Commit graph

1908 commits

Author SHA1 Message Date
vramik
df41f233d5 Introduce unique index for enums stored by storages
Closes #12277
2022-06-15 09:12:10 +02:00
Alexander Schwartz
361a813d81 Keep a list of model instances in the JPA map session.
This allows removing them from the persistence context on bulk delete.

Closes #12384
2022-06-09 12:39:04 -03:00
Martin Kanis
df72cf72f2 Hot Rod map storage: Single-use (action token) no-downtime store 2022-06-06 16:01:18 +02:00
rmartinc
5332a7d435 Issue #9194: Client authentication fails when using signed JWT, if the JWA signing algorithm is not RS256 2022-06-06 12:07:09 +02:00
vramik
c31d37ddf1 Each JpaRootEntity should have its own current schema version
Closes #12272
2022-06-02 17:16:34 +02:00
Michal Hajas
09c0a69a8f Add HotRod no downtime store for events
Closes #9676
2022-06-02 13:30:19 +02:00
Martin Kanis
75754eca6b Extract timestamp from Expirable entity 2022-06-01 13:03:31 +02:00
vramik
be28e866b9 JPA map storage: Authorization services no-downtime store
Closes #9669
2022-05-30 21:05:34 +02:00
Michal Hajas
9b36ea0269 Add cascade removal of client session on user session removal for HotRod
Closes #12096
2022-05-30 09:58:54 +02:00
Michal Hajas
1a98765fb7 Fix cascade removal of client session on user session removal for CHM
Closes #12146
2022-05-30 09:58:54 +02:00
Alexander Schwartz
063960aaa3 Deferred indexes are not available on CockroachDB, therefore, only use them on PostgreSQL
Closes #12176
2022-05-27 08:51:20 -03:00
Marek Posolda
eed944292b
Make script providers working on JDK 17 (#11322)
Closes #9945
2022-05-27 12:28:50 +02:00
Michal Hajas
bc59fad85b Unify way how expirable entities are handled in the new store
Closes #11947
2022-05-26 13:17:27 +02:00
Martin Kanis
0cb3c95ed5 Map storage: Single-use objects (action token) 2022-05-25 16:47:10 +02:00
Pedro Igor
26c87af9f4 Avoiding unnecessary roundtrips to the database when evaluating permissions
Closes #12148

Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
2022-05-25 12:23:15 +02:00
vramik
ad3da7f5e4 JPA map storage: disable failing on unknown properties when deserializing the object
Closes #12173
2022-05-25 09:31:40 +02:00
vramik
24171d2e47 Rename providers from jpa-map-storage to jpa
Closes #12098
2022-05-23 16:47:51 +02:00
vramik
0c3aa597f9 JPA map storage: test failures after cache was disabled
Closes #12118
2022-05-23 13:01:30 +02:00
Alexander Schwartz
d1a92680f5 Optimize querying sub-groups of groups
Closes #12080
2022-05-19 14:46:53 +02:00
Martin Kanis
0e9f2badff Make all fields in HotRod store optional 2022-05-18 20:50:47 +02:00
Alexander Schwartz
1a95a58893 Graceful handling if composite roles have been removed concurrently.
Closes #12003
2022-05-17 13:29:15 +02:00
Michal Hajas
0bda7e6038 Introduce map event store with CHM implementation
Closes #11189
2022-05-17 12:57:35 +02:00
vramik
e1eb9d6d64 Replace equals with == when comparing SearchableFields in Jpa*ModelCriteriaBuilder and Ldap*ModelCriteriaBuilder
Closes #11843
2022-05-16 21:51:38 +02:00
Michal Hajas
b86f205cda Make KeycloakServer runnable with external Infinispan server
Closes #12011
Closes #12014
2022-05-16 21:50:35 +02:00
Martin Kanis
0d6bbd437f
Merge single-use token providers into one
Fixes first part of: #11173

* Merge single-use token providers into one

* Remove PushedAuthzRequestStoreProvider

* Remove OAuth2DeviceTokenStoreProvider

* Delete SamlArtifactSessionMappingStoreProvider

* SingleUseTokenStoreProvider cleanup

* Addressing Michal's comments

* Add contains method

* Add revoked suffix

* Rename to SingleUseObjectProvider
2022-05-11 13:58:58 +02:00
Michal Hajas
d3b43a9f59 Make sure there is always Realm or ResourceServer when searching for authz entities
Closes #11817
2022-05-11 07:20:01 -03:00
Alexander Schwartz
bfab03b837 Throw an IllegalArgumentException once a ClassCastException occurs.
Closes #11775
2022-05-11 09:19:09 +02:00
Michal Hajas
6b5c417742 Add HotRod store for authorization services
Closes #9679
2022-05-06 15:31:38 +02:00
Martin Kanis
00ccc78360 Add index to entityVersion for all HotRod entities 2022-05-05 17:42:13 +02:00
Michal Hajas
fc974fc019 Update composite roles on child role removal
Closes #11769
2022-05-05 15:18:18 +02:00
Alexander Schwartz
e0d7ad1be5 Leverage the equal() method on the wrapped entity instead of creating a string.
Closes #11764
2022-05-03 13:29:12 +02:00
vramik
0d83b51b20 Enhance Map authz entities with REALM_ID (ResourceServer with CLIENT_ID) searchable field
Co-authored-by Michal Hajas <mhajas@redhat.com>

Closes #10883
2022-05-03 12:56:27 +02:00
Sven-Torben Janus
0efa4afd49 Evaluate composite roles for hardcoded LDAP roles/groups
Closes: 11771

see also KEYCLOAK-18308
2022-05-02 14:13:37 +02:00
Alexander Schwartz
cd20f45b8a Ensure that values of attributes are unique in the database
While this is already ensured on the Java level when using a Set, database inconsistencies as occurred with Hibernate could lead to follow-up problems that are hard to analyze (as seen in #11666).

Closes #11671
2022-04-28 12:04:05 +02:00
vramik
2ecf250e37 Deletion of all objects when realm is being removed
Closes #11076
2022-04-28 11:09:17 +02:00
vramik
5248815091 Disable infinispan realm and user cache for map storage tests
Closes #11213
2022-04-25 09:38:49 +02:00
Stefan Guilhen
0f147ccdc0 Enlist JPA transaction in JpaMapStorageProvider.getStorage
Closes #11230

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2022-04-23 08:19:33 +02:00
Hynek Mlnarik
0ce5dfc09c Remove dependency of map on services
Fixes: 8903
2022-04-22 17:27:21 +02:00
Alexander Schwartz
90155862f3 LdapMapStorageProvider to use a full inline class for MapStorage
Closes #11373
2022-04-22 17:25:33 +02:00
Stefan Guilhen
0c7a8c8684 Login Failures Map JPA implementation
Closes #9664
2022-04-22 10:47:04 +02:00
vramik
3d1118223b New Storage: Testsuite fails when JPA Map storage is enabled for groups
Closes #11369
2022-04-21 11:14:35 +02:00
Stefan Guilhen
f48d468641 Increase column size for keys that refer to entities that can be stored in different storages (foreign keys)
Closes #11329
2022-04-21 08:50:37 +02:00
Stefan Guilhen
b29b27d731 Ensure code does not rely on a particular format for the realm id or component id 2022-04-20 14:40:38 +02:00
Stefan Guilhen
ae90b232ff Realms Map JPA implementation
Closes #9661
2022-04-20 14:40:38 +02:00
Pedro Igor
c5e4dc8cec
Associated permissions should only add resource type permissions if the resource is an instance (#11220)
Closes #11148
2022-04-19 09:10:14 +02:00
Pedro Igor
52d205ca91
Allow exposing some initial provider config options via web site (#10572)
* Allow exposing some initial provider config options via web site

Co-authored-by: Stian Thorgersen <stian@redhat.com>

Closes #10571

* Include type to provider options, and hide build-icon column as it's not relevant

Co-authored-by: stianst <stianst@gmail.com>
2022-04-19 08:01:42 +02:00
Bruno Oliveira da Silva
f9d4566723 Replace the cryptographic algorithm by SHA-2
The static code scanning analysis detected the usage of MD5 as part of [
MapDeploymentStateProviderFactory](a6dd9dc0f1/model/map/src/main/java/org/keycloak/models/map/deploymentState/MapDeploymentStateProviderFactory.java (L58-L58)).

Even though we could not find any ways of exploiting the code, we should
avoid its usage considering that MD5 is not collision-resistant.

Resolves #11290
2022-04-18 07:10:04 -03:00
Martin Kanis
a2d7cd7a5c Hot Rod map storage: User / client session no-downtime store 2022-04-14 15:34:22 +02:00
msvechla
820ab52dce
Add support for filtering by enabled attribute on users count endpoint (#9842)
Resolves #10896
2022-04-13 13:57:22 -03:00
Alexander Schwartz
5c1a8d401d Store time as seconds as a long in map store
This avoids overflowing the value in 2038.

Closes #10960
2022-04-12 14:22:44 +02:00
Alexander Schwartz
a6dd9dc0f1 Avoiding AvlPartitionFactory and using JdbmPartitionFactory for the embedded LDAP to work around unstable tests.
Fix for #11171 didn't turn out to cover the root cause. Also improved transaction handling in LDAP Map storage.

Closes #11211
2022-04-12 09:12:21 +02:00
Michal Hajas
6e181a51d5 Add test-jar dependency only if maven.test.skip property is false
Closes #11192
2022-04-11 10:37:18 -03:00
Alexander Schwartz
5c810ad0e5 Avoid short-lived connections for ApacheDS to avoid messages around "ignoring the message MessageType UNBIND_REQUEST"
The comment in LdapRequestHandler.java in ApacheDS notes just before discarding an unbind request: "in some cases the session is becoming null though the client is sending the UnbindRequest before closing".

Also implementing a retry logic for all remaining errors regarding LDAP.

Closes #11171
2022-04-11 10:03:15 +02:00
Pedro Igor
834a276767 NPE when caching policies based on scopes without a resource
Closes #11180
2022-04-08 08:43:08 -03:00
Stefan Guilhen
d952669f69 Add clearUpdatedFlag so the flag in associated protocol mappers can be cleared as well
Closes #11118
2022-04-08 09:36:55 +02:00
Michal Hajas
1f2ebf4cba Add HotRod no downtime store for Realms
Closes #9670
2022-04-08 09:36:01 +02:00
Martin Kanis
3bb4081bd1 Convert user / client session entities into interface 2022-04-08 09:34:01 +02:00
Michal Hajas
f4f5928727 Add type to filters in MapResourceStore
Closes #11154
2022-04-07 15:10:20 -03:00
Joerg Matysiak
235f0f3963 Add index to admin events table to improve performance of admin event view
Closes #10625
2022-04-06 09:12:35 +02:00
Martin Kanis
395bd447f2 Hot Rod map storage: Login failure no-downtime store 2022-04-01 20:43:18 +02:00
vramik
8ff768b33b JPA map storage: Authentication session no-downtime store
Closes #9665
2022-03-30 13:43:35 +02:00
Martin Kanis
3356e8b098 Convert login failure entities into interface 2022-03-29 18:40:53 +02:00
Stefan Guilhen
d8bee26ec8 Implement AbstractClientEntity.isUpdated to account for changes in associated protocol mappers.
Closes #10927
2022-03-29 18:35:28 +02:00
Martin Kanis
e493b08fa7 Add expiration field to root authentication session 2022-03-23 07:47:47 +01:00
Michal Hajas
99c06d1102
Authorization services refactoring
Closes: #10447 

* Prepare logical layer to distinguish between ResourceServer id and client.id
* Reorder Authz methods: For entities outside of Authz we use RealmModel as first parameter for each method, to be consistent with this we move ResourceServer to the first place for each method in authz
* Prepare Logical (Models/Adapters) layer for returning other models instead of ids
* Replace resourceServerId with resourceServer model in PermissionTicketStore
* Replace resourceServerId with resourceServer model in PolicyStore
* Replace resourceServerId with resourceServer model in ScopeStore
* Replace resourceServerId with resourceServer model in ResourceStore
* Fix PermissionTicketStore bug
* Fix NPEs in caching layer
* Replace primitive int with Integer for pagination parameters
2022-03-22 20:49:40 +01:00
keycloak-bot
c71aa8b711
Set version to 999-SNAPSHOT (#10784) 2022-03-22 09:22:48 +01:00
Martin Kanis
0faf3987f6 Hot Rod map storage: Authentication session no-downtime store 2022-03-22 09:05:52 +01:00
Martin Kanis
2394855f48 Add merge tasks optimization to ConcurrentHashMapKeycloakTransaction.delete 2022-03-21 16:45:48 +01:00
Michal Hajas
c18a682f50 Do not store undefined values in store
Closes #10744
2022-03-17 16:44:33 +01:00
Bruno Oliveira da Silva
8aa394ca6b Update to Liquibase 4.8.0
Closes #10678

Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
2022-03-16 13:46:31 -03:00
Alexander Schwartz
8d1a47f768 adding missing log4j configuration to prevent errors in the log
Closes #10613
2022-03-14 10:12:49 -03:00
Pedro Igor
ad865e75c1 Change the flush mode to auto and fixing how entities are checked if they are loaded in the EM
Closes #10411
2022-03-11 12:21:52 -03:00
Martin Kanis
1a4d7c297a
Change authentication sessions map to set (#10596) 2022-03-10 08:45:24 +01:00
Alexander Schwartz
18f391d8c4 Fix spelling error in field and classname
It's always a converter, unless electricity is involved.

Closes #10573
2022-03-09 08:28:52 -03:00
Alexander Schwartz
3c3f003a38 LDAP Map storage support to support read/write for roles
Closes #9929
2022-03-08 12:03:10 +01:00
Michal Hajas
f77ce315bb Disable Authz caching for new storage tests
Closes #10500
2022-03-07 10:22:55 -03:00
Michael Parlee
722ce950bf Improve user search performance
Removes bulder.lower() from user search queries on email and username.

Closes #8893
2022-03-04 14:15:14 +01:00
Martin Kanis
6c64d465ea Convert authentication session entities into interface 2022-03-04 10:50:18 +01:00
Alexander Schwartz
ebfc24d6c1 Ensure that Infinispan shutdowns correctly at the end of the tests. Report any exceptions within another thread as a test failure.
Adding additional information like a thread dump when it doesn't shutdown as expected.

Closes #10016
2022-03-04 10:47:01 +01:00
giacomo.altiero
91d37b5686 Single offlineSession imported in Infinispan with correctly calculated lifespan and maxIdle parameters
Close #8776
2022-03-01 14:51:29 +01:00
Stefan Guilhen
af7a040d54 Ensure Liquibase validation is performed once per area
Closes #10132
2022-02-25 08:48:34 +01:00
Martin Kanis
6249e34177 Hot Rod map storage: Client scope no-downtime store 2022-02-24 13:30:27 +01:00
Michal Hajas
b4281468d0 Convert Map Realm Entities into interfaces
Closes #9736
2022-02-24 13:23:19 +01:00
Vlasta Ramik
aa6a131b73
Change String client.id to ClientModel client in ResourceServerStore
Closes #10442
2022-02-24 12:46:26 +01:00
Luca Graf
febb447919 KEYCLOAK-19297 Use real 'external' client object id to store AuthenticatedClientSession in UserSession object, so that the client session can be looked by the client object id in further requests. 2022-02-18 12:42:59 +01:00
vramik
589606b1c1 JPA map storage: Groups no-downtime store
Closes #9660
2022-02-15 08:54:41 +01:00
keycloak-bot
d9f1a9b207
Set version to 18.0.0-SNAPSHOT (#10165) 2022-02-11 21:28:06 +01:00
Stefan Guilhen
442d9bae2e Add CockroachDB support in the new JPA storage
Closes #10039
2022-02-11 18:04:02 +01:00
Martin Kanis
26ac142b99 Hot Rod map storage: Roles no-downtime store 2022-02-11 14:31:34 +01:00
Michal Hajas
b50b8f883b Implement HotRod storage for Users
Closes #9671
2022-02-11 10:20:36 +01:00
vramik
8a8d59a124 Add prefix "kc_" to all existing tables
Closes #10101
2022-02-11 08:59:23 +01:00
Alexander Schwartz
de7be3d65d Handling JPA Map storage case when parent has been deleted
Closes #10033
2022-02-09 14:43:50 +01:00
Stefan Guilhen
7c1d6eae43
Upgrade to Liquibase 4.6.2
* Upgrade to Liquibase 4.6.2
* Add valid checksums to changesets to allow migration to newest liquibase
* Update liquibase licenses

Co-authored-by: Martin Kanis <mkanis@redhat.com>
2022-02-09 12:56:46 +01:00
vramik
5701c6c85a JPA delegates can throw NoResultException when entity doesn't have any attributes
Closes #10067
2022-02-09 09:18:54 +01:00
vramik
844c210d86 Create common parent for Jpa*AttributeEntity
Closes #10071
2022-02-08 22:09:21 +01:00
Alexander Schwartz
45df1adba9 Update generics in JPA Map storage to avoid casting and compiler warnings
Closes #10060
2022-02-08 17:38:53 +01:00
Alexander Schwartz
de2c1fbb45 Update the entityVersion also for downgrades, as it needs to match the JSON and auxiliary tables.
Will trigger also when changes to a child occur, like for example when attributes change.

Closes #9716
2022-02-07 12:14:05 +01:00
Martin Kanis
0471ec4941 Cross-site validation for lazy loading of offline sessions & Switch default offline sessions to lazy loaded 2022-02-03 21:43:47 +01:00
vramik
7bd0dbb3ce Client Scopes: Added ModelIllegalStateException to handle lazy loading exception.
Closes #9645
2022-02-02 21:49:40 +01:00
vramik
165791b1d7 Client Scopes: Ensure that parent's version ID is incremented when an attribute changes
Closes #9874
2022-02-02 21:49:22 +01:00