userprovider split
This commit is contained in:
parent
8f7efd5b67
commit
ff86bdc35f
110 changed files with 1467 additions and 1428 deletions
2
audit/email/src/main/java/org/keycloak/audit/email/EmailAuditListener.java
Normal file → Executable file
2
audit/email/src/main/java/org/keycloak/audit/email/EmailAuditListener.java
Normal file → Executable file
|
@ -37,7 +37,7 @@ public class EmailAuditListener implements AuditListener {
|
|||
if (includedEvents.contains(event.getEvent())) {
|
||||
if (event.getRealmId() != null && event.getUserId() != null) {
|
||||
RealmModel realm = model.getRealm(event.getRealmId());
|
||||
UserModel user = realm.getUserById(event.getUserId());
|
||||
UserModel user = session.users().getUserById(event.getUserId(), realm);
|
||||
if (user != null && user.getEmail() != null && user.isEmailVerified()) {
|
||||
try {
|
||||
emailProvider.setRealm(realm).setUser(user).sendEvent(event);
|
||||
|
|
|
@ -3,6 +3,7 @@ package org.keycloak.authentication.model;
|
|||
import java.util.Map;
|
||||
|
||||
import org.jboss.logging.Logger;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserCredentialModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
|
@ -22,17 +23,23 @@ public abstract class AbstractModelAuthenticationProvider implements Authenticat
|
|||
|
||||
private static final Logger logger = Logger.getLogger(AbstractModelAuthenticationProvider.class);
|
||||
|
||||
protected KeycloakSession keycloakSession;
|
||||
|
||||
protected AbstractModelAuthenticationProvider(KeycloakSession keycloakSession) {
|
||||
this.keycloakSession = keycloakSession;
|
||||
}
|
||||
|
||||
@Override
|
||||
public AuthUser getUser(RealmModel currentRealm, Map<String, String> config, String username) throws AuthenticationProviderException {
|
||||
RealmModel realm = getRealm(currentRealm, config);
|
||||
UserModel user = KeycloakModelUtils.findUserByNameOrEmail(realm, username);
|
||||
UserModel user = KeycloakModelUtils.findUserByNameOrEmail(keycloakSession, realm, username);
|
||||
return user == null ? null : createAuthenticatedUserInstance(user);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String registerUser(RealmModel currentRealm, Map<String, String> config, UserModel user) throws AuthenticationProviderException {
|
||||
RealmModel realm = getRealm(currentRealm, config);
|
||||
UserModel newUser = realm.addUser(user.getUsername());
|
||||
UserModel newUser = keycloakSession.users().addUser(realm, user.getUsername());
|
||||
newUser.setFirstName(user.getFirstName());
|
||||
newUser.setLastName(user.getLastName());
|
||||
newUser.setEmail(user.getEmail());
|
||||
|
@ -43,7 +50,7 @@ public abstract class AbstractModelAuthenticationProvider implements Authenticat
|
|||
@Override
|
||||
public AuthProviderStatus validatePassword(RealmModel currentRealm, Map<String, String> config, String username, String password) throws AuthenticationProviderException {
|
||||
RealmModel realm = getRealm(currentRealm, config);
|
||||
UserModel user = KeycloakModelUtils.findUserByNameOrEmail(realm, username);
|
||||
UserModel user = KeycloakModelUtils.findUserByNameOrEmail(keycloakSession, realm, username);
|
||||
|
||||
boolean result = realm.validatePassword(user, password);
|
||||
return result ? AuthProviderStatus.SUCCESS : AuthProviderStatus.INVALID_CREDENTIALS;
|
||||
|
@ -59,7 +66,7 @@ public abstract class AbstractModelAuthenticationProvider implements Authenticat
|
|||
throw new AuthenticationProviderException(error);
|
||||
}
|
||||
|
||||
UserModel user = realm.getUser(username);
|
||||
UserModel user = keycloakSession.users().getUserByUsername(username, realm);
|
||||
if (user == null) {
|
||||
logger.warnf("User '%s' doesn't exists. Skip password update", username);
|
||||
return false;
|
||||
|
|
5
authentication/authentication-model/src/main/java/org/keycloak/authentication/model/ExternalModelAuthenticationProvider.java
Normal file → Executable file
5
authentication/authentication-model/src/main/java/org/keycloak/authentication/model/ExternalModelAuthenticationProvider.java
Normal file → Executable file
|
@ -17,10 +17,9 @@ import java.util.Map;
|
|||
*/
|
||||
public class ExternalModelAuthenticationProvider extends AbstractModelAuthenticationProvider {
|
||||
|
||||
private ModelProvider model;
|
||||
|
||||
public ExternalModelAuthenticationProvider(KeycloakSession session) {
|
||||
this.model = session.model();
|
||||
super(session);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -40,7 +39,7 @@ public class ExternalModelAuthenticationProvider extends AbstractModelAuthentica
|
|||
throw new AuthenticationProviderException("Option '" + AuthProviderConstants.EXTERNAL_REALM_ID + "' not specified in configuration");
|
||||
}
|
||||
|
||||
RealmModel realm = model.getRealm(realmId);
|
||||
RealmModel realm = keycloakSession.model().getRealm(realmId);
|
||||
if (realm == null) {
|
||||
throw new AuthenticationProviderException("Realm with id '" + realmId + "' doesn't exists");
|
||||
}
|
||||
|
|
5
authentication/authentication-model/src/main/java/org/keycloak/authentication/model/ModelAuthenticationProvider.java
Normal file → Executable file
5
authentication/authentication-model/src/main/java/org/keycloak/authentication/model/ModelAuthenticationProvider.java
Normal file → Executable file
|
@ -4,6 +4,7 @@ import java.util.Collections;
|
|||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.authentication.AuthProviderConstants;
|
||||
|
||||
|
@ -14,6 +15,10 @@ import org.keycloak.authentication.AuthProviderConstants;
|
|||
*/
|
||||
public class ModelAuthenticationProvider extends AbstractModelAuthenticationProvider {
|
||||
|
||||
public ModelAuthenticationProvider(KeycloakSession keycloakSession) {
|
||||
super(keycloakSession);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getName() {
|
||||
return AuthProviderConstants.PROVIDER_NAME_MODEL;
|
||||
|
|
2
authentication/authentication-model/src/main/java/org/keycloak/authentication/model/ModelAuthenticationProviderFactory.java
Normal file → Executable file
2
authentication/authentication-model/src/main/java/org/keycloak/authentication/model/ModelAuthenticationProviderFactory.java
Normal file → Executable file
|
@ -13,7 +13,7 @@ public class ModelAuthenticationProviderFactory implements AuthenticationProvide
|
|||
|
||||
@Override
|
||||
public AuthenticationProvider create(KeycloakSession session) {
|
||||
return new ModelAuthenticationProvider();
|
||||
return new ModelAuthenticationProvider(session);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
4
export-import/export-import-impl/src/main/java/org/keycloak/exportimport/ExportImportProviderImpl.java
Normal file → Executable file
4
export-import/export-import-impl/src/main/java/org/keycloak/exportimport/ExportImportProviderImpl.java
Normal file → Executable file
|
@ -41,11 +41,11 @@ public class ExportImportProviderImpl implements ExportImportProvider {
|
|||
|
||||
if (export) {
|
||||
ExportWriter exportWriter = getProvider().getExportWriter();
|
||||
new ModelExporter().exportModel(session.model(), exportWriter);
|
||||
new ModelExporter().exportModel(session.users(), session.model(), exportWriter);
|
||||
logger.infof("Export finished successfully");
|
||||
} else {
|
||||
ImportReader importReader = getProvider().getImportReader();
|
||||
new ModelImporter().importModel(session.model(), importReader);
|
||||
new ModelImporter().importModel(session.users(), session.model(), importReader);
|
||||
logger.infof("Import finished successfully");
|
||||
}
|
||||
|
||||
|
|
|
@ -21,6 +21,7 @@ import org.keycloak.models.RoleModel;
|
|||
import org.keycloak.models.SocialLinkModel;
|
||||
import org.keycloak.models.UserCredentialValueModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.UserProvider;
|
||||
import org.keycloak.models.UsernameLoginFailureModel;
|
||||
import org.keycloak.models.entities.ApplicationEntity;
|
||||
import org.keycloak.models.entities.AuthenticationLinkEntity;
|
||||
|
@ -44,7 +45,7 @@ public class ModelExporter {
|
|||
private ExportWriter exportWriter;
|
||||
private ExportImportPropertiesManager propertiesManager;
|
||||
|
||||
public void exportModel(ModelProvider model, ExportWriter exportWriter) {
|
||||
public void exportModel(UserProvider userProvider, ModelProvider model, ExportWriter exportWriter) {
|
||||
// Initialize needed objects
|
||||
this.exportWriter = exportWriter;
|
||||
this.propertiesManager = new ExportImportPropertiesManager();
|
||||
|
@ -54,7 +55,7 @@ public class ModelExporter {
|
|||
exportApplications(model, "applications.json");
|
||||
exportOAuthClients(model, "oauthClients.json");
|
||||
exportRoles(model, "roles.json");
|
||||
exportUsers(model, "users.json");
|
||||
exportUsers(userProvider, model, "users.json");
|
||||
// exportUserFailures(model, "userFailures.json");
|
||||
|
||||
this.exportWriter.closeExportWriter();
|
||||
|
@ -199,12 +200,12 @@ public class ModelExporter {
|
|||
}
|
||||
}
|
||||
|
||||
protected void exportUsers(ModelProvider model, String fileName) {
|
||||
protected void exportUsers(UserProvider userProvider, ModelProvider model, String fileName) {
|
||||
List<RealmModel> realms = model.getRealms();
|
||||
List<UserEntity> result = new LinkedList<UserEntity>();
|
||||
|
||||
for (RealmModel realm : realms) {
|
||||
List<UserModel> userModels = realm.getUsers();
|
||||
List<UserModel> userModels = userProvider.getUsers(realm);
|
||||
for (UserModel userModel : userModels) {
|
||||
UserEntity userEntity = new UserEntity();
|
||||
userEntity.setId(userModel.getId());
|
||||
|
@ -225,7 +226,7 @@ public class ModelExporter {
|
|||
}
|
||||
|
||||
// social links
|
||||
Set<SocialLinkModel> socialLinks = realm.getSocialLinks(userModel);
|
||||
Set<SocialLinkModel> socialLinks = userProvider.getSocialLinks(userModel, realm);
|
||||
if (socialLinks != null && !socialLinks.isEmpty()) {
|
||||
List<SocialLinkEntity> socialLinkEntities = new ArrayList<SocialLinkEntity>();
|
||||
for (SocialLinkModel socialLink : socialLinks) {
|
||||
|
|
|
@ -24,6 +24,7 @@ import org.keycloak.models.RoleModel;
|
|||
import org.keycloak.models.SocialLinkModel;
|
||||
import org.keycloak.models.UserCredentialValueModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.UserProvider;
|
||||
import org.keycloak.models.UsernameLoginFailureModel;
|
||||
import org.keycloak.models.entities.ApplicationEntity;
|
||||
import org.keycloak.models.entities.AuthenticationLinkEntity;
|
||||
|
@ -48,7 +49,7 @@ public class ModelImporter {
|
|||
private ImportReader importReader;
|
||||
private ExportImportPropertiesManager propertiesManager;
|
||||
|
||||
public void importModel(ModelProvider model, ImportReader importReader) {
|
||||
public void importModel(UserProvider userModel, ModelProvider model, ImportReader importReader) {
|
||||
// Initialize needed objects
|
||||
this.importReader = importReader;
|
||||
this.propertiesManager = new ExportImportPropertiesManager();
|
||||
|
@ -62,7 +63,7 @@ public class ModelImporter {
|
|||
importApplicationsStep2(model, "applications.json");
|
||||
|
||||
importOAuthClients(model, "oauthClients.json");
|
||||
importUsers(model, "users.json");
|
||||
importUsers(userModel, model, "users.json");
|
||||
// importUserFailures(model, "userFailures.json");
|
||||
|
||||
this.importReader.closeImportReader();
|
||||
|
@ -237,11 +238,11 @@ public class ModelImporter {
|
|||
return null;
|
||||
}
|
||||
|
||||
public void importUsers(ModelProvider model, String fileName) {
|
||||
public void importUsers(UserProvider userModel, ModelProvider model, String fileName) {
|
||||
List<UserEntity> users = this.importReader.readEntities(fileName, UserEntity.class);
|
||||
for (UserEntity userEntity : users) {
|
||||
RealmModel realm = model.getRealm(userEntity.getRealmId());
|
||||
UserModel user = realm.addUser(userEntity.getId(), userEntity.getUsername(), false);
|
||||
UserModel user = userModel.addUser(realm, userEntity.getId(), userEntity.getUsername(), false);
|
||||
|
||||
// We need to remove defaultRoles here as realm.addUser is automatically adding them. We may add them later during roles mapping processing
|
||||
for (RoleModel role : user.getRoleMappings()) {
|
||||
|
@ -266,7 +267,7 @@ public class ModelImporter {
|
|||
SocialLinkModel socialLink = new SocialLinkModel();
|
||||
this.propertiesManager.setBasicPropertiesToModel(socialLink, socialLinkEntity);
|
||||
|
||||
realm.addSocialLink(user, socialLink);
|
||||
userModel.addSocialLink(realm, user, socialLink);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
6
export-import/export-import-impl/src/test/java/org/keycloak/exportimport/ExportImportTestBase.java
Normal file → Executable file
6
export-import/export-import-impl/src/test/java/org/keycloak/exportimport/ExportImportTestBase.java
Normal file → Executable file
|
@ -56,7 +56,7 @@ public abstract class ExportImportTestBase {
|
|||
|
||||
beginTransaction();
|
||||
realm = session.model().getRealm("demo");
|
||||
String wburkeId = realm.getUser("wburke").getId();
|
||||
String wburkeId = session.users().getUserByUsername("wburke", realm).getId();
|
||||
String appId = realm.getApplicationByName("Application").getId();
|
||||
|
||||
// Commit transaction and close JPA now
|
||||
|
@ -75,9 +75,9 @@ public abstract class ExportImportTestBase {
|
|||
RealmModel importedRealm = session.model().getRealm("demo");
|
||||
System.out.println("Exported realm: " + realm + ", Imported realm: " + importedRealm);
|
||||
|
||||
Assert.assertEquals(wburkeId, importedRealm.getUser("wburke").getId());
|
||||
Assert.assertEquals(wburkeId, session.users().getUserByUsername("wburke", importedRealm).getId());
|
||||
Assert.assertEquals(appId, importedRealm.getApplicationByName("Application").getId());
|
||||
ImportTest.assertDataImportedInRealm(importedRealm);
|
||||
ImportTest.assertDataImportedInRealm(session, importedRealm);
|
||||
|
||||
// Commit and close Mongo
|
||||
commitTransaction();
|
||||
|
|
|
@ -124,7 +124,7 @@ public class FreeMarkerAccountProvider implements AccountProvider {
|
|||
attributes.put("totp", new TotpBean(user, baseUri));
|
||||
break;
|
||||
case SOCIAL:
|
||||
attributes.put("social", new AccountSocialBean(realm, user, uriInfo.getBaseUri()));
|
||||
attributes.put("social", new AccountSocialBean(session, realm, user, uriInfo.getBaseUri()));
|
||||
break;
|
||||
case LOG:
|
||||
attributes.put("log", new LogBean(events));
|
||||
|
|
|
@ -8,6 +8,7 @@ import java.util.Set;
|
|||
|
||||
import javax.ws.rs.core.UriBuilder;
|
||||
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.SocialLinkModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
|
@ -22,13 +23,15 @@ public class AccountSocialBean {
|
|||
|
||||
private final List<SocialLinkEntry> socialLinks;
|
||||
private final boolean removeLinkPossible;
|
||||
private final KeycloakSession session;
|
||||
|
||||
public AccountSocialBean(RealmModel realm, UserModel user, URI baseUri) {
|
||||
public AccountSocialBean(KeycloakSession session, RealmModel realm, UserModel user, URI baseUri) {
|
||||
this.session = session;
|
||||
URI accountSocialUpdateUri = Urls.accountSocialUpdate(baseUri, realm.getName());
|
||||
this.socialLinks = new LinkedList<SocialLinkEntry>();
|
||||
|
||||
Map<String, String> socialConfig = realm.getSocialConfig();
|
||||
Set<SocialLinkModel> userSocialLinks = realm.getSocialLinks(user);
|
||||
Set<SocialLinkModel> userSocialLinks = session.users().getSocialLinks(user, realm);
|
||||
|
||||
int availableLinks = 0;
|
||||
if (socialConfig != null && !socialConfig.isEmpty()) {
|
||||
|
|
|
@ -42,4 +42,5 @@ public interface KeycloakSession {
|
|||
|
||||
void close();
|
||||
|
||||
UserProvider users();
|
||||
}
|
||||
|
|
|
@ -18,17 +18,6 @@ public interface ModelProvider extends Provider {
|
|||
RealmModel getRealm(String id);
|
||||
RealmModel getRealmByName(String name);
|
||||
|
||||
UserModel getUserById(String id, RealmModel realm);
|
||||
UserModel getUserByUsername(String username, RealmModel realm);
|
||||
UserModel getUserByEmail(String email, RealmModel realm);
|
||||
UserModel getUserBySocialLink(SocialLinkModel socialLink, RealmModel realm);
|
||||
List<UserModel> getUsers(RealmModel realm);
|
||||
List<UserModel> searchForUser(String search, RealmModel realm);
|
||||
List<UserModel> searchForUserByAttributes(Map<String, String> attributes, RealmModel realm);
|
||||
|
||||
Set<SocialLinkModel> getSocialLinks(UserModel user, RealmModel realm);
|
||||
SocialLinkModel getSocialLink(UserModel user, String socialProvider, RealmModel realm);
|
||||
|
||||
RoleModel getRoleById(String id, RealmModel realm);
|
||||
ApplicationModel getApplicationById(String id, RealmModel realm);
|
||||
OAuthClientModel getOAuthClientById(String id, RealmModel realm);
|
||||
|
|
|
@ -110,18 +110,6 @@ public interface RealmModel extends RoleContainerModel {
|
|||
|
||||
boolean validateTOTP(UserModel user, String password, String token);
|
||||
|
||||
UserModel getUser(String name);
|
||||
|
||||
UserModel getUserByEmail(String email);
|
||||
|
||||
UserModel getUserById(String name);
|
||||
|
||||
UserModel addUser(String id, String username, boolean addDefaultRoles);
|
||||
|
||||
UserModel addUser(String username);
|
||||
|
||||
boolean removeUser(String name);
|
||||
|
||||
RoleModel getRoleById(String id);
|
||||
|
||||
List<String> getDefaultRoles();
|
||||
|
@ -147,16 +135,6 @@ public interface RealmModel extends RoleContainerModel {
|
|||
|
||||
void updateRequiredCredentials(Set<String> creds);
|
||||
|
||||
UserModel getUserBySocialLink(SocialLinkModel socialLink);
|
||||
|
||||
Set<SocialLinkModel> getSocialLinks(UserModel user);
|
||||
|
||||
SocialLinkModel getSocialLink(UserModel user, String socialProvider);
|
||||
|
||||
void addSocialLink(UserModel user, SocialLinkModel socialLink);
|
||||
|
||||
boolean removeSocialLink(UserModel user, String socialProvider);
|
||||
|
||||
boolean isSocial();
|
||||
|
||||
void setSocial(boolean social);
|
||||
|
@ -165,12 +143,6 @@ public interface RealmModel extends RoleContainerModel {
|
|||
|
||||
void setUpdateProfileOnInitialSocialLogin(boolean updateProfileOnInitialSocialLogin);
|
||||
|
||||
List<UserModel> getUsers();
|
||||
|
||||
List<UserModel> searchForUser(String search);
|
||||
|
||||
List<UserModel> searchForUserByAttributes(Map<String, String> attributes);
|
||||
|
||||
OAuthClientModel addOAuthClient(String name);
|
||||
|
||||
OAuthClientModel addOAuthClient(String id, String name);
|
||||
|
|
|
@ -13,12 +13,13 @@ import java.util.Set;
|
|||
public interface UserProvider extends Provider {
|
||||
// Note: The reason there are so many query methods here is for layering a cache on top of an persistent KeycloakSession
|
||||
|
||||
KeycloakTransaction getTransaction();
|
||||
|
||||
UserModel addUser(RealmModel realm, String id, String username, boolean addDefaultRoles);
|
||||
UserModel addUser(RealmModel realm, String username);
|
||||
boolean removeUser(RealmModel realm, String name);
|
||||
|
||||
public void addSocialLink(RealmModel realm, UserModel user, SocialLinkModel socialLink);
|
||||
public boolean removeSocialLink(RealmModel realm, UserModel user, String socialProvider);
|
||||
|
||||
UserModel getUserById(String id, RealmModel realm);
|
||||
UserModel getUserByUsername(String username, RealmModel realm);
|
||||
UserModel getUserByEmail(String email, RealmModel realm);
|
||||
|
|
27
model/api/src/main/java/org/keycloak/models/UserSpi.java
Executable file
27
model/api/src/main/java/org/keycloak/models/UserSpi.java
Executable file
|
@ -0,0 +1,27 @@
|
|||
package org.keycloak.models;
|
||||
|
||||
import org.keycloak.provider.Provider;
|
||||
import org.keycloak.provider.ProviderFactory;
|
||||
import org.keycloak.provider.Spi;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||
*/
|
||||
public class UserSpi implements Spi {
|
||||
|
||||
@Override
|
||||
public String getName() {
|
||||
return "user";
|
||||
}
|
||||
|
||||
@Override
|
||||
public Class<? extends Provider> getProviderClass() {
|
||||
return UserProvider.class;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Class<? extends ProviderFactory> getProviderFactoryClass() {
|
||||
return UserProviderFactory.class;
|
||||
}
|
||||
|
||||
}
|
7
model/api/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java
Normal file → Executable file
7
model/api/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java
Normal file → Executable file
|
@ -10,6 +10,7 @@ import java.util.UUID;
|
|||
import java.util.concurrent.atomic.AtomicLong;
|
||||
|
||||
import org.bouncycastle.openssl.PEMWriter;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
|
@ -92,10 +93,10 @@ public final class KeycloakModelUtils {
|
|||
* @param username username or email of user
|
||||
* @return found user
|
||||
*/
|
||||
public static UserModel findUserByNameOrEmail(RealmModel realm, String username) {
|
||||
UserModel user = realm.getUser(username);
|
||||
public static UserModel findUserByNameOrEmail(KeycloakSession session, RealmModel realm, String username) {
|
||||
UserModel user = session.users().getUserByUsername(username, realm);
|
||||
if (user == null && username.contains("@")) {
|
||||
user = realm.getUserByEmail(username);
|
||||
user = session.users().getUserByEmail(username, realm);
|
||||
}
|
||||
return user;
|
||||
}
|
||||
|
|
1
model/api/src/main/resources/META-INF/services/org.keycloak.provider.Spi
Normal file → Executable file
1
model/api/src/main/resources/META-INF/services/org.keycloak.provider.Spi
Normal file → Executable file
|
@ -1,2 +1,3 @@
|
|||
org.keycloak.models.ModelSpi
|
||||
org.keycloak.models.UserSessionSpi
|
||||
org.keycloak.models.UserSpi
|
|
@ -19,7 +19,7 @@ public class ApplicationAdapter extends ClientAdapter implements ApplicationMode
|
|||
protected ApplicationModel updated;
|
||||
protected CachedApplication cached;
|
||||
|
||||
public ApplicationAdapter(RealmModel cachedRealm, CachedApplication cached, CacheModelProvider cacheSession, KeycloakCache cache) {
|
||||
public ApplicationAdapter(RealmModel cachedRealm, CachedApplication cached, CacheModelProvider cacheSession, RealmCache cache) {
|
||||
super(cachedRealm, cached, cache, cacheSession);
|
||||
this.cached = cached;
|
||||
}
|
||||
|
|
15
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheUserProvider.java
vendored
Executable file
15
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheUserProvider.java
vendored
Executable file
|
@ -0,0 +1,15 @@
|
|||
package org.keycloak.models.cache;
|
||||
|
||||
import org.keycloak.models.ModelProvider;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserProvider;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public interface CacheUserProvider extends UserProvider {
|
||||
UserProvider getDelegate();
|
||||
|
||||
void registerUserInvalidation(RealmModel realm, String id);
|
||||
}
|
11
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheUserProviderFactory.java
vendored
Executable file
11
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheUserProviderFactory.java
vendored
Executable file
|
@ -0,0 +1,11 @@
|
|||
package org.keycloak.models.cache;
|
||||
|
||||
import org.keycloak.provider.ProviderFactory;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public interface CacheUserProviderFactory extends ProviderFactory<CacheUserProvider> {
|
||||
|
||||
}
|
27
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheUserProviderSpi.java
vendored
Executable file
27
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheUserProviderSpi.java
vendored
Executable file
|
@ -0,0 +1,27 @@
|
|||
package org.keycloak.models.cache;
|
||||
|
||||
import org.keycloak.provider.Provider;
|
||||
import org.keycloak.provider.ProviderFactory;
|
||||
import org.keycloak.provider.Spi;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class CacheUserProviderSpi implements Spi {
|
||||
|
||||
@Override
|
||||
public String getName() {
|
||||
return "userCache";
|
||||
}
|
||||
|
||||
@Override
|
||||
public Class<? extends Provider> getProviderClass() {
|
||||
return CacheUserProvider.class;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Class<? extends ProviderFactory> getProviderFactoryClass() {
|
||||
return CacheUserProviderFactory.class;
|
||||
}
|
||||
}
|
|
@ -4,7 +4,6 @@ import org.keycloak.models.ClientModel;
|
|||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RoleContainerModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
import org.keycloak.models.UserSessionModel;
|
||||
import org.keycloak.models.cache.entities.CachedClient;
|
||||
|
||||
import java.util.HashSet;
|
||||
|
@ -19,9 +18,9 @@ public abstract class ClientAdapter implements ClientModel {
|
|||
protected CacheModelProvider cacheSession;
|
||||
protected ClientModel updatedClient;
|
||||
protected RealmModel cachedRealm;
|
||||
protected KeycloakCache cache;
|
||||
protected RealmCache cache;
|
||||
|
||||
public ClientAdapter(RealmModel cachedRealm, CachedClient cached, KeycloakCache cache, CacheModelProvider cacheSession) {
|
||||
public ClientAdapter(RealmModel cachedRealm, CachedClient cached, RealmCache cache, CacheModelProvider cacheSession) {
|
||||
this.cachedRealm = cachedRealm;
|
||||
this.cache = cache;
|
||||
this.cacheSession = cacheSession;
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
package org.keycloak.models.cache;
|
||||
|
||||
import org.keycloak.models.ApplicationModel;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.KeycloakTransaction;
|
||||
import org.keycloak.models.ModelProvider;
|
||||
|
@ -10,8 +9,6 @@ import org.keycloak.models.RealmModel;
|
|||
import org.keycloak.models.RoleModel;
|
||||
import org.keycloak.models.SocialLinkModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.UserSessionModel;
|
||||
import org.keycloak.models.UsernameLoginFailureModel;
|
||||
import org.keycloak.models.cache.entities.CachedApplication;
|
||||
import org.keycloak.models.cache.entities.CachedApplicationRole;
|
||||
import org.keycloak.models.cache.entities.CachedOAuthClient;
|
||||
|
@ -31,7 +28,7 @@ import java.util.Set;
|
|||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class DefaultCacheModelProvider implements CacheModelProvider {
|
||||
protected KeycloakCache cache;
|
||||
protected RealmCache cache;
|
||||
protected KeycloakSession session;
|
||||
protected ModelProvider delegate;
|
||||
protected boolean transactionActive;
|
||||
|
@ -50,7 +47,7 @@ public class DefaultCacheModelProvider implements CacheModelProvider {
|
|||
|
||||
protected boolean clearAll;
|
||||
|
||||
public DefaultCacheModelProvider(KeycloakCache cache, KeycloakSession session) {
|
||||
public DefaultCacheModelProvider(RealmCache cache, KeycloakSession session) {
|
||||
this.cache = cache;
|
||||
this.session = session;
|
||||
|
||||
|
@ -103,10 +100,6 @@ public class DefaultCacheModelProvider implements CacheModelProvider {
|
|||
for (String id : clientInvalidations) {
|
||||
cache.invalidateCachedOAuthClientById(id);
|
||||
}
|
||||
for (String id : userInvalidations) {
|
||||
cache.invalidateCachedUserById(id);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
private KeycloakTransaction getTransaction() {
|
||||
|
@ -200,63 +193,6 @@ public class DefaultCacheModelProvider implements CacheModelProvider {
|
|||
return adapter;
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserById(String id, RealmModel realm) {
|
||||
CachedUser cached = cache.getCachedUser(id);
|
||||
if (cached == null) {
|
||||
UserModel model = getDelegate().getUserById(id, realm);
|
||||
if (model == null) return null;
|
||||
if (userInvalidations.contains(id)) return model;
|
||||
cached = new CachedUser(realm, model);
|
||||
cache.addCachedUser(cached);
|
||||
} else if (userInvalidations.contains(id)) {
|
||||
return getDelegate().getUserById(id, realm);
|
||||
} else if (managedUsers.containsKey(id)) {
|
||||
return managedUsers.get(id);
|
||||
}
|
||||
UserAdapter adapter = new UserAdapter(cached, cache, this, realm);
|
||||
managedUsers.put(id, adapter);
|
||||
return adapter;
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserByUsername(String username, RealmModel realm) {
|
||||
CachedUser cached = cache.getCachedUserByUsername(username, realm);
|
||||
if (cached == null) {
|
||||
UserModel model = getDelegate().getUserByUsername(username, realm);
|
||||
if (model == null) return null;
|
||||
if (userInvalidations.contains(model.getId())) return model;
|
||||
cached = new CachedUser(realm, model);
|
||||
cache.addCachedUser(cached);
|
||||
} else if (userInvalidations.contains(cached.getId())) {
|
||||
return getDelegate().getUserById(cached.getId(), realm);
|
||||
} else if (managedUsers.containsKey(cached.getId())) {
|
||||
return managedUsers.get(cached.getId());
|
||||
}
|
||||
UserAdapter adapter = new UserAdapter(cached, cache, this, realm);
|
||||
managedUsers.put(cached.getId(), adapter);
|
||||
return adapter;
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserByEmail(String email, RealmModel realm) {
|
||||
CachedUser cached = cache.getCachedUserByEmail(email, realm);
|
||||
if (cached == null) {
|
||||
UserModel model = getDelegate().getUserByEmail(email, realm);
|
||||
if (model == null) return null;
|
||||
if (userInvalidations.contains(model.getId())) return model;
|
||||
cached = new CachedUser(realm, model);
|
||||
cache.addCachedUser(cached);
|
||||
} else if (userInvalidations.contains(cached.getId())) {
|
||||
return getDelegate().getUserByEmail(email, realm);
|
||||
} else if (managedUsers.containsKey(cached.getId())) {
|
||||
return managedUsers.get(cached.getId());
|
||||
}
|
||||
UserAdapter adapter = new UserAdapter(cached, cache, this, realm);
|
||||
managedUsers.put(cached.getId(), adapter);
|
||||
return adapter;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<RealmModel> getRealms() {
|
||||
// we don't cache this for now
|
||||
|
@ -277,36 +213,6 @@ public class DefaultCacheModelProvider implements CacheModelProvider {
|
|||
if (delegate != null) delegate.close();
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserBySocialLink(SocialLinkModel socialLink, RealmModel realm) {
|
||||
return getDelegate().getUserBySocialLink(socialLink, realm);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserModel> getUsers(RealmModel realm) {
|
||||
return getDelegate().getUsers(realm);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserModel> searchForUser(String search, RealmModel realm) {
|
||||
return getDelegate().searchForUser(search, realm);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserModel> searchForUserByAttributes(Map<String, String> attributes, RealmModel realm) {
|
||||
return getDelegate().searchForUserByAttributes(attributes, realm);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<SocialLinkModel> getSocialLinks(UserModel user, RealmModel realm) {
|
||||
return getDelegate().getSocialLinks(user, realm);
|
||||
}
|
||||
|
||||
@Override
|
||||
public SocialLinkModel getSocialLink(UserModel user, String socialProvider, RealmModel realm) {
|
||||
return getDelegate().getSocialLink(user, socialProvider, realm);
|
||||
}
|
||||
|
||||
@Override
|
||||
public RoleModel getRoleById(String id, RealmModel realm) {
|
||||
CachedRole cached = cache.getRole(id);
|
||||
|
|
241
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/DefaultCacheUserProvider.java
vendored
Executable file
241
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/DefaultCacheUserProvider.java
vendored
Executable file
|
@ -0,0 +1,241 @@
|
|||
package org.keycloak.models.cache;
|
||||
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.KeycloakTransaction;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
import org.keycloak.models.SocialLinkModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.UserProvider;
|
||||
import org.keycloak.models.cache.entities.CachedUser;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class DefaultCacheUserProvider implements CacheUserProvider {
|
||||
protected UserCache cache;
|
||||
protected KeycloakSession session;
|
||||
protected UserProvider delegate;
|
||||
protected boolean transactionActive;
|
||||
protected boolean setRollbackOnly;
|
||||
|
||||
protected Map<String, String> userInvalidations = new HashMap<String, String>();
|
||||
protected Set<String> realmInvalidations = new HashSet<String>();
|
||||
protected Map<String, UserModel> managedUsers = new HashMap<String, UserModel>();
|
||||
|
||||
protected boolean clearAll;
|
||||
|
||||
public DefaultCacheUserProvider(UserCache cache, KeycloakSession session) {
|
||||
this.cache = cache;
|
||||
this.session = session;
|
||||
|
||||
session.getTransaction().enlistAfterCompletion(getTransaction());
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserProvider getDelegate() {
|
||||
if (!transactionActive) throw new IllegalStateException("Cannot access delegate without a transaction");
|
||||
if (delegate != null) return delegate;
|
||||
delegate = session.getProvider(UserProvider.class);
|
||||
return delegate;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void registerUserInvalidation(RealmModel realm, String id) {
|
||||
userInvalidations.put(id, realm.getId());
|
||||
}
|
||||
|
||||
protected void runInvalidations() {
|
||||
for (Map.Entry<String, String> invalidation : userInvalidations.entrySet()) {
|
||||
cache.invalidateCachedUserById(invalidation.getValue(), invalidation.getKey());
|
||||
}
|
||||
for (String realmId : realmInvalidations) {
|
||||
cache.invalidateRealmUsers(realmId);
|
||||
}
|
||||
}
|
||||
|
||||
private KeycloakTransaction getTransaction() {
|
||||
return new KeycloakTransaction() {
|
||||
@Override
|
||||
public void begin() {
|
||||
transactionActive = true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void commit() {
|
||||
if (delegate == null) return;
|
||||
if (clearAll) {
|
||||
cache.clear();
|
||||
}
|
||||
runInvalidations();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void rollback() {
|
||||
setRollbackOnly = true;
|
||||
runInvalidations();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setRollbackOnly() {
|
||||
setRollbackOnly = true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean getRollbackOnly() {
|
||||
return setRollbackOnly;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isActive() {
|
||||
return transactionActive;
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserById(String id, RealmModel realm) {
|
||||
if (realmInvalidations.contains(realm.getId())) {
|
||||
return getDelegate().getUserById(id, realm);
|
||||
}
|
||||
if (userInvalidations.containsKey(id)) {
|
||||
return getDelegate().getUserById(id, realm);
|
||||
}
|
||||
|
||||
CachedUser cached = cache.getCachedUser(realm.getId(), id);
|
||||
if (cached == null) {
|
||||
UserModel model = getDelegate().getUserById(id, realm);
|
||||
if (model == null) return null;
|
||||
if (userInvalidations.containsKey(id)) return model;
|
||||
cached = new CachedUser(realm, model);
|
||||
cache.addCachedUser(realm.getId(), cached);
|
||||
} else if (managedUsers.containsKey(id)) {
|
||||
return managedUsers.get(id);
|
||||
}
|
||||
UserAdapter adapter = new UserAdapter(cached, this, session, realm);
|
||||
managedUsers.put(id, adapter);
|
||||
return adapter;
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserByUsername(String username, RealmModel realm) {
|
||||
if (realmInvalidations.contains(realm.getId())) {
|
||||
return getDelegate().getUserByUsername(username, realm);
|
||||
}
|
||||
CachedUser cached = cache.getCachedUserByUsername(realm.getId(), username);
|
||||
if (cached == null) {
|
||||
UserModel model = getDelegate().getUserByUsername(username, realm);
|
||||
if (model == null) return null;
|
||||
if (userInvalidations.containsKey(model.getId())) return model;
|
||||
cached = new CachedUser(realm, model);
|
||||
cache.addCachedUser(realm.getId(), cached);
|
||||
} else if (userInvalidations.containsKey(cached.getId())) {
|
||||
return getDelegate().getUserById(cached.getId(), realm);
|
||||
} else if (managedUsers.containsKey(cached.getId())) {
|
||||
return managedUsers.get(cached.getId());
|
||||
}
|
||||
UserAdapter adapter = new UserAdapter(cached, this, session, realm);
|
||||
managedUsers.put(cached.getId(), adapter);
|
||||
return adapter;
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserByEmail(String email, RealmModel realm) {
|
||||
if (realmInvalidations.contains(realm.getId())) {
|
||||
return getDelegate().getUserByEmail(email, realm);
|
||||
}
|
||||
CachedUser cached = cache.getCachedUserByEmail(realm.getId(), email);
|
||||
if (cached == null) {
|
||||
UserModel model = getDelegate().getUserByEmail(email, realm);
|
||||
if (model == null) return null;
|
||||
if (userInvalidations.containsKey(model.getId())) return model;
|
||||
cached = new CachedUser(realm, model);
|
||||
cache.addCachedUser(realm.getId(), cached);
|
||||
} else if (userInvalidations.containsKey(cached.getId())) {
|
||||
return getDelegate().getUserByEmail(email, realm);
|
||||
} else if (managedUsers.containsKey(cached.getId())) {
|
||||
return managedUsers.get(cached.getId());
|
||||
}
|
||||
UserAdapter adapter = new UserAdapter(cached, this, session, realm);
|
||||
managedUsers.put(cached.getId(), adapter);
|
||||
return adapter;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void close() {
|
||||
if (delegate != null) delegate.close();
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserBySocialLink(SocialLinkModel socialLink, RealmModel realm) {
|
||||
return getDelegate().getUserBySocialLink(socialLink, realm);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserModel> getUsers(RealmModel realm) {
|
||||
return getDelegate().getUsers(realm);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserModel> searchForUser(String search, RealmModel realm) {
|
||||
return getDelegate().searchForUser(search, realm);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserModel> searchForUserByAttributes(Map<String, String> attributes, RealmModel realm) {
|
||||
return getDelegate().searchForUserByAttributes(attributes, realm);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<SocialLinkModel> getSocialLinks(UserModel user, RealmModel realm) {
|
||||
return getDelegate().getSocialLinks(user, realm);
|
||||
}
|
||||
|
||||
@Override
|
||||
public SocialLinkModel getSocialLink(UserModel user, String socialProvider, RealmModel realm) {
|
||||
return getDelegate().getSocialLink(user, socialProvider, realm);
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel addUser(RealmModel realm, String id, String username, boolean addDefaultRoles) {
|
||||
return getDelegate().addUser(realm, id, username, addDefaultRoles);
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel addUser(RealmModel realm, String username) {
|
||||
return getDelegate().addUser(realm, username);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean removeUser(RealmModel realm, String name) {
|
||||
return getDelegate().removeUser(realm, name);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addSocialLink(RealmModel realm, UserModel user, SocialLinkModel socialLink) {
|
||||
getDelegate().addSocialLink(realm, user, socialLink);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean removeSocialLink(RealmModel realm, UserModel user, String socialProvider) {
|
||||
return getDelegate().removeSocialLink(realm, user, socialProvider);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void preRemove(RealmModel realm) {
|
||||
realmInvalidations.add(realm.getId());
|
||||
getDelegate().preRemove(realm);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void preRemove(RoleModel role) {
|
||||
getDelegate().preRemove(role);
|
||||
}
|
||||
}
|
|
@ -83,21 +83,6 @@ public class NoCacheModelProvider implements CacheModelProvider {
|
|||
return getDelegate().getRealmByName(name);
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserById(String id, RealmModel realm) {
|
||||
return getDelegate().getUserById(id, realm);
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserByUsername(String username, RealmModel realm) {
|
||||
return getDelegate().getUserByUsername(username, realm);
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserByEmail(String email, RealmModel realm) {
|
||||
return getDelegate().getUserByEmail(email, realm);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<RealmModel> getRealms() {
|
||||
// we don't cache this for now
|
||||
|
@ -114,36 +99,6 @@ public class NoCacheModelProvider implements CacheModelProvider {
|
|||
if (delegate != null) delegate.close();
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserBySocialLink(SocialLinkModel socialLink, RealmModel realm) {
|
||||
return getDelegate().getUserBySocialLink(socialLink, realm);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserModel> getUsers(RealmModel realm) {
|
||||
return getDelegate().getUsers(realm);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserModel> searchForUser(String search, RealmModel realm) {
|
||||
return getDelegate().searchForUser(search, realm);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserModel> searchForUserByAttributes(Map<String, String> attributes, RealmModel realm) {
|
||||
return getDelegate().searchForUserByAttributes(attributes, realm);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<SocialLinkModel> getSocialLinks(UserModel user, RealmModel realm) {
|
||||
return getDelegate().getSocialLinks(user, realm);
|
||||
}
|
||||
|
||||
@Override
|
||||
public SocialLinkModel getSocialLink(UserModel user, String socialProvider, RealmModel realm) {
|
||||
return getDelegate().getSocialLink(user, socialProvider, realm);
|
||||
}
|
||||
|
||||
@Override
|
||||
public RoleModel getRoleById(String id, RealmModel realm) {
|
||||
return getDelegate().getRoleById(id, realm);
|
||||
|
|
|
@ -12,7 +12,7 @@ public class OAuthClientAdapter extends ClientAdapter implements OAuthClientMode
|
|||
protected OAuthClientModel updated;
|
||||
protected CachedOAuthClient cached;
|
||||
|
||||
public OAuthClientAdapter(RealmModel cachedRealm, CachedOAuthClient cached, CacheModelProvider cacheSession, KeycloakCache cache) {
|
||||
public OAuthClientAdapter(RealmModel cachedRealm, CachedOAuthClient cached, CacheModelProvider cacheSession, RealmCache cache) {
|
||||
super(cachedRealm, cached, cache, cacheSession);
|
||||
this.cached = cached;
|
||||
}
|
||||
|
|
|
@ -13,11 +13,8 @@ import org.keycloak.models.SocialLinkModel;
|
|||
import org.keycloak.models.UserCredentialModel;
|
||||
import org.keycloak.models.UserCredentialValueModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.UserSessionModel;
|
||||
import org.keycloak.models.UsernameLoginFailureModel;
|
||||
import org.keycloak.models.cache.entities.CachedRealm;
|
||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||
import org.keycloak.models.utils.Pbkdf2PasswordEncoder;
|
||||
import org.keycloak.models.utils.TimeBasedOTP;
|
||||
|
||||
import java.security.PrivateKey;
|
||||
|
@ -37,7 +34,7 @@ public class RealmAdapter implements RealmModel {
|
|||
protected CachedRealm cached;
|
||||
protected CacheModelProvider cacheSession;
|
||||
protected RealmModel updated;
|
||||
protected KeycloakCache cache;
|
||||
protected RealmCache cache;
|
||||
protected volatile transient PublicKey publicKey;
|
||||
protected volatile transient PrivateKey privateKey;
|
||||
|
||||
|
@ -395,39 +392,6 @@ public class RealmAdapter implements RealmModel {
|
|||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUser(String name) {
|
||||
return cacheSession.getUserByUsername(name, this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserByEmail(String email) {
|
||||
return cacheSession.getUserByEmail(email, this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserById(String id) {
|
||||
return cacheSession.getUserById(id, this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel addUser(String id, String username, boolean addDefaultRoles) {
|
||||
getDelegateForUpdate();
|
||||
return updated.addUser(id, username, addDefaultRoles);
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel addUser(String username) {
|
||||
getDelegateForUpdate();
|
||||
return updated.addUser(username);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean removeUser(String name) {
|
||||
getDelegateForUpdate();
|
||||
return updated.removeUser(name);
|
||||
}
|
||||
|
||||
@Override
|
||||
public RoleModel getRoleById(String id) {
|
||||
if (updated != null) return updated.getRoleById(id);
|
||||
|
@ -538,36 +502,6 @@ public class RealmAdapter implements RealmModel {
|
|||
updated.updateRequiredCredentials(creds);
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserBySocialLink(SocialLinkModel socialLink) {
|
||||
if (updated != null) return updated.getUserBySocialLink(socialLink);
|
||||
return cacheSession.getUserBySocialLink(socialLink, this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<SocialLinkModel> getSocialLinks(UserModel user) {
|
||||
if (updated != null) return updated.getSocialLinks(user);
|
||||
return cacheSession.getSocialLinks(user, this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public SocialLinkModel getSocialLink(UserModel user, String socialProvider) {
|
||||
if (updated != null) return updated.getSocialLink(user, socialProvider);
|
||||
return cacheSession.getSocialLink(user, socialProvider, this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addSocialLink(UserModel user, SocialLinkModel socialLink) {
|
||||
getDelegateForUpdate();
|
||||
updated.addSocialLink(user, socialLink);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean removeSocialLink(UserModel user, String socialProvider) {
|
||||
getDelegateForUpdate();
|
||||
return updated.removeSocialLink(user, socialProvider);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isSocial() {
|
||||
if (updated != null) return updated.isSocial();
|
||||
|
@ -592,24 +526,6 @@ public class RealmAdapter implements RealmModel {
|
|||
updated.setUpdateProfileOnInitialSocialLogin(updateProfileOnInitialSocialLogin);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserModel> getUsers() {
|
||||
if (updated != null) return updated.getUsers();
|
||||
return cacheSession.getUsers(this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserModel> searchForUser(String search) {
|
||||
if (updated != null) return updated.searchForUser(search);
|
||||
return cacheSession.searchForUser(search, this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserModel> searchForUserByAttributes(Map<String, String> attributes) {
|
||||
if (updated != null) return updated.searchForUserByAttributes(attributes);
|
||||
return cacheSession.searchForUserByAttributes(attributes, this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public OAuthClientModel addOAuthClient(String name) {
|
||||
getDelegateForUpdate();
|
||||
|
|
|
@ -11,7 +11,7 @@ import org.keycloak.models.cache.entities.CachedUser;
|
|||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public interface KeycloakCache {
|
||||
public interface RealmCache {
|
||||
void clear();
|
||||
|
||||
CachedRealm getCachedRealm(String id);
|
||||
|
@ -51,16 +51,4 @@ public interface KeycloakCache {
|
|||
|
||||
void invalidateRoleById(String id);
|
||||
|
||||
CachedUser getCachedUser(String id);
|
||||
|
||||
void invalidateCachedUser(CachedUser user);
|
||||
|
||||
void addCachedUser(CachedUser user);
|
||||
|
||||
CachedUser getCachedUserByUsername(String name, RealmModel realm);
|
||||
CachedUser getCachedUserByEmail(String name, RealmModel realm);
|
||||
|
||||
void invalidedCachedUserById(String id);
|
||||
|
||||
void invalidateCachedUserById(String id);
|
||||
}
|
|
@ -19,11 +19,11 @@ public class RoleAdapter implements RoleModel {
|
|||
|
||||
protected RoleModel updated;
|
||||
protected CachedRole cached;
|
||||
protected KeycloakCache cache;
|
||||
protected RealmCache cache;
|
||||
protected CacheModelProvider cacheSession;
|
||||
protected RealmModel realm;
|
||||
|
||||
public RoleAdapter(CachedRole cached, KeycloakCache cache, CacheModelProvider session, RealmModel realm) {
|
||||
public RoleAdapter(CachedRole cached, RealmCache cache, CacheModelProvider session, RealmModel realm) {
|
||||
this.cached = cached;
|
||||
this.cache = cache;
|
||||
this.cacheSession = session;
|
||||
|
|
|
@ -1,246 +0,0 @@
|
|||
package org.keycloak.models.cache;
|
||||
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.cache.entities.CachedApplication;
|
||||
import org.keycloak.models.cache.entities.CachedOAuthClient;
|
||||
import org.keycloak.models.cache.entities.CachedRealm;
|
||||
import org.keycloak.models.cache.entities.CachedRole;
|
||||
import org.keycloak.models.cache.entities.CachedUser;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class SimpleCache implements KeycloakCache {
|
||||
|
||||
protected ConcurrentHashMap<String, CachedRealm> realmCache = new ConcurrentHashMap<String, CachedRealm>();
|
||||
protected ConcurrentHashMap<String, CachedRealm> realmCacheByName = new ConcurrentHashMap<String, CachedRealm>();
|
||||
protected ConcurrentHashMap<String, CachedApplication> applicationCache = new ConcurrentHashMap<String, CachedApplication>();
|
||||
protected ConcurrentHashMap<String, CachedOAuthClient> clientCache = new ConcurrentHashMap<String, CachedOAuthClient>();
|
||||
protected ConcurrentHashMap<String, CachedRole> roleCache = new ConcurrentHashMap<String, CachedRole>();
|
||||
|
||||
protected int maxUserCacheSize = 10000;
|
||||
protected boolean userCacheEnabled = true;
|
||||
|
||||
protected Map<String, CachedUser> usersById = Collections.synchronizedMap(new LRUCache());
|
||||
protected Map<String, CachedUser> usersByUsername = new ConcurrentHashMap<String, CachedUser>();
|
||||
protected Map<String, CachedUser> usersByEmail = new ConcurrentHashMap<String, CachedUser>();
|
||||
|
||||
protected class LRUCache extends LinkedHashMap<String, CachedUser> {
|
||||
public LRUCache() {
|
||||
super(1000, 1.1F, true);
|
||||
}
|
||||
|
||||
@Override
|
||||
public CachedUser put(String key, CachedUser value) {
|
||||
usersByUsername.put(value.getUsernameKey(), value);
|
||||
if (value.getEmail() != null) {
|
||||
usersByEmail.put(value.getEmailKey(), value);
|
||||
}
|
||||
return super.put(key, value);
|
||||
}
|
||||
|
||||
@Override
|
||||
public CachedUser remove(Object key) {
|
||||
CachedUser user = super.remove(key);
|
||||
if (user == null) return null;
|
||||
removeUser(user);
|
||||
return user;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void clear() {
|
||||
super.clear();
|
||||
usersByUsername.clear();
|
||||
usersByEmail.clear();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected boolean removeEldestEntry(Map.Entry<String, CachedUser> eldest) {
|
||||
boolean evict = size() > maxUserCacheSize;
|
||||
if (evict) {
|
||||
removeUser(eldest.getValue());
|
||||
}
|
||||
return evict;
|
||||
}
|
||||
|
||||
private void removeUser(CachedUser value) {
|
||||
usersByUsername.remove(value.getUsernameKey());
|
||||
if (value.getEmail() != null) usersByEmail.remove(value.getEmailKey());
|
||||
}
|
||||
}
|
||||
|
||||
public int getMaxUserCacheSize() {
|
||||
return maxUserCacheSize;
|
||||
}
|
||||
|
||||
public void setMaxUserCacheSize(int maxUserCacheSize) {
|
||||
this.maxUserCacheSize = maxUserCacheSize;
|
||||
}
|
||||
|
||||
public boolean isUserCacheEnabled() {
|
||||
return userCacheEnabled;
|
||||
}
|
||||
|
||||
public void setUserCacheEnabled(boolean userCacheEnabled) {
|
||||
this.userCacheEnabled = userCacheEnabled;
|
||||
}
|
||||
|
||||
@Override
|
||||
public CachedUser getCachedUser(String id) {
|
||||
if (!userCacheEnabled) return null;
|
||||
return usersById.get(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void invalidateCachedUser(CachedUser user) {
|
||||
if (!userCacheEnabled) return;
|
||||
usersById.remove(user.getId());
|
||||
}
|
||||
|
||||
@Override
|
||||
public void invalidateCachedUserById(String id) {
|
||||
if (!userCacheEnabled) return;
|
||||
usersById.remove(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addCachedUser(CachedUser user) {
|
||||
if (!userCacheEnabled) return;
|
||||
usersById.put(user.getId(), user);
|
||||
}
|
||||
|
||||
@Override
|
||||
public CachedUser getCachedUserByUsername(String name, RealmModel realm) {
|
||||
if (!userCacheEnabled) return null;
|
||||
CachedUser user = usersByUsername.get(realm.getId() + "." +name);
|
||||
if (user == null) return null;
|
||||
usersById.get(user.getId()); // refresh cache entry age
|
||||
return user;
|
||||
}
|
||||
|
||||
@Override
|
||||
public CachedUser getCachedUserByEmail(String name, RealmModel realm) {
|
||||
if (!userCacheEnabled) return null;
|
||||
CachedUser user = usersByEmail.get(realm.getId() + "." +name);
|
||||
if (user == null) return null;
|
||||
usersById.get(user.getId()); // refresh cache entry age
|
||||
return user;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void invalidedCachedUserById(String id) {
|
||||
if (!userCacheEnabled) return;
|
||||
usersById.remove(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void clear() {
|
||||
realmCache.clear();
|
||||
realmCacheByName.clear();
|
||||
applicationCache.clear();
|
||||
clientCache.clear();
|
||||
roleCache.clear();
|
||||
usersById.clear();
|
||||
}
|
||||
|
||||
@Override
|
||||
public CachedRealm getCachedRealm(String id) {
|
||||
return realmCache.get(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void invalidateCachedRealm(CachedRealm realm) {
|
||||
realmCache.remove(realm.getId());
|
||||
realmCacheByName.remove(realm.getName());
|
||||
}
|
||||
|
||||
@Override
|
||||
public void invalidateCachedRealmById(String id) {
|
||||
CachedRealm cached = realmCache.remove(id);
|
||||
if (cached != null) realmCacheByName.remove(cached.getName());
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public void addCachedRealm(CachedRealm realm) {
|
||||
realmCache.put(realm.getId(), realm);
|
||||
realmCacheByName.put(realm.getName(), realm);
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public CachedRealm getCachedRealmByName(String name) {
|
||||
return realmCacheByName.get(name);
|
||||
}
|
||||
|
||||
@Override
|
||||
public CachedApplication getApplication(String id) {
|
||||
return applicationCache.get(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void invalidateApplication(CachedApplication app) {
|
||||
applicationCache.remove(app.getId());
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addCachedApplication(CachedApplication app) {
|
||||
applicationCache.put(app.getId(), app);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void invalidateCachedApplicationById(String id) {
|
||||
applicationCache.remove(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public CachedOAuthClient getOAuthClient(String id) {
|
||||
return clientCache.get(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void invalidateOAuthClient(CachedOAuthClient client) {
|
||||
clientCache.remove(client.getId());
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addCachedOAuthClient(CachedOAuthClient client) {
|
||||
clientCache.put(client.getId(), client);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void invalidateCachedOAuthClientById(String id) {
|
||||
clientCache.remove(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public CachedRole getRole(String id) {
|
||||
return roleCache.get(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void invalidateRole(CachedRole role) {
|
||||
roleCache.remove(role);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void invalidateRoleById(String id) {
|
||||
roleCache.remove(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addCachedRole(CachedRole role) {
|
||||
roleCache.put(role.getId(), role);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void invalidateCachedRoleById(String id) {
|
||||
roleCache.remove(id);
|
||||
}
|
||||
}
|
|
@ -8,7 +8,7 @@ import org.keycloak.models.KeycloakSession;
|
|||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class SimpleCacheModelProviderFactory implements CacheModelProviderFactory {
|
||||
protected KeycloakCache cache = new SimpleCache();
|
||||
protected RealmCache cache = new SimpleRealmCache();
|
||||
|
||||
@Override
|
||||
public CacheModelProvider create(KeycloakSession session) {
|
||||
|
|
|
@ -0,0 +1,33 @@
|
|||
package org.keycloak.models.cache;
|
||||
|
||||
import org.keycloak.Config;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class SimpleCacheUserProviderFactory implements CacheUserProviderFactory {
|
||||
protected UserCache cache = new SimpleUserCache();
|
||||
|
||||
@Override
|
||||
public CacheUserProvider create(KeycloakSession session) {
|
||||
return new DefaultCacheUserProvider(cache, session);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void init(Config.Scope config) {
|
||||
config.get("");
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public void close() {
|
||||
//To change body of implemented methods use File | Settings | File Templates.
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getId() {
|
||||
return "simple";
|
||||
}
|
||||
}
|
130
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/SimpleRealmCache.java
vendored
Executable file
130
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/SimpleRealmCache.java
vendored
Executable file
|
@ -0,0 +1,130 @@
|
|||
package org.keycloak.models.cache;
|
||||
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.cache.entities.CachedApplication;
|
||||
import org.keycloak.models.cache.entities.CachedOAuthClient;
|
||||
import org.keycloak.models.cache.entities.CachedRealm;
|
||||
import org.keycloak.models.cache.entities.CachedRole;
|
||||
import org.keycloak.models.cache.entities.CachedUser;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class SimpleRealmCache implements RealmCache {
|
||||
|
||||
protected ConcurrentHashMap<String, CachedRealm> realmCache = new ConcurrentHashMap<String, CachedRealm>();
|
||||
protected ConcurrentHashMap<String, CachedRealm> realmCacheByName = new ConcurrentHashMap<String, CachedRealm>();
|
||||
protected ConcurrentHashMap<String, CachedApplication> applicationCache = new ConcurrentHashMap<String, CachedApplication>();
|
||||
protected ConcurrentHashMap<String, CachedOAuthClient> clientCache = new ConcurrentHashMap<String, CachedOAuthClient>();
|
||||
protected ConcurrentHashMap<String, CachedRole> roleCache = new ConcurrentHashMap<String, CachedRole>();
|
||||
|
||||
@Override
|
||||
public void clear() {
|
||||
realmCache.clear();
|
||||
realmCacheByName.clear();
|
||||
applicationCache.clear();
|
||||
clientCache.clear();
|
||||
roleCache.clear();
|
||||
}
|
||||
|
||||
@Override
|
||||
public CachedRealm getCachedRealm(String id) {
|
||||
return realmCache.get(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void invalidateCachedRealm(CachedRealm realm) {
|
||||
realmCache.remove(realm.getId());
|
||||
realmCacheByName.remove(realm.getName());
|
||||
}
|
||||
|
||||
@Override
|
||||
public void invalidateCachedRealmById(String id) {
|
||||
CachedRealm cached = realmCache.remove(id);
|
||||
if (cached != null) realmCacheByName.remove(cached.getName());
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public void addCachedRealm(CachedRealm realm) {
|
||||
realmCache.put(realm.getId(), realm);
|
||||
realmCacheByName.put(realm.getName(), realm);
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public CachedRealm getCachedRealmByName(String name) {
|
||||
return realmCacheByName.get(name);
|
||||
}
|
||||
|
||||
@Override
|
||||
public CachedApplication getApplication(String id) {
|
||||
return applicationCache.get(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void invalidateApplication(CachedApplication app) {
|
||||
applicationCache.remove(app.getId());
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addCachedApplication(CachedApplication app) {
|
||||
applicationCache.put(app.getId(), app);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void invalidateCachedApplicationById(String id) {
|
||||
applicationCache.remove(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public CachedOAuthClient getOAuthClient(String id) {
|
||||
return clientCache.get(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void invalidateOAuthClient(CachedOAuthClient client) {
|
||||
clientCache.remove(client.getId());
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addCachedOAuthClient(CachedOAuthClient client) {
|
||||
clientCache.put(client.getId(), client);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void invalidateCachedOAuthClientById(String id) {
|
||||
clientCache.remove(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public CachedRole getRole(String id) {
|
||||
return roleCache.get(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void invalidateRole(CachedRole role) {
|
||||
roleCache.remove(role);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void invalidateRoleById(String id) {
|
||||
roleCache.remove(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addCachedRole(CachedRole role) {
|
||||
roleCache.put(role.getId(), role);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void invalidateCachedRoleById(String id) {
|
||||
roleCache.remove(id);
|
||||
}
|
||||
}
|
148
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/SimpleUserCache.java
vendored
Executable file
148
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/SimpleUserCache.java
vendored
Executable file
|
@ -0,0 +1,148 @@
|
|||
package org.keycloak.models.cache;
|
||||
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.cache.entities.CachedApplication;
|
||||
import org.keycloak.models.cache.entities.CachedOAuthClient;
|
||||
import org.keycloak.models.cache.entities.CachedRealm;
|
||||
import org.keycloak.models.cache.entities.CachedRole;
|
||||
import org.keycloak.models.cache.entities.CachedUser;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class SimpleUserCache implements UserCache {
|
||||
|
||||
protected int maxUserCacheSize = 10000;
|
||||
|
||||
|
||||
protected class RealmUsers {
|
||||
protected class LRUCache extends LinkedHashMap<String, CachedUser> {
|
||||
public LRUCache() {
|
||||
super(1000, 1.1F, true);
|
||||
}
|
||||
|
||||
@Override
|
||||
public CachedUser put(String key, CachedUser value) {
|
||||
usersByUsername.put(value.getUsername(), value);
|
||||
if (value.getEmail() != null) {
|
||||
usersByEmail.put(value.getEmail(), value);
|
||||
}
|
||||
return super.put(key, value);
|
||||
}
|
||||
|
||||
@Override
|
||||
public CachedUser remove(Object key) {
|
||||
CachedUser user = super.remove(key);
|
||||
if (user == null) return null;
|
||||
removeUser(user);
|
||||
return user;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void clear() {
|
||||
super.clear();
|
||||
usersByUsername.clear();
|
||||
usersByEmail.clear();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected boolean removeEldestEntry(Map.Entry<String, CachedUser> eldest) {
|
||||
boolean evict = size() > maxUserCacheSize;
|
||||
if (evict) {
|
||||
removeUser(eldest.getValue());
|
||||
}
|
||||
return evict;
|
||||
}
|
||||
|
||||
private void removeUser(CachedUser value) {
|
||||
usersByUsername.remove(value.getUsername());
|
||||
if (value.getEmail() != null) usersByEmail.remove(value.getEmail());
|
||||
}
|
||||
}
|
||||
|
||||
protected Map<String, CachedUser> usersById = Collections.synchronizedMap(new LRUCache());
|
||||
protected Map<String, CachedUser> usersByUsername = new ConcurrentHashMap<String, CachedUser>();
|
||||
protected Map<String, CachedUser> usersByEmail = new ConcurrentHashMap<String, CachedUser>();
|
||||
|
||||
}
|
||||
|
||||
protected ConcurrentHashMap<String, RealmUsers> realmUsers = new ConcurrentHashMap<String, RealmUsers>();
|
||||
|
||||
public int getMaxUserCacheSize() {
|
||||
return maxUserCacheSize;
|
||||
}
|
||||
|
||||
public void setMaxUserCacheSize(int maxUserCacheSize) {
|
||||
this.maxUserCacheSize = maxUserCacheSize;
|
||||
}
|
||||
|
||||
@Override
|
||||
public CachedUser getCachedUser(String realmId, String id) {
|
||||
if (realmId == null || id == null) return null;
|
||||
RealmUsers users = realmUsers.get(realmId);
|
||||
if (users == null) return null;
|
||||
return users.usersById.get(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void invalidateCachedUser(String realmId, CachedUser user) {
|
||||
RealmUsers users = realmUsers.get(realmId);
|
||||
if (users == null) return;
|
||||
users.usersById.remove(user.getId());
|
||||
}
|
||||
|
||||
@Override
|
||||
public void invalidateCachedUserById(String realmId, String id) {
|
||||
RealmUsers users = realmUsers.get(realmId);
|
||||
if (users == null) return;
|
||||
users.usersById.remove(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addCachedUser(String realmId, CachedUser user) {
|
||||
RealmUsers users = realmUsers.get(realmId);
|
||||
if (users == null) {
|
||||
users = new RealmUsers();
|
||||
realmUsers.put(realmId, users);
|
||||
}
|
||||
users.usersById.put(user.getId(), user);
|
||||
}
|
||||
|
||||
@Override
|
||||
public CachedUser getCachedUserByUsername(String realmId, String name) {
|
||||
if (realmId == null || name == null) return null;
|
||||
RealmUsers users = realmUsers.get(realmId);
|
||||
if (users == null) return null;
|
||||
CachedUser user = users.usersByUsername.get(name);
|
||||
if (user == null) return null;
|
||||
users.usersById.get(user.getId()); // refresh cache entry age
|
||||
return user;
|
||||
}
|
||||
|
||||
@Override
|
||||
public CachedUser getCachedUserByEmail(String realmId, String email) {
|
||||
if (realmId == null || email == null) return null;
|
||||
RealmUsers users = realmUsers.get(realmId);
|
||||
if (users == null) return null;
|
||||
CachedUser user = users.usersByEmail.get(email);
|
||||
if (user == null) return null;
|
||||
users.usersById.get(user.getId()); // refresh cache entry age
|
||||
return user;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void invalidateRealmUsers(String realmId) {
|
||||
realmUsers.remove(realmId);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void clear() {
|
||||
realmUsers.clear();
|
||||
}
|
||||
}
|
|
@ -2,6 +2,8 @@ package org.keycloak.models.cache;
|
|||
|
||||
import org.keycloak.models.ApplicationModel;
|
||||
import org.keycloak.models.AuthenticationLinkModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.ModelProvider;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RoleContainerModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
|
@ -22,21 +24,21 @@ import java.util.Set;
|
|||
public class UserAdapter implements UserModel {
|
||||
protected UserModel updated;
|
||||
protected CachedUser cached;
|
||||
protected KeycloakCache cache;
|
||||
protected CacheModelProvider cacheSession;
|
||||
protected CacheUserProvider userProviderCache;
|
||||
protected KeycloakSession keycloakSession;
|
||||
protected RealmModel realm;
|
||||
|
||||
public UserAdapter(CachedUser cached, KeycloakCache cache, CacheModelProvider session, RealmModel realm) {
|
||||
public UserAdapter(CachedUser cached, CacheUserProvider userProvider, KeycloakSession keycloakSession, RealmModel realm) {
|
||||
this.cached = cached;
|
||||
this.cache = cache;
|
||||
this.cacheSession = session;
|
||||
this.userProviderCache = userProvider;
|
||||
this.keycloakSession = keycloakSession;
|
||||
this.realm = realm;
|
||||
}
|
||||
|
||||
protected void getDelegateForUpdate() {
|
||||
if (updated == null) {
|
||||
cacheSession.registerUserInvalidation(getId());
|
||||
updated = cacheSession.getDelegate().getUserById(getId(), realm);
|
||||
userProviderCache.registerUserInvalidation(realm, getId());
|
||||
updated = userProviderCache.getDelegate().getUserById(getId(), realm);
|
||||
if (updated == null) throw new IllegalStateException("Not found in database");
|
||||
}
|
||||
}
|
||||
|
@ -257,7 +259,13 @@ public class UserAdapter implements UserModel {
|
|||
if (updated != null) return updated.getRoleMappings();
|
||||
Set<RoleModel> roles = new HashSet<RoleModel>();
|
||||
for (String id : cached.getRoleMappings()) {
|
||||
roles.add(cacheSession.getRoleById(id, realm));
|
||||
RoleModel roleById = keycloakSession.model().getRoleById(id, realm);
|
||||
if (roleById == null) {
|
||||
// chance that role was removed, so just delete to persistence and get user invalidated
|
||||
getDelegateForUpdate();
|
||||
return updated.getRoleMappings();
|
||||
}
|
||||
roles.add(roleById);
|
||||
|
||||
}
|
||||
return roles;
|
||||
|
|
26
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/UserCache.java
vendored
Executable file
26
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/UserCache.java
vendored
Executable file
|
@ -0,0 +1,26 @@
|
|||
package org.keycloak.models.cache;
|
||||
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.cache.entities.CachedUser;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public interface UserCache {
|
||||
void clear();
|
||||
|
||||
CachedUser getCachedUser(String realmId, String id);
|
||||
|
||||
void invalidateCachedUser(String realmId, CachedUser user);
|
||||
|
||||
void addCachedUser(String realmId, CachedUser user);
|
||||
|
||||
CachedUser getCachedUserByUsername(String realmId, String name);
|
||||
|
||||
CachedUser getCachedUserByEmail(String realmId, String name);
|
||||
|
||||
void invalidateCachedUserById(String realmId, String id);
|
||||
|
||||
void invalidateRealmUsers(String realmId);
|
||||
}
|
|
@ -1,21 +1,15 @@
|
|||
package org.keycloak.models.cache.entities;
|
||||
|
||||
import org.keycloak.models.ApplicationModel;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.ModelProvider;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.UserSessionModel;
|
||||
import org.keycloak.models.cache.KeycloakCache;
|
||||
import org.keycloak.models.cache.RealmCache;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
|
@ -29,7 +23,7 @@ public class CachedApplication extends CachedClient {
|
|||
private boolean bearerOnly;
|
||||
private Map<String, String> roles = new HashMap<String, String>();
|
||||
|
||||
public CachedApplication(KeycloakCache cache, ModelProvider delegate, RealmModel realm, ApplicationModel model) {
|
||||
public CachedApplication(RealmCache cache, ModelProvider delegate, RealmModel realm, ApplicationModel model) {
|
||||
super(cache, delegate, realm, model);
|
||||
surrogateAuthRequired = model.isSurrogateAuthRequired();
|
||||
managementUrl = model.getManagementUrl();
|
||||
|
|
|
@ -1,12 +1,10 @@
|
|||
package org.keycloak.models.cache.entities;
|
||||
|
||||
import org.keycloak.models.ApplicationModel;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.ModelProvider;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
import org.keycloak.models.cache.KeycloakCache;
|
||||
import org.keycloak.models.cache.RealmCache;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
@ -28,7 +26,7 @@ public class CachedClient {
|
|||
protected Set<String> scope = new HashSet<String>();
|
||||
protected Set<String> webOrigins = new HashSet<String>();
|
||||
|
||||
public CachedClient(KeycloakCache cache, ModelProvider delegate, RealmModel realm, ClientModel model) {
|
||||
public CachedClient(RealmCache cache, ModelProvider delegate, RealmModel realm, ClientModel model) {
|
||||
id = model.getId();
|
||||
secret = model.getSecret();
|
||||
name = model.getClientId();
|
||||
|
|
|
@ -1,17 +1,16 @@
|
|||
package org.keycloak.models.cache.entities;
|
||||
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.ModelProvider;
|
||||
import org.keycloak.models.OAuthClientModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.cache.KeycloakCache;
|
||||
import org.keycloak.models.cache.RealmCache;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class CachedOAuthClient extends CachedClient {
|
||||
public CachedOAuthClient(KeycloakCache cache, ModelProvider delegate, RealmModel realm, OAuthClientModel model) {
|
||||
public CachedOAuthClient(RealmCache cache, ModelProvider delegate, RealmModel realm, OAuthClientModel model) {
|
||||
super(cache, delegate, realm, model);
|
||||
|
||||
}
|
||||
|
|
|
@ -2,14 +2,13 @@ package org.keycloak.models.cache.entities;
|
|||
|
||||
import org.keycloak.models.ApplicationModel;
|
||||
import org.keycloak.models.AuthenticationProviderModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.ModelProvider;
|
||||
import org.keycloak.models.OAuthClientModel;
|
||||
import org.keycloak.models.PasswordPolicy;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RequiredCredentialModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
import org.keycloak.models.cache.KeycloakCache;
|
||||
import org.keycloak.models.cache.RealmCache;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
|
@ -81,7 +80,7 @@ public class CachedRealm {
|
|||
public CachedRealm() {
|
||||
}
|
||||
|
||||
public CachedRealm(KeycloakCache cache, ModelProvider delegate, RealmModel model) {
|
||||
public CachedRealm(RealmCache cache, ModelProvider delegate, RealmModel model) {
|
||||
id = model.getId();
|
||||
name = model.getName();
|
||||
enabled = model.isEnabled();
|
||||
|
|
|
@ -20,11 +20,9 @@ import java.util.Set;
|
|||
public class CachedUser {
|
||||
private String id;
|
||||
private String username;
|
||||
private String usernameKey;
|
||||
private String firstName;
|
||||
private String lastName;
|
||||
private String email;
|
||||
private String emailKey;
|
||||
private boolean emailVerified;
|
||||
private List<UserCredentialValueModel> credentials = new LinkedList<UserCredentialValueModel>();
|
||||
private boolean enabled;
|
||||
|
@ -38,14 +36,10 @@ public class CachedUser {
|
|||
public CachedUser(RealmModel realm, UserModel user) {
|
||||
this.id = user.getId();
|
||||
this.username = user.getUsername();
|
||||
this.usernameKey = realm.getId() + "." + this.username;
|
||||
this.firstName = user.getFirstName();
|
||||
this.lastName = user.getLastName();
|
||||
this.attributes.putAll(user.getAttributes());
|
||||
this.email = user.getEmail();
|
||||
if (this.email != null) {
|
||||
this.emailKey = realm.getId() + "." + this.email;
|
||||
}
|
||||
this.emailVerified = user.isEmailVerified();
|
||||
this.credentials.addAll(user.getCredentialsDirectly());
|
||||
this.enabled = user.isEnabled();
|
||||
|
@ -65,14 +59,6 @@ public class CachedUser {
|
|||
return username;
|
||||
}
|
||||
|
||||
public String getUsernameKey() {
|
||||
return usernameKey;
|
||||
}
|
||||
|
||||
public String getEmailKey() {
|
||||
return emailKey;
|
||||
}
|
||||
|
||||
public String getFirstName() {
|
||||
return firstName;
|
||||
}
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
org.keycloak.models.cache.SimpleCacheUserProviderFactory
|
|
@ -1 +1,2 @@
|
|||
org.keycloak.models.cache.CacheModelProviderSpi
|
||||
org.keycloak.models.cache.CacheUserProviderSpi
|
|
@ -2,6 +2,7 @@ package org.keycloak.models.jpa;
|
|||
|
||||
import org.keycloak.models.ApplicationModel;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.ModelDuplicateException;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RoleContainerModel;
|
||||
|
@ -25,10 +26,12 @@ import java.util.Set;
|
|||
public class ApplicationAdapter extends ClientAdapter implements ApplicationModel {
|
||||
|
||||
protected EntityManager em;
|
||||
protected KeycloakSession session;
|
||||
protected ApplicationEntity applicationEntity;
|
||||
|
||||
public ApplicationAdapter(RealmModel realm, EntityManager em, ApplicationEntity applicationEntity) {
|
||||
public ApplicationAdapter(RealmModel realm, EntityManager em, KeycloakSession session, ApplicationEntity applicationEntity) {
|
||||
super(realm, applicationEntity, em);
|
||||
this.session = session;
|
||||
this.realm = realm;
|
||||
this.em = em;
|
||||
this.applicationEntity = applicationEntity;
|
||||
|
@ -135,6 +138,7 @@ public class ApplicationAdapter extends ClientAdapter implements ApplicationMode
|
|||
}
|
||||
if (!roleModel.getContainer().equals(this)) return false;
|
||||
|
||||
session.users().preRemove(roleModel);
|
||||
RoleEntity role = RoleAdapter.toRoleEntity(roleModel, em);
|
||||
if (!role.isApplicationRole()) return false;
|
||||
|
||||
|
@ -143,7 +147,6 @@ public class ApplicationAdapter extends ClientAdapter implements ApplicationMode
|
|||
applicationEntity.getDefaultRoles().remove(role);
|
||||
em.createNativeQuery("delete from CompositeRole where childRole = :role").setParameter("role", role).executeUpdate();
|
||||
em.createQuery("delete from " + ScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
|
||||
em.createQuery("delete from " + UserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", role).executeUpdate();
|
||||
role.setApplication(null);
|
||||
em.flush();
|
||||
em.remove(role);
|
||||
|
|
|
@ -84,38 +84,6 @@ public class JpaModelProvider implements ModelProvider {
|
|||
return new RealmAdapter(session, em, realm);
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserById(String id, RealmModel realmModel) {
|
||||
TypedQuery<UserEntity> query = em.createNamedQuery("getRealmUserById", UserEntity.class);
|
||||
query.setParameter("id", id);
|
||||
RealmEntity realm = em.getReference(RealmEntity.class, realmModel.getId());
|
||||
query.setParameter("realm", realm);
|
||||
List<UserEntity> entities = query.getResultList();
|
||||
if (entities.size() == 0) return null;
|
||||
return new UserAdapter(realmModel, em, entities.get(0));
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserByUsername(String username, RealmModel realmModel) {
|
||||
TypedQuery<UserEntity> query = em.createNamedQuery("getRealmUserByUsername", UserEntity.class);
|
||||
query.setParameter("username", username);
|
||||
RealmEntity realm = em.getReference(RealmEntity.class, realmModel.getId());
|
||||
query.setParameter("realm", realm);
|
||||
List<UserEntity> results = query.getResultList();
|
||||
if (results.size() == 0) return null;
|
||||
return new UserAdapter(realmModel, em, results.get(0));
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserByEmail(String email, RealmModel realmModel) {
|
||||
TypedQuery<UserEntity> query = em.createNamedQuery("getRealmUserByEmail", UserEntity.class);
|
||||
query.setParameter("email", email);
|
||||
RealmEntity realm = em.getReference(RealmEntity.class, realmModel.getId());
|
||||
query.setParameter("realm", realm);
|
||||
List<UserEntity> results = query.getResultList();
|
||||
return results.isEmpty() ? null : new UserAdapter(realmModel, em, results.get(0));
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean removeRealm(String id) {
|
||||
RealmEntity realm = em.find(RealmEntity.class, id);
|
||||
|
@ -124,6 +92,7 @@ public class JpaModelProvider implements ModelProvider {
|
|||
}
|
||||
|
||||
RealmAdapter adapter = new RealmAdapter(session, em, realm);
|
||||
session.users().preRemove(adapter);
|
||||
for (ApplicationEntity a : new LinkedList<ApplicationEntity>(realm.getApplications())) {
|
||||
adapter.removeApplication(a.getId());
|
||||
}
|
||||
|
@ -132,11 +101,7 @@ public class JpaModelProvider implements ModelProvider {
|
|||
adapter.removeOAuthClient(oauth.getId());
|
||||
}
|
||||
|
||||
for (UserEntity u : em.createQuery("from UserEntity u where u.realm = :realm", UserEntity.class).setParameter("realm", realm).getResultList()) {
|
||||
adapter.removeUser(u.getUsername());
|
||||
}
|
||||
|
||||
em.remove(realm);
|
||||
em.remove(realm);
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -144,111 +109,6 @@ public class JpaModelProvider implements ModelProvider {
|
|||
public void close() {
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserBySocialLink(SocialLinkModel socialLink, RealmModel realm) {
|
||||
TypedQuery<UserEntity> query = em.createNamedQuery("findUserByLinkAndRealm", UserEntity.class);
|
||||
RealmEntity realmEntity = em.getReference(RealmEntity.class, realm.getId());
|
||||
query.setParameter("realm", realmEntity);
|
||||
query.setParameter("socialProvider", socialLink.getSocialProvider());
|
||||
query.setParameter("socialUserId", socialLink.getSocialUserId());
|
||||
List<UserEntity> results = query.getResultList();
|
||||
if (results.isEmpty()) {
|
||||
return null;
|
||||
} else if (results.size() > 1) {
|
||||
throw new IllegalStateException("More results found for socialProvider=" + socialLink.getSocialProvider() +
|
||||
", socialUserId=" + socialLink.getSocialUserId() + ", results=" + results);
|
||||
} else {
|
||||
UserEntity user = results.get(0);
|
||||
return new UserAdapter(realm, em, user);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserModel> getUsers(RealmModel realm) {
|
||||
TypedQuery<UserEntity> query = em.createQuery("select u from UserEntity u where u.realm = :realm", UserEntity.class);
|
||||
RealmEntity realmEntity = em.getReference(RealmEntity.class, realm.getId());
|
||||
query.setParameter("realm", realmEntity);
|
||||
List<UserEntity> results = query.getResultList();
|
||||
List<UserModel> users = new ArrayList<UserModel>();
|
||||
for (UserEntity entity : results) users.add(new UserAdapter(realm, em, entity));
|
||||
return users;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserModel> searchForUser(String search, RealmModel realm) {
|
||||
TypedQuery<UserEntity> query = em.createQuery("select u from UserEntity u where u.realm = :realm and ( lower(u.username) like :search or lower(concat(u.firstName, ' ', u.lastName)) like :search or u.email like :search )", UserEntity.class);
|
||||
RealmEntity realmEntity = em.getReference(RealmEntity.class, realm.getId());
|
||||
query.setParameter("realm", realmEntity);
|
||||
query.setParameter("search", "%" + search.toLowerCase() + "%");
|
||||
List<UserEntity> results = query.getResultList();
|
||||
List<UserModel> users = new ArrayList<UserModel>();
|
||||
for (UserEntity entity : results) users.add(new UserAdapter(realm, em, entity));
|
||||
return users;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserModel> searchForUserByAttributes(Map<String, String> attributes, RealmModel realm) {
|
||||
StringBuilder builder = new StringBuilder("select u from UserEntity u");
|
||||
boolean first = true;
|
||||
for (Map.Entry<String, String> entry : attributes.entrySet()) {
|
||||
String attribute = null;
|
||||
if (entry.getKey().equals(UserModel.LOGIN_NAME)) {
|
||||
attribute = "lower(username)";
|
||||
} else if (entry.getKey().equalsIgnoreCase(UserModel.FIRST_NAME)) {
|
||||
attribute = "lower(firstName)";
|
||||
} else if (entry.getKey().equalsIgnoreCase(UserModel.LAST_NAME)) {
|
||||
attribute = "lower(lastName)";
|
||||
} else if (entry.getKey().equalsIgnoreCase(UserModel.EMAIL)) {
|
||||
attribute = "lower(email)";
|
||||
}
|
||||
if (attribute == null) continue;
|
||||
if (first) {
|
||||
first = false;
|
||||
builder.append(" where realm = :realm");
|
||||
} else {
|
||||
builder.append(" and ");
|
||||
}
|
||||
builder.append(attribute).append(" like '%").append(entry.getValue().toLowerCase()).append("%'");
|
||||
}
|
||||
String q = builder.toString();
|
||||
TypedQuery<UserEntity> query = em.createQuery(q, UserEntity.class);
|
||||
RealmEntity realmEntity = em.getReference(RealmEntity.class, realm.getId());
|
||||
query.setParameter("realm", realmEntity);
|
||||
List<UserEntity> results = query.getResultList();
|
||||
List<UserModel> users = new ArrayList<UserModel>();
|
||||
for (UserEntity entity : results) users.add(new UserAdapter(realm, em, entity));
|
||||
return users;
|
||||
}
|
||||
|
||||
private SocialLinkEntity findSocialLink(UserModel user, String socialProvider) {
|
||||
TypedQuery<SocialLinkEntity> query = em.createNamedQuery("findSocialLinkByUserAndProvider", SocialLinkEntity.class);
|
||||
UserEntity userEntity = em.getReference(UserEntity.class, user.getId());
|
||||
query.setParameter("user", userEntity);
|
||||
query.setParameter("socialProvider", socialProvider);
|
||||
List<SocialLinkEntity> results = query.getResultList();
|
||||
return results.size() > 0 ? results.get(0) : null;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public Set<SocialLinkModel> getSocialLinks(UserModel user, RealmModel realm) {
|
||||
TypedQuery<SocialLinkEntity> query = em.createNamedQuery("findSocialLinkByUser", SocialLinkEntity.class);
|
||||
UserEntity userEntity = em.getReference(UserEntity.class, user.getId());
|
||||
query.setParameter("user", userEntity);
|
||||
List<SocialLinkEntity> results = query.getResultList();
|
||||
Set<SocialLinkModel> set = new HashSet<SocialLinkModel>();
|
||||
for (SocialLinkEntity entity : results) {
|
||||
set.add(new SocialLinkModel(entity.getSocialProvider(), entity.getSocialUserId(), entity.getSocialUsername()));
|
||||
}
|
||||
return set;
|
||||
}
|
||||
|
||||
@Override
|
||||
public SocialLinkModel getSocialLink(UserModel user, String socialProvider, RealmModel realm) {
|
||||
SocialLinkEntity entity = findSocialLink(user, socialProvider);
|
||||
return (entity != null) ? new SocialLinkModel(entity.getSocialProvider(), entity.getSocialUserId(), entity.getSocialUsername()) : null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public RoleModel getRoleById(String id, RealmModel realm) {
|
||||
RoleEntity entity = em.find(RoleEntity.class, id);
|
||||
|
@ -263,7 +123,7 @@ public class JpaModelProvider implements ModelProvider {
|
|||
|
||||
// Check if application belongs to this realm
|
||||
if (app == null || !realm.getId().equals(app.getRealm().getId())) return null;
|
||||
return new ApplicationAdapter(realm, em, app);
|
||||
return new ApplicationAdapter(realm, em, session, app);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -39,7 +39,6 @@ public class JpaUserProvider implements UserProvider {
|
|||
public JpaUserProvider(KeycloakSession session, EntityManager em) {
|
||||
this.session = session;
|
||||
this.em = em;
|
||||
this.em = PersistenceExceptionConverter.create(em);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -98,6 +97,34 @@ public class JpaUserProvider implements UserProvider {
|
|||
em.remove(user);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addSocialLink(RealmModel realm, UserModel user, SocialLinkModel socialLink) {
|
||||
SocialLinkEntity entity = new SocialLinkEntity();
|
||||
RealmEntity realmEntity = em.getReference(RealmEntity.class, realm.getId());
|
||||
entity.setRealm(realmEntity);
|
||||
entity.setSocialProvider(socialLink.getSocialProvider());
|
||||
entity.setSocialUserId(socialLink.getSocialUserId());
|
||||
entity.setSocialUsername(socialLink.getSocialUsername());
|
||||
UserEntity userEntity = em.getReference(UserEntity.class, user.getId());
|
||||
entity.setUser(userEntity);
|
||||
em.persist(entity);
|
||||
em.flush();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean removeSocialLink(RealmModel realm, UserModel user, String socialProvider) {
|
||||
SocialLinkEntity entity = findSocialLink(user, socialProvider);
|
||||
if (entity != null) {
|
||||
em.remove(entity);
|
||||
em.flush();
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
@Override
|
||||
public void preRemove(RealmModel realm) {
|
||||
TypedQuery<UserEntity> query = em.createQuery("select u from UserEntity u where u.realm = :realm", UserEntity.class);
|
||||
|
@ -114,12 +141,6 @@ public class JpaUserProvider implements UserProvider {
|
|||
em.createQuery("delete from " + UserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", roleEntity).executeUpdate();
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public KeycloakTransaction getTransaction() {
|
||||
return new JpaKeycloakTransaction(em);
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserById(String id, RealmModel realmModel) {
|
||||
TypedQuery<UserEntity> query = em.createNamedQuery("getRealmUserById", UserEntity.class);
|
||||
|
@ -154,8 +175,6 @@ public class JpaUserProvider implements UserProvider {
|
|||
|
||||
@Override
|
||||
public void close() {
|
||||
if (em.getTransaction().isActive()) em.getTransaction().rollback();
|
||||
if (em.isOpen()) em.close();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
38
model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProviderFactory.java
Executable file
38
model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProviderFactory.java
Executable file
|
@ -0,0 +1,38 @@
|
|||
package org.keycloak.models.jpa;
|
||||
|
||||
import org.keycloak.Config;
|
||||
import org.keycloak.connections.jpa.JpaConnectionProvider;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.ModelProvider;
|
||||
import org.keycloak.models.ModelProviderFactory;
|
||||
import org.keycloak.models.UserProvider;
|
||||
import org.keycloak.models.UserProviderFactory;
|
||||
|
||||
import javax.persistence.EntityManager;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class JpaUserProviderFactory implements UserProviderFactory {
|
||||
|
||||
@Override
|
||||
public void init(Config.Scope config) {
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getId() {
|
||||
return "jpa";
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserProvider create(KeycloakSession session) {
|
||||
EntityManager em = session.getProvider(JpaConnectionProvider.class).getEntityManager();
|
||||
return new JpaUserProvider(session, em);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void close() {
|
||||
}
|
||||
|
||||
}
|
|
@ -22,9 +22,6 @@ import org.keycloak.models.jpa.entities.RealmEntity;
|
|||
import org.keycloak.models.jpa.entities.RequiredCredentialEntity;
|
||||
import org.keycloak.models.jpa.entities.RoleEntity;
|
||||
import org.keycloak.models.jpa.entities.ScopeMappingEntity;
|
||||
import org.keycloak.models.jpa.entities.SocialLinkEntity;
|
||||
import org.keycloak.models.jpa.entities.UserEntity;
|
||||
import org.keycloak.models.jpa.entities.UserRoleMappingEntity;
|
||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||
import org.keycloak.models.utils.TimeBasedOTP;
|
||||
|
||||
|
@ -411,75 +408,6 @@ public class RealmAdapter implements RealmModel {
|
|||
}
|
||||
|
||||
|
||||
@Override
|
||||
public UserModel getUser(String name) {
|
||||
return session.model().getUserByUsername(name, this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserByEmail(String email) {
|
||||
return session.model().getUserByEmail(email, this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserById(String id) {
|
||||
return session.model().getUserById(id, this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel addUser(String username) {
|
||||
return this.addUser(KeycloakModelUtils.generateId(), username, true);
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel addUser(String id, String username, boolean addDefaultRoles) {
|
||||
if (id == null) {
|
||||
id = KeycloakModelUtils.generateId();
|
||||
}
|
||||
|
||||
UserEntity entity = new UserEntity();
|
||||
entity.setId(id);
|
||||
entity.setUsername(username);
|
||||
entity.setRealm(realm);
|
||||
em.persist(entity);
|
||||
em.flush();
|
||||
UserModel userModel = new UserAdapter(this, em, entity);
|
||||
|
||||
if (addDefaultRoles) {
|
||||
for (String r : getDefaultRoles()) {
|
||||
userModel.grantRole(getRole(r));
|
||||
}
|
||||
|
||||
for (ApplicationModel application : getApplications()) {
|
||||
for (String r : application.getDefaultRoles()) {
|
||||
userModel.grantRole(application.getRole(r));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return userModel;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean removeUser(String name) {
|
||||
TypedQuery<UserEntity> query = em.createNamedQuery("getRealmUserByUsername", UserEntity.class);
|
||||
query.setParameter("username", name);
|
||||
query.setParameter("realm", realm);
|
||||
List<UserEntity> results = query.getResultList();
|
||||
if (results.size() == 0) return false;
|
||||
removeUser(results.get(0));
|
||||
return true;
|
||||
}
|
||||
|
||||
private void removeUser(UserEntity user) {
|
||||
em.createQuery("delete from " + UserRoleMappingEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate();
|
||||
em.createQuery("delete from " + SocialLinkEntity.class.getSimpleName() + " where user = :user").setParameter("user", user).executeUpdate();
|
||||
if (user.getAuthenticationLink() != null) {
|
||||
em.remove(user.getAuthenticationLink());
|
||||
}
|
||||
em.remove(user);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<String> getDefaultRoles() {
|
||||
Collection<RoleEntity> entities = realm.getDefaultRoles();
|
||||
|
@ -567,7 +495,7 @@ public class RealmAdapter implements RealmModel {
|
|||
List<ApplicationModel> list = new ArrayList<ApplicationModel>();
|
||||
if (realm.getApplications() == null) return list;
|
||||
for (ApplicationEntity entity : realm.getApplications()) {
|
||||
list.add(new ApplicationAdapter(this, em, entity));
|
||||
list.add(new ApplicationAdapter(this, em, session, entity));
|
||||
}
|
||||
return list;
|
||||
}
|
||||
|
@ -587,7 +515,7 @@ public class RealmAdapter implements RealmModel {
|
|||
realm.getApplications().add(applicationData);
|
||||
em.persist(applicationData);
|
||||
em.flush();
|
||||
ApplicationModel resource = new ApplicationAdapter(this, em, applicationData);
|
||||
ApplicationModel resource = new ApplicationAdapter(this, em, session, applicationData);
|
||||
em.flush();
|
||||
return resource;
|
||||
}
|
||||
|
@ -636,57 +564,6 @@ public class RealmAdapter implements RealmModel {
|
|||
return getApplicationNameMap().get(name);
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserBySocialLink(SocialLinkModel socialLink) {
|
||||
return session.model().getUserBySocialLink(socialLink, this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<SocialLinkModel> getSocialLinks(UserModel user) {
|
||||
return session.model().getSocialLinks(user, this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public SocialLinkModel getSocialLink(UserModel user, String socialProvider) {
|
||||
return session.model().getSocialLink(user, socialProvider, this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addSocialLink(UserModel user, SocialLinkModel socialLink) {
|
||||
SocialLinkEntity entity = new SocialLinkEntity();
|
||||
entity.setRealm(realm);
|
||||
entity.setSocialProvider(socialLink.getSocialProvider());
|
||||
entity.setSocialUserId(socialLink.getSocialUserId());
|
||||
entity.setSocialUsername(socialLink.getSocialUsername());
|
||||
UserEntity userEntity = em.getReference(UserEntity.class, user.getId());
|
||||
entity.setUser(userEntity);
|
||||
em.persist(entity);
|
||||
em.flush();
|
||||
}
|
||||
|
||||
private SocialLinkEntity findSocialLink(UserModel user, String socialProvider) {
|
||||
TypedQuery<SocialLinkEntity> query = em.createNamedQuery("findSocialLinkByUserAndProvider", SocialLinkEntity.class);
|
||||
UserEntity userEntity = em.getReference(UserEntity.class, user.getId());
|
||||
query.setParameter("user", userEntity);
|
||||
query.setParameter("socialProvider", socialProvider);
|
||||
List<SocialLinkEntity> results = query.getResultList();
|
||||
return results.size() > 0 ? results.get(0) : null;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public boolean removeSocialLink(UserModel user, String socialProvider) {
|
||||
SocialLinkEntity entity = findSocialLink(user, socialProvider);
|
||||
if (entity != null) {
|
||||
em.remove(entity);
|
||||
em.flush();
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public boolean isSocial() {
|
||||
return realm.isSocial();
|
||||
|
@ -709,21 +586,6 @@ public class RealmAdapter implements RealmModel {
|
|||
em.flush();
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserModel> getUsers() {
|
||||
return session.model().getUsers(this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserModel> searchForUser(String search) {
|
||||
return session.model().searchForUser(search, this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserModel> searchForUserByAttributes(Map<String, String> attributes) {
|
||||
return session.model().searchForUserByAttributes(attributes, this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public OAuthClientModel addOAuthClient(String name) {
|
||||
return this.addOAuthClient(KeycloakModelUtils.generateId(), name);
|
||||
|
@ -899,13 +761,12 @@ public class RealmAdapter implements RealmModel {
|
|||
return false;
|
||||
}
|
||||
if (!role.getContainer().equals(this)) return false;
|
||||
|
||||
session.users().preRemove(role);
|
||||
RoleEntity roleEntity = RoleAdapter.toRoleEntity(role, em);
|
||||
realm.getRoles().remove(role);
|
||||
realm.getDefaultRoles().remove(role);
|
||||
|
||||
em.createNativeQuery("delete from CompositeRole where childRole = :role").setParameter("role", roleEntity).executeUpdate();
|
||||
em.createQuery("delete from " + UserRoleMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", roleEntity).executeUpdate();
|
||||
em.createQuery("delete from " + ScopeMappingEntity.class.getSimpleName() + " where role = :role").setParameter("role", roleEntity).executeUpdate();
|
||||
|
||||
em.remove(roleEntity);
|
||||
|
@ -1060,7 +921,7 @@ public class RealmAdapter implements RealmModel {
|
|||
|
||||
@Override
|
||||
public ApplicationModel getMasterAdminApp() {
|
||||
return new ApplicationAdapter(this, em, realm.getMasterAdminApp());
|
||||
return new ApplicationAdapter(this, em, session, realm.getMasterAdminApp());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
org.keycloak.models.jpa.JpaUserProviderFactory
|
|
@ -141,6 +141,7 @@ public class ApplicationAdapter extends ClientAdapter<MongoApplicationEntity> im
|
|||
|
||||
@Override
|
||||
public boolean removeRole(RoleModel role) {
|
||||
session.users().preRemove(role);
|
||||
return getMongoStore().removeEntity(MongoRoleEntity.class, role.getId(), invocationContext);
|
||||
}
|
||||
|
||||
|
|
|
@ -94,50 +94,11 @@ public class MongoModelProvider implements ModelProvider {
|
|||
return new RealmAdapter(session, realm, invocationContext);
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserById(String id, RealmModel realm) {
|
||||
MongoUserEntity user = getMongoStore().loadEntity(MongoUserEntity.class, id, invocationContext);
|
||||
|
||||
// Check that it's user from this realm
|
||||
if (user == null || !realm.getId().equals(user.getRealmId())) {
|
||||
return null;
|
||||
} else {
|
||||
return new UserAdapter(session, realm, user, invocationContext);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserByUsername(String username, RealmModel realm) {
|
||||
DBObject query = new QueryBuilder()
|
||||
.and("username").is(username)
|
||||
.and("realmId").is(realm.getId())
|
||||
.get();
|
||||
MongoUserEntity user = getMongoStore().loadSingleEntity(MongoUserEntity.class, query, invocationContext);
|
||||
|
||||
if (user == null) {
|
||||
return null;
|
||||
} else {
|
||||
return new UserAdapter(session, realm, user, invocationContext);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserByEmail(String email, RealmModel realm) {
|
||||
DBObject query = new QueryBuilder()
|
||||
.and("email").is(email)
|
||||
.and("realmId").is(realm.getId())
|
||||
.get();
|
||||
MongoUserEntity user = getMongoStore().loadSingleEntity(MongoUserEntity.class, query, invocationContext);
|
||||
|
||||
if (user == null) {
|
||||
return null;
|
||||
} else {
|
||||
return new UserAdapter(session, realm, user, invocationContext);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean removeRealm(String id) {
|
||||
RealmModel realm = getRealm(id);
|
||||
if (realm == null) return false;
|
||||
session.users().preRemove(realm);
|
||||
return getMongoStore().removeEntity(MongoRealmEntity.class, id, invocationContext);
|
||||
}
|
||||
|
||||
|
@ -145,138 +106,6 @@ public class MongoModelProvider implements ModelProvider {
|
|||
return invocationContext.getMongoStore();
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserBySocialLink(SocialLinkModel socialLink, RealmModel realm) {
|
||||
DBObject query = new QueryBuilder()
|
||||
.and("socialLinks.socialProvider").is(socialLink.getSocialProvider())
|
||||
.and("socialLinks.socialUserId").is(socialLink.getSocialUserId())
|
||||
.and("realmId").is(realm.getId())
|
||||
.get();
|
||||
MongoUserEntity userEntity = getMongoStore().loadSingleEntity(MongoUserEntity.class, query, invocationContext);
|
||||
return userEntity == null ? null : new UserAdapter(session, realm, userEntity, invocationContext);
|
||||
}
|
||||
|
||||
protected List<UserModel> convertUserEntities(RealmModel realm, List<MongoUserEntity> userEntities) {
|
||||
List<UserModel> userModels = new ArrayList<UserModel>();
|
||||
for (MongoUserEntity user : userEntities) {
|
||||
userModels.add(new UserAdapter(session, realm, user, invocationContext));
|
||||
}
|
||||
return userModels;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public List<UserModel> getUsers(RealmModel realm) {
|
||||
DBObject query = new QueryBuilder()
|
||||
.and("realmId").is(realm.getId())
|
||||
.get();
|
||||
List<MongoUserEntity> users = getMongoStore().loadEntities(MongoUserEntity.class, query, invocationContext);
|
||||
return convertUserEntities(realm, users);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserModel> searchForUser(String search, RealmModel realm) {
|
||||
search = search.trim();
|
||||
Pattern caseInsensitivePattern = Pattern.compile("(?i:" + search + ")");
|
||||
|
||||
QueryBuilder nameBuilder;
|
||||
int spaceInd = search.lastIndexOf(" ");
|
||||
|
||||
// Case when we have search string like "ohn Bow". Then firstName must end with "ohn" AND lastName must start with "bow" (everything case-insensitive)
|
||||
if (spaceInd != -1) {
|
||||
String firstName = search.substring(0, spaceInd);
|
||||
String lastName = search.substring(spaceInd + 1);
|
||||
Pattern firstNamePattern = Pattern.compile("(?i:" + firstName + "$)");
|
||||
Pattern lastNamePattern = Pattern.compile("(?i:^" + lastName + ")");
|
||||
nameBuilder = new QueryBuilder().and(
|
||||
new QueryBuilder().put("firstName").regex(firstNamePattern).get(),
|
||||
new QueryBuilder().put("lastName").regex(lastNamePattern).get()
|
||||
);
|
||||
} else {
|
||||
// Case when we have search without spaces like "foo". The firstName OR lastName could be "foo" (everything case-insensitive)
|
||||
nameBuilder = new QueryBuilder().or(
|
||||
new QueryBuilder().put("firstName").regex(caseInsensitivePattern).get(),
|
||||
new QueryBuilder().put("lastName").regex(caseInsensitivePattern).get()
|
||||
);
|
||||
}
|
||||
|
||||
QueryBuilder builder = new QueryBuilder().and(
|
||||
new QueryBuilder().and("realmId").is(realm.getId()).get(),
|
||||
new QueryBuilder().or(
|
||||
new QueryBuilder().put("username").regex(caseInsensitivePattern).get(),
|
||||
new QueryBuilder().put("email").regex(caseInsensitivePattern).get(),
|
||||
nameBuilder.get()
|
||||
|
||||
).get()
|
||||
);
|
||||
|
||||
List<MongoUserEntity> users = getMongoStore().loadEntities(MongoUserEntity.class, builder.get(), invocationContext);
|
||||
return convertUserEntities(realm, users); }
|
||||
|
||||
@Override
|
||||
public List<UserModel> searchForUserByAttributes(Map<String, String> attributes, RealmModel realm) {
|
||||
QueryBuilder queryBuilder = new QueryBuilder()
|
||||
.and("realmId").is(realm.getId());
|
||||
|
||||
for (Map.Entry<String, String> entry : attributes.entrySet()) {
|
||||
if (entry.getKey().equals(UserModel.LOGIN_NAME)) {
|
||||
queryBuilder.and("username").regex(Pattern.compile("(?i:" + entry.getValue() + "$)"));
|
||||
} else if (entry.getKey().equalsIgnoreCase(UserModel.FIRST_NAME)) {
|
||||
queryBuilder.and(UserModel.FIRST_NAME).regex(Pattern.compile("(?i:" + entry.getValue() + "$)"));
|
||||
|
||||
} else if (entry.getKey().equalsIgnoreCase(UserModel.LAST_NAME)) {
|
||||
queryBuilder.and(UserModel.LAST_NAME).regex(Pattern.compile("(?i:" + entry.getValue() + "$)"));
|
||||
|
||||
} else if (entry.getKey().equalsIgnoreCase(UserModel.EMAIL)) {
|
||||
queryBuilder.and(UserModel.EMAIL).regex(Pattern.compile("(?i:" + entry.getValue() + "$)"));
|
||||
}
|
||||
}
|
||||
List<MongoUserEntity> users = getMongoStore().loadEntities(MongoUserEntity.class, queryBuilder.get(), invocationContext);
|
||||
return convertUserEntities(realm, users);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<SocialLinkModel> getSocialLinks(UserModel userModel, RealmModel realm) {
|
||||
UserModel user = getUserById(userModel.getId(), realm);
|
||||
MongoUserEntity userEntity = ((UserAdapter) user).getUser();
|
||||
List<SocialLinkEntity> linkEntities = userEntity.getSocialLinks();
|
||||
|
||||
if (linkEntities == null) {
|
||||
return Collections.EMPTY_SET;
|
||||
}
|
||||
|
||||
Set<SocialLinkModel> result = new HashSet<SocialLinkModel>();
|
||||
for (SocialLinkEntity socialLinkEntity : linkEntities) {
|
||||
SocialLinkModel model = new SocialLinkModel(socialLinkEntity.getSocialProvider(),
|
||||
socialLinkEntity.getSocialUserId(), socialLinkEntity.getSocialUsername());
|
||||
result.add(model);
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
private SocialLinkEntity findSocialLink(UserModel userModel, String socialProvider, RealmModel realm) {
|
||||
UserModel user = getUserById(userModel.getId(), realm);
|
||||
MongoUserEntity userEntity = ((UserAdapter) user).getUser();
|
||||
List<SocialLinkEntity> linkEntities = userEntity.getSocialLinks();
|
||||
if (linkEntities == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
for (SocialLinkEntity socialLinkEntity : linkEntities) {
|
||||
if (socialLinkEntity.getSocialProvider().equals(socialProvider)) {
|
||||
return socialLinkEntity;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public SocialLinkModel getSocialLink(UserModel user, String socialProvider, RealmModel realm) {
|
||||
SocialLinkEntity socialLinkEntity = findSocialLink(user, socialProvider, realm);
|
||||
return socialLinkEntity != null ? new SocialLinkModel(socialLinkEntity.getSocialProvider(), socialLinkEntity.getSocialUserId(), socialLinkEntity.getSocialUsername()) : null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public RoleModel getRoleById(String id, RealmModel realm) {
|
||||
MongoRoleEntity role = getMongoStore().loadEntity(MongoRoleEntity.class, id, invocationContext);
|
||||
|
|
|
@ -0,0 +1,322 @@
|
|||
package org.keycloak.models.mongo.keycloak.adapters;
|
||||
|
||||
import com.mongodb.BasicDBObject;
|
||||
import com.mongodb.DBObject;
|
||||
import com.mongodb.QueryBuilder;
|
||||
import org.keycloak.connections.mongo.api.MongoStore;
|
||||
import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
|
||||
import org.keycloak.models.ApplicationModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.ModelProvider;
|
||||
import org.keycloak.models.OAuthClientModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
import org.keycloak.models.SocialLinkModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.UserProvider;
|
||||
import org.keycloak.models.entities.SocialLinkEntity;
|
||||
import org.keycloak.models.mongo.keycloak.entities.MongoApplicationEntity;
|
||||
import org.keycloak.models.mongo.keycloak.entities.MongoOAuthClientEntity;
|
||||
import org.keycloak.models.mongo.keycloak.entities.MongoRealmEntity;
|
||||
import org.keycloak.models.mongo.keycloak.entities.MongoRoleEntity;
|
||||
import org.keycloak.models.mongo.keycloak.entities.MongoUserEntity;
|
||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||
*/
|
||||
public class MongoUserProvider implements UserProvider {
|
||||
|
||||
private final MongoStoreInvocationContext invocationContext;
|
||||
private final KeycloakSession session;
|
||||
private final MongoStore mongoStore;
|
||||
|
||||
public MongoUserProvider(KeycloakSession session, MongoStore mongoStore, MongoStoreInvocationContext invocationContext) {
|
||||
this.session = session;
|
||||
this.mongoStore = mongoStore;
|
||||
this.invocationContext = invocationContext;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void close() {
|
||||
// TODO
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserById(String id, RealmModel realm) {
|
||||
MongoUserEntity user = getMongoStore().loadEntity(MongoUserEntity.class, id, invocationContext);
|
||||
|
||||
// Check that it's user from this realm
|
||||
if (user == null || !realm.getId().equals(user.getRealmId())) {
|
||||
return null;
|
||||
} else {
|
||||
return new UserAdapter(session, realm, user, invocationContext);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserByUsername(String username, RealmModel realm) {
|
||||
DBObject query = new QueryBuilder()
|
||||
.and("username").is(username)
|
||||
.and("realmId").is(realm.getId())
|
||||
.get();
|
||||
MongoUserEntity user = getMongoStore().loadSingleEntity(MongoUserEntity.class, query, invocationContext);
|
||||
|
||||
if (user == null) {
|
||||
return null;
|
||||
} else {
|
||||
return new UserAdapter(session, realm, user, invocationContext);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserByEmail(String email, RealmModel realm) {
|
||||
DBObject query = new QueryBuilder()
|
||||
.and("email").is(email)
|
||||
.and("realmId").is(realm.getId())
|
||||
.get();
|
||||
MongoUserEntity user = getMongoStore().loadSingleEntity(MongoUserEntity.class, query, invocationContext);
|
||||
|
||||
if (user == null) {
|
||||
return null;
|
||||
} else {
|
||||
return new UserAdapter(session, realm, user, invocationContext);
|
||||
}
|
||||
}
|
||||
|
||||
protected MongoStore getMongoStore() {
|
||||
return invocationContext.getMongoStore();
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserBySocialLink(SocialLinkModel socialLink, RealmModel realm) {
|
||||
DBObject query = new QueryBuilder()
|
||||
.and("socialLinks.socialProvider").is(socialLink.getSocialProvider())
|
||||
.and("socialLinks.socialUserId").is(socialLink.getSocialUserId())
|
||||
.and("realmId").is(realm.getId())
|
||||
.get();
|
||||
MongoUserEntity userEntity = getMongoStore().loadSingleEntity(MongoUserEntity.class, query, invocationContext);
|
||||
return userEntity == null ? null : new UserAdapter(session, realm, userEntity, invocationContext);
|
||||
}
|
||||
|
||||
protected List<UserModel> convertUserEntities(RealmModel realm, List<MongoUserEntity> userEntities) {
|
||||
List<UserModel> userModels = new ArrayList<UserModel>();
|
||||
for (MongoUserEntity user : userEntities) {
|
||||
userModels.add(new UserAdapter(session, realm, user, invocationContext));
|
||||
}
|
||||
return userModels;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public List<UserModel> getUsers(RealmModel realm) {
|
||||
DBObject query = new QueryBuilder()
|
||||
.and("realmId").is(realm.getId())
|
||||
.get();
|
||||
List<MongoUserEntity> users = getMongoStore().loadEntities(MongoUserEntity.class, query, invocationContext);
|
||||
return convertUserEntities(realm, users);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserModel> searchForUser(String search, RealmModel realm) {
|
||||
search = search.trim();
|
||||
Pattern caseInsensitivePattern = Pattern.compile("(?i:" + search + ")");
|
||||
|
||||
QueryBuilder nameBuilder;
|
||||
int spaceInd = search.lastIndexOf(" ");
|
||||
|
||||
// Case when we have search string like "ohn Bow". Then firstName must end with "ohn" AND lastName must start with "bow" (everything case-insensitive)
|
||||
if (spaceInd != -1) {
|
||||
String firstName = search.substring(0, spaceInd);
|
||||
String lastName = search.substring(spaceInd + 1);
|
||||
Pattern firstNamePattern = Pattern.compile("(?i:" + firstName + "$)");
|
||||
Pattern lastNamePattern = Pattern.compile("(?i:^" + lastName + ")");
|
||||
nameBuilder = new QueryBuilder().and(
|
||||
new QueryBuilder().put("firstName").regex(firstNamePattern).get(),
|
||||
new QueryBuilder().put("lastName").regex(lastNamePattern).get()
|
||||
);
|
||||
} else {
|
||||
// Case when we have search without spaces like "foo". The firstName OR lastName could be "foo" (everything case-insensitive)
|
||||
nameBuilder = new QueryBuilder().or(
|
||||
new QueryBuilder().put("firstName").regex(caseInsensitivePattern).get(),
|
||||
new QueryBuilder().put("lastName").regex(caseInsensitivePattern).get()
|
||||
);
|
||||
}
|
||||
|
||||
QueryBuilder builder = new QueryBuilder().and(
|
||||
new QueryBuilder().and("realmId").is(realm.getId()).get(),
|
||||
new QueryBuilder().or(
|
||||
new QueryBuilder().put("username").regex(caseInsensitivePattern).get(),
|
||||
new QueryBuilder().put("email").regex(caseInsensitivePattern).get(),
|
||||
nameBuilder.get()
|
||||
|
||||
).get()
|
||||
);
|
||||
|
||||
List<MongoUserEntity> users = getMongoStore().loadEntities(MongoUserEntity.class, builder.get(), invocationContext);
|
||||
return convertUserEntities(realm, users); }
|
||||
|
||||
@Override
|
||||
public List<UserModel> searchForUserByAttributes(Map<String, String> attributes, RealmModel realm) {
|
||||
QueryBuilder queryBuilder = new QueryBuilder()
|
||||
.and("realmId").is(realm.getId());
|
||||
|
||||
for (Map.Entry<String, String> entry : attributes.entrySet()) {
|
||||
if (entry.getKey().equals(UserModel.LOGIN_NAME)) {
|
||||
queryBuilder.and("username").regex(Pattern.compile("(?i:" + entry.getValue() + "$)"));
|
||||
} else if (entry.getKey().equalsIgnoreCase(UserModel.FIRST_NAME)) {
|
||||
queryBuilder.and(UserModel.FIRST_NAME).regex(Pattern.compile("(?i:" + entry.getValue() + "$)"));
|
||||
|
||||
} else if (entry.getKey().equalsIgnoreCase(UserModel.LAST_NAME)) {
|
||||
queryBuilder.and(UserModel.LAST_NAME).regex(Pattern.compile("(?i:" + entry.getValue() + "$)"));
|
||||
|
||||
} else if (entry.getKey().equalsIgnoreCase(UserModel.EMAIL)) {
|
||||
queryBuilder.and(UserModel.EMAIL).regex(Pattern.compile("(?i:" + entry.getValue() + "$)"));
|
||||
}
|
||||
}
|
||||
List<MongoUserEntity> users = getMongoStore().loadEntities(MongoUserEntity.class, queryBuilder.get(), invocationContext);
|
||||
return convertUserEntities(realm, users);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<SocialLinkModel> getSocialLinks(UserModel userModel, RealmModel realm) {
|
||||
UserModel user = getUserById(userModel.getId(), realm);
|
||||
MongoUserEntity userEntity = ((UserAdapter) user).getUser();
|
||||
List<SocialLinkEntity> linkEntities = userEntity.getSocialLinks();
|
||||
|
||||
if (linkEntities == null) {
|
||||
return Collections.EMPTY_SET;
|
||||
}
|
||||
|
||||
Set<SocialLinkModel> result = new HashSet<SocialLinkModel>();
|
||||
for (SocialLinkEntity socialLinkEntity : linkEntities) {
|
||||
SocialLinkModel model = new SocialLinkModel(socialLinkEntity.getSocialProvider(),
|
||||
socialLinkEntity.getSocialUserId(), socialLinkEntity.getSocialUsername());
|
||||
result.add(model);
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
private SocialLinkEntity findSocialLink(UserModel userModel, String socialProvider, RealmModel realm) {
|
||||
UserModel user = getUserById(userModel.getId(), realm);
|
||||
MongoUserEntity userEntity = ((UserAdapter) user).getUser();
|
||||
List<SocialLinkEntity> linkEntities = userEntity.getSocialLinks();
|
||||
if (linkEntities == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
for (SocialLinkEntity socialLinkEntity : linkEntities) {
|
||||
if (socialLinkEntity.getSocialProvider().equals(socialProvider)) {
|
||||
return socialLinkEntity;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public SocialLinkModel getSocialLink(UserModel user, String socialProvider, RealmModel realm) {
|
||||
SocialLinkEntity socialLinkEntity = findSocialLink(user, socialProvider, realm);
|
||||
return socialLinkEntity != null ? new SocialLinkModel(socialLinkEntity.getSocialProvider(), socialLinkEntity.getSocialUserId(), socialLinkEntity.getSocialUsername()) : null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserAdapter addUser(RealmModel realm, String id, String username, boolean addDefaultRoles) {
|
||||
UserAdapter userModel = addUserEntity(realm, id, username);
|
||||
|
||||
if (addDefaultRoles) {
|
||||
for (String r : realm.getDefaultRoles()) {
|
||||
userModel.grantRole(realm.getRole(r));
|
||||
}
|
||||
|
||||
for (ApplicationModel application : realm.getApplications()) {
|
||||
for (String r : application.getDefaultRoles()) {
|
||||
userModel.grantRole(application.getRole(r));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return userModel;
|
||||
}
|
||||
|
||||
protected UserAdapter addUserEntity(RealmModel realm, String id, String username) {
|
||||
MongoUserEntity userEntity = new MongoUserEntity();
|
||||
userEntity.setId(id);
|
||||
userEntity.setUsername(username);
|
||||
// Compatibility with JPA model, which has user disabled by default
|
||||
// userEntity.setEnabled(true);
|
||||
userEntity.setRealmId(realm.getId());
|
||||
|
||||
getMongoStore().insertEntity(userEntity, invocationContext);
|
||||
return new UserAdapter(session, realm, userEntity, invocationContext);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean removeUser(RealmModel realm, String name) {
|
||||
DBObject query = new QueryBuilder()
|
||||
.and("username").is(name)
|
||||
.and("realmId").is(realm.getId())
|
||||
.get();
|
||||
return getMongoStore().removeEntities(MongoUserEntity.class, query, invocationContext);
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public void addSocialLink(RealmModel realm, UserModel user, SocialLinkModel socialLink) {
|
||||
MongoUserEntity userEntity = ((UserAdapter) user).getUser();
|
||||
SocialLinkEntity socialLinkEntity = new SocialLinkEntity();
|
||||
socialLinkEntity.setSocialProvider(socialLink.getSocialProvider());
|
||||
socialLinkEntity.setSocialUserId(socialLink.getSocialUserId());
|
||||
socialLinkEntity.setSocialUsername(socialLink.getSocialUsername());
|
||||
|
||||
getMongoStore().pushItemToList(userEntity, "socialLinks", socialLinkEntity, true, invocationContext);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean removeSocialLink(RealmModel realm, UserModel userModel, String socialProvider) {
|
||||
UserModel user = getUserById(userModel.getId(), realm);
|
||||
MongoUserEntity userEntity = ((UserAdapter) user).getUser();
|
||||
SocialLinkEntity socialLinkEntity = findSocialLink(userEntity, socialProvider);
|
||||
if (socialLinkEntity == null) {
|
||||
return false;
|
||||
}
|
||||
return getMongoStore().pullItemFromList(userEntity, "socialLinks", socialLinkEntity, invocationContext);
|
||||
}
|
||||
|
||||
private SocialLinkEntity findSocialLink(MongoUserEntity userEntity, String socialProvider) {
|
||||
List<SocialLinkEntity> linkEntities = userEntity.getSocialLinks();
|
||||
if (linkEntities == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
for (SocialLinkEntity socialLinkEntity : linkEntities) {
|
||||
if (socialLinkEntity.getSocialProvider().equals(socialProvider)) {
|
||||
return socialLinkEntity;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel addUser(RealmModel realm, String username) {
|
||||
return this.addUser(realm, null, username, true);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void preRemove(RealmModel realm) {
|
||||
// todo not sure what to do for this
|
||||
}
|
||||
|
||||
@Override
|
||||
public void preRemove(RoleModel role) {
|
||||
// todo not sure what to do for this
|
||||
}
|
||||
}
|
|
@ -0,0 +1,40 @@
|
|||
package org.keycloak.models.mongo.keycloak.adapters;
|
||||
|
||||
import org.jboss.logging.Logger;
|
||||
import org.keycloak.Config;
|
||||
import org.keycloak.connections.mongo.MongoConnectionProvider;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.ModelProvider;
|
||||
import org.keycloak.models.ModelProviderFactory;
|
||||
import org.keycloak.models.UserProvider;
|
||||
import org.keycloak.models.UserProviderFactory;
|
||||
|
||||
/**
|
||||
* KeycloakSessionFactory implementation based on MongoDB
|
||||
*
|
||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||
*/
|
||||
public class MongoUserProviderFactory implements UserProviderFactory {
|
||||
protected static final Logger logger = Logger.getLogger(MongoUserProviderFactory.class);
|
||||
|
||||
@Override
|
||||
public String getId() {
|
||||
return "mongo";
|
||||
}
|
||||
|
||||
@Override
|
||||
public void init(Config.Scope config) {
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserProvider create(KeycloakSession session) {
|
||||
MongoConnectionProvider connection = session.getProvider(MongoConnectionProvider.class);
|
||||
return new MongoUserProvider(session, connection.getMongoStore(), connection.getInvocationContext());
|
||||
}
|
||||
|
||||
@Override
|
||||
public void close() {
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -438,66 +438,6 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
|
|||
updateRealm();
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUser(String name) {
|
||||
return model.getUserByUsername(name, this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserByEmail(String email) {
|
||||
return model.getUserByEmail(email, this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserModel getUserById(String id) {
|
||||
return model.getUserById(id, this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserAdapter addUser(String username) {
|
||||
return this.addUser(null, username, true);
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserAdapter addUser(String id, String username, boolean addDefaultRoles) {
|
||||
UserAdapter userModel = addUserEntity(id, username);
|
||||
|
||||
if (addDefaultRoles) {
|
||||
for (String r : getDefaultRoles()) {
|
||||
userModel.grantRole(getRole(r));
|
||||
}
|
||||
|
||||
for (ApplicationModel application : getApplications()) {
|
||||
for (String r : application.getDefaultRoles()) {
|
||||
userModel.grantRole(application.getRole(r));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return userModel;
|
||||
}
|
||||
|
||||
protected UserAdapter addUserEntity(String id, String username) {
|
||||
MongoUserEntity userEntity = new MongoUserEntity();
|
||||
userEntity.setId(id);
|
||||
userEntity.setUsername(username);
|
||||
// Compatibility with JPA model, which has user disabled by default
|
||||
// userEntity.setEnabled(true);
|
||||
userEntity.setRealmId(getId());
|
||||
|
||||
getMongoStore().insertEntity(userEntity, invocationContext);
|
||||
return new UserAdapter(session, this, userEntity, invocationContext);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean removeUser(String name) {
|
||||
DBObject query = new QueryBuilder()
|
||||
.and("username").is(name)
|
||||
.and("realmId").is(getId())
|
||||
.get();
|
||||
return getMongoStore().removeEntities(MongoUserEntity.class, query, invocationContext);
|
||||
}
|
||||
|
||||
@Override
|
||||
public RoleAdapter getRole(String name) {
|
||||
DBObject query = new QueryBuilder()
|
||||
|
@ -536,6 +476,9 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
|
|||
|
||||
@Override
|
||||
public boolean removeRoleById(String id) {
|
||||
RoleModel role = getRoleById(id);
|
||||
if (role == null) return false;
|
||||
session.users().preRemove(role);
|
||||
return getMongoStore().removeEntity(MongoRoleEntity.class, id, invocationContext);
|
||||
}
|
||||
|
||||
|
@ -799,60 +742,6 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
|
|||
return false;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
@Override
|
||||
public UserModel getUserBySocialLink(SocialLinkModel socialLink) {
|
||||
return model.getUserBySocialLink(socialLink, this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<SocialLinkModel> getSocialLinks(UserModel user) {
|
||||
return model.getSocialLinks(user, this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public SocialLinkModel getSocialLink(UserModel user, String socialProvider) {
|
||||
return model.getSocialLink(user, socialProvider, this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addSocialLink(UserModel user, SocialLinkModel socialLink) {
|
||||
MongoUserEntity userEntity = ((UserAdapter) user).getUser();
|
||||
SocialLinkEntity socialLinkEntity = new SocialLinkEntity();
|
||||
socialLinkEntity.setSocialProvider(socialLink.getSocialProvider());
|
||||
socialLinkEntity.setSocialUserId(socialLink.getSocialUserId());
|
||||
socialLinkEntity.setSocialUsername(socialLink.getSocialUsername());
|
||||
|
||||
getMongoStore().pushItemToList(userEntity, "socialLinks", socialLinkEntity, true, invocationContext);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean removeSocialLink(UserModel userModel, String socialProvider) {
|
||||
UserModel user = getUserById(userModel.getId());
|
||||
MongoUserEntity userEntity = ((UserAdapter) user).getUser();
|
||||
SocialLinkEntity socialLinkEntity = findSocialLink(userEntity, socialProvider);
|
||||
if (socialLinkEntity == null) {
|
||||
return false;
|
||||
}
|
||||
return getMongoStore().pullItemFromList(userEntity, "socialLinks", socialLinkEntity, invocationContext);
|
||||
}
|
||||
|
||||
private SocialLinkEntity findSocialLink(MongoUserEntity userEntity, String socialProvider) {
|
||||
List<SocialLinkEntity> linkEntities = userEntity.getSocialLinks();
|
||||
if (linkEntities == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
for (SocialLinkEntity socialLinkEntity : linkEntities) {
|
||||
if (socialLinkEntity.getSocialProvider().equals(socialProvider)) {
|
||||
return socialLinkEntity;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
protected void updateRealm() {
|
||||
super.updateMongoEntity();
|
||||
}
|
||||
|
@ -865,23 +754,6 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
|
|||
return model;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserModel> getUsers() {
|
||||
return model.getUsers(this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserModel> searchForUser(String search) {
|
||||
return model.searchForUser(search, this);
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserModel> searchForUserByAttributes(Map<String, String> attributes) {
|
||||
return model.searchForUserByAttributes(attributes, this);
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public Map<String, String> getSmtpConfig() {
|
||||
return realm.getSmtpConfig();
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
org.keycloak.models.mongo.keycloak.adapters.MongoUserProviderFactory
|
|
@ -45,7 +45,7 @@ public class UserSessionAdapter implements UserSessionModel {
|
|||
|
||||
@Override
|
||||
public UserModel getUser() {
|
||||
return realm.getUserById(entity.getUserId());
|
||||
return session.users().getUserById(entity.getUserId(), realm);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
2
model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/UserSessionAdapter.java
Normal file → Executable file
2
model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/UserSessionAdapter.java
Normal file → Executable file
|
@ -36,7 +36,7 @@ public class UserSessionAdapter implements UserSessionModel {
|
|||
}
|
||||
|
||||
public UserModel getUser() {
|
||||
return realm.getUserById(entity.getUser());
|
||||
return session.users().getUserById(entity.getUser(), realm);
|
||||
}
|
||||
|
||||
public void setUser(UserModel user) {
|
||||
|
|
10
model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/MongoUserSessionProvider.java
Normal file → Executable file
10
model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/MongoUserSessionProvider.java
Normal file → Executable file
|
@ -47,7 +47,7 @@ public class MongoUserSessionProvider implements UserSessionProvider {
|
|||
entity.setLastSessionRefresh(currentTime);
|
||||
|
||||
mongoStore.insertEntity(entity, invocationContext);
|
||||
return new UserSessionAdapter(entity, realm, invocationContext);
|
||||
return new UserSessionAdapter(session, entity, realm, invocationContext);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -56,7 +56,7 @@ public class MongoUserSessionProvider implements UserSessionProvider {
|
|||
if (entity == null) {
|
||||
return null;
|
||||
} else {
|
||||
return new UserSessionAdapter(entity, realm, invocationContext);
|
||||
return new UserSessionAdapter(session, entity, realm, invocationContext);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -65,7 +65,7 @@ public class MongoUserSessionProvider implements UserSessionProvider {
|
|||
DBObject query = new BasicDBObject("user", user.getId());
|
||||
List<UserSessionModel> sessions = new LinkedList<UserSessionModel>();
|
||||
for (MongoUserSessionEntity e : mongoStore.loadEntities(MongoUserSessionEntity.class, query, invocationContext)) {
|
||||
sessions.add(new UserSessionAdapter(e, realm, invocationContext));
|
||||
sessions.add(new UserSessionAdapter(session, e, realm, invocationContext));
|
||||
}
|
||||
return sessions;
|
||||
}
|
||||
|
@ -79,7 +79,7 @@ public class MongoUserSessionProvider implements UserSessionProvider {
|
|||
|
||||
List<UserSessionModel> result = new LinkedList<UserSessionModel>();
|
||||
for (MongoUserSessionEntity session : sessions) {
|
||||
result.add(new UserSessionAdapter(session, realm, invocationContext));
|
||||
result.add(new UserSessionAdapter(this.session, session, realm, invocationContext));
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
@ -93,7 +93,7 @@ public class MongoUserSessionProvider implements UserSessionProvider {
|
|||
List<MongoUserSessionEntity> sessions = mongoStore.loadEntities(MongoUserSessionEntity.class, query, sort, invocationContext, firstResult, maxResults);
|
||||
List<UserSessionModel> result = new LinkedList<UserSessionModel>();
|
||||
for (MongoUserSessionEntity session : sessions) {
|
||||
result.add(new UserSessionAdapter(session, realm, invocationContext));
|
||||
result.add(new UserSessionAdapter(this.session, session, realm, invocationContext));
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
|
|
@ -3,6 +3,7 @@ package org.keycloak.models.sessions.mongo;
|
|||
import org.jboss.logging.Logger;
|
||||
import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.UserSessionModel;
|
||||
|
@ -20,12 +21,14 @@ public class UserSessionAdapter extends AbstractMongoAdapter<MongoUserSessionEnt
|
|||
|
||||
private MongoUserSessionEntity entity;
|
||||
private RealmModel realm;
|
||||
private KeycloakSession keycloakSession;
|
||||
|
||||
public UserSessionAdapter(MongoUserSessionEntity entity, RealmModel realm, MongoStoreInvocationContext invContext)
|
||||
public UserSessionAdapter(KeycloakSession keycloakSession, MongoUserSessionEntity entity, RealmModel realm, MongoStoreInvocationContext invContext)
|
||||
{
|
||||
super(invContext);
|
||||
this.entity = entity;
|
||||
this.realm = realm;
|
||||
this.keycloakSession = keycloakSession;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -46,7 +49,7 @@ public class UserSessionAdapter extends AbstractMongoAdapter<MongoUserSessionEnt
|
|||
|
||||
@Override
|
||||
public UserModel getUser() {
|
||||
return realm.getUserById(entity.getUser());
|
||||
return keycloakSession.users().getUserById(entity.getUser(), realm);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -132,7 +132,7 @@ public class AdapterTest extends AbstractModelTest {
|
|||
@Test
|
||||
public void testCredentialValidation() throws Exception {
|
||||
test1CreateRealm();
|
||||
UserModel user = realmModel.addUser("bburke");
|
||||
UserModel user = realmManager.getSession().users().addUser(realmModel, "bburke");
|
||||
UserCredentialModel cred = new UserCredentialModel();
|
||||
cred.setType(CredentialRepresentation.PASSWORD);
|
||||
cred.setValue("geheim");
|
||||
|
@ -159,7 +159,7 @@ public class AdapterTest extends AbstractModelTest {
|
|||
public void testDeleteUser() throws Exception {
|
||||
test1CreateRealm();
|
||||
|
||||
UserModel user = realmModel.addUser("bburke");
|
||||
UserModel user = realmManager.getSession().users().addUser(realmModel, "bburke");
|
||||
user.setAttribute("attr1", "val1");
|
||||
user.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
|
||||
|
||||
|
@ -171,7 +171,7 @@ public class AdapterTest extends AbstractModelTest {
|
|||
user.grantRole(appRole);
|
||||
|
||||
SocialLinkModel socialLink = new SocialLinkModel("google", "google1", user.getUsername());
|
||||
realmModel.addSocialLink(user, socialLink);
|
||||
realmManager.getSession().users().addSocialLink(realmModel, user, socialLink);
|
||||
|
||||
UserCredentialModel cred = new UserCredentialModel();
|
||||
cred.setType(CredentialRepresentation.PASSWORD);
|
||||
|
@ -181,16 +181,16 @@ public class AdapterTest extends AbstractModelTest {
|
|||
commit();
|
||||
|
||||
realmModel = model.getRealm("JUGGLER");
|
||||
Assert.assertTrue(realmModel.removeUser("bburke"));
|
||||
Assert.assertFalse(realmModel.removeUser("bburke"));
|
||||
assertNull(realmModel.getUser("bburke"));
|
||||
Assert.assertTrue(realmManager.getSession().users().removeUser(realmModel, "bburke"));
|
||||
Assert.assertFalse(realmManager.getSession().users().removeUser(realmModel, "bburke"));
|
||||
assertNull(realmManager.getSession().users().getUserByUsername("bburke", realmModel));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testRemoveApplication() throws Exception {
|
||||
test1CreateRealm();
|
||||
|
||||
UserModel user = realmModel.addUser("bburke");
|
||||
UserModel user = realmManager.getSession().users().addUser(realmModel, "bburke");
|
||||
|
||||
OAuthClientModel client = realmModel.addOAuthClient("client");
|
||||
|
||||
|
@ -213,7 +213,7 @@ public class AdapterTest extends AbstractModelTest {
|
|||
public void testRemoveRealm() throws Exception {
|
||||
test1CreateRealm();
|
||||
|
||||
UserModel user = realmModel.addUser("bburke");
|
||||
UserModel user = realmManager.getSession().users().addUser(realmModel, "bburke");
|
||||
|
||||
UserCredentialModel cred = new UserCredentialModel();
|
||||
cred.setType(CredentialRepresentation.PASSWORD);
|
||||
|
@ -248,7 +248,7 @@ public class AdapterTest extends AbstractModelTest {
|
|||
public void testRemoveRole() throws Exception {
|
||||
test1CreateRealm();
|
||||
|
||||
UserModel user = realmModel.addUser("bburke");
|
||||
UserModel user = realmManager.getSession().users().addUser(realmModel, "bburke");
|
||||
|
||||
OAuthClientModel client = realmModel.addOAuthClient("client");
|
||||
|
||||
|
@ -278,17 +278,17 @@ public class AdapterTest extends AbstractModelTest {
|
|||
public void testUserSearch() throws Exception {
|
||||
test1CreateRealm();
|
||||
{
|
||||
UserModel user = realmModel.addUser("bburke");
|
||||
UserModel user = realmManager.getSession().users().addUser(realmModel, "bburke");
|
||||
user.setLastName("Burke");
|
||||
user.setFirstName("Bill");
|
||||
user.setEmail("bburke@redhat.com");
|
||||
|
||||
UserModel user2 = realmModel.addUser("doublefirst");
|
||||
UserModel user2 = realmManager.getSession().users().addUser(realmModel, "doublefirst");
|
||||
user2.setFirstName("Knut Ole");
|
||||
user2.setLastName("Alver");
|
||||
user2.setEmail("knut@redhat.com");
|
||||
|
||||
UserModel user3 = realmModel.addUser("doublelast");
|
||||
UserModel user3 = realmManager.getSession().users().addUser(realmModel, "doublelast");
|
||||
user3.setFirstName("Ole");
|
||||
user3.setLastName("Alver Veland");
|
||||
user3.setEmail("knut2@redhat.com");
|
||||
|
@ -375,14 +375,14 @@ public class AdapterTest extends AbstractModelTest {
|
|||
}
|
||||
|
||||
{
|
||||
UserModel user = realmModel.addUser("mburke");
|
||||
UserModel user = realmManager.getSession().users().addUser(realmModel, "mburke");
|
||||
user.setLastName("Burke");
|
||||
user.setFirstName("Monica");
|
||||
user.setEmail("mburke@redhat.com");
|
||||
}
|
||||
|
||||
{
|
||||
UserModel user = realmModel.addUser("thor");
|
||||
UserModel user = realmManager.getSession().users().addUser(realmModel, "thor");
|
||||
user.setLastName("Thorgersen");
|
||||
user.setFirstName("Stian");
|
||||
user.setEmail("thor@redhat.com");
|
||||
|
@ -430,10 +430,10 @@ public class AdapterTest extends AbstractModelTest {
|
|||
}
|
||||
|
||||
RealmModel otherRealm = adapter.createRealm("other");
|
||||
otherRealm.addUser("bburke");
|
||||
realmManager.getSession().users().addUser(otherRealm, "bburke");
|
||||
|
||||
Assert.assertEquals(1, otherRealm.getUsers().size());
|
||||
Assert.assertEquals(1, otherRealm.searchForUser("bu").size());
|
||||
Assert.assertEquals(1, realmManager.getSession().users().getUsers(otherRealm).size());
|
||||
Assert.assertEquals(1, realmManager.getSession().users().searchForUser("bu", otherRealm).size());
|
||||
}
|
||||
|
||||
|
||||
|
@ -444,7 +444,7 @@ public class AdapterTest extends AbstractModelTest {
|
|||
realmModel.addRole("user");
|
||||
Set<RoleModel> roles = realmModel.getRoles();
|
||||
Assert.assertEquals(3, roles.size());
|
||||
UserModel user = realmModel.addUser("bburke");
|
||||
UserModel user = realmManager.getSession().users().addUser(realmModel, "bburke");
|
||||
RoleModel realmUserRole = realmModel.getRole("user");
|
||||
user.grantRole(realmUserRole);
|
||||
Assert.assertTrue(user.hasRole(realmUserRole));
|
||||
|
@ -618,13 +618,16 @@ public class AdapterTest extends AbstractModelTest {
|
|||
|
||||
@Test
|
||||
public void testUsernameCollisions() throws Exception {
|
||||
realmManager.createRealm("JUGGLER1").addUser("user1");
|
||||
realmManager.createRealm("JUGGLER2").addUser("user1");
|
||||
RealmModel juggler1 = realmManager.createRealm("JUGGLER1");
|
||||
realmManager.getSession().users().addUser(juggler1, "user1");
|
||||
RealmModel juggler2 = realmManager.createRealm("JUGGLER2");
|
||||
realmManager.getSession().users().addUser(juggler2, "user1");
|
||||
commit();
|
||||
|
||||
// Try to create user with duplicate login name
|
||||
try {
|
||||
realmManager.getRealmByName("JUGGLER1").addUser("user1");
|
||||
juggler1 = realmManager.getRealmByName("JUGGLER1");
|
||||
realmManager.getSession().users().addUser(juggler1, "user1");
|
||||
commit();
|
||||
Assert.fail("Expected exception");
|
||||
} catch (ModelDuplicateException e) {
|
||||
|
@ -632,10 +635,12 @@ public class AdapterTest extends AbstractModelTest {
|
|||
commit(true);
|
||||
|
||||
// Ty to rename user to duplicate login name
|
||||
realmManager.getRealmByName("JUGGLER1").addUser("user2");
|
||||
juggler1 = realmManager.getRealmByName("JUGGLER1");
|
||||
realmManager.getSession().users().addUser(juggler1, "user2");
|
||||
commit();
|
||||
try {
|
||||
realmManager.getRealmByName("JUGGLER1").getUser("user2").setUsername("user1");
|
||||
juggler1 = realmManager.getRealmByName("JUGGLER1");
|
||||
realmManager.getSession().users().getUserByUsername("user2", juggler1).setUsername("user1");
|
||||
commit();
|
||||
Assert.fail("Expected exception");
|
||||
} catch (ModelDuplicateException e) {
|
||||
|
@ -646,13 +651,16 @@ public class AdapterTest extends AbstractModelTest {
|
|||
|
||||
@Test
|
||||
public void testEmailCollisions() throws Exception {
|
||||
realmManager.createRealm("JUGGLER1").addUser("user1").setEmail("email@example.com");
|
||||
realmManager.createRealm("JUGGLER2").addUser("user1").setEmail("email@example.com");
|
||||
RealmModel juggler1 = realmManager.createRealm("JUGGLER1");
|
||||
realmManager.getSession().users().addUser(juggler1, "user1").setEmail("email@example.com");
|
||||
RealmModel juggler2 = realmManager.createRealm("JUGGLER2");
|
||||
realmManager.getSession().users().addUser(juggler2, "user1").setEmail("email@example.com");
|
||||
commit();
|
||||
|
||||
// Try to create user with duplicate email
|
||||
juggler1 = realmManager.getRealmByName("JUGGLER1");
|
||||
try {
|
||||
realmManager.getRealmByName("JUGGLER1").addUser("user2").setEmail("email@example.com");
|
||||
realmManager.getSession().users().addUser(juggler1, "user2").setEmail("email@example.com");
|
||||
commit();
|
||||
Assert.fail("Expected exception");
|
||||
} catch (ModelDuplicateException e) {
|
||||
|
@ -661,10 +669,12 @@ public class AdapterTest extends AbstractModelTest {
|
|||
resetSession();
|
||||
|
||||
// Ty to rename user to duplicate email
|
||||
realmManager.getRealmByName("JUGGLER1").addUser("user3").setEmail("email2@example.com");
|
||||
juggler1 = realmManager.getRealmByName("JUGGLER1");
|
||||
realmManager.getSession().users().addUser(juggler1, "user3").setEmail("email2@example.com");
|
||||
commit();
|
||||
try {
|
||||
realmManager.getRealmByName("JUGGLER1").getUser("user3").setEmail("email@example.com");
|
||||
juggler1 = realmManager.getRealmByName("JUGGLER1");
|
||||
realmManager.getSession().users().getUserByUsername("user3", juggler1).setEmail("email@example.com");
|
||||
commit();
|
||||
Assert.fail("Expected exception");
|
||||
} catch (ModelDuplicateException e) {
|
||||
|
|
|
@ -54,7 +54,7 @@ public class AuthProvidersExternalModelTest extends AbstractModelTest {
|
|||
realm1.setAuthenticationProviders(Arrays.asList(AuthenticationProviderModel.DEFAULT_PROVIDER));
|
||||
realm2.setAuthenticationProviders(Arrays.asList(AuthenticationProviderModel.DEFAULT_PROVIDER));
|
||||
|
||||
UserModel john = realm1.addUser("john");
|
||||
UserModel john = realmManager.getSession().users().addUser(realm1, "john");
|
||||
john.setEnabled(true);
|
||||
john.setFirstName("John");
|
||||
john.setLastName("Doe");
|
||||
|
@ -78,7 +78,7 @@ public class AuthProvidersExternalModelTest extends AbstractModelTest {
|
|||
|
||||
// Verify that user doesn't exists in realm2 and can't authenticate here
|
||||
Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_USER, am.authenticateForm(session, null, realm2, formData));
|
||||
Assert.assertNull(realm2.getUser("john"));
|
||||
Assert.assertNull(realmManager.getSession().users().getUserByUsername("john", realm2));
|
||||
|
||||
// Add externalModel authenticationProvider into realm2 and point to realm1
|
||||
setupAuthenticationProviders();
|
||||
|
@ -89,7 +89,7 @@ public class AuthProvidersExternalModelTest extends AbstractModelTest {
|
|||
|
||||
// Authenticate john in realm2 and verify that now he exists here.
|
||||
Assert.assertEquals(AuthenticationManager.AuthenticationStatus.SUCCESS, am.authenticateForm(session, null, realm2, formData));
|
||||
UserModel john2 = realm2.getUser("john");
|
||||
UserModel john2 = realmManager.getSession().users().getUserByUsername("john", realm2);
|
||||
Assert.assertNotNull(john2);
|
||||
Assert.assertEquals("john", john2.getUsername());
|
||||
Assert.assertEquals("John", john2.getFirstName());
|
||||
|
@ -100,7 +100,7 @@ public class AuthProvidersExternalModelTest extends AbstractModelTest {
|
|||
AuthenticationLinkModel authLink = john2.getAuthenticationLink();
|
||||
Assert.assertNotNull(authLink);
|
||||
Assert.assertEquals(authLink.getAuthProvider(), AuthProviderConstants.PROVIDER_NAME_EXTERNAL_MODEL);
|
||||
Assert.assertEquals(authLink.getAuthUserId(), realm1.getUser("john").getId());
|
||||
Assert.assertEquals(authLink.getAuthUserId(), realmManager.getSession().users().getUserByUsername("john", realm1).getId());
|
||||
} finally {
|
||||
ResteasyProviderFactory.clearContextData();
|
||||
}
|
||||
|
@ -113,9 +113,9 @@ public class AuthProvidersExternalModelTest extends AbstractModelTest {
|
|||
setupAuthenticationProviders();
|
||||
|
||||
// Add john to realm2 and set authentication link
|
||||
UserModel john = realm2.addUser("john");
|
||||
UserModel john = realmManager.getSession().users().addUser(realm2, "john");
|
||||
john.setEnabled(true);
|
||||
john.setAuthenticationLink(new AuthenticationLinkModel(AuthProviderConstants.PROVIDER_NAME_EXTERNAL_MODEL, realm1.getUser("john").getId()));
|
||||
john.setAuthenticationLink(new AuthenticationLinkModel(AuthProviderConstants.PROVIDER_NAME_EXTERNAL_MODEL, realmManager.getSession().users().getUserByUsername("john", realm1).getId()));
|
||||
|
||||
try {
|
||||
// this is needed for externalModel provider
|
||||
|
|
|
@ -80,14 +80,14 @@ public class AuthProvidersLDAPTest extends AbstractModelTest {
|
|||
|
||||
// Verify that user doesn't exists in realm2 and can't authenticate here
|
||||
Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_USER, am.authenticateForm(session, null, realm, formData));
|
||||
Assert.assertNull(realm.getUser("johnkeycloak"));
|
||||
Assert.assertNull(session.users().getUserByUsername("johnkeycloak", realm));
|
||||
|
||||
// Add ldap authenticationProvider
|
||||
setupAuthenticationProviders();
|
||||
|
||||
// Authenticate john and verify that now he exists in realm
|
||||
Assert.assertEquals(AuthenticationManager.AuthenticationStatus.SUCCESS, am.authenticateForm(session, null, realm, formData));
|
||||
UserModel john = realm.getUser("johnkeycloak");
|
||||
UserModel john = session.users().getUserByUsername("johnkeycloak", realm);
|
||||
Assert.assertNotNull(john);
|
||||
Assert.assertEquals("johnkeycloak", john.getUsername());
|
||||
Assert.assertEquals("John", john.getFirstName());
|
||||
|
@ -103,9 +103,8 @@ public class AuthProvidersLDAPTest extends AbstractModelTest {
|
|||
@Test
|
||||
public void testLdapInvalidAuthentication() {
|
||||
setupAuthenticationProviders();
|
||||
|
||||
// Add some user and password to realm
|
||||
UserModel realmUser = realm.addUser("realmUser");
|
||||
UserModel realmUser = session.users().addUser(realm, "realmUser");
|
||||
realmUser.setEnabled(true);
|
||||
UserCredentialModel credential = new UserCredentialModel();
|
||||
credential.setType(CredentialRepresentation.PASSWORD);
|
||||
|
@ -149,7 +148,7 @@ public class AuthProvidersLDAPTest extends AbstractModelTest {
|
|||
// Change credential and validate that user can authenticate
|
||||
AuthenticationProviderManager authProviderManager = AuthenticationProviderManager.getManager(realm, session);
|
||||
|
||||
UserModel john = realm.getUser("johnkeycloak");
|
||||
UserModel john = session.users().getUserByUsername("johnkeycloak", realm);
|
||||
try {
|
||||
Assert.assertTrue(authProviderManager.updatePassword(john, "password-updated"));
|
||||
} catch (AuthenticationProviderException ape) {
|
||||
|
|
|
@ -168,7 +168,7 @@ public class AuthenticationManagerTest extends AbstractModelTest {
|
|||
protector.start();
|
||||
am = new AuthenticationManager(protector);
|
||||
|
||||
user = realm.addUser("test");
|
||||
user = realmManager.getSession().users().addUser(realm, "test");
|
||||
user.setEnabled(true);
|
||||
|
||||
UserCredentialModel credential = new UserCredentialModel();
|
||||
|
|
|
@ -57,7 +57,7 @@ public class CompositeRolesModelTest extends AbstractModelTest {
|
|||
Set<RoleModel> requestedRoles = new HashSet<RoleModel>();
|
||||
|
||||
RealmModel realm = realmManager.getRealm("Test");
|
||||
UserModel user = realm.getUser(username);
|
||||
UserModel user = realmManager.getSession().users().getUserByUsername(username, realm);
|
||||
ApplicationModel application = realm.getApplicationByName(applicationName);
|
||||
|
||||
Set<RoleModel> roleMappings = user.getRoleMappings();
|
||||
|
|
|
@ -10,6 +10,7 @@ import org.keycloak.models.AuthenticationLinkModel;
|
|||
import org.keycloak.models.AuthenticationProviderModel;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RequiredCredentialModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
|
@ -50,7 +51,7 @@ public class ImportTest extends AbstractModelTest {
|
|||
commit();
|
||||
|
||||
realm = realmManager.getRealm("demo");
|
||||
assertDataImportedInRealm(realm);
|
||||
assertDataImportedInRealm(realmManager.getSession(), realm);
|
||||
|
||||
commit();
|
||||
|
||||
|
@ -59,7 +60,7 @@ public class ImportTest extends AbstractModelTest {
|
|||
}
|
||||
|
||||
// Moved to static method, so it's possible to test this from other places too (for example export-import tests)
|
||||
public static void assertDataImportedInRealm(RealmModel realm) {
|
||||
public static void assertDataImportedInRealm(KeycloakSession session, RealmModel realm) {
|
||||
Assert.assertTrue(realm.isVerifyEmail());
|
||||
|
||||
Assert.assertFalse(realm.isUpdateProfileOnInitialSocialLogin());
|
||||
|
@ -72,9 +73,9 @@ public class ImportTest extends AbstractModelTest {
|
|||
Assert.assertNotNull(realm.getRole("foo"));
|
||||
Assert.assertNotNull(realm.getRole("bar"));
|
||||
|
||||
UserModel user = realm.getUser("loginclient");
|
||||
UserModel user = session.users().getUserByUsername("loginclient", realm);
|
||||
Assert.assertNotNull(user);
|
||||
Assert.assertEquals(0, realm.getSocialLinks(user).size());
|
||||
Assert.assertEquals(0, session.users().getSocialLinks(user, realm).size());
|
||||
|
||||
List<ApplicationModel> resources = realm.getApplications();
|
||||
for (ApplicationModel app : resources) {
|
||||
|
@ -103,14 +104,14 @@ public class ImportTest extends AbstractModelTest {
|
|||
|
||||
|
||||
// Test role mappings
|
||||
UserModel admin = realm.getUser("admin");
|
||||
UserModel admin = session.users().getUserByUsername("admin", realm);
|
||||
Set<RoleModel> allRoles = admin.getRoleMappings();
|
||||
Assert.assertEquals(3, allRoles.size());
|
||||
Assert.assertTrue(allRoles.contains(realm.getRole("admin")));
|
||||
Assert.assertTrue(allRoles.contains(application.getRole("app-admin")));
|
||||
Assert.assertTrue(allRoles.contains(otherApp.getRole("otherapp-admin")));
|
||||
|
||||
UserModel wburke = realm.getUser("wburke");
|
||||
UserModel wburke = session.users().getUserByUsername("wburke", realm);
|
||||
allRoles = wburke.getRoleMappings();
|
||||
Assert.assertEquals(2, allRoles.size());
|
||||
Assert.assertFalse(allRoles.contains(realm.getRole("admin")));
|
||||
|
@ -147,8 +148,8 @@ public class ImportTest extends AbstractModelTest {
|
|||
|
||||
|
||||
// Test social linking
|
||||
UserModel socialUser = realm.getUser("mySocialUser");
|
||||
Set<SocialLinkModel> socialLinks = realm.getSocialLinks(socialUser);
|
||||
UserModel socialUser = session.users().getUserByUsername("mySocialUser", realm);
|
||||
Set<SocialLinkModel> socialLinks = session.users().getSocialLinks(socialUser, realm);
|
||||
Assert.assertEquals(3, socialLinks.size());
|
||||
boolean facebookFound = false;
|
||||
boolean googleFound = false;
|
||||
|
@ -170,19 +171,19 @@ public class ImportTest extends AbstractModelTest {
|
|||
}
|
||||
Assert.assertTrue(facebookFound && twitterFound && googleFound);
|
||||
|
||||
UserModel foundSocialUser = realm.getUserBySocialLink(new SocialLinkModel("facebook", "facebook1", "fbuser1"));
|
||||
UserModel foundSocialUser = session.users().getUserBySocialLink(new SocialLinkModel("facebook", "facebook1", "fbuser1"), realm);
|
||||
Assert.assertEquals(foundSocialUser.getUsername(), socialUser.getUsername());
|
||||
Assert.assertNull(realm.getUserBySocialLink(new SocialLinkModel("facebook", "not-existing", "not-existing")));
|
||||
Assert.assertNull(session.users().getUserBySocialLink(new SocialLinkModel("facebook", "not-existing", "not-existing"), realm));
|
||||
|
||||
SocialLinkModel foundSocialLink = realm.getSocialLink(socialUser, "facebook");
|
||||
SocialLinkModel foundSocialLink = session.users().getSocialLink(socialUser, "facebook", realm);
|
||||
Assert.assertEquals("facebook1", foundSocialLink.getSocialUserId());
|
||||
Assert.assertEquals("fbuser1", foundSocialLink.getSocialUsername());
|
||||
Assert.assertEquals("facebook", foundSocialLink.getSocialProvider());
|
||||
|
||||
// Test removing social link
|
||||
Assert.assertTrue(realm.removeSocialLink(socialUser, "facebook"));
|
||||
Assert.assertNull(realm.getSocialLink(socialUser, "facebook"));
|
||||
Assert.assertFalse(realm.removeSocialLink(socialUser, "facebook"));
|
||||
Assert.assertTrue(session.users().removeSocialLink(realm, socialUser, "facebook"));
|
||||
Assert.assertNull(session.users().getSocialLink(socialUser, "facebook", realm));
|
||||
Assert.assertFalse(session.users().removeSocialLink(realm, socialUser, "facebook"));
|
||||
|
||||
// Test smtp config
|
||||
Map<String, String> smtpConfig = realm.getSmtpConfig();
|
||||
|
|
|
@ -31,8 +31,8 @@ public class MultipleRealmsTest extends AbstractModelTest {
|
|||
|
||||
@Test
|
||||
public void testUsers() {
|
||||
UserModel r1user1 = realm1.getUser("user1");
|
||||
UserModel r2user1 = realm2.getUser("user1");
|
||||
UserModel r1user1 = realmManager.getSession().users().getUserByUsername("user1", realm1);
|
||||
UserModel r2user1 = realmManager.getSession().users().getUserByUsername("user1", realm2);
|
||||
Assert.assertEquals(r1user1.getUsername(), r2user1.getUsername());
|
||||
Assert.assertNotEquals(r1user1.getId(), r2user1.getId());
|
||||
|
||||
|
@ -46,16 +46,16 @@ public class MultipleRealmsTest extends AbstractModelTest {
|
|||
Assert.assertTrue(realm2.validatePassword(r2user1, "pass2"));
|
||||
|
||||
// Test searching
|
||||
Assert.assertEquals(2, realm1.searchForUser("user").size());
|
||||
Assert.assertEquals(2, realmManager.getSession().users().searchForUser("user", realm1).size());
|
||||
|
||||
commit();
|
||||
realm1 = model.getRealm("id1");
|
||||
realm2 = model.getRealm("id2");
|
||||
|
||||
realm1.removeUser("user1");
|
||||
realm1.removeUser("user2");
|
||||
Assert.assertEquals(0, realm1.searchForUser("user").size());
|
||||
Assert.assertEquals(2, realm2.searchForUser("user").size());
|
||||
realmManager.getSession().users().removeUser(realm1, "user1");
|
||||
realmManager.getSession().users().removeUser(realm1, "user2");
|
||||
Assert.assertEquals(0, realmManager.getSession().users().searchForUser("user", realm1).size());
|
||||
Assert.assertEquals(2, realmManager.getSession().users().searchForUser("user", realm2).size());
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -90,8 +90,8 @@ public class MultipleRealmsTest extends AbstractModelTest {
|
|||
ApplicationModel app1 = realm.addApplication("app1");
|
||||
realm.addApplication("app2");
|
||||
|
||||
realm.addUser("user1");
|
||||
realm.addUser("user2");
|
||||
realmManager.getSession().users().addUser(realm, "user1");
|
||||
realmManager.getSession().users().addUser(realm, "user2");
|
||||
|
||||
realm.addRole("role1");
|
||||
realm.addRole("role2");
|
||||
|
|
|
@ -4,6 +4,7 @@ import org.junit.Assert;
|
|||
import org.junit.Test;
|
||||
import org.keycloak.models.ApplicationModel;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.UserModel.RequiredAction;
|
||||
|
@ -16,7 +17,8 @@ public class UserModelTest extends AbstractModelTest {
|
|||
@Test
|
||||
public void persistUser() {
|
||||
RealmModel realm = realmManager.createRealm("original");
|
||||
UserModel user = realm.addUser("user");
|
||||
KeycloakSession session = realmManager.getSession();
|
||||
UserModel user = session.users().addUser(realm, "user");
|
||||
user.setFirstName("first-name");
|
||||
user.setLastName("last-name");
|
||||
user.setEmail("email");
|
||||
|
@ -24,11 +26,13 @@ public class UserModelTest extends AbstractModelTest {
|
|||
user.addRequiredAction(RequiredAction.CONFIGURE_TOTP);
|
||||
user.addRequiredAction(RequiredAction.UPDATE_PASSWORD);
|
||||
|
||||
UserModel persisted = realmManager.getRealm(realm.getId()).getUser("user");
|
||||
RealmModel searchRealm = realmManager.getRealm(realm.getId());
|
||||
UserModel persisted = session.users().getUserByUsername("user", searchRealm);
|
||||
|
||||
assertEquals(user, persisted);
|
||||
|
||||
UserModel persisted2 = realmManager.getRealm(realm.getId()).getUserById(user.getId());
|
||||
searchRealm = realmManager.getRealm(realm.getId());
|
||||
UserModel persisted2 = session.users().getUserById(user.getId(), searchRealm);
|
||||
assertEquals(user, persisted2);
|
||||
}
|
||||
|
||||
|
@ -72,7 +76,8 @@ public class UserModelTest extends AbstractModelTest {
|
|||
@Test
|
||||
public void testUserRequiredActions() throws Exception {
|
||||
RealmModel realm = realmManager.createRealm("original");
|
||||
UserModel user = realm.addUser("user");
|
||||
KeycloakSession session = realmManager.getSession();
|
||||
UserModel user = session.users().addUser(realm, "user");
|
||||
|
||||
Assert.assertTrue(user.getRequiredActions().isEmpty());
|
||||
|
||||
|
@ -80,32 +85,32 @@ public class UserModelTest extends AbstractModelTest {
|
|||
String id = realm.getId();
|
||||
commit();
|
||||
realm = realmManager.getRealm(id);
|
||||
user = realm.getUser("user");
|
||||
user = session.users().getUserByUsername("user", realm);
|
||||
|
||||
Assert.assertEquals(1, user.getRequiredActions().size());
|
||||
Assert.assertTrue(user.getRequiredActions().contains(RequiredAction.CONFIGURE_TOTP));
|
||||
|
||||
user.addRequiredAction(UserModel.RequiredAction.CONFIGURE_TOTP);
|
||||
user = realm.getUser("user");
|
||||
user = session.users().getUserByUsername("user", realm);
|
||||
|
||||
Assert.assertEquals(1, user.getRequiredActions().size());
|
||||
Assert.assertTrue(user.getRequiredActions().contains(RequiredAction.CONFIGURE_TOTP));
|
||||
|
||||
user.addRequiredAction(UserModel.RequiredAction.VERIFY_EMAIL);
|
||||
user = realm.getUser("user");
|
||||
user = session.users().getUserByUsername("user", realm);
|
||||
|
||||
Assert.assertEquals(2, user.getRequiredActions().size());
|
||||
Assert.assertTrue(user.getRequiredActions().contains(RequiredAction.CONFIGURE_TOTP));
|
||||
Assert.assertTrue(user.getRequiredActions().contains(RequiredAction.VERIFY_EMAIL));
|
||||
|
||||
user.removeRequiredAction(UserModel.RequiredAction.CONFIGURE_TOTP);
|
||||
user = realm.getUser("user");
|
||||
user = session.users().getUserByUsername("user", realm);
|
||||
|
||||
Assert.assertEquals(1, user.getRequiredActions().size());
|
||||
Assert.assertTrue(user.getRequiredActions().contains(RequiredAction.VERIFY_EMAIL));
|
||||
|
||||
user.removeRequiredAction(UserModel.RequiredAction.VERIFY_EMAIL);
|
||||
user = realm.getUser("user");
|
||||
user = session.users().getUserByUsername("user", realm);
|
||||
|
||||
Assert.assertTrue(user.getRequiredActions().isEmpty());
|
||||
}
|
||||
|
|
|
@ -30,8 +30,8 @@ public class UpsSecurityApplication extends KeycloakApplication {
|
|||
try {
|
||||
RealmManager manager = new RealmManager(session);
|
||||
RealmModel master = manager.getKeycloakAdminstrationRealm();
|
||||
UserModel admin = master.getUser("admin");
|
||||
if (admin != null) master.removeUser(admin.getUsername());
|
||||
UserModel admin = session.users().getUserByUsername("admin", master);
|
||||
if (admin != null) session.users().removeUser(master, admin.getUsername());
|
||||
session.getTransaction().commit();
|
||||
} finally {
|
||||
session.close();
|
||||
|
|
|
@ -7,6 +7,7 @@ import org.keycloak.models.ModelProvider;
|
|||
import org.keycloak.models.UserProvider;
|
||||
import org.keycloak.models.UserSessionProvider;
|
||||
import org.keycloak.models.cache.CacheModelProvider;
|
||||
import org.keycloak.models.cache.CacheUserProvider;
|
||||
import org.keycloak.provider.Provider;
|
||||
import org.keycloak.provider.ProviderFactory;
|
||||
|
||||
|
@ -24,6 +25,7 @@ public class DefaultKeycloakSession implements KeycloakSession {
|
|||
private final Map<Integer, Provider> providers = new HashMap<Integer, Provider>();
|
||||
private final DefaultKeycloakTransactionManager transactionManager;
|
||||
private ModelProvider model;
|
||||
private UserProvider userModel;
|
||||
private UserSessionProvider sessionProvider;
|
||||
|
||||
public DefaultKeycloakSession(DefaultKeycloakSessionFactory factory) {
|
||||
|
@ -39,6 +41,14 @@ public class DefaultKeycloakSession implements KeycloakSession {
|
|||
}
|
||||
}
|
||||
|
||||
private UserProvider getUserProvider() {
|
||||
if (factory.getDefaultProvider(CacheUserProvider.class) != null) {
|
||||
return getProvider(CacheUserProvider.class);
|
||||
} else {
|
||||
return getProvider(UserProvider.class);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public KeycloakTransactionManager getTransaction() {
|
||||
return transactionManager;
|
||||
|
@ -91,6 +101,14 @@ public class DefaultKeycloakSession implements KeycloakSession {
|
|||
return model;
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserProvider users() {
|
||||
if (userModel == null) {
|
||||
userModel = getUserProvider();
|
||||
}
|
||||
return userModel;
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserSessionProvider sessions() {
|
||||
if (sessionProvider == null) {
|
||||
|
|
|
@ -3,6 +3,7 @@ package org.keycloak.services.managers;
|
|||
import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
|
||||
import org.keycloak.jose.jws.JWSBuilder;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
|
@ -26,10 +27,12 @@ import java.util.UUID;
|
|||
public class AccessCodeEntry {
|
||||
protected AccessCode accessCode;
|
||||
protected RealmModel realm;
|
||||
KeycloakSession keycloakSession;
|
||||
|
||||
public AccessCodeEntry(RealmModel realm, AccessCode accessCode) {
|
||||
public AccessCodeEntry(KeycloakSession keycloakSession, RealmModel realm, AccessCode accessCode) {
|
||||
this.realm = realm;
|
||||
this.accessCode = accessCode;
|
||||
this.keycloakSession = keycloakSession;
|
||||
}
|
||||
|
||||
public String getCodeId() {
|
||||
|
@ -37,7 +40,7 @@ public class AccessCodeEntry {
|
|||
}
|
||||
|
||||
public UserModel getUser() {
|
||||
return realm.getUserById(accessCode.getAccessToken().getSubject());
|
||||
return keycloakSession.users().getUserById(accessCode.getAccessToken().getSubject(), realm);
|
||||
}
|
||||
|
||||
public String getSessionState() {
|
||||
|
|
|
@ -63,7 +63,7 @@ public class ApplianceBootstrap {
|
|||
|
||||
realm.setAuditListeners(Collections.singleton("jboss-logging"));
|
||||
|
||||
UserModel adminUser = realm.addUser("admin");
|
||||
UserModel adminUser = session.users().addUser(realm, "admin");
|
||||
adminUser.setEnabled(true);
|
||||
UserCredentialModel password = new UserCredentialModel();
|
||||
password.setType(UserCredentialModel.PASSWORD);
|
||||
|
|
|
@ -196,7 +196,7 @@ public class AuthenticationManager {
|
|||
}
|
||||
}
|
||||
|
||||
UserModel user = realm.getUserById(token.getSubject());
|
||||
UserModel user = session.users().getUserById(token.getSubject(), realm);
|
||||
if (user == null || !user.isEnabled() ) {
|
||||
logger.info("Unknown user in identity token");
|
||||
return null;
|
||||
|
@ -253,12 +253,12 @@ public class AuthenticationManager {
|
|||
}
|
||||
|
||||
protected AuthenticationStatus authenticateInternal(KeycloakSession session, RealmModel realm, MultivaluedMap<String, String> formData, String username) {
|
||||
UserModel user = KeycloakModelUtils.findUserByNameOrEmail(realm, username);
|
||||
UserModel user = KeycloakModelUtils.findUserByNameOrEmail(session, realm, username);
|
||||
if (user == null) {
|
||||
AuthUser authUser = AuthenticationProviderManager.getManager(realm, session).getUser(username);
|
||||
if (authUser != null) {
|
||||
// Create new user and link him with authentication provider
|
||||
user = realm.addUser(authUser.getUsername());
|
||||
user = session.users().addUser(realm, authUser.getUsername());
|
||||
user.setEnabled(true);
|
||||
user.setFirstName(authUser.getFirstName());
|
||||
user.setLastName(authUser.getLastName());
|
||||
|
|
|
@ -244,6 +244,8 @@ public class RealmManager {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
private void setupMasterAdminManagement(RealmModel realm) {
|
||||
RealmModel adminRealm;
|
||||
RoleModel adminRole;
|
||||
|
@ -527,7 +529,7 @@ public class RealmManager {
|
|||
|
||||
|
||||
public UserModel createUser(RealmModel newRealm, UserRepresentation userRep, Map<String, ApplicationModel> appMap) {
|
||||
UserModel user = newRealm.addUser(userRep.getId(), userRep.getUsername(), false);
|
||||
UserModel user = session.users().addUser(newRealm, userRep.getId(), userRep.getUsername(), false);
|
||||
user.setEnabled(userRep.isEnabled());
|
||||
user.setEmail(userRep.getEmail());
|
||||
user.setFirstName(userRep.getFirstName());
|
||||
|
@ -556,7 +558,7 @@ public class RealmManager {
|
|||
if (userRep.getSocialLinks() != null) {
|
||||
for (SocialLinkRepresentation socialLink : userRep.getSocialLinks()) {
|
||||
SocialLinkModel mappingModel = new SocialLinkModel(socialLink.getSocialProvider(), socialLink.getSocialUserId(), socialLink.getSocialUsername());
|
||||
newRealm.addSocialLink(user, mappingModel);
|
||||
session.users().addSocialLink(newRealm, user, mappingModel);
|
||||
}
|
||||
}
|
||||
if (userRep.getRealmRoles() != null) {
|
||||
|
@ -603,7 +605,7 @@ public class RealmManager {
|
|||
if (searchString == null) {
|
||||
return Collections.emptyList();
|
||||
}
|
||||
return realmModel.searchForUser(searchString.trim());
|
||||
return session.users().searchForUser(searchString.trim(), realmModel);
|
||||
}
|
||||
|
||||
public void addRequiredCredential(RealmModel newRealm, String requiredCred) {
|
||||
|
|
|
@ -8,6 +8,7 @@ import org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor;
|
|||
import org.keycloak.TokenIdGenerator;
|
||||
import org.keycloak.adapters.AdapterConstants;
|
||||
import org.keycloak.models.ApplicationModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.representations.adapters.action.LogoutAction;
|
||||
|
@ -34,11 +35,11 @@ import java.util.Map;
|
|||
public class ResourceAdminManager {
|
||||
protected static Logger logger = Logger.getLogger(ResourceAdminManager.class);
|
||||
|
||||
public SessionStats getSessionStats(URI requestUri, RealmModel realm, ApplicationModel application, boolean users) {
|
||||
public SessionStats getSessionStats(URI requestUri, KeycloakSession session, RealmModel realm, ApplicationModel application, boolean users) {
|
||||
ApacheHttpClient4Executor executor = createExecutor();
|
||||
|
||||
try {
|
||||
return getSessionStats(requestUri, realm, application, users, executor);
|
||||
return getSessionStats(requestUri, session, realm, application, users, executor);
|
||||
} finally {
|
||||
executor.getHttpClient().getConnectionManager().shutdown();
|
||||
}
|
||||
|
@ -52,7 +53,7 @@ public class ResourceAdminManager {
|
|||
return new ApacheHttpClient4Executor(client);
|
||||
}
|
||||
|
||||
public SessionStats getSessionStats(URI requestUri, RealmModel realm, ApplicationModel application, boolean users, ApacheHttpClient4Executor client) {
|
||||
public SessionStats getSessionStats(URI requestUri, KeycloakSession session, RealmModel realm, ApplicationModel application, boolean users, ApacheHttpClient4Executor client) {
|
||||
String managementUrl = getManagementUrl(requestUri, application);
|
||||
if (managementUrl != null) {
|
||||
SessionStatsAction adminAction = new SessionStatsAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, application.getName());
|
||||
|
@ -77,7 +78,7 @@ public class ResourceAdminManager {
|
|||
if (users && stats.getUsers() != null) {
|
||||
Map<String, UserStats> newUsers = new HashMap<String, UserStats>();
|
||||
for (Map.Entry<String, UserStats> entry : stats.getUsers().entrySet()) {
|
||||
UserModel user = realm.getUserById(entry.getKey());
|
||||
UserModel user = session.users().getUserById(entry.getKey(), realm);
|
||||
if (user == null) continue;
|
||||
newUsers.put(user.getUsername(), entry.getValue());
|
||||
|
||||
|
|
|
@ -43,7 +43,7 @@ import java.util.UUID;
|
|||
public class TokenManager {
|
||||
protected static final Logger logger = Logger.getLogger(TokenManager.class);
|
||||
|
||||
public AccessCodeEntry parseCode(String code, RealmModel realm) {
|
||||
public AccessCodeEntry parseCode(String code, KeycloakSession session, RealmModel realm) {
|
||||
try {
|
||||
JWSInput input = new JWSInput(code);
|
||||
if (!RSAProvider.verify(input, realm.getPublicKey())) {
|
||||
|
@ -51,7 +51,7 @@ public class TokenManager {
|
|||
return null;
|
||||
}
|
||||
AccessCode accessCode = input.readJsonContent(AccessCode.class);
|
||||
return new AccessCodeEntry(realm, accessCode);
|
||||
return new AccessCodeEntry(session, realm, accessCode);
|
||||
} catch (Exception e) {
|
||||
logger.error("error parsing access code", e);
|
||||
return null;
|
||||
|
@ -75,11 +75,11 @@ public class TokenManager {
|
|||
|
||||
|
||||
|
||||
public AccessCodeEntry createAccessCode(String scopeParam, String state, String redirect, RealmModel realm, ClientModel client, UserModel user, UserSessionModel session) {
|
||||
return createAccessCodeEntry(scopeParam, state, redirect, realm, client, user, session);
|
||||
public AccessCodeEntry createAccessCode(String scopeParam, String state, String redirect, KeycloakSession keycloakSession, RealmModel realm, ClientModel client, UserModel user, UserSessionModel session) {
|
||||
return createAccessCodeEntry(scopeParam, state, redirect, keycloakSession, realm, client, user, session);
|
||||
}
|
||||
|
||||
private AccessCodeEntry createAccessCodeEntry(String scopeParam, String state, String redirect, RealmModel realm, ClientModel client, UserModel user, UserSessionModel session) {
|
||||
private AccessCodeEntry createAccessCodeEntry(String scopeParam, String state, String redirect, KeycloakSession keycloakSession, RealmModel realm, ClientModel client, UserModel user, UserSessionModel session) {
|
||||
List<RoleModel> realmRolesRequested = new LinkedList<RoleModel>();
|
||||
MultivaluedMap<String, RoleModel> resourceRolesRequested = new MultivaluedMapImpl<String, RoleModel>();
|
||||
|
||||
|
@ -92,7 +92,7 @@ public class TokenManager {
|
|||
code.setExpiration(Time.currentTime() + realm.getAccessCodeLifespan());
|
||||
code.setState(state);
|
||||
code.setRedirectUri(redirect);
|
||||
AccessCodeEntry entry = new AccessCodeEntry(realm, code);
|
||||
AccessCodeEntry entry = new AccessCodeEntry(keycloakSession, realm, code);
|
||||
return entry;
|
||||
|
||||
}
|
||||
|
@ -118,7 +118,7 @@ public class TokenManager {
|
|||
|
||||
audit.user(refreshToken.getSubject()).session(refreshToken.getSessionState()).detail(Details.REFRESH_TOKEN_ID, refreshToken.getId());
|
||||
|
||||
UserModel user = realm.getUserById(refreshToken.getSubject());
|
||||
UserModel user = session.users().getUserById(refreshToken.getSubject(), realm);
|
||||
if (user == null) {
|
||||
throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Invalid refresh token", "Unknown user");
|
||||
}
|
||||
|
|
2
services/src/main/java/org/keycloak/services/managers/UserManager.java
Normal file → Executable file
2
services/src/main/java/org/keycloak/services/managers/UserManager.java
Normal file → Executable file
|
@ -17,7 +17,7 @@ public class UserManager {
|
|||
}
|
||||
|
||||
public boolean removeUser(RealmModel realm, UserModel user) {
|
||||
if (realm.removeUser(user.getUsername())) {
|
||||
if (session.users().removeUser(realm, user.getUsername())) {
|
||||
UserSessionProvider sessions = session.sessions();
|
||||
if (sessions != null) {
|
||||
sessions.onUserRemoved(realm, user);
|
||||
|
|
|
@ -516,12 +516,12 @@ public class AccountService {
|
|||
return account.setError(Messages.SOCIAL_REDIRECT_ERROR).createResponse(AccountPages.SOCIAL);
|
||||
}
|
||||
case REMOVE:
|
||||
SocialLinkModel link = realm.getSocialLink(user, providerId);
|
||||
SocialLinkModel link = session.users().getSocialLink(user, providerId, realm);
|
||||
if (link != null) {
|
||||
|
||||
// Removing last social provider is not possible if you don't have other possibility to authenticate
|
||||
if (realm.getSocialLinks(user).size() > 1 || user.getAuthenticationLink() != null) {
|
||||
realm.removeSocialLink(user, providerId);
|
||||
if (session.users().getSocialLinks(user, realm).size() > 1 || user.getAuthenticationLink() != null) {
|
||||
session.users().removeSocialLink(realm, user, providerId);
|
||||
|
||||
logger.debug("Social provider " + providerId + " removed successfully from user " + user.getUsername());
|
||||
|
||||
|
|
|
@ -226,7 +226,7 @@ public class RequiredActionsService {
|
|||
|
||||
// Password reset through email won't have an associated session
|
||||
if (accessCode.getSessionState() == null) {
|
||||
UserSessionModel userSession = session.sessions().createUserSession(realm, realm.getUserById(accessCode.getUser().getId()), clientConnection.getRemoteAddr());
|
||||
UserSessionModel userSession = session.sessions().createUserSession(realm, session.users().getUserById(accessCode.getUser().getId(), realm), clientConnection.getRemoteAddr());
|
||||
accessCode.getToken().setSessionState(userSession.getId());
|
||||
audit.session(userSession);
|
||||
}
|
||||
|
@ -239,7 +239,7 @@ public class RequiredActionsService {
|
|||
@GET
|
||||
public Response emailVerification() {
|
||||
if (uriInfo.getQueryParameters().containsKey("key")) {
|
||||
AccessCodeEntry accessCode = tokenManager.parseCode(uriInfo.getQueryParameters().getFirst("key"), realm);
|
||||
AccessCodeEntry accessCode = tokenManager.parseCode(uriInfo.getQueryParameters().getFirst("key"), session, realm);
|
||||
if (accessCode == null || accessCode.isExpired()
|
||||
|| !accessCode.hasRequiredAction(RequiredAction.VERIFY_EMAIL)) {
|
||||
return unauthorized();
|
||||
|
@ -275,7 +275,7 @@ public class RequiredActionsService {
|
|||
@GET
|
||||
public Response passwordReset() {
|
||||
if (uriInfo.getQueryParameters().containsKey("key")) {
|
||||
AccessCodeEntry accessCode = tokenManager.parseCode(uriInfo.getQueryParameters().getFirst("key"), realm);
|
||||
AccessCodeEntry accessCode = tokenManager.parseCode(uriInfo.getQueryParameters().getFirst("key"), session, realm);
|
||||
accessCode.setAuthMethod("form");
|
||||
if (accessCode == null || accessCode.isExpired()
|
||||
|| !accessCode.hasRequiredAction(RequiredAction.UPDATE_PASSWORD)) {
|
||||
|
@ -317,9 +317,9 @@ public class RequiredActionsService {
|
|||
.detail(Details.AUTH_METHOD, "form")
|
||||
.detail(Details.USERNAME, username);
|
||||
|
||||
UserModel user = realm.getUser(username);
|
||||
UserModel user = session.users().getUserByUsername(username, realm);
|
||||
if (user == null && username.contains("@")) {
|
||||
user = realm.getUserByEmail(username);
|
||||
user = session.users().getUserByEmail(username, realm);
|
||||
}
|
||||
|
||||
if (user == null) {
|
||||
|
@ -329,7 +329,7 @@ public class RequiredActionsService {
|
|||
Set<RequiredAction> requiredActions = new HashSet<RequiredAction>(user.getRequiredActions());
|
||||
requiredActions.add(RequiredAction.UPDATE_PASSWORD);
|
||||
|
||||
AccessCodeEntry accessCode = tokenManager.createAccessCode(scopeParam, state, redirect, realm, client, user, null);
|
||||
AccessCodeEntry accessCode = tokenManager.createAccessCode(scopeParam, state, redirect, session, realm, client, user, null);
|
||||
accessCode.setRequiredActions(requiredActions);
|
||||
accessCode.setAuthMethod("form");
|
||||
accessCode.setUsernameUsed(username);
|
||||
|
@ -360,7 +360,7 @@ public class RequiredActionsService {
|
|||
return null;
|
||||
}
|
||||
|
||||
AccessCodeEntry accessCodeEntry = tokenManager.parseCode(code, realm);
|
||||
AccessCodeEntry accessCodeEntry = tokenManager.parseCode(code, session, realm);
|
||||
if (accessCodeEntry == null) {
|
||||
logger.debug("getAccessCodeEntry access code entry null");
|
||||
return null;
|
||||
|
@ -381,7 +381,7 @@ public class RequiredActionsService {
|
|||
}
|
||||
|
||||
private UserModel getUser(AccessCodeEntry accessCode) {
|
||||
return realm.getUser(accessCode.getUser().getUsername());
|
||||
return session.users().getUserByUsername(accessCode.getUser().getUsername(), realm);
|
||||
}
|
||||
|
||||
private Response redirectOauth(UserModel user, AccessCodeEntry accessCode) {
|
||||
|
|
|
@ -182,12 +182,12 @@ public class SocialResource {
|
|||
audit.detail(Details.USERNAME, socialUser.getId() + "@" + provider.getId());
|
||||
|
||||
SocialLinkModel socialLink = new SocialLinkModel(provider.getId(), socialUser.getId(), socialUser.getUsername());
|
||||
UserModel user = realm.getUserBySocialLink(socialLink);
|
||||
UserModel user = session.users().getUserBySocialLink(socialLink, realm);
|
||||
|
||||
// Check if user is already authenticated (this means linking social into existing user account)
|
||||
String userId = initialRequest.getUser();
|
||||
if (userId != null) {
|
||||
UserModel authenticatedUser = realm.getUserById(userId);
|
||||
UserModel authenticatedUser = session.users().getUserById(userId, realm);
|
||||
|
||||
audit.event(EventType.SOCIAL_LINK).user(userId);
|
||||
|
||||
|
@ -211,7 +211,7 @@ public class SocialResource {
|
|||
return oauth.forwardToSecurityFailure("Unknown redirectUri");
|
||||
}
|
||||
|
||||
realm.addSocialLink(authenticatedUser, socialLink);
|
||||
session.users().addSocialLink(realm, authenticatedUser, socialLink);
|
||||
logger.debug("Social provider " + provider.getId() + " linked with user " + authenticatedUser.getUsername());
|
||||
|
||||
audit.success();
|
||||
|
@ -225,7 +225,7 @@ public class SocialResource {
|
|||
return oauth.forwardToSecurityFailure("Registration not allowed");
|
||||
}
|
||||
|
||||
user = realm.addUser(KeycloakModelUtils.generateId());
|
||||
user = session.users().addUser(realm, KeycloakModelUtils.generateId());
|
||||
user.setEnabled(true);
|
||||
user.setFirstName(socialUser.getFirstName());
|
||||
user.setLastName(socialUser.getLastName());
|
||||
|
@ -235,7 +235,7 @@ public class SocialResource {
|
|||
user.addRequiredAction(UserModel.RequiredAction.UPDATE_PROFILE);
|
||||
}
|
||||
|
||||
realm.addSocialLink(user, socialLink);
|
||||
session.users().addSocialLink(realm, user, socialLink);
|
||||
|
||||
audit.clone().user(user).event(EventType.REGISTER)
|
||||
.detail(Details.REGISTER_METHOD, "social@" + provider.getId())
|
||||
|
|
|
@ -232,7 +232,7 @@ public class TokenService {
|
|||
}
|
||||
audit.detail(Details.USERNAME, username);
|
||||
|
||||
UserModel user = realm.getUser(username);
|
||||
UserModel user = session.users().getUserByUsername(username, realm);
|
||||
if (user != null) audit.user(user);
|
||||
|
||||
ClientModel client = authorizeClient(authorizationHeader, form, audit);
|
||||
|
@ -418,7 +418,7 @@ public class TokenService {
|
|||
authManager.expireRememberMeCookie(realm, uriInfo);
|
||||
}
|
||||
|
||||
UserModel user = KeycloakModelUtils.findUserByNameOrEmail(realm, username);
|
||||
UserModel user = KeycloakModelUtils.findUserByNameOrEmail(session, realm, username);
|
||||
if (user != null) {
|
||||
audit.user(user);
|
||||
}
|
||||
|
@ -534,12 +534,12 @@ public class TokenService {
|
|||
AuthenticationProviderManager authenticationProviderManager = AuthenticationProviderManager.getManager(realm, session);
|
||||
|
||||
// Validate that user with this username doesn't exist in realm or any authentication provider
|
||||
if (realm.getUser(username) != null || authenticationProviderManager.getUser(username) != null) {
|
||||
if (session.users().getUserByUsername(username, realm) != null || authenticationProviderManager.getUser(username) != null) {
|
||||
audit.error(Errors.USERNAME_IN_USE);
|
||||
return Flows.forms(session, realm, uriInfo).setError(Messages.USERNAME_EXISTS).setFormData(formData).createRegistration();
|
||||
}
|
||||
|
||||
UserModel user = realm.addUser(username);
|
||||
UserModel user = session.users().addUser(realm, username);
|
||||
user.setEnabled(true);
|
||||
user.setFirstName(formData.getFirst("firstName"));
|
||||
user.setLastName(formData.getFirst("lastName"));
|
||||
|
@ -624,7 +624,7 @@ public class TokenService {
|
|||
|
||||
|
||||
|
||||
AccessCodeEntry accessCode = tokenManager.parseCode(code, realm);
|
||||
AccessCodeEntry accessCode = tokenManager.parseCode(code, session, realm);
|
||||
if (accessCode == null) {
|
||||
Map<String, String> res = new HashMap<String, String>();
|
||||
res.put(OAuth2Constants.ERROR, "invalid_grant");
|
||||
|
@ -665,7 +665,7 @@ public class TokenService {
|
|||
.build();
|
||||
}
|
||||
|
||||
UserModel user = realm.getUserById(accessCode.getUser().getId());
|
||||
UserModel user = session.users().getUserById(accessCode.getUser().getId(), realm);
|
||||
if (user == null) {
|
||||
Map<String, String> res = new HashMap<String, String>();
|
||||
res.put(OAuth2Constants.ERROR, "invalid_grant");
|
||||
|
@ -969,7 +969,7 @@ public class TokenService {
|
|||
|
||||
String code = formData.getFirst(OAuth2Constants.CODE);
|
||||
|
||||
AccessCodeEntry accessCodeEntry = tokenManager.parseCode(code, realm);
|
||||
AccessCodeEntry accessCodeEntry = tokenManager.parseCode(code, session, realm);
|
||||
if (accessCodeEntry == null) {
|
||||
audit.error(Errors.INVALID_CODE);
|
||||
return oauth.forwardToSecurityFailure("Unknown access code.");
|
||||
|
|
|
@ -301,7 +301,7 @@ public class ApplicationResource {
|
|||
if (users) stats.setUsers(new HashMap<String, UserStats>());
|
||||
return stats;
|
||||
}
|
||||
SessionStats stats = new ResourceAdminManager().getSessionStats(uriInfo.getRequestUri(), realm, application, users);
|
||||
SessionStats stats = new ResourceAdminManager().getSessionStats(uriInfo.getRequestUri(), session, realm, application, users);
|
||||
if (stats == null) {
|
||||
logger.info("app returned null stats");
|
||||
} else {
|
||||
|
@ -371,7 +371,7 @@ public class ApplicationResource {
|
|||
@POST
|
||||
public void logout(final @PathParam("username") String username) {
|
||||
auth.requireManage();
|
||||
UserModel user = realm.getUser(username);
|
||||
UserModel user = session.users().getUserByUsername(username, realm);
|
||||
if (user == null) {
|
||||
throw new NotFoundException("User not found");
|
||||
}
|
||||
|
|
|
@ -260,7 +260,7 @@ public class RealmAdminResource {
|
|||
Map<String, SessionStats> stats = new HashMap<String, SessionStats>();
|
||||
for (ApplicationModel applicationModel : realm.getApplications()) {
|
||||
if (applicationModel.getManagementUrl() == null) continue;
|
||||
SessionStats appStats = new ResourceAdminManager().getSessionStats(uriInfo.getRequestUri(), realm, applicationModel, false);
|
||||
SessionStats appStats = new ResourceAdminManager().getSessionStats(uriInfo.getRequestUri(), this.session, realm, applicationModel, false);
|
||||
stats.put(applicationModel.getName(), appStats);
|
||||
}
|
||||
return stats;
|
||||
|
|
|
@ -99,7 +99,7 @@ public class UsersResource {
|
|||
auth.requireManage();
|
||||
|
||||
try {
|
||||
UserModel user = realm.getUser(username);
|
||||
UserModel user = session.users().getUserByUsername(username, realm);
|
||||
if (user == null) {
|
||||
throw new NotFoundException("User not found");
|
||||
}
|
||||
|
@ -124,7 +124,7 @@ public class UsersResource {
|
|||
auth.requireManage();
|
||||
|
||||
try {
|
||||
UserModel user = realm.addUser(rep.getUsername());
|
||||
UserModel user = session.users().addUser(realm, rep.getUsername());
|
||||
updateUserFromRep(user, rep);
|
||||
|
||||
return Response.created(uriInfo.getAbsolutePathBuilder().path(user.getUsername()).build()).build();
|
||||
|
@ -174,7 +174,7 @@ public class UsersResource {
|
|||
public UserRepresentation getUser(final @PathParam("username") String username) {
|
||||
auth.requireView();
|
||||
|
||||
UserModel user = realm.getUser(username);
|
||||
UserModel user = session.users().getUserByUsername(username, realm);
|
||||
if (user == null) {
|
||||
throw new NotFoundException("User not found");
|
||||
}
|
||||
|
@ -197,7 +197,7 @@ public class UsersResource {
|
|||
public Map<String, UserStats> getSessionStats(final @PathParam("username") String username) {
|
||||
logger.info("session-stats");
|
||||
auth.requireView();
|
||||
UserModel user = realm.getUser(username);
|
||||
UserModel user = session.users().getUserByUsername(username, realm);
|
||||
if (user == null) {
|
||||
throw new NotFoundException("User not found");
|
||||
}
|
||||
|
@ -224,7 +224,7 @@ public class UsersResource {
|
|||
public List<UserSessionRepresentation> getSessions(final @PathParam("username") String username) {
|
||||
logger.info("sessions");
|
||||
auth.requireView();
|
||||
UserModel user = realm.getUser(username);
|
||||
UserModel user = session.users().getUserByUsername(username, realm);
|
||||
if (user == null) {
|
||||
throw new NotFoundException("User not found");
|
||||
}
|
||||
|
@ -249,11 +249,11 @@ public class UsersResource {
|
|||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public List<SocialLinkRepresentation> getSocialLinks(final @PathParam("username") String username) {
|
||||
auth.requireView();
|
||||
UserModel user = realm.getUser(username);
|
||||
UserModel user = session.users().getUserByUsername(username, realm);
|
||||
if (user == null) {
|
||||
throw new NotFoundException("User not found");
|
||||
}
|
||||
Set<SocialLinkModel> socialLinks = realm.getSocialLinks(user);
|
||||
Set<SocialLinkModel> socialLinks = session.users().getSocialLinks(user, realm);
|
||||
List<SocialLinkRepresentation> result = new ArrayList<SocialLinkRepresentation>();
|
||||
for (SocialLinkModel socialLink : socialLinks) {
|
||||
SocialLinkRepresentation rep = ModelToRepresentation.toRepresentation(socialLink);
|
||||
|
@ -272,7 +272,7 @@ public class UsersResource {
|
|||
@POST
|
||||
public void logout(final @PathParam("username") String username) {
|
||||
auth.requireManage();
|
||||
UserModel user = realm.getUser(username);
|
||||
UserModel user = session.users().getUserByUsername(username, realm);
|
||||
if (user == null) {
|
||||
throw new NotFoundException("User not found");
|
||||
}
|
||||
|
@ -291,7 +291,7 @@ public class UsersResource {
|
|||
public void deleteUser(final @PathParam("username") String username) {
|
||||
auth.requireManage();
|
||||
|
||||
UserModel user = realm.getUser(username);
|
||||
UserModel user = session.users().getUserByUsername(username, realm);
|
||||
if (user == null) {
|
||||
throw new NotFoundException("User not found");
|
||||
}
|
||||
|
@ -338,12 +338,12 @@ public class UsersResource {
|
|||
if (username != null) {
|
||||
attributes.put(UserModel.LOGIN_NAME, username);
|
||||
}
|
||||
userModels = realm.searchForUserByAttributes(attributes);
|
||||
userModels = session.users().searchForUserByAttributes(attributes, realm);
|
||||
for (UserModel user : userModels) {
|
||||
results.add(ModelToRepresentation.toRepresentation(user));
|
||||
}
|
||||
} else {
|
||||
userModels = realm.getUsers();
|
||||
userModels = session.users().getUsers(realm);
|
||||
}
|
||||
|
||||
for (UserModel user : userModels) {
|
||||
|
@ -365,7 +365,7 @@ public class UsersResource {
|
|||
public MappingsRepresentation getRoleMappings(@PathParam("username") String username) {
|
||||
auth.requireView();
|
||||
|
||||
UserModel user = realm.getUser(username);
|
||||
UserModel user = session.users().getUserByUsername(username, realm);
|
||||
if (user == null) {
|
||||
throw new NotFoundException("User not found");
|
||||
}
|
||||
|
@ -416,7 +416,7 @@ public class UsersResource {
|
|||
public List<RoleRepresentation> getRealmRoleMappings(@PathParam("username") String username) {
|
||||
auth.requireView();
|
||||
|
||||
UserModel user = realm.getUser(username);
|
||||
UserModel user = session.users().getUserByUsername(username, realm);
|
||||
if (user == null) {
|
||||
throw new NotFoundException("User not found");
|
||||
}
|
||||
|
@ -442,7 +442,7 @@ public class UsersResource {
|
|||
public List<RoleRepresentation> getCompositeRealmRoleMappings(@PathParam("username") String username) {
|
||||
auth.requireView();
|
||||
|
||||
UserModel user = realm.getUser(username);
|
||||
UserModel user = session.users().getUserByUsername(username, realm);
|
||||
if (user == null) {
|
||||
throw new NotFoundException("User not found");
|
||||
}
|
||||
|
@ -470,7 +470,7 @@ public class UsersResource {
|
|||
public List<RoleRepresentation> getAvailableRealmRoleMappings(@PathParam("username") String username) {
|
||||
auth.requireView();
|
||||
|
||||
UserModel user = realm.getUser(username);
|
||||
UserModel user = session.users().getUserByUsername(username, realm);
|
||||
if (user == null) {
|
||||
throw new NotFoundException("User not found");
|
||||
}
|
||||
|
@ -492,7 +492,7 @@ public class UsersResource {
|
|||
auth.requireManage();
|
||||
|
||||
logger.debugv("** addRealmRoleMappings: {0}", roles);
|
||||
UserModel user = realm.getUser(username);
|
||||
UserModel user = session.users().getUserByUsername(username, realm);
|
||||
if (user == null) {
|
||||
throw new NotFoundException("User not found");
|
||||
}
|
||||
|
@ -521,7 +521,7 @@ public class UsersResource {
|
|||
auth.requireManage();
|
||||
|
||||
logger.debug("deleteRealmRoleMappings");
|
||||
UserModel user = realm.getUser(username);
|
||||
UserModel user = session.users().getUserByUsername(username, realm);
|
||||
if (user == null) {
|
||||
throw new NotFoundException("User not found");
|
||||
}
|
||||
|
@ -559,7 +559,7 @@ public class UsersResource {
|
|||
|
||||
logger.debug("getApplicationRoleMappings");
|
||||
|
||||
UserModel user = realm.getUser(username);
|
||||
UserModel user = session.users().getUserByUsername(username, realm);
|
||||
if (user == null) {
|
||||
throw new NotFoundException("User not found");
|
||||
}
|
||||
|
@ -595,7 +595,7 @@ public class UsersResource {
|
|||
|
||||
logger.debug("getCompositeApplicationRoleMappings");
|
||||
|
||||
UserModel user = realm.getUser(username);
|
||||
UserModel user = session.users().getUserByUsername(username, realm);
|
||||
if (user == null) {
|
||||
throw new NotFoundException("User not found");
|
||||
}
|
||||
|
@ -631,7 +631,7 @@ public class UsersResource {
|
|||
|
||||
logger.debug("getApplicationRoleMappings");
|
||||
|
||||
UserModel user = realm.getUser(username);
|
||||
UserModel user = session.users().getUserByUsername(username, realm);
|
||||
if (user == null) {
|
||||
throw new NotFoundException("User not found");
|
||||
}
|
||||
|
@ -673,7 +673,7 @@ public class UsersResource {
|
|||
auth.requireManage();
|
||||
|
||||
logger.debug("addApplicationRoleMapping");
|
||||
UserModel user = realm.getUser(username);
|
||||
UserModel user = session.users().getUserByUsername(username, realm);
|
||||
if (user == null) {
|
||||
throw new NotFoundException("User not found");
|
||||
}
|
||||
|
@ -707,7 +707,7 @@ public class UsersResource {
|
|||
public void deleteApplicationRoleMapping(@PathParam("username") String username, @PathParam("app") String appName, List<RoleRepresentation> roles) {
|
||||
auth.requireManage();
|
||||
|
||||
UserModel user = realm.getUser(username);
|
||||
UserModel user = session.users().getUserByUsername(username, realm);
|
||||
if (user == null) {
|
||||
throw new NotFoundException("User not found");
|
||||
}
|
||||
|
@ -752,7 +752,7 @@ public class UsersResource {
|
|||
public void resetPassword(@PathParam("username") String username, CredentialRepresentation pass) {
|
||||
auth.requireManage();
|
||||
|
||||
UserModel user = realm.getUser(username);
|
||||
UserModel user = session.users().getUserByUsername(username, realm);
|
||||
if (user == null) {
|
||||
throw new NotFoundException("User not found");
|
||||
}
|
||||
|
@ -776,7 +776,7 @@ public class UsersResource {
|
|||
public void removeTotp(@PathParam("username") String username) {
|
||||
auth.requireManage();
|
||||
|
||||
UserModel user = realm.getUser(username);
|
||||
UserModel user = session.users().getUserByUsername(username, realm);
|
||||
if (user == null) {
|
||||
throw new NotFoundException("User not found");
|
||||
}
|
||||
|
@ -796,7 +796,7 @@ public class UsersResource {
|
|||
public Response resetPasswordEmail(@PathParam("username") String username) {
|
||||
auth.requireManage();
|
||||
|
||||
UserModel user = realm.getUser(username);
|
||||
UserModel user = session.users().getUserByUsername(username, realm);
|
||||
if (user == null) {
|
||||
throw new NotFoundException("User not found");
|
||||
}
|
||||
|
@ -818,7 +818,7 @@ public class UsersResource {
|
|||
Set<UserModel.RequiredAction> requiredActions = new HashSet<UserModel.RequiredAction>(user.getRequiredActions());
|
||||
requiredActions.add(UserModel.RequiredAction.UPDATE_PASSWORD);
|
||||
|
||||
AccessCodeEntry accessCode = tokenManager.createAccessCode(scope, state, redirect, realm, client, user, null);
|
||||
AccessCodeEntry accessCode = tokenManager.createAccessCode(scope, state, redirect, session, realm, client, user, null);
|
||||
accessCode.setRequiredActions(requiredActions);
|
||||
accessCode.setUsernameUsed(username);
|
||||
accessCode.resetExpiration();
|
||||
|
|
|
@ -130,7 +130,7 @@ public class OAuthFlows {
|
|||
isEmailVerificationRequired(user);
|
||||
|
||||
boolean isResource = client instanceof ApplicationModel;
|
||||
AccessCodeEntry accessCode = tokenManager.createAccessCode(scopeParam, state, redirect, realm, client, user, session);
|
||||
AccessCodeEntry accessCode = tokenManager.createAccessCode(scopeParam, state, redirect, this.session, realm, client, user, session);
|
||||
accessCode.setRememberMe(rememberMe);
|
||||
accessCode.setAuthMethod(authMethod);
|
||||
accessCode.setUsernameUsed(username);
|
||||
|
|
|
@ -246,7 +246,7 @@ public class KeycloakServer {
|
|||
RealmManager manager = new RealmManager(session);
|
||||
|
||||
RealmModel adminRealm = manager.getKeycloakAdminstrationRealm();
|
||||
UserModel admin = adminRealm.getUser("admin");
|
||||
UserModel admin = session.users().getUserByUsername("admin", adminRealm);
|
||||
admin.removeRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
|
||||
|
||||
session.getTransaction().commit();
|
||||
|
|
|
@ -11,6 +11,10 @@
|
|||
"provider": "${keycloak.model.provider:jpa}"
|
||||
},
|
||||
|
||||
"user": {
|
||||
"provider": "${keycloak.user.provider:jpa}"
|
||||
},
|
||||
|
||||
"userSessions": {
|
||||
"provider" : "${keycloak.userSessions.provider:mem}"
|
||||
},
|
||||
|
|
|
@ -76,11 +76,11 @@ public class AccountTest {
|
|||
public static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakSetup() {
|
||||
@Override
|
||||
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
|
||||
UserModel user = appRealm.getUser("test-user@localhost");
|
||||
UserModel user = manager.getSession().users().getUserByUsername("test-user@localhost", appRealm);
|
||||
|
||||
ApplicationModel accountApp = appRealm.getApplicationNameMap().get(org.keycloak.models.Constants.ACCOUNT_MANAGEMENT_APP);
|
||||
|
||||
UserModel user2 = appRealm.addUser("test-user-no-access@localhost");
|
||||
UserModel user2 = manager.getSession().users().addUser(appRealm, "test-user-no-access@localhost");
|
||||
user2.setEnabled(true);
|
||||
for (String r : accountApp.getDefaultRoles()) {
|
||||
user2.deleteRoleMapping(accountApp.getRole(r));
|
||||
|
@ -148,7 +148,7 @@ public class AccountTest {
|
|||
keycloakRule.update(new KeycloakSetup() {
|
||||
@Override
|
||||
public void config(RealmManager manager, RealmModel defaultRealm, RealmModel appRealm) {
|
||||
UserModel user = appRealm.getUser("test-user@localhost");
|
||||
UserModel user = manager.getSession().users().getUserByUsername("test-user@localhost", appRealm);
|
||||
|
||||
UserCredentialModel cred = new UserCredentialModel();
|
||||
cred.setType(CredentialRepresentation.PASSWORD);
|
||||
|
|
|
@ -48,7 +48,7 @@ public class ProfileTest {
|
|||
public static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() {
|
||||
@Override
|
||||
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
|
||||
UserModel user = appRealm.getUser("test-user@localhost");
|
||||
UserModel user = manager.getSession().users().getUserByUsername("test-user@localhost", appRealm);
|
||||
user.setFirstName("First");
|
||||
user.setLastName("Last");
|
||||
user.setAttribute("key1", "value1");
|
||||
|
@ -56,7 +56,7 @@ public class ProfileTest {
|
|||
|
||||
ApplicationModel accountApp = appRealm.getApplicationByName(org.keycloak.models.Constants.ACCOUNT_MANAGEMENT_APP);
|
||||
|
||||
UserModel user2 = appRealm.addUser("test-user-no-access@localhost");
|
||||
UserModel user2 = manager.getSession().users().addUser(appRealm, "test-user-no-access@localhost");
|
||||
user2.setEnabled(true);
|
||||
for (String r : accountApp.getDefaultRoles()) {
|
||||
user2.deleteRoleMapping(accountApp.getRole(r));
|
||||
|
|
|
@ -94,7 +94,7 @@ public class RequiredActionEmailVerificationTest {
|
|||
public void config(RealmManager manager, RealmModel defaultRealm, RealmModel appRealm) {
|
||||
appRealm.setVerifyEmail(true);
|
||||
|
||||
UserModel user = appRealm.getUser("test-user@localhost");
|
||||
UserModel user = manager.getSession().users().getUserByUsername("test-user@localhost", appRealm);
|
||||
user.setEmailVerified(false);
|
||||
}
|
||||
|
||||
|
|
|
@ -54,7 +54,7 @@ public class RequiredActionMultipleActionsTest {
|
|||
|
||||
@Override
|
||||
public void config(RealmManager manager, RealmModel defaultRealm, RealmModel appRealm) {
|
||||
UserModel user = appRealm.getUser("test-user@localhost");
|
||||
UserModel user = manager.getSession().users().getUserByUsername("test-user@localhost", appRealm);
|
||||
user.addRequiredAction(RequiredAction.UPDATE_PROFILE);
|
||||
user.addRequiredAction(RequiredAction.UPDATE_PASSWORD);
|
||||
}
|
||||
|
|
|
@ -56,7 +56,7 @@ public class RequiredActionResetPasswordTest {
|
|||
public void config(RealmManager manager, RealmModel defaultRealm, RealmModel appRealm) {
|
||||
appRealm.setResetPasswordAllowed(true);
|
||||
|
||||
UserModel user = appRealm.getUser("test-user@localhost");
|
||||
UserModel user = manager.getSession().users().getUserByUsername("test-user@localhost", appRealm);
|
||||
user.addRequiredAction(RequiredAction.UPDATE_PASSWORD);
|
||||
}
|
||||
|
||||
|
|
|
@ -72,7 +72,7 @@ public class RequiredActionUpdateProfileTest {
|
|||
keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
|
||||
@Override
|
||||
public void config(RealmManager manager, RealmModel defaultRealm, RealmModel appRealm) {
|
||||
UserModel user = appRealm.getUser("test-user@localhost");
|
||||
UserModel user = manager.getSession().users().getUserByUsername("test-user@localhost", appRealm);
|
||||
user.addRequiredAction(UserModel.RequiredAction.UPDATE_PROFILE);
|
||||
}
|
||||
});
|
||||
|
|
|
@ -99,7 +99,7 @@ public class AdapterTest {
|
|||
RealmModel adminRealm = manager.getRealm(Config.getAdminRealm());
|
||||
ApplicationModel adminConsole = adminRealm.getApplicationByName(Constants.ADMIN_CONSOLE_APPLICATION);
|
||||
TokenManager tm = new TokenManager();
|
||||
UserModel admin = adminRealm.getUser("admin");
|
||||
UserModel admin = session.users().getUserByUsername("admin", adminRealm);
|
||||
UserSessionModel userSession = session.sessions().createUserSession(adminRealm, admin, null);
|
||||
AccessToken token = tm.createClientAccessToken(null, adminRealm, adminConsole, admin, userSession);
|
||||
return tm.encodeToken(adminRealm, token);
|
||||
|
|
|
@ -86,7 +86,7 @@ public class RelativeUriAdapterTest {
|
|||
deployApplication("product-portal", "/product-portal", ProductServlet.class, url.getPath(), "user");
|
||||
ApplicationModel adminConsole = adminRealm.getApplicationByName(Constants.ADMIN_CONSOLE_APPLICATION);
|
||||
TokenManager tm = new TokenManager();
|
||||
UserModel admin = adminRealm.getUser("admin");
|
||||
UserModel admin = session.users().getUserByUsername("admin", adminRealm);
|
||||
UserSessionModel userSession = session.sessions().createUserSession(adminRealm, admin, null);
|
||||
AccessToken token = tm.createClientAccessToken(null, adminRealm, adminConsole, admin, userSession);
|
||||
adminToken = tm.encodeToken(adminRealm, token);
|
||||
|
|
|
@ -78,7 +78,7 @@ public class AdminAPITest {
|
|||
RealmModel adminRealm = manager.getRealm(Config.getAdminRealm());
|
||||
ApplicationModel adminConsole = adminRealm.getApplicationByName(Constants.ADMIN_CONSOLE_APPLICATION);
|
||||
TokenManager tm = new TokenManager();
|
||||
UserModel admin = adminRealm.getUser("admin");
|
||||
UserModel admin = session.users().getUserByUsername("admin", adminRealm);
|
||||
UserSessionModel userSession = session.sessions().createUserSession(adminRealm, admin, null);
|
||||
AccessToken token = tm.createClientAccessToken(null, adminRealm, adminConsole, admin, userSession);
|
||||
return tm.encodeToken(adminRealm, token);
|
||||
|
|
|
@ -76,12 +76,12 @@ public class CompositeRoleTest {
|
|||
final RoleModel realmComposite1 = realm.addRole("REALM_COMPOSITE_1");
|
||||
realmComposite1.addCompositeRole(realmRole1);
|
||||
|
||||
final UserModel realmComposite1User = realm.addUser("REALM_COMPOSITE_1_USER");
|
||||
final UserModel realmComposite1User = session.users().addUser(realm, "REALM_COMPOSITE_1_USER");
|
||||
realmComposite1User.setEnabled(true);
|
||||
realmComposite1User.updateCredential(UserCredentialModel.password("password"));
|
||||
realmComposite1User.grantRole(realmComposite1);
|
||||
|
||||
final UserModel realmRole1User = realm.addUser("REALM_ROLE_1_USER");
|
||||
final UserModel realmRole1User = session.users().addUser(realm, "REALM_ROLE_1_USER");
|
||||
realmRole1User.setEnabled(true);
|
||||
realmRole1User.updateCredential(UserCredentialModel.password("password"));
|
||||
realmRole1User.grantRole(realmRole1);
|
||||
|
@ -115,12 +115,12 @@ public class CompositeRoleTest {
|
|||
final RoleModel realmAppCompositeRole = realm.addRole("REALM_APP_COMPOSITE_ROLE");
|
||||
realmAppCompositeRole.addCompositeRole(appRole1);
|
||||
|
||||
final UserModel realmAppCompositeUser = realm.addUser("REALM_APP_COMPOSITE_USER");
|
||||
final UserModel realmAppCompositeUser = session.users().addUser(realm, "REALM_APP_COMPOSITE_USER");
|
||||
realmAppCompositeUser.setEnabled(true);
|
||||
realmAppCompositeUser.updateCredential(UserCredentialModel.password("password"));
|
||||
realmAppCompositeUser.grantRole(realmAppCompositeRole);
|
||||
|
||||
final UserModel realmAppRoleUser = realm.addUser("REALM_APP_ROLE_USER");
|
||||
final UserModel realmAppRoleUser = session.users().addUser(realm, "REALM_APP_ROLE_USER");
|
||||
realmAppRoleUser.setEnabled(true);
|
||||
realmAppRoleUser.updateCredential(UserCredentialModel.password("password"));
|
||||
realmAppRoleUser.grantRole(appRole2);
|
||||
|
@ -138,7 +138,7 @@ public class CompositeRoleTest {
|
|||
appCompositeRole.addCompositeRole(realmRole3);
|
||||
appCompositeRole.addCompositeRole(appRole1);
|
||||
|
||||
final UserModel appCompositeUser = realm.addUser("APP_COMPOSITE_USER");
|
||||
final UserModel appCompositeUser = session.users().addUser(realm, "APP_COMPOSITE_USER");
|
||||
appCompositeUser.setEnabled(true);
|
||||
appCompositeUser.updateCredential(UserCredentialModel.password("password"));
|
||||
appCompositeUser.grantRole(realmAppCompositeRole);
|
||||
|
|
|
@ -11,6 +11,7 @@ import org.junit.runners.MethodSorters;
|
|||
import org.keycloak.OAuth2Constants;
|
||||
import org.keycloak.model.test.LDAPTestUtils;
|
||||
import org.keycloak.models.AuthenticationProviderModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.PasswordPolicy;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserCredentialModel;
|
||||
|
@ -47,8 +48,8 @@ public class AuthProvidersIntegrationTest {
|
|||
|
||||
@Override
|
||||
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
|
||||
addUser(appRealm, "mary", "mary@test.com", "password-app");
|
||||
addUser(adminstrationRealm, "mary-admin", "mary@admin.com", "password-admin");
|
||||
addUser(manager.getSession(), appRealm, "mary", "mary@test.com", "password-app");
|
||||
addUser(manager.getSession(), adminstrationRealm, "mary-admin", "mary@admin.com", "password-admin");
|
||||
|
||||
AuthenticationProviderModel modelProvider = new AuthenticationProviderModel(AuthProviderConstants.PROVIDER_NAME_MODEL, false, Collections.EMPTY_MAP);
|
||||
AuthenticationProviderModel picketlinkProvider = new AuthenticationProviderModel(AuthProviderConstants.PROVIDER_NAME_PICKETLINK, true, Collections.EMPTY_MAP);
|
||||
|
@ -95,8 +96,8 @@ public class AuthProvidersIntegrationTest {
|
|||
@WebResource
|
||||
protected AccountPasswordPage changePasswordPage;
|
||||
|
||||
private static UserModel addUser(RealmModel realm, String username, String email, String password) {
|
||||
UserModel user = realm.addUser(username);
|
||||
private static UserModel addUser(KeycloakSession session, RealmModel realm, String username, String email, String password) {
|
||||
UserModel user = session.users().addUser(realm, username);
|
||||
user.setEmail(email);
|
||||
user.setEnabled(true);
|
||||
|
||||
|
|
|
@ -51,7 +51,7 @@ public class LoginTest {
|
|||
public static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() {
|
||||
@Override
|
||||
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
|
||||
UserModel user = appRealm.addUser("login-test");
|
||||
UserModel user = manager.getSession().users().addUser(appRealm, "login-test");
|
||||
user.setEmail("login@test.com");
|
||||
user.setEnabled(true);
|
||||
|
||||
|
|
|
@ -58,7 +58,7 @@ public class LoginTotpTest {
|
|||
|
||||
@Override
|
||||
public void config(RealmManager manager, RealmModel defaultRealm, RealmModel appRealm) {
|
||||
UserModel user = appRealm.getUser("test-user@localhost");
|
||||
UserModel user = manager.getSession().users().getUserByUsername("test-user@localhost", appRealm);
|
||||
|
||||
UserCredentialModel credentials = new UserCredentialModel();
|
||||
credentials.setType(CredentialRepresentation.TOTP);
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue