersExternalModelTest extends AbstractModelTest {
setupAuthenticationProviders();
// Add john to realm2 and set authentication link
UserModel john = realm2.addUser("john");
UserModel john = realmManager.getSession().users().addUser(realm2, "john");
john.setEnabled(true);
john.setAuthenticationLink(new AuthenticationLinkModel(AuthProviderConstants.PROVIDER_NAME_EXTERNAL_MODEL, realm1.getUser("john").getId()));
john.setAuthenticationLink(new AuthenticationLinkModel(AuthProviderConstants.PROVIDER_NAME_EXTERNAL_MODEL, realmManager.getSession().users().getUserByUsername("john", realm1).getId()));
try {
// this is needed for externalModel provider

9
model/tests/src/test/java/org/keycloak/model/test/AuthProvidersLDAPTest.java
View file

@ -80,14 +80,14 @@ public class AuthProvidersLDAPTest extends AbstractModelTest {
// Verify that user doesn't exists in realm2 and can't authenticate here
Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_USER, am.authenticateForm(session, null, realm, formData));
Assert.assertNull(realm.getUser("johnkeycloak"));
Assert.assertNull(session.users().getUserByUsername("johnkeycloak", realm));
// Add ldap authenticationProvider
setupAuthenticationProviders();
// Authenticate john and verify that now he exists in realm
Assert.assertEquals(AuthenticationManager.AuthenticationStatus.SUCCESS, am.authenticateForm(session, null, realm, formData));
UserModel john = realm.getUser("johnkeycloak");
UserModel john = session.users().getUserByUsername("johnkeycloak", realm);
Assert.assertNotNull(john);
Assert.assertEquals("johnkeycloak", john.getUsername());
Assert.assertEquals("John", john.getFirstName());
@ -103,9 +103,8 @@ public class AuthProvidersLDAPTest extends AbstractModelTest {
@Test
public void testLdapInvalidAuthentication() {
setupAuthenticationProviders();
// Add some user and password to realm
UserModel realmUser = realm.addUser("realmUser");
UserModel realmUser = session.users().addUser(realm, "realmUser");
realmUser.setEnabled(true);
UserCredentialModel credential = new UserCredentialModel();
credential.setType(CredentialRepresentation.PASSWORD);
@ -149,7 +148,7 @@ public class AuthProvidersLDAPTest extends AbstractModelTest {
// Change credential and validate that user can authenticate
AuthenticationProviderManager authProviderManager = AuthenticationProviderManager.getManager(realm, session);
UserModel john = realm.getUser("johnkeycloak");
UserModel john = session.users().getUserByUsername("johnkeycloak", realm);
try {
Assert.assertTrue(authProviderManager.updatePassword(john, "password-updated"));
} catch (AuthenticationProviderException ape) {

2
model/tests/src/test/java/org/keycloak/model/test/AuthenticationManagerTest.java
View file

@ -168,7 +168,7 @@ public class AuthenticationManagerTest extends AbstractModelTest {
protector.start();
am = new AuthenticationManager(protector);
user = realm.addUser("test");
user = realmManager.getSession().users().addUser(realm, "test");
user.setEnabled(true);
UserCredentialModel credential = new UserCredentialModel();

2
model/tests/src/test/java/org/keycloak/model/test/CompositeRolesModelTest.java
View file

@ -57,7 +57,7 @@ public class CompositeRolesModelTest extends AbstractModelTest {
Set<RoleModel> requestedRoles = new HashSet<RoleModel>();
RealmModel realm = realmManager.getRealm("Test");
UserModel user = realm.getUser(username);
UserModel user = realmManager.getSession().users().getUserByUsername(username, realm);
ApplicationModel application = realm.getApplicationByName(applicationName);
Set<RoleModel> roleMappings = user.getRoleMappings();

29
model/tests/src/test/java/org/keycloak/model/test/ImportTest.java
View file

@ -10,6 +10,7 @@ import org.keycloak.models.AuthenticationLinkModel;
import org.keycloak.models.AuthenticationProviderModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredCredentialModel;
import org.keycloak.models.RoleModel;
@ -50,7 +51,7 @@ public class ImportTest extends AbstractModelTest {
commit();
realm = realmManager.getRealm("demo");
assertDataImportedInRealm(realm);
assertDataImportedInRealm(realmManager.getSession(), realm);
commit();
@ -59,7 +60,7 @@ public class ImportTest extends AbstractModelTest {
}
// Moved to static method, so it's possible to test this from other places too (for example export-import tests)
public static void assertDataImportedInRealm(RealmModel realm) {
public static void assertDataImportedInRealm(KeycloakSession session, RealmModel realm) {
Assert.assertTrue(realm.isVerifyEmail());
Assert.assertFalse(realm.isUpdateProfileOnInitialSocialLogin());
@ -72,9 +73,9 @@ public class ImportTest extends AbstractModelTest {
Assert.assertNotNull(realm.getRole("foo"));
Assert.assertNotNull(realm.getRole("bar"));
UserModel user = realm.getUser("loginclient");
UserModel user = session.users().getUserByUsername("loginclient", realm);
Assert.assertNotNull(user);
Assert.assertEquals(0, realm.getSocialLinks(user).size());
Assert.assertEquals(0, session.users().getSocialLinks(user, realm).size());
List<ApplicationModel> resources = realm.getApplications();
for (ApplicationModel app : resources) {
@ -103,14 +104,14 @@ public class ImportTest extends AbstractModelTest {
// Test role mappings
UserModel admin = realm.getUser("admin");
UserModel admin = session.users().getUserByUsername("admin", realm);
Set<RoleModel> allRoles = admin.getRoleMappings();
Assert.assertEquals(3, allRoles.size());
Assert.assertTrue(allRoles.contains(realm.getRole("admin")));
Assert.assertTrue(allRoles.contains(application.getRole("app-admin")));
Assert.assertTrue(allRoles.contains(otherApp.getRole("otherapp-admin")));
UserModel wburke = realm.getUser("wburke");
UserModel wburke = session.users().getUserByUsername("wburke", realm);
allRoles = wburke.getRoleMappings();
Assert.assertEquals(2, allRoles.size());
Assert.assertFalse(allRoles.contains(realm.getRole("admin")));
@ -147,8 +148,8 @@ public class ImportTest extends AbstractModelTest {
// Test social linking
UserModel socialUser = realm.getUser("mySocialUser");
Set<SocialLinkModel> socialLinks = realm.getSocialLinks(socialUser);
UserModel socialUser = session.users().getUserByUsername("mySocialUser", realm);
Set<SocialLinkModel> socialLinks = session.users().getSocialLinks(socialUser, realm);
Assert.assertEquals(3, socialLinks.size());
boolean facebookFound = false;
boolean googleFound = false;
@ -170,19 +171,19 @@ public class ImportTest extends AbstractModelTest {
}
Assert.assertTrue(facebookFound && twitterFound && googleFound);
UserModel foundSocialUser = realm.getUserBySocialLink(new SocialLinkModel("facebook", "facebook1", "fbuser1"));
UserModel foundSocialUser = session.users().getUserBySocialLink(new SocialLinkModel("facebook", "facebook1", "fbuser1"), realm);
Assert.assertEquals(foundSocialUser.getUsername(), socialUser.getUsername());
Assert.assertNull(realm.getUserBySocialLink(new SocialLinkModel("facebook", "not-existing", "not-existing")));
Assert.assertNull(session.users().getUserBySocialLink(new SocialLinkModel("facebook", "not-existing", "not-existing"), realm));
SocialLinkModel foundSocialLink = realm.getSocialLink(socialUser, "facebook");
SocialLinkModel foundSocialLink = session.users().getSocialLink(socialUser, "facebook", realm);
Assert.assertEquals("facebook1", foundSocialLink.getSocialUserId());
Assert.assertEquals("fbuser1", foundSocialLink.getSocialUsername());
Assert.assertEquals("facebook", foundSocialLink.getSocialProvider());
// Test removing social link
Assert.assertTrue(realm.removeSocialLink(socialUser, "facebook"));
Assert.assertNull(realm.getSocialLink(socialUser, "facebook"));
Assert.assertFalse(realm.removeSocialLink(socialUser, "facebook"));
Assert.assertTrue(session.users().removeSocialLink(realm, socialUser, "facebook"));
Assert.assertNull(session.users().getSocialLink(socialUser, "facebook", realm));
Assert.assertFalse(session.users().removeSocialLink(realm, socialUser, "facebook"));
// Test smtp config
Map<String, String> smtpConfig = realm.getSmtpConfig();

18
model/tests/src/test/java/org/keycloak/model/test/MultipleRealmsTest.java
View file

@ -31,8 +31,8 @@ public class MultipleRealmsTest extends AbstractModelTest {
@Test
public void testUsers() {
UserModel r1user1 = realm1.getUser("user1");
UserModel r2user1 = realm2.getUser("user1");
UserModel r1user1 = realmManager.getSession().users().getUserByUsername("user1", realm1);
UserModel r2user1 = realmManager.getSession().users().getUserByUsername("user1", realm2);
Assert.assertEquals(r1user1.getUsername(), r2user1.getUsername());
Assert.assertNotEquals(r1user1.getId(), r2user1.getId());
@ -46,16 +46,16 @@ public class MultipleRealmsTest extends AbstractModelTest {
Assert.assertTrue(realm2.validatePassword(r2user1, "pass2"));
// Test searching
Assert.assertEquals(2, realm1.searchForUser("user").size());
Assert.assertEquals(2, realmManager.getSession().users().searchForUser("user", realm1).size());
commit();
realm1 = model.getRealm("id1");
realm2 = model.getRealm("id2");
realm1.removeUser("user1");
realm1.removeUser("user2");
Assert.assertEquals(0, realm1.searchForUser("user").size());
Assert.assertEquals(2, realm2.searchForUser("user").size());
realmManager.getSession().users().removeUser(realm1, "user1");
realmManager.getSession().users().removeUser(realm1, "user2");
Assert.assertEquals(0, realmManager.getSession().users().searchForUser("user", realm1).size());
Assert.assertEquals(2, realmManager.getSession().users().searchForUser("user", realm2).size());
}
@Test
@ -90,8 +90,8 @@ public class MultipleRealmsTest extends AbstractModelTest {
ApplicationModel app1 = realm.addApplication("app1");
realm.addApplication("app2");
realm.addUser("user1");
realm.addUser("user2");
realmManager.getSession().users().addUser(realm, "user1");
realmManager.getSession().users().addUser(realm, "user2");
realm.addRole("role1");
realm.addRole("role2");

23
model/tests/src/test/java/org/keycloak/model/test/UserModelTest.java
View file

@ -4,6 +4,7 @@ import org.junit.Assert;
import org.junit.Test;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserModel.RequiredAction;
@ -16,7 +17,8 @@ public class UserModelTest extends AbstractModelTest {
@Test
public void persistUser() {
RealmModel realm = realmManager.createRealm("original");
UserModel user = realm.addUser("user");
KeycloakSession session = realmManager.getSession();
UserModel user = session.users().addUser(realm, "user");
user.setFirstName("first-name");
user.setLastName("last-name");
user.setEmail("email");
@ -24,11 +26,13 @@ public class UserModelTest extends AbstractModelTest {
user.addRequiredAction(RequiredAction.CONFIGURE_TOTP);
user.addRequiredAction(RequiredAction.UPDATE_PASSWORD);
UserModel persisted = realmManager.getRealm(realm.getId()).getUser("user");
RealmModel searchRealm = realmManager.getRealm(realm.getId());
UserModel persisted = session.users().getUserByUsername("user", searchRealm);
assertEquals(user, persisted);
UserModel persisted2 = realmManager.getRealm(realm.getId()).getUserById(user.getId());
searchRealm = realmManager.getRealm(realm.getId());
UserModel persisted2 = session.users().getUserById(user.getId(), searchRealm);
assertEquals(user, persisted2);
}
@ -72,7 +76,8 @@ public class UserModelTest extends AbstractModelTest {
@Test
public void testUserRequiredActions() throws Exception {
RealmModel realm = realmManager.createRealm("original");
UserModel user = realm.addUser("user");
KeycloakSession session = realmManager.getSession();
UserModel user = session.users().addUser(realm, "user");
Assert.assertTrue(user.getRequiredActions().isEmpty());
@ -80,32 +85,32 @@ public class UserModelTest extends AbstractModelTest {
String id = realm.getId();
commit();
realm = realmManager.getRealm(id);
user = realm.getUser("user");
user = session.users().getUserByUsername("user", realm);
Assert.assertEquals(1, user.getRequiredActions().size());
Assert.assertTrue(user.getRequiredActions().contains(RequiredAction.CONFIGURE_TOTP));
user.addRequiredAction(UserModel.RequiredAction.CONFIGURE_TOTP);
user = realm.getUser("user");
user = session.users().getUserByUsername("user", realm);
Assert.assertEquals(1, user.getRequiredActions().size());
Assert.assertTrue(user.getRequiredActions().contains(RequiredAction.CONFIGURE_TOTP));
user.addRequiredAction(UserModel.RequiredAction.VERIFY_EMAIL);
user = realm.getUser("user");
user = session.users().getUserByUsername("user", realm);
Assert.assertEquals(2, user.getRequiredActions().size());
Assert.assertTrue(user.getRequiredActions().contains(RequiredAction.CONFIGURE_TOTP));
Assert.assertTrue(user.getRequiredActions().contains(RequiredAction.VERIFY_EMAIL));
user.removeRequiredAction(UserModel.RequiredAction.CONFIGURE_TOTP);
user = realm.getUser("user");
user = session.users().getUserByUsername("user", realm);
Assert.assertEquals(1, user.getRequiredActions().size());
Assert.assertTrue(user.getRequiredActions().contains(RequiredAction.VERIFY_EMAIL));
user.removeRequiredAction(UserModel.RequiredAction.VERIFY_EMAIL);
user = realm.getUser("user");
user = session.users().getUserByUsername("user", realm);
Assert.assertTrue(user.getRequiredActions().isEmpty());
}

4
project-integrations/aerogear-ups/auth-server/src/main/java/org/aerogear/ups/security/UpsSecurityApplication.java
View file

@ -30,8 +30,8 @@ public class UpsSecurityApplication extends KeycloakApplication {
try {
RealmManager manager = new RealmManager(session);
RealmModel master = manager.getKeycloakAdminstrationRealm();
UserModel admin = master.getUser("admin");
if (admin != null) master.removeUser(admin.getUsername());
UserModel admin = session.users().getUserByUsername("admin", master);
if (admin != null) session.users().removeUser(master, admin.getUsername());
session.getTransaction().commit();
} finally {
session.close();

18
services/src/main/java/org/keycloak/services/DefaultKeycloakSession.java
View file

@ -7,6 +7,7 @@ import org.keycloak.models.ModelProvider;
import org.keycloak.models.UserProvider;
import org.keycloak.models.UserSessionProvider;
import org.keycloak.models.cache.CacheModelProvider;
import org.keycloak.models.cache.CacheUserProvider;
import org.keycloak.provider.Provider;
import org.keycloak.provider.ProviderFactory;
@ -24,6 +25,7 @@ public class DefaultKeycloakSession implements KeycloakSession {
private final Map<Integer, Provider> providers = new HashMap<Integer, Provider>();
private final DefaultKeycloakTransactionManager transactionManager;
private ModelProvider model;
private UserProvider userModel;
private UserSessionProvider sessionProvider;
public DefaultKeycloakSession(DefaultKeycloakSessionFactory factory) {
@ -39,6 +41,14 @@ public class DefaultKeycloakSession implements KeycloakSession {
}
}
private UserProvider getUserProvider() {
if (factory.getDefaultProvider(CacheUserProvider.class) != null) {
return getProvider(CacheUserProvider.class);
} else {
return getProvider(UserProvider.class);
}
}
@Override
public KeycloakTransactionManager getTransaction() {
return transactionManager;
@ -91,6 +101,14 @@ public class DefaultKeycloakSession implements KeycloakSession {
return model;
}
@Override
public UserProvider users() {
if (userModel == null) {
userModel = getUserProvider();
}
return userModel;
}
@Override
public UserSessionProvider sessions() {
if (sessionProvider == null) {

7
services/src/main/java/org/keycloak/services/managers/AccessCodeEntry.java
View file

@ -3,6 +3,7 @@ package org.keycloak.services.managers;
import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
@ -26,10 +27,12 @@ import java.util.UUID;
public class AccessCodeEntry {
protected AccessCode accessCode;
protected RealmModel realm;
KeycloakSession keycloakSession;
public AccessCodeEntry(RealmModel realm, AccessCode accessCode) {
public AccessCodeEntry(KeycloakSession keycloakSession, RealmModel realm, AccessCode accessCode) {
this.realm = realm;
this.accessCode = accessCode;
this.keycloakSession = keycloakSession;
}
public String getCodeId() {
@ -37,7 +40,7 @@ public class AccessCodeEntry {
}
public UserModel getUser() {
return realm.getUserById(accessCode.getAccessToken().getSubject());
return keycloakSession.users().getUserById(accessCode.getAccessToken().getSubject(), realm);
}
public String getSessionState() {

2
services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java
View file

@ -63,7 +63,7 @@ public class ApplianceBootstrap {
realm.setAuditListeners(Collections.singleton("jboss-logging"));
UserModel adminUser = realm.addUser("admin");
UserModel adminUser = session.users().addUser(realm, "admin");
adminUser.setEnabled(true);
UserCredentialModel password = new UserCredentialModel();
password.setType(UserCredentialModel.PASSWORD);

6
services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
View file

@ -196,7 +196,7 @@ public class AuthenticationManager {
}
}
UserModel user = realm.getUserById(token.getSubject());
UserModel user = session.users().getUserById(token.getSubject(), realm);
if (user == null || !user.isEnabled() ) {
logger.info("Unknown user in identity token");
return null;
@ -253,12 +253,12 @@ public class AuthenticationManager {
}
protected AuthenticationStatus authenticateInternal(KeycloakSession session, RealmModel realm, MultivaluedMap<String, String> formData, String username) {
UserModel user = KeycloakModelUtils.findUserByNameOrEmail(realm, username);
UserModel user = KeycloakModelUtils.findUserByNameOrEmail(session, realm, username);
if (user == null) {
AuthUser authUser = AuthenticationProviderManager.getManager(realm, session).getUser(username);
if (authUser != null) {
// Create new user and link him with authentication provider
user = realm.addUser(authUser.getUsername());
user = session.users().addUser(realm, authUser.getUsername());
user.setEnabled(true);
user.setFirstName(authUser.getFirstName());
user.setLastName(authUser.getLastName());

8
services/src/main/java/org/keycloak/services/managers/RealmManager.java
View file

@ -244,6 +244,8 @@ public class RealmManager {
}
}
private void setupMasterAdminManagement(RealmModel realm) {
RealmModel adminRealm;
RoleModel adminRole;
@ -527,7 +529,7 @@ public class RealmManager {
public UserModel createUser(RealmModel newRealm, UserRepresentation userRep, Map<String, ApplicationModel> appMap) {
UserModel user = newRealm.addUser(userRep.getId(), userRep.getUsername(), false);
UserModel user = session.users().addUser(newRealm, userRep.getId(), userRep.getUsername(), false);
user.setEnabled(userRep.isEnabled());
user.setEmail(userRep.getEmail());
user.setFirstName(userRep.getFirstName());
@ -556,7 +558,7 @@ public class RealmManager {
if (userRep.getSocialLinks() != null) {
for (SocialLinkRepresentation socialLink : userRep.getSocialLinks()) {
SocialLinkModel mappingModel = new SocialLinkModel(socialLink.getSocialProvider(), socialLink.getSocialUserId(), socialLink.getSocialUsername());
newRealm.addSocialLink(user, mappingModel);
session.users().addSocialLink(newRealm, user, mappingModel);
}
}
if (userRep.getRealmRoles() != null) {
@ -603,7 +605,7 @@ public class RealmManager {
if (searchString == null) {
return Collections.emptyList();
}
return realmModel.searchForUser(searchString.trim());
return session.users().searchForUser(searchString.trim(), realmModel);
}
public void addRequiredCredential(RealmModel newRealm, String requiredCred) {

9
services/src/main/java/org/keycloak/services/managers/ResourceAdminManager.java
View file

@ -8,6 +8,7 @@ import org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor;
import org.keycloak.TokenIdGenerator;
import org.keycloak.adapters.AdapterConstants;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.adapters.action.LogoutAction;
@ -34,11 +35,11 @@ import java.util.Map;
public class ResourceAdminManager {
protected static Logger logger = Logger.getLogger(ResourceAdminManager.class);
public SessionStats getSessionStats(URI requestUri, RealmModel realm, ApplicationModel application, boolean users) {
public SessionStats getSessionStats(URI requestUri, KeycloakSession session, RealmModel realm, ApplicationModel application, boolean users) {
ApacheHttpClient4Executor executor = createExecutor();
try {
return getSessionStats(requestUri, realm, application, users, executor);
return getSessionStats(requestUri, session, realm, application, users, executor);
} finally {
executor.getHttpClient().getConnectionManager().shutdown();
}
@ -52,7 +53,7 @@ public class ResourceAdminManager {
return new ApacheHttpClient4Executor(client);
}
public SessionStats getSessionStats(URI requestUri, RealmModel realm, ApplicationModel application, boolean users, ApacheHttpClient4Executor client) {
public SessionStats getSessionStats(URI requestUri, KeycloakSession session, RealmModel realm, ApplicationModel application, boolean users, ApacheHttpClient4Executor client) {
String managementUrl = getManagementUrl(requestUri, application);
if (managementUrl != null) {
SessionStatsAction adminAction = new SessionStatsAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, application.getName());
@ -77,7 +78,7 @@ public class ResourceAdminManager {
if (users && stats.getUsers() != null) {
Map<String, UserStats> newUsers = new HashMap<String, UserStats>();
for (Map.Entry<String, UserStats> entry : stats.getUsers().entrySet()) {
UserModel user = realm.getUserById(entry.getKey());
UserModel user = session.users().getUserById(entry.getKey(), realm);
if (user == null) continue;
newUsers.put(user.getUsername(), entry.getValue());

14
services/src/main/java/org/keycloak/services/managers/TokenManager.java
View file

@ -43,7 +43,7 @@ import java.util.UUID;
public class TokenManager {
protected static final Logger logger = Logger.getLogger(TokenManager.class);
public AccessCodeEntry parseCode(String code, RealmModel realm) {
public AccessCodeEntry parseCode(String code, KeycloakSession session, RealmModel realm) {
try {
JWSInput input = new JWSInput(code);
if (!RSAProvider.verify(input, realm.getPublicKey())) {
@ -51,7 +51,7 @@ public class TokenManager {
return null;
}
AccessCode accessCode = input.readJsonContent(AccessCode.class);
return new AccessCodeEntry(realm, accessCode);
return new AccessCodeEntry(session, realm, accessCode);
} catch (Exception e) {
logger.error("error parsing access code", e);
return null;
@ -75,11 +75,11 @@ public class TokenManager {
public AccessCodeEntry createAccessCode(String scopeParam, String state, String redirect, RealmModel realm, ClientModel client, UserModel user, UserSessionModel session) {
return createAccessCodeEntry(scopeParam, state, redirect, realm, client, user, session);
public AccessCodeEntry createAccessCode(String scopeParam, String state, String redirect, KeycloakSession keycloakSession, RealmModel realm, ClientModel client, UserModel user, UserSessionModel session) {
return createAccessCodeEntry(scopeParam, state, redirect, keycloakSession, realm, client, user, session);
}
private AccessCodeEntry createAccessCodeEntry(String scopeParam, String state, String redirect, RealmModel realm, ClientModel client, UserModel user, UserSessionModel session) {
private AccessCodeEntry createAccessCodeEntry(String scopeParam, String state, String redirect, KeycloakSession keycloakSession, RealmModel realm, ClientModel client, UserModel user, UserSessionModel session) {
List<RoleModel> realmRolesRequested = new LinkedList<RoleModel>();
MultivaluedMap<String, RoleModel> resourceRolesRequested = new MultivaluedMapImpl<String, RoleModel>();
@ -92,7 +92,7 @@ public class TokenManager {
code.setExpiration(Time.currentTime() + realm.getAccessCodeLifespan());
code.setState(state);
code.setRedirectUri(redirect);
AccessCodeEntry entry = new AccessCodeEntry(realm, code);
AccessCodeEntry entry = new AccessCodeEntry(keycloakSession, realm, code);
return entry;
}
@ -118,7 +118,7 @@ public class TokenManager {
audit.user(refreshToken.getSubject()).session(refreshToken.getSessionState()).detail(Details.REFRESH_TOKEN_ID, refreshToken.getId());
UserModel user = realm.getUserById(refreshToken.getSubject());
UserModel user = session.users().getUserById(refreshToken.getSubject(), realm);
if (user == null) {
throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Invalid refresh token", "Unknown user");
}

2
services/src/main/java/org/keycloak/services/managers/UserManager.java Normal file → Executable file
View file

@ -17,7 +17,7 @@ public class UserManager {
}
public boolean removeUser(RealmModel realm, UserModel user) {
if (realm.removeUser(user.getUsername())) {
if (session.users().removeUser(realm, user.getUsername())) {
UserSessionProvider sessions = session.sessions();
if (sessions != null) {
sessions.onUserRemoved(realm, user);

6
services/src/main/java/org/keycloak/services/resources/AccountService.java
View file

@ -516,12 +516,12 @@ public class AccountService {
return account.setError(Messages.SOCIAL_REDIRECT_ERROR).createResponse(AccountPages.SOCIAL);
}
case REMOVE:
SocialLinkModel link = realm.getSocialLink(user, providerId);
SocialLinkModel link = session.users().getSocialLink(user, providerId, realm);
if (link != null) {
// Removing last social provider is not possible if you don't have other possibility to authenticate
if (realm.getSocialLinks(user).size() > 1 || user.getAuthenticationLink() != null) {
realm.removeSocialLink(user, providerId);
if (session.users().getSocialLinks(user, realm).size() > 1 || user.getAuthenticationLink() != null) {
session.users().removeSocialLink(realm, user, providerId);
logger.debug("Social provider " + providerId + " removed successfully from user " + user.getUsername());

16
services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java
View file

@ -226,7 +226,7 @@ public class RequiredActionsService {
// Password reset through email won't have an associated session
if (accessCode.getSessionState() == null) {
UserSessionModel userSession = session.sessions().createUserSession(realm, realm.getUserById(accessCode.getUser().getId()), clientConnection.getRemoteAddr());
UserSessionModel userSession = session.sessions().createUserSession(realm, session.users().getUserById(accessCode.getUser().getId(), realm), clientConnection.getRemoteAddr());
accessCode.getToken().setSessionState(userSession.getId());
audit.session(userSession);
}
@ -239,7 +239,7 @@ public class RequiredActionsService {
@GET
public Response emailVerification() {
if (uriInfo.getQueryParameters().containsKey("key")) {
AccessCodeEntry accessCode = tokenManager.parseCode(uriInfo.getQueryParameters().getFirst("key"), realm);
AccessCodeEntry accessCode = tokenManager.parseCode(uriInfo.getQueryParameters().getFirst("key"), session, realm);
if (accessCode == null || accessCode.isExpired()
|| !accessCode.hasRequiredAction(RequiredAction.VERIFY_EMAIL)) {
return unauthorized();
@ -275,7 +275,7 @@ public class RequiredActionsService {
@GET
public Response passwordReset() {
if (uriInfo.getQueryParameters().containsKey("key")) {
AccessCodeEntry accessCode = tokenManager.parseCode(uriInfo.getQueryParameters().getFirst("key"), realm);
AccessCodeEntry accessCode = tokenManager.parseCode(uriInfo.getQueryParameters().getFirst("key"), session, realm);
accessCode.setAuthMethod("form");
if (accessCode == null || accessCode.isExpired()
|| !accessCode.hasRequiredAction(RequiredAction.UPDATE_PASSWORD)) {
@ -317,9 +317,9 @@ public class RequiredActionsService {
.detail(Details.AUTH_METHOD, "form")
.detail(Details.USERNAME, username);
UserModel user = realm.getUser(username);
UserModel user = session.users().getUserByUsername(username, realm);
if (user == null && username.contains("@")) {
user = realm.getUserByEmail(username);
user = session.users().getUserByEmail(username, realm);
}
if (user == null) {
@ -329,7 +329,7 @@ public class RequiredActionsService {
Set<RequiredAction> requiredActions = new HashSet<RequiredAction>(user.getRequiredActions());
requiredActions.add(RequiredAction.UPDATE_PASSWORD);
AccessCodeEntry accessCode = tokenManager.createAccessCode(scopeParam, state, redirect, realm, client, user, null);
AccessCodeEntry accessCode = tokenManager.createAccessCode(scopeParam, state, redirect, session, realm, client, user, null);
accessCode.setRequiredActions(requiredActions);
accessCode.setAuthMethod("form");
accessCode.setUsernameUsed(username);
@ -360,7 +360,7 @@ public class RequiredActionsService {
return null;
}
AccessCodeEntry accessCodeEntry = tokenManager.parseCode(code, realm);
AccessCodeEntry accessCodeEntry = tokenManager.parseCode(code, session, realm);
if (accessCodeEntry == null) {
logger.debug("getAccessCodeEntry access code entry null");
return null;
@ -381,7 +381,7 @@ public class RequiredActionsService {
}
private UserModel getUser(AccessCodeEntry accessCode) {
return realm.getUser(accessCode.getUser().getUsername());
return session.users().getUserByUsername(accessCode.getUser().getUsername(), realm);
}
private Response redirectOauth(UserModel user, AccessCodeEntry accessCode) {

10
services/src/main/java/org/keycloak/services/resources/SocialResource.java
View file

@ -182,12 +182,12 @@ public class SocialResource {
audit.detail(Details.USERNAME, socialUser.getId() + "@" + provider.getId());
SocialLinkModel socialLink = new SocialLinkModel(provider.getId(), socialUser.getId(), socialUser.getUsername());
UserModel user = realm.getUserBySocialLink(socialLink);
UserModel user = session.users().getUserBySocialLink(socialLink, realm);
// Check if user is already authenticated (this means linking social into existing user account)
String userId = initialRequest.getUser();
if (userId != null) {
UserModel authenticatedUser = realm.getUserById(userId);
UserModel authenticatedUser = session.users().getUserById(userId, realm);
audit.event(EventType.SOCIAL_LINK).user(userId);
@ -211,7 +211,7 @@ public class SocialResource {
return oauth.forwardToSecurityFailure("Unknown redirectUri");
}
realm.addSocialLink(authenticatedUser, socialLink);
session.users().addSocialLink(realm, authenticatedUser, socialLink);
logger.debug("Social provider " + provider.getId() + " linked with user " + authenticatedUser.getUsername());
audit.success();
@ -225,7 +225,7 @@ public class SocialResource {
return oauth.forwardToSecurityFailure("Registration not allowed");
}
user = realm.addUser(KeycloakModelUtils.generateId());
user = session.users().addUser(realm, KeycloakModelUtils.generateId());
user.setEnabled(true);
user.setFirstName(socialUser.getFirstName());
user.setLastName(socialUser.getLastName());
@ -235,7 +235,7 @@ public class SocialResource {
user.addRequiredAction(UserModel.RequiredAction.UPDATE_PROFILE);
}
realm.addSocialLink(user, socialLink);
session.users().addSocialLink(realm, user, socialLink);
audit.clone().user(user).event(EventType.REGISTER)
.detail(Details.REGISTER_METHOD, "social@" + provider.getId())

14
services/src/main/java/org/keycloak/services/resources/TokenService.java
View file

@ -232,7 +232,7 @@ public class TokenService {
}
audit.detail(Details.USERNAME, username);
UserModel user = realm.getUser(username);
UserModel user = session.users().getUserByUsername(username, realm);
if (user != null) audit.user(user);
ClientModel client = authorizeClient(authorizationHeader, form, audit);
@ -418,7 +418,7 @@ public class TokenService {
authManager.expireRememberMeCookie(realm, uriInfo);
}
UserModel user = KeycloakModelUtils.findUserByNameOrEmail(realm, username);
UserModel user = KeycloakModelUtils.findUserByNameOrEmail(session, realm, username);
if (user != null) {
audit.user(user);
}
@ -534,12 +534,12 @@ public class TokenService {
AuthenticationProviderManager authenticationProviderManager = AuthenticationProviderManager.getManager(realm, session);
// Validate that user with this username doesn't exist in realm or any authentication provider
if (realm.getUser(username) != null || authenticationProviderManager.getUser(username) != null) {
if (session.users().getUserByUsername(username, realm) != null || authenticationProviderManager.getUser(username) != null) {
audit.error(Errors.USERNAME_IN_USE);
return Flows.forms(session, realm, uriInfo).setError(Messages.USERNAME_EXISTS).setFormData(formData).createRegistration();
}
UserModel user = realm.addUser(username);
UserModel user = session.users().addUser(realm, username);
user.setEnabled(true);
user.setFirstName(formData.getFirst("firstName"));
user.setLastName(formData.getFirst("lastName"));
@ -624,7 +624,7 @@ public class TokenService {
AccessCodeEntry accessCode = tokenManager.parseCode(code, realm);
AccessCodeEntry accessCode = tokenManager.parseCode(code, session, realm);
if (accessCode == null) {
Map<String, String> res = new HashMap<String, String>();
res.put(OAuth2Constants.ERROR, "invalid_grant");
@ -665,7 +665,7 @@ public class TokenService {
.build();
}
UserModel user = realm.getUserById(accessCode.getUser().getId());
UserModel user = session.users().getUserById(accessCode.getUser().getId(), realm);
if (user == null) {
Map<String, String> res = new HashMap<String, String>();
res.put(OAuth2Constants.ERROR, "invalid_grant");
@ -969,7 +969,7 @@ public class TokenService {
String code = formData.getFirst(OAuth2Constants.CODE);
AccessCodeEntry accessCodeEntry = tokenManager.parseCode(code, realm);
AccessCodeEntry accessCodeEntry = tokenManager.parseCode(code, session, realm);
if (accessCodeEntry == null) {
audit.error(Errors.INVALID_CODE);
return oauth.forwardToSecurityFailure("Unknown access code.");

4
services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java
View file

@ -301,7 +301,7 @@ public class ApplicationResource {
if (users) stats.setUsers(new HashMap<String, UserStats>());
return stats;
}
SessionStats stats = new ResourceAdminManager().getSessionStats(uriInfo.getRequestUri(), realm, application, users);
SessionStats stats = new ResourceAdminManager().getSessionStats(uriInfo.getRequestUri(), session, realm, application, users);
if (stats == null) {
logger.info("app returned null stats");
} else {
@ -371,7 +371,7 @@ public class ApplicationResource {
@POST
public void logout(final @PathParam("username") String username) {
auth.requireManage();
UserModel user = realm.getUser(username);
UserModel user = session.users().getUserByUsername(username, realm);
if (user == null) {
throw new NotFoundException("User not found");
}

2
services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
View file

@ -260,7 +260,7 @@ public class RealmAdminResource {
Map<String, SessionStats> stats = new HashMap<String, SessionStats>();
for (ApplicationModel applicationModel : realm.getApplications()) {
if (applicationModel.getManagementUrl() == null) continue;
SessionStats appStats = new ResourceAdminManager().getSessionStats(uriInfo.getRequestUri(), realm, applicationModel, false);
SessionStats appStats = new ResourceAdminManager().getSessionStats(uriInfo.getRequestUri(), this.session, realm, applicationModel, false);
stats.put(applicationModel.getName(), appStats);
}
return stats;

52
services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
View file

@ -99,7 +99,7 @@ public class UsersResource {
auth.requireManage();
try {
UserModel user = realm.getUser(username);
UserModel user = session.users().getUserByUsername(username, realm);
if (user == null) {
throw new NotFoundException("User not found");
}
@ -124,7 +124,7 @@ public class UsersResource {
auth.requireManage();
try {
UserModel user = realm.addUser(rep.getUsername());
UserModel user = session.users().addUser(realm, rep.getUsername());
updateUserFromRep(user, rep);
return Response.created(uriInfo.getAbsolutePathBuilder().path(user.getUsername()).build()).build();
@ -174,7 +174,7 @@ public class UsersResource {
public UserRepresentation getUser(final @PathParam("username") String username) {
auth.requireView();
UserModel user = realm.getUser(username);
UserModel user = session.users().getUserByUsername(username, realm);
if (user == null) {
throw new NotFoundException("User not found");
}
@ -197,7 +197,7 @@ public class UsersResource {
public Map<String, UserStats> getSessionStats(final @PathParam("username") String username) {
logger.info("session-stats");
auth.requireView();
UserModel user = realm.getUser(username);
UserModel user = session.users().getUserByUsername(username, realm);
if (user == null) {
throw new NotFoundException("User not found");
}
@ -224,7 +224,7 @@ public class UsersResource {
public List<UserSessionRepresentation> getSessions(final @PathParam("username") String username) {
logger.info("sessions");
auth.requireView();
UserModel user = realm.getUser(username);
UserModel user = session.users().getUserByUsername(username, realm);
if (user == null) {
throw new NotFoundException("User not found");
}
@ -249,11 +249,11 @@ public class UsersResource {
@Produces(MediaType.APPLICATION_JSON)
public List<SocialLinkRepresentation> getSocialLinks(final @PathParam("username") String username) {
auth.requireView();
UserModel user = realm.getUser(username);
UserModel user = session.users().getUserByUsername(username, realm);
if (user == null) {
throw new NotFoundException("User not found");
}
Set<SocialLinkModel> socialLinks = realm.getSocialLinks(user);
Set<SocialLinkModel> socialLinks = session.users().getSocialLinks(user, realm);
List<SocialLinkRepresentation> result = new ArrayList<SocialLinkRepresentation>();
for (SocialLinkModel socialLink : socialLinks) {
SocialLinkRepresentation rep = ModelToRepresentation.toRepresentation(socialLink);
@ -272,7 +272,7 @@ public class UsersResource {
@POST
public void logout(final @PathParam("username") String username) {
auth.requireManage();
UserModel user = realm.getUser(username);
UserModel user = session.users().getUserByUsername(username, realm);
if (user == null) {
throw new NotFoundException("User not found");
}
@ -291,7 +291,7 @@ public class UsersResource {
public void deleteUser(final @PathParam("username") String username) {
auth.requireManage();
UserModel user = realm.getUser(username);
UserModel user = session.users().getUserByUsername(username, realm);
if (user == null) {
throw new NotFoundException("User not found");
}
@ -338,12 +338,12 @@ public class UsersResource {
if (username != null) {
attributes.put(UserModel.LOGIN_NAME, username);
}
userModels = realm.searchForUserByAttributes(attributes);
userModels = session.users().searchForUserByAttributes(attributes, realm);
for (UserModel user : userModels) {
results.add(ModelToRepresentation.toRepresentation(user));
}
} else {
userModels = realm.getUsers();
userModels = session.users().getUsers(realm);
}
for (UserModel user : userModels) {
@ -365,7 +365,7 @@ public class UsersResource {
public MappingsRepresentation getRoleMappings(@PathParam("username") String username) {
auth.requireView();
UserModel user = realm.getUser(username);
UserModel user = session.users().getUserByUsername(username, realm);
if (user == null) {
throw new NotFoundException("User not found");
}
@ -416,7 +416,7 @@ public class UsersResource {
public List<RoleRepresentation> getRealmRoleMappings(@PathParam("username") String username) {
auth.requireView();
UserModel user = realm.getUser(username);
UserModel user = session.users().getUserByUsername(username, realm);
if (user == null) {
throw new NotFoundException("User not found");
}
@ -442,7 +442,7 @@ public class UsersResource {
public List<RoleRepresentation> getCompositeRealmRoleMappings(@PathParam("username") String username) {
auth.requireView();
UserModel user = realm.getUser(username);
UserModel user = session.users().getUserByUsername(username, realm);
if (user == null) {
throw new NotFoundException("User not found");
}
@ -470,7 +470,7 @@ public class UsersResource {
public List<RoleRepresentation> getAvailableRealmRoleMappings(@PathParam("username") String username) {
auth.requireView();
UserModel user = realm.getUser(username);
UserModel user = session.users().getUserByUsername(username, realm);
if (user == null) {
throw new NotFoundException("User not found");
}
@ -492,7 +492,7 @@ public class UsersResource {
auth.requireManage();
logger.debugv("** addRealmRoleMappings: {0}", roles);
UserModel user = realm.getUser(username);
UserModel user = session.users().getUserByUsername(username, realm);
if (user == null) {
throw new NotFoundException("User not found");
}
@ -521,7 +521,7 @@ public class UsersResource {
auth.requireManage();
logger.debug("deleteRealmRoleMappings");
UserModel user = realm.getUser(username);
UserModel user = session.users().getUserByUsername(username, realm);
if (user == null) {
throw new NotFoundException("User not found");
}
@ -559,7 +559,7 @@ public class UsersResource {
logger.debug("getApplicationRoleMappings");
UserModel user = realm.getUser(username);
UserModel user = session.users().getUserByUsername(username, realm);
if (user == null) {
throw new NotFoundException("User not found");
}
@ -595,7 +595,7 @@ public class UsersResource {
logger.debug("getCompositeApplicationRoleMappings");
UserModel user = realm.getUser(username);
UserModel user = session.users().getUserByUsername(username, realm);
if (user == null) {
throw new NotFoundException("User not found");
}
@ -631,7 +631,7 @@ public class UsersResource {
logger.debug("getApplicationRoleMappings");
UserModel user = realm.getUser(username);
UserModel user = session.users().getUserByUsername(username, realm);
if (user == null) {
throw new NotFoundException("User not found");
}
@ -673,7 +673,7 @@ public class UsersResource {
auth.requireManage();
logger.debug("addApplicationRoleMapping");
UserModel user = realm.getUser(username);
UserModel user = session.users().getUserByUsername(username, realm);
if (user == null) {
throw new NotFoundException("User not found");
}
@ -707,7 +707,7 @@ public class UsersResource {
public void deleteApplicationRoleMapping(@PathParam("username") String username, @PathParam("app") String appName, List<RoleRepresentation> roles) {
auth.requireManage();
UserModel user = realm.getUser(username);
UserModel user = session.users().getUserByUsername(username, realm);
if (user == null) {
throw new NotFoundException("User not found");
}
@ -752,7 +752,7 @@ public class UsersResource {
public void resetPassword(@PathParam("username") String username, CredentialRepresentation pass) {
auth.requireManage();
UserModel user = realm.getUser(username);
UserModel user = session.users().getUserByUsername(username, realm);
if (user == null) {
throw new NotFoundException("User not found");
}
@ -776,7 +776,7 @@ public class UsersResource {
public void removeTotp(@PathParam("username") String username) {
auth.requireManage();
UserModel user = realm.getUser(username);
UserModel user = session.users().getUserByUsername(username, realm);
if (user == null) {
throw new NotFoundException("User not found");
}
@ -796,7 +796,7 @@ public class UsersResource {
public Response resetPasswordEmail(@PathParam("username") String username) {
auth.requireManage();
UserModel user = realm.getUser(username);
UserModel user = session.users().getUserByUsername(username, realm);
if (user == null) {
throw new NotFoundException("User not found");
}
@ -818,7 +818,7 @@ public class UsersResource {
Set<UserModel.RequiredAction> requiredActions = new HashSet<UserModel.RequiredAction>(user.getRequiredActions());
requiredActions.add(UserModel.RequiredAction.UPDATE_PASSWORD);
AccessCodeEntry accessCode = tokenManager.createAccessCode(scope, state, redirect, realm, client, user, null);
AccessCodeEntry accessCode = tokenManager.createAccessCode(scope, state, redirect, session, realm, client, user, null);
accessCode.setRequiredActions(requiredActions);
accessCode.setUsernameUsed(username);
accessCode.resetExpiration();

2
services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
View file

@ -130,7 +130,7 @@ public class OAuthFlows {
isEmailVerificationRequired(user);
boolean isResource = client instanceof ApplicationModel;
AccessCodeEntry accessCode = tokenManager.createAccessCode(scopeParam, state, redirect, realm, client, user, session);
AccessCodeEntry accessCode = tokenManager.createAccessCode(scopeParam, state, redirect, this.session, realm, client, user, session);
accessCode.setRememberMe(rememberMe);
accessCode.setAuthMethod(authMethod);
accessCode.setUsernameUsed(username);

2
testsuite/integration/src/main/java/org/keycloak/testutils/KeycloakServer.java
View file

@ -246,7 +246,7 @@ public class KeycloakServer {
RealmManager manager = new RealmManager(session);
RealmModel adminRealm = manager.getKeycloakAdminstrationRealm();
UserModel admin = adminRealm.getUser("admin");
UserModel admin = session.users().getUserByUsername("admin", adminRealm);
admin.removeRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
session.getTransaction().commit();

4
testsuite/integration/src/main/resources/META-INF/keycloak-server.json
View file

@ -11,6 +11,10 @@
"provider": "${keycloak.model.provider:jpa}"
},
"user": {
"provider": "${keycloak.user.provider:jpa}"
},
"userSessions": {
"provider" : "${keycloak.userSessions.provider:mem}"
},

6
testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java
View file

@ -76,11 +76,11 @@ public class AccountTest {
public static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
UserModel user = appRealm.getUser("test-user@localhost");
UserModel user = manager.getSession().users().getUserByUsername("test-user@localhost", appRealm);
ApplicationModel accountApp = appRealm.getApplicationNameMap().get(org.keycloak.models.Constants.ACCOUNT_MANAGEMENT_APP);
UserModel user2 = appRealm.addUser("test-user-no-access@localhost");
UserModel user2 = manager.getSession().users().addUser(appRealm, "test-user-no-access@localhost");
user2.setEnabled(true);
for (String r : accountApp.getDefaultRoles()) {
user2.deleteRoleMapping(accountApp.getRole(r));
@ -148,7 +148,7 @@ public class AccountTest {
keycloakRule.update(new KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel defaultRealm, RealmModel appRealm) {
UserModel user = appRealm.getUser("test-user@localhost");
UserModel user = manager.getSession().users().getUserByUsername("test-user@localhost", appRealm);
UserCredentialModel cred = new UserCredentialModel();
cred.setType(CredentialRepresentation.PASSWORD);

4
testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java
View file

@ -48,7 +48,7 @@ public class ProfileTest {
public static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
UserModel user = appRealm.getUser("test-user@localhost");
UserModel user = manager.getSession().users().getUserByUsername("test-user@localhost", appRealm);
user.setFirstName("First");
user.setLastName("Last");
user.setAttribute("key1", "value1");
@ -56,7 +56,7 @@ public class ProfileTest {
ApplicationModel accountApp = appRealm.getApplicationByName(org.keycloak.models.Constants.ACCOUNT_MANAGEMENT_APP);
UserModel user2 = appRealm.addUser("test-user-no-access@localhost");
UserModel user2 = manager.getSession().users().addUser(appRealm, "test-user-no-access@localhost");
user2.setEnabled(true);
for (String r : accountApp.getDefaultRoles()) {
user2.deleteRoleMapping(accountApp.getRole(r));

2
testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java
View file

@ -94,7 +94,7 @@ public class RequiredActionEmailVerificationTest {
public void config(RealmManager manager, RealmModel defaultRealm, RealmModel appRealm) {
appRealm.setVerifyEmail(true);
UserModel user = appRealm.getUser("test-user@localhost");
UserModel user = manager.getSession().users().getUserByUsername("test-user@localhost", appRealm);
user.setEmailVerified(false);
}

2
testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionMultipleActionsTest.java
View file

@ -54,7 +54,7 @@ public class RequiredActionMultipleActionsTest {
@Override
public void config(RealmManager manager, RealmModel defaultRealm, RealmModel appRealm) {
UserModel user = appRealm.getUser("test-user@localhost");
UserModel user = manager.getSession().users().getUserByUsername("test-user@localhost", appRealm);
user.addRequiredAction(RequiredAction.UPDATE_PROFILE);
user.addRequiredAction(RequiredAction.UPDATE_PASSWORD);
}

2
testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionResetPasswordTest.java
View file

@ -56,7 +56,7 @@ public class RequiredActionResetPasswordTest {
public void config(RealmManager manager, RealmModel defaultRealm, RealmModel appRealm) {
appRealm.setResetPasswordAllowed(true);
UserModel user = appRealm.getUser("test-user@localhost");
UserModel user = manager.getSession().users().getUserByUsername("test-user@localhost", appRealm);
user.addRequiredAction(RequiredAction.UPDATE_PASSWORD);
}

2
testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionUpdateProfileTest.java
View file

@ -72,7 +72,7 @@ public class RequiredActionUpdateProfileTest {
keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel defaultRealm, RealmModel appRealm) {
UserModel user = appRealm.getUser("test-user@localhost");
UserModel user = manager.getSession().users().getUserByUsername("test-user@localhost", appRealm);
user.addRequiredAction(UserModel.RequiredAction.UPDATE_PROFILE);
}
});

2
testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java
View file

@ -99,7 +99,7 @@ public class AdapterTest {
RealmModel adminRealm = manager.getRealm(Config.getAdminRealm());
ApplicationModel adminConsole = adminRealm.getApplicationByName(Constants.ADMIN_CONSOLE_APPLICATION);
TokenManager tm = new TokenManager();
UserModel admin = adminRealm.getUser("admin");
UserModel admin = session.users().getUserByUsername("admin", adminRealm);
UserSessionModel userSession = session.sessions().createUserSession(adminRealm, admin, null);
AccessToken token = tm.createClientAccessToken(null, adminRealm, adminConsole, admin, userSession);
return tm.encodeToken(adminRealm, token);

2
testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/RelativeUriAdapterTest.java
View file

@ -86,7 +86,7 @@ public class RelativeUriAdapterTest {
deployApplication("product-portal", "/product-portal", ProductServlet.class, url.getPath(), "user");
ApplicationModel adminConsole = adminRealm.getApplicationByName(Constants.ADMIN_CONSOLE_APPLICATION);
TokenManager tm = new TokenManager();
UserModel admin = adminRealm.getUser("admin");
UserModel admin = session.users().getUserByUsername("admin", adminRealm);
UserSessionModel userSession = session.sessions().createUserSession(adminRealm, admin, null);
AccessToken token = tm.createClientAccessToken(null, adminRealm, adminConsole, admin, userSession);
adminToken = tm.encodeToken(adminRealm, token);

2
testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminAPITest.java
View file

@ -78,7 +78,7 @@ public class AdminAPITest {
RealmModel adminRealm = manager.getRealm(Config.getAdminRealm());
ApplicationModel adminConsole = adminRealm.getApplicationByName(Constants.ADMIN_CONSOLE_APPLICATION);
TokenManager tm = new TokenManager();
UserModel admin = adminRealm.getUser("admin");
UserModel admin = session.users().getUserByUsername("admin", adminRealm);
UserSessionModel userSession = session.sessions().createUserSession(adminRealm, admin, null);
AccessToken token = tm.createClientAccessToken(null, adminRealm, adminConsole, admin, userSession);
return tm.encodeToken(adminRealm, token);

10
testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
View file

@ -76,12 +76,12 @@ public class CompositeRoleTest {
final RoleModel realmComposite1 = realm.addRole("REALM_COMPOSITE_1");
realmComposite1.addCompositeRole(realmRole1);
final UserModel realmComposite1User = realm.addUser("REALM_COMPOSITE_1_USER");
final UserModel realmComposite1User = session.users().addUser(realm, "REALM_COMPOSITE_1_USER");
realmComposite1User.setEnabled(true);
realmComposite1User.updateCredential(UserCredentialModel.password("password"));
realmComposite1User.grantRole(realmComposite1);
final UserModel realmRole1User = realm.addUser("REALM_ROLE_1_USER");
final UserModel realmRole1User = session.users().addUser(realm, "REALM_ROLE_1_USER");
realmRole1User.setEnabled(true);
realmRole1User.updateCredential(UserCredentialModel.password("password"));
realmRole1User.grantRole(realmRole1);
@ -115,12 +115,12 @@ public class CompositeRoleTest {
final RoleModel realmAppCompositeRole = realm.addRole("REALM_APP_COMPOSITE_ROLE");
realmAppCompositeRole.addCompositeRole(appRole1);
final UserModel realmAppCompositeUser = realm.addUser("REALM_APP_COMPOSITE_USER");
final UserModel realmAppCompositeUser = session.users().addUser(realm, "REALM_APP_COMPOSITE_USER");
realmAppCompositeUser.setEnabled(true);
realmAppCompositeUser.updateCredential(UserCredentialModel.password("password"));
realmAppCompositeUser.grantRole(realmAppCompositeRole);
final UserModel realmAppRoleUser = realm.addUser("REALM_APP_ROLE_USER");
final UserModel realmAppRoleUser = session.users().addUser(realm, "REALM_APP_ROLE_USER");
realmAppRoleUser.setEnabled(true);
realmAppRoleUser.updateCredential(UserCredentialModel.password("password"));
realmAppRoleUser.grantRole(appRole2);
@ -138,7 +138,7 @@ public class CompositeRoleTest {
appCompositeRole.addCompositeRole(realmRole3);
appCompositeRole.addCompositeRole(appRole1);
final UserModel appCompositeUser = realm.addUser("APP_COMPOSITE_USER");
final UserModel appCompositeUser = session.users().addUser(realm, "APP_COMPOSITE_USER");
appCompositeUser.setEnabled(true);
appCompositeUser.updateCredential(UserCredentialModel.password("password"));
appCompositeUser.grantRole(realmAppCompositeRole);

9
testsuite/integration/src/test/java/org/keycloak/testsuite/forms/AuthProvidersIntegrationTest.java
View file

@ -11,6 +11,7 @@ import org.junit.runners.MethodSorters;
import org.keycloak.OAuth2Constants;
import org.keycloak.model.test.LDAPTestUtils;
import org.keycloak.models.AuthenticationProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
@ -47,8 +48,8 @@ public class AuthProvidersIntegrationTest {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
addUser(appRealm, "mary", "mary@test.com", "password-app");
addUser(adminstrationRealm, "mary-admin", "mary@admin.com", "password-admin");
addUser(manager.getSession(), appRealm, "mary", "mary@test.com", "password-app");
addUser(manager.getSession(), adminstrationRealm, "mary-admin", "mary@admin.com", "password-admin");
AuthenticationProviderModel modelProvider = new AuthenticationProviderModel(AuthProviderConstants.PROVIDER_NAME_MODEL, false, Collections.EMPTY_MAP);
AuthenticationProviderModel picketlinkProvider = new AuthenticationProviderModel(AuthProviderConstants.PROVIDER_NAME_PICKETLINK, true, Collections.EMPTY_MAP);
@ -95,8 +96,8 @@ public class AuthProvidersIntegrationTest {
@WebResource
protected AccountPasswordPage changePasswordPage;
private static UserModel addUser(RealmModel realm, String username, String email, String password) {
UserModel user = realm.addUser(username);
private static UserModel addUser(KeycloakSession session, RealmModel realm, String username, String email, String password) {
UserModel user = session.users().addUser(realm, username);
user.setEmail(email);
user.setEnabled(true);

2
testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
View file

@ -51,7 +51,7 @@ public class LoginTest {
public static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
UserModel user = appRealm.addUser("login-test");
UserModel user = manager.getSession().users().addUser(appRealm, "login-test");
user.setEmail("login@test.com");
user.setEnabled(true);

2
testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTotpTest.java
View file

@ -58,7 +58,7 @@ public class LoginTotpTest {
@Override
public void config(RealmManager manager, RealmModel defaultRealm, RealmModel appRealm) {
UserModel user = appRealm.getUser("test-user@localhost");
UserModel user = manager.getSession().users().getUserByUsername("test-user@localhost", appRealm);
UserCredentialModel credentials = new UserCredentialModel();
credentials.setType(CredentialRepresentation.TOTP);

Some files were not shown because too many files have changed in this diff Show more