Hynek Mlnarik
7d136c5cca
Generate map-like collection accessors
...
Along the way fixes also problem with field delegates which
applied manually-crafted methods like `MapUserEntity.removeCredential(id)`
to the delegate itself rather than to the underlying object.
Co-authored-By: Michal Hajas <mhajas@redhat.com>
Closes : #17223
2023-02-22 17:26:31 +01:00
Hynek Mlnarik
878debd2ab
Forbid changing ID
...
Closes : #16881
2023-02-22 17:19:22 +01:00
Michal Hajas
1c79a5666d
Deprecate RoleModel.SearchableFields.IS_CLIENT_ROLE field
...
Closes #17144
2023-02-16 20:50:46 +01:00
rmartinc
9995a3cdd4
lastSync value into COMPONENT_CONFIG is always updated
...
Closes https://github.com/keycloak/keycloak/issues/17022
2023-02-16 17:48:49 +01:00
Alexander Schwartz
febe134d5b
Make the event listeners specific to the persistence unit
...
Closes #13219
2023-02-16 11:08:15 +01:00
Hynek Mlnarik
d768e75be7
Fix clientRole warning
...
Fixes : #16857
2023-02-15 10:59:52 +01:00
Michal Hajas
1f929c78af
Make lockTimeout more friendly for JPA map storage
...
Closes #16616
2023-02-15 10:38:18 +01:00
Hynek Mlnarik
bb0eb899a7
Add ability to run arq testsuite with file store
...
Fixes : #17032
2023-02-15 10:17:23 +01:00
Hynek Mlnarik
2665fb01a6
File storage: Fix path traversal
...
Fixes : #17029
2023-02-14 14:30:14 +01:00
Michal Hajas
6fa62e47db
Leverage HotRod client provided transaction
...
Closes #13280
2023-02-08 10:26:30 +01:00
Stian Thorgersen
d3ba2ecbed
Remove old admin console theme ( #16864 )
...
Closes #16862
2023-02-08 09:22:39 +01:00
Hynek Mlnařík
f71ab092de
File store basis
...
Fixes : #16676
---
* Enhance DefaultModelCriteria
* Fix collection
* Fix delete in CHMKeycloakTransaction
* Add HasRealmId interface
* Fix EntityFieldDelegate
* Support for realm-less entities in providers
* Support for realm-less entities in providers (events)
* File store basis
* Add support for writing
* Support running KeycloakServer with file store
* Add support for file store in model testsuite
---------
Co-authored-by: vramik <vramik@redhat.com>
2023-02-07 14:59:23 +01:00
Martin Kanis
5ba004b447
Leverage Infinispan lifespan for ExpirableEntities in HotRod storage
2023-02-07 10:01:32 +01:00
Alexander Schwartz
48aae83891
Close prepared statement used to set the lock timeout
...
Closes #16801
2023-02-06 17:30:58 +01:00
Martin Kanis
a912558d29
Add MapKeycloakTransaction.exists methods
2023-01-31 17:21:40 +01:00
Klaus Betz
20a7a5acdb
fix: consider identity provider models from third-party packages
2023-01-31 06:05:02 -08:00
Alexander Schwartz
c6aba2e3de
Make LockAcquiringTimeoutException a RuntimeException
...
Closes #16690
2023-01-31 08:21:32 +01:00
Alexander Schwartz
7933f0489d
Align startup of Quarkus with the regular startup to ensure boostrap locks are created.
...
Also fixing an issue where DBLockGlobalLockProviderFactory held on to an old session, which lead to a closed DB connection on Quarkus.
Closes #16642
2023-01-30 12:59:40 +01:00
Michal Hajas
eb59fdb772
Add transaction tests to model tests
...
Closes : #15890
2023-01-26 12:55:22 +01:00
Alexander Schwartz
e9e6b73bd2
Avoid using Hibernate APIs to cache query results as the API changes in Hibernate 6
...
Closes #16332
2023-01-18 14:42:42 +01:00
Hynek Mlnarik
3119566407
Prevent endless loop in case of split-brain
...
Fixes : #16427
2023-01-13 16:23:18 +01:00
vramik
f11bef3e7f
EntityField mapPut
and collectionAdd
default methods doesn't insert an element when get(e)
returns null
...
Closes #16317
2023-01-09 15:52:58 +01:00
Pedro Igor
522bf1c0b0
Keep consistency when importing realms at startup when they are exported via the export command
...
Closes #16281
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2023-01-06 18:53:01 +01:00
Hynek Mlnarik
7708e2cc5c
Fix putAll issues
...
Closes : #16287
2023-01-06 12:01:19 +01:00
Michal Hajas
6566b58be1
Introduce Infinispan GlobalLock implementation
...
Closes #14721
2023-01-05 16:58:44 +01:00
Hynek Mlnarik
071fc03f41
Move transaction processing into session close
...
Fixes : #15223
2023-01-05 16:12:32 +01:00
vramik
f7ad00270e
Unique constraints should use attribute value hash instead of the value itself
...
Closes #15699
Closes #15507
2023-01-05 13:38:06 +01:00
vramik
380df3bedf
Field generator: getCollectionElementClass method not generated when no addElement method is present in interface
...
Closes #16255
2023-01-04 17:12:59 +01:00
Pedro Igor
fb554c09db
Incrementally cache consents on a per client basis
...
Closes #16224
2023-01-03 14:28:41 -08:00
Martin Kanis
5aae3842c4
Upgrade to Infinispan 14.0.4.Final
2022-12-22 10:09:05 +01:00
Martin Kanis
c0e103dc95
Replace old HotRod index annotation with new one
2022-12-21 12:50:08 +01:00
vramik
44715fe397
Generate getMapKeyClass and getMapValueClass methods for map fields
...
Closes #16053
2022-12-20 19:57:00 +01:00
Michal Hajas
c79d29e68c
Move HotRod profile to the same pom as other map profiles and introduce map-storage-chm profile
...
Closes #16046
2022-12-20 17:51:40 +01:00
Alexander Schwartz
6d0e112bf1
Ensure lock table has its primary key created, and re-enable the DBLockTest
...
Closes #15487
2022-12-20 08:50:14 +01:00
Stefan Guilhen
d6a4acceda
Exclude commons-text from liquibase-core dependency
...
Closes #15915
2022-12-12 10:38:54 -03:00
Alexander Schwartz
e4804de9e3
Changing Quarkus transaction handling for JPA map storage to JTA
...
This has been recommended as the supported way of transaction handling by the Quarkus team.
Adding handling of exceptions thrown when committing JTA.
Re-adding handling of exceptions when interacting with the entity manager, plus wrapping access to queries to map exceptions during auto-flushing.
Closes #13222
2022-12-09 10:07:05 -03:00
Peter Zaoral
1073a342cf
Cleanup dependencies and align with Quarkus
...
* aligned parent POM dependency versions with the Quarkus BOM
Closes #15325
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2022-12-09 09:10:30 -03:00
Hynek Mlnařík
208affe000
Update generator to record the entity to fields mapping
...
Fixes : #15677
2022-12-08 15:40:28 +01:00
Hynek Mlnarik
901c85f6c0
Camel case field names
...
Fixes : #15846
2022-12-08 15:40:28 +01:00
Michal Hajas
de7dd77aeb
Change id of TermsAndConditions required actions to uppercase
...
Closes #9991
2022-12-07 10:51:37 -03:00
Pedro Igor
168734b817
Removing references to request and response from Resteasy
...
Closes #15374
2022-12-01 08:38:24 -03:00
Stefan Guilhen
55b2162421
Create map-file module with empty implementations
...
Closes #15706
2022-11-29 12:58:55 +01:00
Alexander Schwartz
4a91c07488
Use LOB handling query to select clients on Oracle
...
Closes #15639
2022-11-24 11:47:51 +01:00
Alexander Schwartz
fd152e8a3e
Modify RealmAdminResource.partialImport to work with InputStream
...
Rework existing PartialImportManager to not interfere with transaction handling, and bundle everything related to AdminEventBuild and JAX-RS Repsonses inside the Resource.
Closes #13611
2022-11-24 11:45:11 +01:00
Alexander Schwartz
b019172813
Fix query to work on OracleDB CLOB
...
Closes #15528
2022-11-23 13:49:01 +01:00
Martin Kanis
08061afbd4
Replace operation set wrong lifespan in remote infinispan database and leads to session eviction ( #15619 )
...
Closes #10755
2022-11-23 12:03:50 +01:00
Martin Kanis
8478b01758
Stop reindexing indexes on new version
2022-11-23 10:57:28 +01:00
danielFesenmeyer
18381ecd2e
Fix update of group mappers on certain changes of the group path
...
The group reference in the mapper was not updated in the following cases:
- group rename: when an ancestor group was renamed
- (only for JpaRealmProvider, NOT for MapRealmProvider/MapGroupProvider) group move: when a group was converted from subgroup to top-level or when a subgroup's parent was changed
Closes #15614
2022-11-23 10:12:34 +01:00
Martin Kanis
9025ec16f0
Remove workaround in HotRodUtils#paginateQuery
2022-11-23 09:01:15 +01:00
Pedro Igor
6f7c62fc73
Remove unnecessary endpoints from our JAX-RS entensions
...
Closes #15525
2022-11-16 16:25:33 +01:00
Michal Hajas
6d683824a4
Deprecate DBLockProvider and replace it with new GlobalLockProvider
...
Closes #9388
2022-11-16 16:13:25 +01:00
Martin Kanis
5e891951f5
Update Infinispan version to 14.0.2.Final
2022-11-16 14:56:45 +01:00
Stefan Guilhen
36ebf9dd46
Add missing parameter to the JpaRootAuthenticationSessionEntity constructor.
...
Closes #15093
2022-11-16 13:45:39 +01:00
Stefan Guilhen
bc014d3e69
Upgrade Liquibase to version 4.16.1
...
* aligns with version used in quarkus
Closes #15089
2022-11-16 13:14:23 +01:00
Alexander Schwartz
b6b6d01a8a
Importing a representation by first creating the defaults, importing a representation and then copying it over to the real store.
...
This is the foundation for a setup that's needed when importing the new file store for which importing the representation serves as a placeholder.
Closes #14583
2022-11-16 09:56:13 +01:00
Hynek Mlnarik
556146f961
Fix performance issues with many offline sessions
...
Fixes : #13340
2022-11-15 13:05:45 +01:00
Michal Hajas
9944a594eb
Use DELETE statement instead of deleting one by one for HotRod store
...
Closes #9420
2022-11-11 13:51:03 +01:00
Stefan Guilhen
02a69561b5
Use JSONB '->>' function to avoid unnecessary JSON conversion in criteria builders.
...
Closes #12280
2022-11-09 13:47:13 +01:00
Jia Chen
c3d53ae6e0
Returns an empty groups stream without querying the database if a user doesn't belong to any groups
...
Closes #12567
2022-11-09 13:07:42 +01:00
Michal Hajas
d9dcb6c60a
Fix Infinispan adapter not checking updated value in getAttribute methods
...
Closes #12819
2022-11-07 20:44:43 +01:00
danielFesenmeyer
ec30c52a00
Fix paging on the "Users in role" endpoint, when JPA persistence is used
...
- add order-by-clause to the corresponding JPA query (ordering by username ASC)
- adjust admin-client RoleResource to return a List instead of a Set, by introducing new methods #getUserMembers (instead of #getRoleUserMembers - the "Role" prefix is not needed, because it is clear from the resource name that it's about roles)
- adjust tests to use the new method and check that the expected order is returned
Closes #14772
2022-11-07 20:44:06 +01:00
Marek Posolda
f616495b05
Fixing UserFederationLdapConnectionTest,LDAPUserLoginTest to work with FIPS ( #15299 )
...
closes #14965
2022-11-03 16:35:57 +01:00
Marek Posolda
2ba5ca3c5f
Support for multiple keys with same kid, which differ just by algorithm in the JWKS ( #15114 )
...
Closes #14794
2022-11-03 09:32:45 +01:00
Alexander Schwartz
9f95b6ec63
Remove unnecessary lookup of an entity via the session
...
Closes #11744
2022-11-02 10:27:14 +01:00
Alexander Schwartz
dd5a60c321
Allow a partial import to overwrite the default role
...
Closes #9891
2022-11-01 15:35:02 -03:00
Lex Cao
43a3677cc7
Fix slow deletion on deleteClientSessionsByRealm
and deleteClientSessionsByUser
when using mysql and mariadb by converting sub-query to join
2022-10-27 10:37:15 +02:00
Alexander Schwartz
9fb9780f02
Don't rely on DefaultModeLCriteria in equals/hashCode
...
Instead, map this to JPA query and then create the cache lookup key from there.
Closes #14938
2022-10-26 15:49:26 +02:00
Alexander Schwartz
e494649a4e
First naïve per-session caching for JPA map store
...
Closes #14938
2022-10-26 15:49:26 +02:00
Michal Hajas
883e83e625
Remove deprecated methods from data providers and models
...
Closes #14720
2022-10-25 09:01:33 +02:00
Alexander Schwartz
3a30061c44
Avoid deadlock on CockroachDB when removing authentication sessions
...
Closes #14991
2022-10-24 20:42:31 +02:00
vramik
791c457c32
Add possibility to limit field length in legacy event store
...
Closes #14888
2022-10-21 15:16:26 +02:00
Stian Thorgersen
97ae90de88
Remove Red Hat Single Sign-On product profile from upstream ( #14697 )
...
* Remove Red Hat Single Sign-On product profile from upstream
Closes #14916
* review suggestions: Remove Red Hat Single Sign-On product profile from upstream
Closes #14916
Co-authored-by: Peter Skopek <pskopek@redhat.com>
2022-10-18 14:43:04 +02:00
vramik
fa947a41ea
Revisit unique constraints in jpa user store
...
Closes #14797
2022-10-17 08:56:45 +02:00
Alexander Schwartz
97c4495c4f
Updating H2 database to 2.x
...
Closes #12607
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2022-10-14 11:52:34 +02:00
vramik
f49582cf63
MapUserProvider in KC20 needs to store username compatible with KC19 to be no-downtime-upgradable
...
Closes #14678
2022-10-14 09:32:38 +02:00
danielFesenmeyer
f80a8fbed0
Avoid login failures in case of non-existing group or role references and update references in case of renaming or moving
...
- no longer throw an exception, when a role or group cannot be found, log a warning instead
- update mapper references in case of the following events:
- moving a group
- renaming a group
- renaming a role
- renaming a client's Client ID (may affect role qualifiers)
- in case a role or group is removed, the reference still will not be changed
- extend and refactor integration tests in order to check the new behavior
Closes #11236
2022-10-13 13:23:29 +02:00
Martin Kanis
761929d174
Merge ActionTokenStoreProvider and SingleUseObjectProvider ( #13677 )
...
Closes #13334
2022-10-13 09:26:44 +02:00
Alexander Schwartz
b67ce73227
Cleanup MapUserSessionAdapter.getAuthenticatedClientSessions()
...
Closes #14743
2022-10-10 13:01:14 +02:00
Takashi Norimatsu
c60a34ac06
Keycloak 19 cannot register post logout redirect URIs whose length in total is over 4000
...
Closes #14013
2022-10-06 20:05:03 +02:00
vramik
a62e98f966
MapUserProvider should throw an exception for more than one user
...
Closes #14672
2022-10-06 13:11:57 +02:00
Hynek Mlnarik
36a1ce6a1a
Ensure map storage providers are closed upon session close
...
Fixes : #14730
2022-10-05 14:16:19 +02:00
vramik
e5408884f6
Revisit parent-child relationship in jpa map store
...
Closes #14278
2022-10-05 09:42:34 +02:00
Marek Posolda
fb24c86a3b
offline token issuance can cause violation of PRIMARY KEY constraint CONSTRAINT_OFFL_CL_SES_PK3 ( #14658 )
...
closes #13706
2022-10-03 12:54:12 +02:00
Alice Wood
1eb7e95b97
enhance existing group search functionality allow exact name search keycloak/keycloak#13973
...
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
2022-09-30 10:37:52 +02:00
Alexander Schwartz
be2deb0517
Modify RealmsAdminResource.importRealm to work with InputStream
...
Closes #13609
2022-09-26 20:58:08 +02:00
Alice Wood
55a660f50b
enhance group search to allow searching for groups via attribute keycloak/keycloak#12964
...
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2022-09-19 15:19:36 +02:00
vramik
4f4dbd622a
Ensure entity version is indexed
...
Closes #14161
2022-09-15 08:39:29 -03:00
danielFesenmeyer
3af1134975
Update IDP link username when sync mode is "force"
...
Closes #13049
2022-09-14 08:02:17 -03:00
Pedro Igor
aea6d7da27
Avoid updating offline session refresh time during creation
...
Closes #14384
2022-09-14 07:36:23 -03:00
Alexander Schwartz
621da7b803
Credential validation shouldn't invalidate the user in the cache
...
Instead create a new instance of LegacyUserCredentialManager to ensure all calls are routed via the CacheAdapter and its SubjectCredentialManagerCacheAdapter.
Closes #14309
2022-09-13 09:36:19 -03:00
vramik
3120848ef0
Unify package name format in jpa map store
...
Closes #14276
2022-09-12 13:03:17 +02:00
Sebastian Schuster
cc8567e9f4
14294 fixed admin event expiration sql error
2022-09-12 09:15:47 +02:00
Christoph Leistert
7e5b45f999
Issue #8749 : Add an option to control the order of the event query and admin event query
2022-09-11 21:30:12 +02:00
Alexander Schwartz
1d2d3e5ca5
Move UserFederatedStorageProvider into legacy module
...
Closes #13627
2022-09-11 18:37:45 +02:00
Martin Bartoš
0fcf5d3936
Reuse of token in TOTP is possible
...
Fixes #13607
2022-09-09 08:56:02 -03:00
vramik
869ccc82b2
Enable MapUserProvider storing username with the letter case significance
...
Closes #10245
Closes #11602
2022-09-09 11:46:11 +02:00
vramik
fb33cbc2bd
Set correct entity version when adding a child entity with its own entity versioning
...
Closes #14273
2022-09-09 09:43:44 +02:00
cgeorgilakis
07b0df8f62
View groups from account console ( #7933 )
...
Closes #8748
2022-09-07 11:25:31 +02:00
Christoph Leistert
cc2bb96abc
Fixes #9482 : A user could be assigned to a parent group if he is already assigned to a subgroup.
2022-09-06 21:31:31 +02:00
Thomas Peter
19d69169b1
introduce expiration option for admin events
2022-09-06 16:05:53 +02:00