Commit graph

2499 commits

Author SHA1 Message Date
Alexander Schwartz
5252992384 Workaround to avoid replacing element collections
Relates to #19162
2023-04-27 13:36:54 +02:00
Alexander Schwartz
28975b950d Workaround for lazy loaded collections for RealmEntity
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
keycloak/model/jpa/src/main/java/org/keycloak/models/jpa/JpaRealmProvider.java - Modified
2023-04-27 13:36:54 +02:00
Martin Bartoš
8584174099 Change default DB dialects 2023-04-27 13:36:54 +02:00
Peter Zaoral
181c8a5340 Quarkus3 branch sync no. 11
24.3.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE
* fixed the metadata field's Type annotation

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-04-27 13:36:54 +02:00
vramik
ae56c657b0 JpaMapStorageProviderFactory should use AvailableSettings.JAKARTA... properties
Closes #17077
2023-04-27 13:36:54 +02:00
Peter Zaoral
946eacd5b6 Quarkus3 branch sync no. 5
10.2.2023:
* renamed imports from javax to jakarta as a part of the migration from JavaEE to JakartaEE
* fixed Undertow server not starting due to ClassNotFoundException: javax.transaction.TransactionManager

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-04-27 13:36:54 +02:00
vramik
7b51d8617d Remove one side of association which is not used.
Closes #16693
2023-04-27 13:36:54 +02:00
Alexander Schwartz
434cc7c711 Fix errors pointed out by Hibernate 6 in the queries
Closes #16337
2023-04-27 13:36:54 +02:00
Alexander Schwartz
4bdf2fe21d Fixing parameter which should be a string plus dependencies
Closes #16649
2023-04-27 13:36:54 +02:00
Alexander Schwartz
80f7452950 Results of AttributeConverters are mutable; workaround a regression in H6
Relates to #16551
2023-04-27 13:36:54 +02:00
vramik
b55be98115 Fix JpaClientModelCriteriaBuilder when querying by ALWAYS_DISPLAY_IN_CONSOLE with H6 2023-04-27 13:36:54 +02:00
Hynek Mlnarik
4189edc9f1 Fix dependency
Fixes: #16538
2023-04-27 13:36:54 +02:00
vramik
60e6fb9dae Register custom functions FunctionContributor
Closes #16336

---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorage.java - Modified
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorageCockroachdb.java - Modified
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified
---
Quarkus3 branch sync no. 3 (27.1.2023)
Resolved conflicts:
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorage.java - Modified
keycloak/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/JpaMapStorageCockroachdb.java - Modified
2023-04-27 13:36:54 +02:00
Alexander Schwartz
33e2bcd94f Avoid warnings on bean validation as we don't use it in JPA
Closes #16502

---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified
---
Quarkus3 branch sync no. 3 (27.1.2023)
Resolved conflicts:
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified
2023-04-27 13:36:54 +02:00
Hynek Mlnarik
386c58c78b Use proper @Type annotation for JSON type
Fixes: #16335
---
Quarkus3 branch sync no. 11 (24.3.2023)
Resolved conflicts:
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified
---
Quarkus3 branch sync no. 7 (27.2.2023)
Resolved conflicts:
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/client/entity/JpaClientEntity.java - Modified
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/clientScope/entity/JpaClientScopeEntity.java - Modified
2023-04-27 13:36:54 +02:00
Peter Zaoral
4ff2de7f46 Quarkus3 branch sync
18.1.2023:
* applied Quarkus 3 OpenRewrite recipe
* fixed the parts that were missed by the script

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-04-27 13:36:54 +02:00
Alexander Schwartz
9d217d66a0 Align code with H6 DefaultAutoFlushEventListener
This is taken from Version 6.1.6

Closes #16334
2023-04-27 13:36:54 +02:00
Alexander Schwartz
137a2bf0e9 Remove functionality not supported in Hibernate 6
Closes #16330
2023-04-27 13:36:54 +02:00
Martin Bartoš
124591ce1a Adapters can still use Java EE
- Provided all JavaEE dependencies for adapters
- Automatically build Undertow Jakarta EE for testsuite (missing SAML)
---
Quarkus3 branch sync no. 11 (24.3.2023)
Resolved conflicts:
keycloak/adapters/oidc/spring-security/pom.xml - Modified
---
Quarkus3 branch sync no. 7 (27.2.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/pom.xml - Modified
---
Quarkus3 branch sync no. 1 (18.1.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/pom.xml - Modified
2023-04-27 13:36:54 +02:00
Stefan Guilhen
3111ef0085 Map Storage JPA fixes
---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified
---
Quarkus3 branch sync no. 3 (27.1.2023)
Resolved conflicts:
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified
2023-04-27 13:36:54 +02:00
Stefan Guilhen
384d7c17f7 - Fix issues in legacy store
- Testsuite (switch undertow-embedded.version)
2023-04-27 13:36:54 +02:00
Martin Bartoš
cecd059af2 WiP - Resolve failure with JakartaEE Tx and Infinispan/HotRod
---
Quarkus3 branch sync #1 (18.1.2023)
Resolved conflicts:
keycloak/quarkus/runtime/pom.xml - Modified
keycloak/quarkus/pom.xml - Modified
keycloak/quarkus/deployment/pom.xml - Modified
2023-04-27 13:36:54 +02:00
Stefan Guilhen
e505021681 Model upgrade Hibernate/JPA
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/pom.xml - Modified
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified
---
Quarkus3 branch sync no. 11 (24.3.2023)
Resolved conflicts:
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified
---
Quarkus3 branch sync no. 7 (27.2.2023)
Resolved conflicts:
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/client/entity/JpaClientEntity.java - Modified
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/clientScope/entity/JpaClientScopeEntity.java - Modified
keycloak/pom.xml - Modified
---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaMapStorageProviderFactory.java - Modified
---
Quarkus3 branch sync no. 1 (18.1.2023)
Resolved conflicts:
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/hibernate/dialect/JsonbPostgreSQL95Dialect.java - Modified
2023-04-27 13:36:54 +02:00
Martin Bartoš
7cff857238 Migrate packages from javax.* to jakarta.*
---
Quarkus3 branch sync no. 14 (24.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/ComponentExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/DeclarativeUserTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java - Modified
keycloak/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java	- Modified
---
Quarkus3 branch sync no. 13 (11.4.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountTotpPage.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BackwardsCompatibilityUserStorageTest.java - Modified
---
Quarkus3 branch sync no. 12 (31.3.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/services/resources/QuarkusWelcomeResource.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/profile/util/Soap.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/UserInfoClientUtil.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/sessionlimits/UserSessionLimitsTest.java - Modified
---
Quarkus3 branch sync no. 10 (17.3.2023)
Resolved conflicts:
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocolUtils.java -	Modified
---
Quarkus3 branch sync no. 9 (10.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java - Modified
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java - Modified
---
Quarkus3 branch sync no. 8 (3.3.2023)
Resolved conflicts:
keycloak/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClient.java	Modified - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java - Modified
keycloak/examples/providers/authenticator/src/main/java/org/keycloak/examples/authenticator/SecretQuestionAuthenticator.java - Modified
---
Quarkus3 branch sync no. 6 (17.2.2023)
Resolved conflicts:
keycloak/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ComponentsResource.java - Modified
keycloak/testsuite/utils/src/main/java/org/keycloak/testsuite/KeycloakServer.java - Modified
keycloak/services/src/main/java/org/keycloak/protocol/saml/installation/SamlSPDescriptorClientInstallation.java - Modified
---
Quarkus3 branch sync no. 5 (10.2.2023)
Resolved conflicts:
/keycloak/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java	Modified - Modified
keycloak/services/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java - Modified
---
Quarkus3 branch sync no. 4 (3.2.2023)
Resolved conflicts:
keycloak/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/integration/jaxrs/QuarkusKeycloakApplication.java - Modified
---
Quarkus3 branch sync no. 1 (18.1.2023)
Resolved conflicts:
keycloak/testsuite/client/ClientPoliciesTest.java - Deleted
keycloak/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java - Modified
keycloak/model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/JpaModelCriteriaBuilder.java - Modified
2023-04-27 13:36:54 +02:00
Alexander Schwartz
7562f8ec6e Rewrite changelog SQL to make it work on Oracle
Closes #19841
2023-04-24 13:30:16 +02:00
Hynek Mlnarik
68b3c87666 Support for realm-less entities in providers (login failures)
Closes: #19818
2023-04-20 21:19:41 +02:00
rmartinc
5a3b8ee577 Avoid adding post.logout.redirect.uris if already defined as client attributes
Closes https://github.com/keycloak/keycloak/issues/16992
2023-04-19 10:48:17 +02:00
Alexander Schwartz
8f4c721a7d Fix half-initialized EMF for JPA Map Storage
Closes #19741
2023-04-17 09:58:54 +02:00
mposolda
1cbdf4d17e Fix the issue with LDAP connectionUrl containing multiple hosts
Closes #17359
2023-04-16 17:41:22 +02:00
Michal Hajas
b730d861e7
Refactor map storage transaction initialization
* Refactor transaction to be enlisted in MapStorageProvider instead of area provider

* Make KeycloakTransaction methods optional for MapKeycloakTransaction

* Remove MapStorage interface that contained only createTransaction method

* Rename *MapStorage to *CrudOperations

* Adjust File store to new structure

* Rename MapKeycloakTransaction to MapStorage

* Rename getEnlistedTransaction to getMapStorage in AbstractMapProviderFactory

* Rename variables tx and transaction to store

* Add createMapStorageIfAbsent to JpaMapStorageProvider

* Update JavaDoc

Co-authored-by:  Hynek Mlnarik <hmlnarik@redhat.com>
2023-04-12 11:21:14 +02:00
Martin Kanis
37af5fbffe Introduce optimistic locking for HotRod storage
Closes #15402
2023-04-11 09:33:01 +02:00
Stefan Guilhen
ad3b264088 Introduce last modified time validation
- Also fixes commit/rollback logic to prevent deletion of wrong files on rollback

Closes #17491
Closes #17660
2023-04-06 14:50:46 +02:00
mposolda
554818f422 Rename jpa-changelog-22.0.0.xml
closes #19527
2023-04-04 19:21:14 +02:00
mposolda
4d8d6f8cd8 Preserve authentication flow IDs after import
closes #9564
2023-04-03 16:01:52 +02:00
vramik
5aafc99673 Remove em.refresh(realm) call during realm removal in JpaRealmProvider
Closes #19430
2023-04-03 09:27:13 +02:00
Alexander Schwartz
9affc262bd Consistent handling of enums in the database schema
Closes #19404
2023-03-30 12:14:43 +02:00
Michal Hajas
e49dfe534e Fix missing migration when reading TERMS_AND_CONDITIONS required action in legacy store
Closes #17277
2023-03-29 16:43:01 +02:00
Michal Hajas
2a5b5c4a40 Fix stale client session is present in user session
Closes #17570
2023-03-28 08:32:31 +02:00
Michal Hajas
637c47ac0e Fix NoActionHotRodTransactionWrapper using default exists implementation
Closes #19196
2023-03-28 08:29:50 +02:00
Alexander Schwartz
251f6151e8 Rework the Import SPI to be configurable via the Config API
Also rework the export/import CLI for Quarkus, so that runtime options are available.

Closes #17663
2023-03-24 15:28:55 -03:00
Pedro Hos
bd0a23a865 /users/count endpoint with search field has different behavior than /users query endpoint #17620
closes #17620
2023-03-24 13:43:47 +01:00
Michal Hajas
6d2177f2c8
Remove clientRole flag from HotRodRoleEntity (#17655)
Closes #17086
2023-03-21 09:31:54 +01:00
Alexander Schwartz
513bb809f3 Add a map storage global locking implementation for JPA
Closes #14734
2023-03-21 08:21:11 +01:00
Martin Kanis
5e7793b64d Unexpected invalid_grant error on offline session refresh when client session is not in the cache
Closes #9959

Co-authored-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: Lex Cao <lexcao@foxmail.com>
2023-03-15 12:39:43 +01:00
Michal Hajas
9c2511e205 Store index data in memory instead of persistent store to make it consistent with cached data
Closes #15653
2023-03-13 14:27:41 +01:00
Michal Hajas
837c64de3d Add support for pessimistic locking to HotRod
Closes #13273
2023-03-07 10:44:31 +01:00
Alexander Schwartz
f6f179eaca Rework the export to use CLI options and property mappers
Also, adding the wiring to support Model tests for the export.

Closes #13613
2023-03-07 08:22:12 +01:00
Michal Hajas
465019bec4 Extract attachDevice outside of storage layer
Closes #17336
2023-03-03 17:58:34 +01:00
Jon Koops
972ebb9650
Use a valid SemVer format for the SNAPSHOT version (#17334)
* Use a valid SemVer format for the SNAPSHOT version

* Update pom.xml

* Update pom.xml

---------

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2023-03-03 11:11:44 +01:00
vramik
d923aa5d5d Entity version is not updated when the entity is root entity
Closes #17339
2023-03-02 15:21:43 +01:00
Thomas Darimont
16efddc908
Fix NPE in MigrateTo21_0_0 when admin theme is not set explicitly (#17249)
Only update admin-console theme to keycloak.v2 if it is explicitly set to "keycloak" or "rh-sso".

Fixes #17248

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2023-02-23 15:37:59 +00:00
Hynek Mlnarik
7d136c5cca Generate map-like collection accessors
Along the way fixes also problem with field delegates which
applied manually-crafted methods like `MapUserEntity.removeCredential(id)`
to the delegate itself rather than to the underlying object.

Co-authored-By: Michal Hajas <mhajas@redhat.com>

Closes: #17223
2023-02-22 17:26:31 +01:00
Hynek Mlnarik
878debd2ab Forbid changing ID
Closes: #16881
2023-02-22 17:19:22 +01:00
Michal Hajas
1c79a5666d Deprecate RoleModel.SearchableFields.IS_CLIENT_ROLE field
Closes #17144
2023-02-16 20:50:46 +01:00
rmartinc
9995a3cdd4 lastSync value into COMPONENT_CONFIG is always updated
Closes https://github.com/keycloak/keycloak/issues/17022
2023-02-16 17:48:49 +01:00
Alexander Schwartz
febe134d5b Make the event listeners specific to the persistence unit
Closes #13219
2023-02-16 11:08:15 +01:00
Hynek Mlnarik
d768e75be7 Fix clientRole warning
Fixes: #16857
2023-02-15 10:59:52 +01:00
Michal Hajas
1f929c78af Make lockTimeout more friendly for JPA map storage
Closes #16616
2023-02-15 10:38:18 +01:00
Hynek Mlnarik
bb0eb899a7 Add ability to run arq testsuite with file store
Fixes: #17032
2023-02-15 10:17:23 +01:00
Hynek Mlnarik
2665fb01a6 File storage: Fix path traversal
Fixes: #17029
2023-02-14 14:30:14 +01:00
Michal Hajas
6fa62e47db Leverage HotRod client provided transaction
Closes #13280
2023-02-08 10:26:30 +01:00
Stian Thorgersen
d3ba2ecbed
Remove old admin console theme (#16864)
Closes #16862
2023-02-08 09:22:39 +01:00
Hynek Mlnařík
f71ab092de
File store basis
Fixes: #16676

---

* Enhance DefaultModelCriteria
* Fix collection
* Fix delete in CHMKeycloakTransaction
* Add HasRealmId interface
* Fix EntityFieldDelegate
* Support for realm-less entities in providers
* Support for realm-less entities in providers (events)
* File store basis
* Add support for writing
* Support running KeycloakServer with file store
* Add support for file store in model testsuite

---------

Co-authored-by: vramik <vramik@redhat.com>
2023-02-07 14:59:23 +01:00
Martin Kanis
5ba004b447 Leverage Infinispan lifespan for ExpirableEntities in HotRod storage 2023-02-07 10:01:32 +01:00
Alexander Schwartz
48aae83891 Close prepared statement used to set the lock timeout
Closes #16801
2023-02-06 17:30:58 +01:00
Martin Kanis
a912558d29 Add MapKeycloakTransaction.exists methods 2023-01-31 17:21:40 +01:00
Klaus Betz
20a7a5acdb fix: consider identity provider models from third-party packages 2023-01-31 06:05:02 -08:00
Alexander Schwartz
c6aba2e3de Make LockAcquiringTimeoutException a RuntimeException
Closes #16690
2023-01-31 08:21:32 +01:00
Alexander Schwartz
7933f0489d Align startup of Quarkus with the regular startup to ensure boostrap locks are created.
Also fixing an issue where DBLockGlobalLockProviderFactory held on to an old session, which lead to a closed DB connection on Quarkus.

Closes #16642
2023-01-30 12:59:40 +01:00
Michal Hajas
eb59fdb772 Add transaction tests to model tests
Closes: #15890
2023-01-26 12:55:22 +01:00
Alexander Schwartz
e9e6b73bd2 Avoid using Hibernate APIs to cache query results as the API changes in Hibernate 6
Closes #16332
2023-01-18 14:42:42 +01:00
Hynek Mlnarik
3119566407 Prevent endless loop in case of split-brain
Fixes: #16427
2023-01-13 16:23:18 +01:00
vramik
f11bef3e7f EntityField mapPut and collectionAdd default methods doesn't insert an element when get(e) returns null
Closes #16317
2023-01-09 15:52:58 +01:00
Pedro Igor
522bf1c0b0 Keep consistency when importing realms at startup when they are exported via the export command
Closes #16281

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2023-01-06 18:53:01 +01:00
Hynek Mlnarik
7708e2cc5c Fix putAll issues
Closes: #16287
2023-01-06 12:01:19 +01:00
Michal Hajas
6566b58be1 Introduce Infinispan GlobalLock implementation
Closes #14721
2023-01-05 16:58:44 +01:00
Hynek Mlnarik
071fc03f41 Move transaction processing into session close
Fixes: #15223
2023-01-05 16:12:32 +01:00
vramik
f7ad00270e Unique constraints should use attribute value hash instead of the value itself
Closes #15699
Closes #15507
2023-01-05 13:38:06 +01:00
vramik
380df3bedf Field generator: getCollectionElementClass method not generated when no addElement method is present in interface
Closes #16255
2023-01-04 17:12:59 +01:00
Pedro Igor
fb554c09db Incrementally cache consents on a per client basis
Closes #16224
2023-01-03 14:28:41 -08:00
Martin Kanis
5aae3842c4 Upgrade to Infinispan 14.0.4.Final 2022-12-22 10:09:05 +01:00
Martin Kanis
c0e103dc95 Replace old HotRod index annotation with new one 2022-12-21 12:50:08 +01:00
vramik
44715fe397 Generate getMapKeyClass and getMapValueClass methods for map fields
Closes #16053
2022-12-20 19:57:00 +01:00
Michal Hajas
c79d29e68c Move HotRod profile to the same pom as other map profiles and introduce map-storage-chm profile
Closes #16046
2022-12-20 17:51:40 +01:00
Alexander Schwartz
6d0e112bf1 Ensure lock table has its primary key created, and re-enable the DBLockTest
Closes #15487
2022-12-20 08:50:14 +01:00
Stefan Guilhen
d6a4acceda Exclude commons-text from liquibase-core dependency
Closes #15915
2022-12-12 10:38:54 -03:00
Alexander Schwartz
e4804de9e3 Changing Quarkus transaction handling for JPA map storage to JTA
This has been recommended as the supported way of transaction handling by the Quarkus team.
Adding handling of exceptions thrown when committing JTA.
Re-adding handling of exceptions when interacting with the entity manager, plus wrapping access to queries to map exceptions during auto-flushing.

Closes #13222
2022-12-09 10:07:05 -03:00
Peter Zaoral
1073a342cf Cleanup dependencies and align with Quarkus
* aligned parent POM dependency versions with the Quarkus BOM

Closes #15325

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2022-12-09 09:10:30 -03:00
Hynek Mlnařík
208affe000 Update generator to record the entity to fields mapping
Fixes: #15677
2022-12-08 15:40:28 +01:00
Hynek Mlnarik
901c85f6c0 Camel case field names
Fixes: #15846
2022-12-08 15:40:28 +01:00
Michal Hajas
de7dd77aeb Change id of TermsAndConditions required actions to uppercase
Closes #9991
2022-12-07 10:51:37 -03:00
Pedro Igor
168734b817 Removing references to request and response from Resteasy
Closes #15374
2022-12-01 08:38:24 -03:00
Stefan Guilhen
55b2162421 Create map-file module with empty implementations
Closes #15706
2022-11-29 12:58:55 +01:00
Alexander Schwartz
4a91c07488 Use LOB handling query to select clients on Oracle
Closes #15639
2022-11-24 11:47:51 +01:00
Alexander Schwartz
fd152e8a3e Modify RealmAdminResource.partialImport to work with InputStream
Rework existing PartialImportManager to not interfere with transaction handling, and bundle everything related to AdminEventBuild and JAX-RS Repsonses inside the Resource.

Closes #13611
2022-11-24 11:45:11 +01:00
Alexander Schwartz
b019172813 Fix query to work on OracleDB CLOB
Closes #15528
2022-11-23 13:49:01 +01:00
Martin Kanis
08061afbd4
Replace operation set wrong lifespan in remote infinispan database and leads to session eviction (#15619)
Closes #10755
2022-11-23 12:03:50 +01:00
Martin Kanis
8478b01758 Stop reindexing indexes on new version 2022-11-23 10:57:28 +01:00
danielFesenmeyer
18381ecd2e Fix update of group mappers on certain changes of the group path
The group reference in the mapper was not updated in the following cases:
- group rename: when an ancestor group was renamed
- (only for JpaRealmProvider, NOT for MapRealmProvider/MapGroupProvider) group move: when a group was converted from subgroup to top-level or when a subgroup's parent was changed

Closes #15614
2022-11-23 10:12:34 +01:00
Martin Kanis
9025ec16f0 Remove workaround in HotRodUtils#paginateQuery 2022-11-23 09:01:15 +01:00
Pedro Igor
6f7c62fc73 Remove unnecessary endpoints from our JAX-RS entensions
Closes #15525
2022-11-16 16:25:33 +01:00
Michal Hajas
6d683824a4 Deprecate DBLockProvider and replace it with new GlobalLockProvider
Closes #9388
2022-11-16 16:13:25 +01:00
Martin Kanis
5e891951f5 Update Infinispan version to 14.0.2.Final 2022-11-16 14:56:45 +01:00
Stefan Guilhen
36ebf9dd46 Add missing parameter to the JpaRootAuthenticationSessionEntity constructor.
Closes #15093
2022-11-16 13:45:39 +01:00
Stefan Guilhen
bc014d3e69 Upgrade Liquibase to version 4.16.1
* aligns with version used in quarkus

Closes #15089
2022-11-16 13:14:23 +01:00
Alexander Schwartz
b6b6d01a8a Importing a representation by first creating the defaults, importing a representation and then copying it over to the real store.
This is the foundation for a setup that's needed when importing the new file store for which importing the representation serves as a placeholder.

Closes #14583
2022-11-16 09:56:13 +01:00
Hynek Mlnarik
556146f961 Fix performance issues with many offline sessions
Fixes: #13340
2022-11-15 13:05:45 +01:00
Michal Hajas
9944a594eb Use DELETE statement instead of deleting one by one for HotRod store
Closes #9420
2022-11-11 13:51:03 +01:00
Stefan Guilhen
02a69561b5 Use JSONB '->>' function to avoid unnecessary JSON conversion in criteria builders.
Closes #12280
2022-11-09 13:47:13 +01:00
Jia Chen
c3d53ae6e0 Returns an empty groups stream without querying the database if a user doesn't belong to any groups
Closes #12567
2022-11-09 13:07:42 +01:00
Michal Hajas
d9dcb6c60a Fix Infinispan adapter not checking updated value in getAttribute methods
Closes #12819
2022-11-07 20:44:43 +01:00
danielFesenmeyer
ec30c52a00 Fix paging on the "Users in role" endpoint, when JPA persistence is used
- add order-by-clause to the corresponding JPA query (ordering by username ASC)
- adjust admin-client RoleResource to return a List instead of a Set, by introducing new methods #getUserMembers (instead of #getRoleUserMembers - the "Role" prefix is not needed, because it is clear from the resource name that it's about roles)
- adjust tests to use the new method and check that the expected order is returned

Closes #14772
2022-11-07 20:44:06 +01:00
Marek Posolda
f616495b05
Fixing UserFederationLdapConnectionTest,LDAPUserLoginTest to work with FIPS (#15299)
closes #14965
2022-11-03 16:35:57 +01:00
Marek Posolda
2ba5ca3c5f
Support for multiple keys with same kid, which differ just by algorithm in the JWKS (#15114)
Closes #14794
2022-11-03 09:32:45 +01:00
Alexander Schwartz
9f95b6ec63 Remove unnecessary lookup of an entity via the session
Closes #11744
2022-11-02 10:27:14 +01:00
Alexander Schwartz
dd5a60c321 Allow a partial import to overwrite the default role
Closes #9891
2022-11-01 15:35:02 -03:00
Lex Cao
43a3677cc7 Fix slow deletion on deleteClientSessionsByRealm and deleteClientSessionsByUser when using mysql and mariadb by converting sub-query to join 2022-10-27 10:37:15 +02:00
Alexander Schwartz
9fb9780f02 Don't rely on DefaultModeLCriteria in equals/hashCode
Instead, map this to JPA query and then create the cache lookup key from there.

Closes #14938
2022-10-26 15:49:26 +02:00
Alexander Schwartz
e494649a4e First naïve per-session caching for JPA map store
Closes #14938
2022-10-26 15:49:26 +02:00
Michal Hajas
883e83e625 Remove deprecated methods from data providers and models
Closes #14720
2022-10-25 09:01:33 +02:00
Alexander Schwartz
3a30061c44 Avoid deadlock on CockroachDB when removing authentication sessions
Closes #14991
2022-10-24 20:42:31 +02:00
vramik
791c457c32 Add possibility to limit field length in legacy event store
Closes #14888
2022-10-21 15:16:26 +02:00
Stian Thorgersen
97ae90de88
Remove Red Hat Single Sign-On product profile from upstream (#14697)
* Remove Red Hat Single Sign-On product profile from upstream

Closes #14916

* review suggestions: Remove Red Hat Single Sign-On product profile from upstream

Closes #14916

Co-authored-by: Peter Skopek <pskopek@redhat.com>
2022-10-18 14:43:04 +02:00
vramik
fa947a41ea Revisit unique constraints in jpa user store
Closes #14797
2022-10-17 08:56:45 +02:00
Alexander Schwartz
97c4495c4f Updating H2 database to 2.x
Closes #12607

Co-authored-by: Stian Thorgersen <stian@redhat.com>
2022-10-14 11:52:34 +02:00
vramik
f49582cf63 MapUserProvider in KC20 needs to store username compatible with KC19 to be no-downtime-upgradable
Closes #14678
2022-10-14 09:32:38 +02:00
danielFesenmeyer
f80a8fbed0 Avoid login failures in case of non-existing group or role references and update references in case of renaming or moving
- no longer throw an exception, when a role or group cannot be found, log a warning instead
- update mapper references in case of the following events:
   - moving a group
   - renaming a group
   - renaming a role
   - renaming a client's Client ID (may affect role qualifiers)
- in case a role or group is removed, the reference still will not be changed
- extend and refactor integration tests in order to check the new behavior

Closes #11236
2022-10-13 13:23:29 +02:00
Martin Kanis
761929d174
Merge ActionTokenStoreProvider and SingleUseObjectProvider (#13677)
Closes #13334
2022-10-13 09:26:44 +02:00
Alexander Schwartz
b67ce73227 Cleanup MapUserSessionAdapter.getAuthenticatedClientSessions()
Closes #14743
2022-10-10 13:01:14 +02:00
Takashi Norimatsu
c60a34ac06 Keycloak 19 cannot register post logout redirect URIs whose length in total is over 4000
Closes #14013
2022-10-06 20:05:03 +02:00
vramik
a62e98f966 MapUserProvider should throw an exception for more than one user
Closes #14672
2022-10-06 13:11:57 +02:00
Hynek Mlnarik
36a1ce6a1a Ensure map storage providers are closed upon session close
Fixes: #14730
2022-10-05 14:16:19 +02:00
vramik
e5408884f6 Revisit parent-child relationship in jpa map store
Closes #14278
2022-10-05 09:42:34 +02:00
Marek Posolda
fb24c86a3b
offline token issuance can cause violation of PRIMARY KEY constraint CONSTRAINT_OFFL_CL_SES_PK3 (#14658)
closes #13706
2022-10-03 12:54:12 +02:00
Alice Wood
1eb7e95b97 enhance existing group search functionality allow exact name search keycloak/keycloak#13973
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
2022-09-30 10:37:52 +02:00
Alexander Schwartz
be2deb0517 Modify RealmsAdminResource.importRealm to work with InputStream
Closes #13609
2022-09-26 20:58:08 +02:00
Alice Wood
55a660f50b enhance group search to allow searching for groups via attribute keycloak/keycloak#12964
Co-authored-by: Abhijeet Gandhewar <agandhew@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2022-09-19 15:19:36 +02:00
vramik
4f4dbd622a Ensure entity version is indexed
Closes #14161
2022-09-15 08:39:29 -03:00
danielFesenmeyer
3af1134975 Update IDP link username when sync mode is "force"
Closes #13049
2022-09-14 08:02:17 -03:00
Pedro Igor
aea6d7da27 Avoid updating offline session refresh time during creation
Closes #14384
2022-09-14 07:36:23 -03:00
Alexander Schwartz
621da7b803 Credential validation shouldn't invalidate the user in the cache
Instead create a new instance of LegacyUserCredentialManager to ensure all calls are routed via the CacheAdapter and its SubjectCredentialManagerCacheAdapter.

Closes #14309
2022-09-13 09:36:19 -03:00
vramik
3120848ef0 Unify package name format in jpa map store
Closes #14276
2022-09-12 13:03:17 +02:00
Sebastian Schuster
cc8567e9f4 14294 fixed admin event expiration sql error 2022-09-12 09:15:47 +02:00
Christoph Leistert
7e5b45f999 Issue #8749: Add an option to control the order of the event query and admin event query 2022-09-11 21:30:12 +02:00
Alexander Schwartz
1d2d3e5ca5 Move UserFederatedStorageProvider into legacy module
Closes #13627
2022-09-11 18:37:45 +02:00
Martin Bartoš
0fcf5d3936 Reuse of token in TOTP is possible
Fixes #13607
2022-09-09 08:56:02 -03:00
vramik
869ccc82b2 Enable MapUserProvider storing username with the letter case significance
Closes #10245
Closes #11602
2022-09-09 11:46:11 +02:00
vramik
fb33cbc2bd Set correct entity version when adding a child entity with its own entity versioning
Closes #14273
2022-09-09 09:43:44 +02:00
cgeorgilakis
07b0df8f62
View groups from account console (#7933)
Closes #8748
2022-09-07 11:25:31 +02:00
Christoph Leistert
cc2bb96abc Fixes #9482: A user could be assigned to a parent group if he is already assigned to a subgroup. 2022-09-06 21:31:31 +02:00
Thomas Peter
19d69169b1 introduce expiration option for admin events 2022-09-06 16:05:53 +02:00
Michal Hajas
f69497eb28 KEYCLOAK-12988 Deprecate getUsers* methods in favor of searchUsers* variants
Closes #14018
2022-09-06 10:38:28 +02:00
Martin Bartoš
e6a5f9c124 Default required action providers are still available after feature disabling
Closes #13189
2022-08-31 08:42:47 +02:00
Alexander Schwartz
27ecf7f00f Use session level cache and avoid resolving by ID too often
Closes #12381
2022-08-30 16:42:49 +02:00
Alexander Schwartz
bb6b5abfa1 Remove Infinispan workarounds after upgrading to 13.x
Closes #13962
2022-08-30 07:32:19 -03:00
Tero Saarni
4f199c7245 Fix compilation errors with Eclipse Java compiler 2022-08-29 19:33:12 +02:00
Pedro Igor
2cc4b54404
Do not cache policies if they no longer exist (#12797)
Closes #12657

Co-authored-by: Michal Hajas <mhajas@redhat.com>

Co-authored-by: Michal Hajas <mhajas@redhat.com>
2022-08-25 13:52:30 +02:00
Michal Hajas
05b9e6d59e
Upgrade Infinispan to 13.0.10.Final (#13910)
Closes #12306
2022-08-25 13:09:34 +02:00
Arnaud Martin
af0d97e534 Delete broker links for federated users when an identity provider is deleted
Closes #13731
2022-08-25 08:24:09 +02:00
mposolda
254483bc5d Use separate transactions for each bulk update of offline sessions in PersisterLastSessionRefreshStore to avoid deadlocks
closes #13684
2022-08-23 13:52:11 +02:00
David Anderson
ce1331f550
Remove bouncycastle dependency from keycloak-services (#13489)
Closes #12857


Co-authored-by: mposolda <mposolda@gmail.com>
2022-08-22 15:43:59 +02:00
Alexander Schwartz
bd926b8fd0 Remove warning from StoragePropertyMappers about the deployment state version seed
It duplicates the logic in the provider and is incomplete. A follow-up issue will investigate how a provider can defer a configuration option.

Closes #13807
2022-08-17 13:55:05 -03:00
Alexander Schwartz
801b20e037 Fix running clusteraware scheduled tasks in Wildfly after legacy migration
As the parent class is in another module, the protected field "task" is not accessible from the lambda.

Closes #13396
2022-08-17 13:54:34 -03:00
Sebastian Schuster
1445646e77 Fixed n+1 query retrieving user with brief user representation by allowing explicit eager caching of user attributese 2022-08-11 10:51:07 +02:00
Martin Kanis
57f2f4654a Add limit for authSessions per rootAuthSession in map storage 2022-08-10 12:56:37 +02:00
Michal Hajas
ec808d28bb Remove possibility to start embedded HotRod server in hotrod-map module
Closes #13247
2022-08-05 21:08:38 +02:00
Alexander Schwartz
8470a30446 Introduce CLI parameter to set the deployment state version seed
Closes #12710
2022-07-27 20:10:17 +02:00
Michal Hajas
8ed9ce29d1 Enable near-caching for HotRod store
Closes #13303
2022-07-27 14:09:48 +02:00
Michal Hajas
3589778a10 Add possibility to configure HotRod storage in Quarkus distribution
Closes #12617
2022-07-26 14:13:39 +02:00
Michal Hajas
eb1f31e9dd Optimize user-client session relationship for HotRod storage
Closes #12818
2022-07-26 09:00:13 +02:00
Douglas Palmer
c00514d659
Support for post_logout_redirect_uris in OIDC client registration (#12282)
Closes #10135
2022-07-25 10:57:52 +02:00
Alexander Schwartz
a14501dd77 Remove concurrently removed elements from the result
Closes #13245
2022-07-22 08:25:15 +02:00
Alexander Schwartz
cb81a17611 Disable Infinispan for map storage and avoid the component factory when creating a realm independent provider factory
Provide startup time in UserSessionProvider independent of Infinispan,
cleanup code that is not necessary for the map storage as it isn't using Clustering.
Move classes to the legacy module.

Closes #12972
2022-07-22 08:20:00 +02:00
Pedro Igor
98ac3829d6 Remove KeycloakIntegratorProvider
Closes #13233
2022-07-21 09:05:59 -03:00
Stefan Guilhen
e9c55f45e5 Enable action token JPA provider in map-storage-jpa profile
Closes #13139
2022-07-20 16:30:20 -03:00
Alexander Schwartz
4d19099c66 Workarounds to make Listeners and non-autocommit work on Quarkus
Closes #13200
2022-07-20 12:06:06 +02:00
Alexander Schwartz
d30646b1f6 Refactor object locking for UserSessions
Closes #12717
2022-07-19 17:47:33 -03:00
Martin Kanis
c8a6846ee0 Remove offline sessions when deleting a realm 2022-07-19 16:40:22 +02:00
Alexander Schwartz
f490638971 Fall back to standard Liquibase locking
As DBLockProvider is "none" for the Map storage providers, there is no locking provided by DB Lock
provider.

Liquibase's classic lock provider has issues that need to be tackled in a follow-up issue, see https://github.com/liquibase/liquibase/issues/1311

Closes #13130
2022-07-19 10:45:31 +02:00
Alexander Schwartz
247cf0d09a Assure that a second thread waits for the first thread to process the database changes
Closes #13130
2022-07-19 10:45:31 +02:00
Alexander Schwartz
b959e5c32a Prevent logging changeset on the console for Quarkus
Closes #13126
2022-07-15 17:12:22 +02:00
Alexander Schwartz
30b41d02b4 Move non-map-storage related classes to new package
Closes #13081
2022-07-15 09:46:29 -03:00
Pedro Igor
f6a2b334d1
Integrate the JPA map store (#13097)
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2022-07-14 17:47:51 -03:00
Vlasta Ramik
ec853a6b83
JPA map storage: User / client session no-downtime store (#12241)
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>

Closes #9666
2022-07-14 12:07:02 -03:00
Alexander Schwartz
d4c97bd3a9
Choose alternatives for CockroachDB for referenced computed columns (#12991) 2022-07-13 15:31:21 -03:00
Pedro Igor
b80731decf
Remove any legacy provider from runtime when running the new store (#12963) 2022-07-13 07:30:14 -03:00
Michal Hajas
34d8629477
Convert ClientSessionIdleTimeout from seconds to milliseconds before … (#13048) 2022-07-13 07:29:52 -03:00
Pedro Igor
5b48d72730 Upgrade Resteasy v4
Closes #10916

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2022-07-11 12:17:51 -03:00
Michal Hajas
0f86427dd0 Make user->client sessions relationship consistent
Closes #12817
2022-07-11 08:42:28 -03:00
Michal Hajas
5f7f4ad850 Reflect SingleUseObject store objectKey changes to HotRod implementation
Closes #12480
2022-07-08 10:34:31 -03:00
Michal Hajas
cbb88ed75d Store enums as Integers in HotRod store
Closes #12502
2022-07-08 10:34:17 -03:00
Alexander Schwartz
29a501552e Disable the JpaUserFederatedStorageProvider when map storage is enabled
Closes #12895
2022-07-07 10:47:42 -03:00
Alexander Schwartz
d91a5eb99f Move methods from UserStorageUtil to LegacyRealmModel
It is better suited to take methods removed from RealmModel earlier.

Closes #12805
2022-07-07 09:57:17 -03:00
Stefan Guilhen
dc88dd5286
Users Map JPA implementation (#12871) 2022-07-05 11:19:31 -03:00
Alexander Schwartz
098d4dda0e
Split PublicKeyStorageProvider (#12897)
Split PublicKeyStorageProvider

- Extract clearCache() method to separate interface and move it to the legacy module
- Make PublicKeyProvider factories environment dependent
- Simple map storage for public keys that just delegates

Resolves #12763

Co-authored-by: Martin Kanis <mkanis@redhat.com>
2022-07-05 09:57:51 -03:00
Alexander Schwartz
63614b1240 Fixing broken build after merging conflicting PRs.
This was introduced via #9852 when #11844 was merged.

Closes #12898
2022-07-04 15:57:25 -03:00
Stefan Guilhen
007fa1f374 Single Use Objects Map JPA implementation
Closes #9852
2022-07-04 10:05:51 -03:00
Alexander Schwartz
4b20e90292 Move session persistence package to legacy-private module
Also, disabling the jpa session persister when map storage is enabled.

Closes #12712
2022-07-04 10:05:26 -03:00
Alexander Schwartz
9143d8bd0e Store composite roles within its own table for JPA Map storage.
This keeps the JSON column small, enables searching by child, and allows modification of the role's children without loading all children.

Closes #11844
2022-07-01 14:13:24 -03:00
Jon Koops
06d1b4faab Restore enum variant of ResourceType
This reverts commit 3b5a578934.
2022-06-30 12:20:51 -03:00
Tero Saarni
3170efd3ad Removed unused imports with double semicolons 2022-06-30 09:34:30 -03:00
Michal Hajas
9b889b44b4 Make HotRod schema no-downtime upgradable
- Split one schema into schema per area
- Check schema stored in the server and update it only when necessary

Closes #9113
2022-06-29 20:57:19 +02:00
Alexander Schwartz
a191d7eb3c Moving CachedObject to the legacy modules
Closes #12656
2022-06-29 20:04:32 +02:00
Alexander Schwartz
b581c203e3 Moving ClientScopeStorageProviderModel to the legacy modules
Closes #12656
2022-06-29 20:04:32 +02:00
Alexander Schwartz
ddeab744d0 Moving RoleStorageProviderModel to the legacy modules
Closes #12656
2022-06-29 20:04:32 +02:00
Alexander Schwartz
05f8f3038f Moving GroupStorageProviderModel to the legacy modules
Closes #12656
2022-06-29 20:04:32 +02:00
Alexander Schwartz
692ce0cd91 Moving ClientStorageProvider to the legacy modules
This prepares the move of CachedObject and CacheableStorageProviderModel

Closes #12531

fixup! Moving ClientStorageProvider to the legacy modules
2022-06-29 20:04:32 +02:00
Alexander Schwartz
05dcc188bb Move over caching related interfaces to the legacy module
Closes #12531
2022-06-29 20:04:32 +02:00
vramik
3b5a578934 Change enum ResourceType to interface with String constants
Closes #12485
2022-06-29 13:35:11 +02:00
vramik
91335ebaad Change returning type to Set in MapClientEntity when obtaining protocol mappers
Closes #11136
2022-06-28 21:47:56 +02:00
Alexander Schwartz
4b499c869c Encapsulate MigrationModelManager in legacy module
Closes #12214
2022-06-28 10:53:04 +02:00
Michal Hajas
e0efdcae22 Make sure HotRod store does not return empty delegate
Closes #12304
2022-06-27 15:10:18 +02:00
Pedro Igor
c972ec4383 Allow to conditionally bootstrap the default persistence unit
Closes #12662
2022-06-27 08:26:37 -03:00
vramik
c058983655 Enable optimistic locking feature on auth sessions
Closes #12242
2022-06-27 09:29:27 +02:00
Patrick Jennings
d048bf22fb Do not try to delete from related federated user tables when deleting a service account linked user. 2022-06-22 22:52:16 +02:00
Stefan Guilhen
cc65d5491d Filter out expired entities in JpaMapKeycloakTransaction
Closes #12623
2022-06-22 11:35:50 +02:00
Stefan Guilhen
7d96f3ad5a Events Map JPA implementation
Closes #9667
2022-06-21 13:53:48 +02:00
Alexander Schwartz
ae7c01b719 Moving the CacheRealmProvider interface to the legacy module 2022-06-21 08:53:06 +02:00
Alexander Schwartz
7855b93390 Moving the UserCache interface to the legacy module
Co-Authored-By: hmlnarik@redhat.com
2022-06-21 08:53:06 +02:00
Alexander Schwartz
896afc4644 rename SingleEntityCredentialManager to SubjectCredentialManager, part 2 2022-06-21 08:53:06 +02:00
Alexander Schwartz
cb0c881821 rename SingleEntityCredentialManager to SubjectCredentialManager 2022-06-21 08:53:06 +02:00
Alexander Schwartz
84d21f0230 for all added files in the PR, update the copyright header or add it if it was missing 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
f1ca325b6b Add map datastore provider 2022-06-21 08:53:06 +02:00
Alexander Schwartz
d41764b19b Inline deprecated methods in legacy code 2022-06-21 08:53:06 +02:00
Alexander Schwartz
08bbb1fb92 Move LDAP REST Endpoints to LDAP package
- Thus remove implicit dependency on services on the legacy modules
- Disable tests for LDAP/Kerberos that won't work when map storage is enabled
2022-06-21 08:53:06 +02:00
Alexander Schwartz
1bc6133e4e redirect calls to userLocalStorage from legacy modules (federation, ldap, sssd, kerberos) 2022-06-21 08:53:06 +02:00
Alexander Schwartz
a109e28be7 moving some functionality around imports 2022-06-21 08:53:06 +02:00
Alexander Schwartz
f89b8c356d Moving logic to create a user from a representation to the legacy module 2022-06-21 08:53:06 +02:00
Alexander Schwartz
a43321c720 Moving logic to create service accounts in local storage only to legacy module 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
e396d0daa1 Renaming SingleUserCredentialManager and UserModel.getUserCredentialManager():
- class SingleUserCredentialManager to SingleEntityCredentialManager
- method UserModel.getUserCredentialManager() to credentialManager()

Renaming of API without "get" prefix to make it consistent with other APIs like for example with KeycloakSession
2022-06-21 08:53:06 +02:00
Alexander Schwartz
14a369a8cc Added LegacySessionSupport SPI
While some methods around onCache() are still called from the legacy code, all other methods log a warning with a stacktrace.
2022-06-21 08:53:06 +02:00
Alexander Schwartz
6f287e7ded Avoid using methods on UserCredentialStoreManager 2022-06-21 08:53:06 +02:00
Alexander Schwartz
bc8fd21dc6 SingleUserCredentialManager moving in
- UserStorageManager now handles authentication for old Kerberos+LDAP style
- new getUserByCredential method in MapUserProvider would eventually do the same.
2022-06-21 08:53:06 +02:00
Alexander Schwartz
82094d113e Move User Storage SPI, introduce ExportImportManager 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
703e868a51 Preparation for moving User Storage SPI
- Introduction of new AdminRealmResource SPI
- Moving handler of /realm/{realm}/user-storage into model/legacy-service
- session.users() and userStorageManager() moved refers legacy module
  IMPORTANT: Broken as UserStorageSyncManager is not yet moved
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
36f76a37ad Move realms, clients, groups, roles, clientscopes into legacy module
- Introduces Datastore SPI for isolating data store methods
- Introduces implementation of the datastore for legacy storage
- Updates DefaultKeycloakSession to leverage Datastore SPI instead
  of direct creating of area providers by the session
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
247ff52187 Introduce legacy datastore module and update dependencies 2022-06-21 08:53:06 +02:00
Michal Hajas
0719d3e49b Remove EXPIRATION fields and add expired entities filtering to all queries automatically
Closes #12563
2022-06-20 21:45:32 +02:00
Michal Hajas
22f9b0fee3 Unify expiration handling for SingleUseObjects
Closes #12205
2022-06-20 21:45:32 +02:00
Michal Hajas
781183e551 Enable indexing for ResourceServerEntity
Closes #12533
2022-06-20 10:17:19 +02:00
vramik
1b3a76d0af Do not persist client sessions of transient user sessions
Closes #12357
2022-06-15 10:54:23 +02:00
vramik
df41f233d5 Introduce unique index for enums stored by storages
Closes #12277
2022-06-15 09:12:10 +02:00
Alexander Schwartz
361a813d81 Keep a list of model instances in the JPA map session.
This allows removing them from the persistence context on bulk delete.

Closes #12384
2022-06-09 12:39:04 -03:00
Martin Kanis
df72cf72f2 Hot Rod map storage: Single-use (action token) no-downtime store 2022-06-06 16:01:18 +02:00
rmartinc
5332a7d435 Issue #9194: Client authentication fails when using signed JWT, if the JWA signing algorithm is not RS256 2022-06-06 12:07:09 +02:00
vramik
c31d37ddf1 Each JpaRootEntity should have its own current schema version
Closes #12272
2022-06-02 17:16:34 +02:00
Michal Hajas
09c0a69a8f Add HotRod no downtime store for events
Closes #9676
2022-06-02 13:30:19 +02:00
Martin Kanis
75754eca6b Extract timestamp from Expirable entity 2022-06-01 13:03:31 +02:00
vramik
be28e866b9 JPA map storage: Authorization services no-downtime store
Closes #9669
2022-05-30 21:05:34 +02:00
Michal Hajas
9b36ea0269 Add cascade removal of client session on user session removal for HotRod
Closes #12096
2022-05-30 09:58:54 +02:00
Michal Hajas
1a98765fb7 Fix cascade removal of client session on user session removal for CHM
Closes #12146
2022-05-30 09:58:54 +02:00
Alexander Schwartz
063960aaa3 Deferred indexes are not available on CockroachDB, therefore, only use them on PostgreSQL
Closes #12176
2022-05-27 08:51:20 -03:00
Marek Posolda
eed944292b
Make script providers working on JDK 17 (#11322)
Closes #9945
2022-05-27 12:28:50 +02:00
Michal Hajas
bc59fad85b Unify way how expirable entities are handled in the new store
Closes #11947
2022-05-26 13:17:27 +02:00
Martin Kanis
0cb3c95ed5 Map storage: Single-use objects (action token) 2022-05-25 16:47:10 +02:00
Pedro Igor
26c87af9f4 Avoiding unnecessary roundtrips to the database when evaluating permissions
Closes #12148

Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
2022-05-25 12:23:15 +02:00
vramik
ad3da7f5e4 JPA map storage: disable failing on unknown properties when deserializing the object
Closes #12173
2022-05-25 09:31:40 +02:00
vramik
24171d2e47 Rename providers from jpa-map-storage to jpa
Closes #12098
2022-05-23 16:47:51 +02:00
vramik
0c3aa597f9 JPA map storage: test failures after cache was disabled
Closes #12118
2022-05-23 13:01:30 +02:00
Alexander Schwartz
d1a92680f5 Optimize querying sub-groups of groups
Closes #12080
2022-05-19 14:46:53 +02:00
Martin Kanis
0e9f2badff Make all fields in HotRod store optional 2022-05-18 20:50:47 +02:00
Alexander Schwartz
1a95a58893 Graceful handling if composite roles have been removed concurrently.
Closes #12003
2022-05-17 13:29:15 +02:00
Michal Hajas
0bda7e6038 Introduce map event store with CHM implementation
Closes #11189
2022-05-17 12:57:35 +02:00
vramik
e1eb9d6d64 Replace equals with == when comparing SearchableFields in Jpa*ModelCriteriaBuilder and Ldap*ModelCriteriaBuilder
Closes #11843
2022-05-16 21:51:38 +02:00
Michal Hajas
b86f205cda Make KeycloakServer runnable with external Infinispan server
Closes #12011
Closes #12014
2022-05-16 21:50:35 +02:00
Martin Kanis
0d6bbd437f
Merge single-use token providers into one
Fixes first part of: #11173

* Merge single-use token providers into one

* Remove PushedAuthzRequestStoreProvider

* Remove OAuth2DeviceTokenStoreProvider

* Delete SamlArtifactSessionMappingStoreProvider

* SingleUseTokenStoreProvider cleanup

* Addressing Michal's comments

* Add contains method

* Add revoked suffix

* Rename to SingleUseObjectProvider
2022-05-11 13:58:58 +02:00
Michal Hajas
d3b43a9f59 Make sure there is always Realm or ResourceServer when searching for authz entities
Closes #11817
2022-05-11 07:20:01 -03:00
Alexander Schwartz
bfab03b837 Throw an IllegalArgumentException once a ClassCastException occurs.
Closes #11775
2022-05-11 09:19:09 +02:00
Michal Hajas
6b5c417742 Add HotRod store for authorization services
Closes #9679
2022-05-06 15:31:38 +02:00
Martin Kanis
00ccc78360 Add index to entityVersion for all HotRod entities 2022-05-05 17:42:13 +02:00
Michal Hajas
fc974fc019 Update composite roles on child role removal
Closes #11769
2022-05-05 15:18:18 +02:00
Alexander Schwartz
e0d7ad1be5 Leverage the equal() method on the wrapped entity instead of creating a string.
Closes #11764
2022-05-03 13:29:12 +02:00
vramik
0d83b51b20 Enhance Map authz entities with REALM_ID (ResourceServer with CLIENT_ID) searchable field
Co-authored-by Michal Hajas <mhajas@redhat.com>

Closes #10883
2022-05-03 12:56:27 +02:00
Sven-Torben Janus
0efa4afd49 Evaluate composite roles for hardcoded LDAP roles/groups
Closes: 11771

see also KEYCLOAK-18308
2022-05-02 14:13:37 +02:00
Alexander Schwartz
cd20f45b8a Ensure that values of attributes are unique in the database
While this is already ensured on the Java level when using a Set, database inconsistencies as occurred with Hibernate could lead to follow-up problems that are hard to analyze (as seen in #11666).

Closes #11671
2022-04-28 12:04:05 +02:00
vramik
2ecf250e37 Deletion of all objects when realm is being removed
Closes #11076
2022-04-28 11:09:17 +02:00
vramik
5248815091 Disable infinispan realm and user cache for map storage tests
Closes #11213
2022-04-25 09:38:49 +02:00
Stefan Guilhen
0f147ccdc0 Enlist JPA transaction in JpaMapStorageProvider.getStorage
Closes #11230

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2022-04-23 08:19:33 +02:00
Hynek Mlnarik
0ce5dfc09c Remove dependency of map on services
Fixes: 8903
2022-04-22 17:27:21 +02:00
Alexander Schwartz
90155862f3 LdapMapStorageProvider to use a full inline class for MapStorage
Closes #11373
2022-04-22 17:25:33 +02:00
Stefan Guilhen
0c7a8c8684 Login Failures Map JPA implementation
Closes #9664
2022-04-22 10:47:04 +02:00
vramik
3d1118223b New Storage: Testsuite fails when JPA Map storage is enabled for groups
Closes #11369
2022-04-21 11:14:35 +02:00
Stefan Guilhen
f48d468641 Increase column size for keys that refer to entities that can be stored in different storages (foreign keys)
Closes #11329
2022-04-21 08:50:37 +02:00
Stefan Guilhen
b29b27d731 Ensure code does not rely on a particular format for the realm id or component id 2022-04-20 14:40:38 +02:00
Stefan Guilhen
ae90b232ff Realms Map JPA implementation
Closes #9661
2022-04-20 14:40:38 +02:00
Pedro Igor
c5e4dc8cec
Associated permissions should only add resource type permissions if the resource is an instance (#11220)
Closes #11148
2022-04-19 09:10:14 +02:00
Pedro Igor
52d205ca91
Allow exposing some initial provider config options via web site (#10572)
* Allow exposing some initial provider config options via web site

Co-authored-by: Stian Thorgersen <stian@redhat.com>

Closes #10571

* Include type to provider options, and hide build-icon column as it's not relevant

Co-authored-by: stianst <stianst@gmail.com>
2022-04-19 08:01:42 +02:00
Bruno Oliveira da Silva
f9d4566723 Replace the cryptographic algorithm by SHA-2
The static code scanning analysis detected the usage of MD5 as part of [
MapDeploymentStateProviderFactory](a6dd9dc0f1/model/map/src/main/java/org/keycloak/models/map/deploymentState/MapDeploymentStateProviderFactory.java (L58-L58)).

Even though we could not find any ways of exploiting the code, we should
avoid its usage considering that MD5 is not collision-resistant.

Resolves #11290
2022-04-18 07:10:04 -03:00
Martin Kanis
a2d7cd7a5c Hot Rod map storage: User / client session no-downtime store 2022-04-14 15:34:22 +02:00
msvechla
820ab52dce
Add support for filtering by enabled attribute on users count endpoint (#9842)
Resolves #10896
2022-04-13 13:57:22 -03:00
Alexander Schwartz
5c1a8d401d Store time as seconds as a long in map store
This avoids overflowing the value in 2038.

Closes #10960
2022-04-12 14:22:44 +02:00
Alexander Schwartz
a6dd9dc0f1 Avoiding AvlPartitionFactory and using JdbmPartitionFactory for the embedded LDAP to work around unstable tests.
Fix for #11171 didn't turn out to cover the root cause. Also improved transaction handling in LDAP Map storage.

Closes #11211
2022-04-12 09:12:21 +02:00
Michal Hajas
6e181a51d5 Add test-jar dependency only if maven.test.skip property is false
Closes #11192
2022-04-11 10:37:18 -03:00
Alexander Schwartz
5c810ad0e5 Avoid short-lived connections for ApacheDS to avoid messages around "ignoring the message MessageType UNBIND_REQUEST"
The comment in LdapRequestHandler.java in ApacheDS notes just before discarding an unbind request: "in some cases the session is becoming null though the client is sending the UnbindRequest before closing".

Also implementing a retry logic for all remaining errors regarding LDAP.

Closes #11171
2022-04-11 10:03:15 +02:00
Pedro Igor
834a276767 NPE when caching policies based on scopes without a resource
Closes #11180
2022-04-08 08:43:08 -03:00
Stefan Guilhen
d952669f69 Add clearUpdatedFlag so the flag in associated protocol mappers can be cleared as well
Closes #11118
2022-04-08 09:36:55 +02:00
Michal Hajas
1f2ebf4cba Add HotRod no downtime store for Realms
Closes #9670
2022-04-08 09:36:01 +02:00
Martin Kanis
3bb4081bd1 Convert user / client session entities into interface 2022-04-08 09:34:01 +02:00
Michal Hajas
f4f5928727 Add type to filters in MapResourceStore
Closes #11154
2022-04-07 15:10:20 -03:00
Joerg Matysiak
235f0f3963 Add index to admin events table to improve performance of admin event view
Closes #10625
2022-04-06 09:12:35 +02:00
Martin Kanis
395bd447f2 Hot Rod map storage: Login failure no-downtime store 2022-04-01 20:43:18 +02:00
vramik
8ff768b33b JPA map storage: Authentication session no-downtime store
Closes #9665
2022-03-30 13:43:35 +02:00
Martin Kanis
3356e8b098 Convert login failure entities into interface 2022-03-29 18:40:53 +02:00
Stefan Guilhen
d8bee26ec8 Implement AbstractClientEntity.isUpdated to account for changes in associated protocol mappers.
Closes #10927
2022-03-29 18:35:28 +02:00
Martin Kanis
e493b08fa7 Add expiration field to root authentication session 2022-03-23 07:47:47 +01:00
Michal Hajas
99c06d1102
Authorization services refactoring
Closes: #10447 

* Prepare logical layer to distinguish between ResourceServer id and client.id
* Reorder Authz methods: For entities outside of Authz we use RealmModel as first parameter for each method, to be consistent with this we move ResourceServer to the first place for each method in authz
* Prepare Logical (Models/Adapters) layer for returning other models instead of ids
* Replace resourceServerId with resourceServer model in PermissionTicketStore
* Replace resourceServerId with resourceServer model in PolicyStore
* Replace resourceServerId with resourceServer model in ScopeStore
* Replace resourceServerId with resourceServer model in ResourceStore
* Fix PermissionTicketStore bug
* Fix NPEs in caching layer
* Replace primitive int with Integer for pagination parameters
2022-03-22 20:49:40 +01:00
keycloak-bot
c71aa8b711
Set version to 999-SNAPSHOT (#10784) 2022-03-22 09:22:48 +01:00
Martin Kanis
0faf3987f6 Hot Rod map storage: Authentication session no-downtime store 2022-03-22 09:05:52 +01:00
Martin Kanis
2394855f48 Add merge tasks optimization to ConcurrentHashMapKeycloakTransaction.delete 2022-03-21 16:45:48 +01:00
Michal Hajas
c18a682f50 Do not store undefined values in store
Closes #10744
2022-03-17 16:44:33 +01:00
Bruno Oliveira da Silva
8aa394ca6b Update to Liquibase 4.8.0
Closes #10678

Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
2022-03-16 13:46:31 -03:00
Alexander Schwartz
8d1a47f768 adding missing log4j configuration to prevent errors in the log
Closes #10613
2022-03-14 10:12:49 -03:00
Pedro Igor
ad865e75c1 Change the flush mode to auto and fixing how entities are checked if they are loaded in the EM
Closes #10411
2022-03-11 12:21:52 -03:00
Martin Kanis
1a4d7c297a
Change authentication sessions map to set (#10596) 2022-03-10 08:45:24 +01:00
Alexander Schwartz
18f391d8c4 Fix spelling error in field and classname
It's always a converter, unless electricity is involved.

Closes #10573
2022-03-09 08:28:52 -03:00
Alexander Schwartz
3c3f003a38 LDAP Map storage support to support read/write for roles
Closes #9929
2022-03-08 12:03:10 +01:00
Michal Hajas
f77ce315bb Disable Authz caching for new storage tests
Closes #10500
2022-03-07 10:22:55 -03:00
Michael Parlee
722ce950bf Improve user search performance
Removes bulder.lower() from user search queries on email and username.

Closes #8893
2022-03-04 14:15:14 +01:00
Martin Kanis
6c64d465ea Convert authentication session entities into interface 2022-03-04 10:50:18 +01:00
Alexander Schwartz
ebfc24d6c1 Ensure that Infinispan shutdowns correctly at the end of the tests. Report any exceptions within another thread as a test failure.
Adding additional information like a thread dump when it doesn't shutdown as expected.

Closes #10016
2022-03-04 10:47:01 +01:00
giacomo.altiero
91d37b5686 Single offlineSession imported in Infinispan with correctly calculated lifespan and maxIdle parameters
Close #8776
2022-03-01 14:51:29 +01:00
Stefan Guilhen
af7a040d54 Ensure Liquibase validation is performed once per area
Closes #10132
2022-02-25 08:48:34 +01:00
Martin Kanis
6249e34177 Hot Rod map storage: Client scope no-downtime store 2022-02-24 13:30:27 +01:00
Michal Hajas
b4281468d0 Convert Map Realm Entities into interfaces
Closes #9736
2022-02-24 13:23:19 +01:00
Vlasta Ramik
aa6a131b73
Change String client.id to ClientModel client in ResourceServerStore
Closes #10442
2022-02-24 12:46:26 +01:00
Luca Graf
febb447919 KEYCLOAK-19297 Use real 'external' client object id to store AuthenticatedClientSession in UserSession object, so that the client session can be looked by the client object id in further requests. 2022-02-18 12:42:59 +01:00
vramik
589606b1c1 JPA map storage: Groups no-downtime store
Closes #9660
2022-02-15 08:54:41 +01:00
keycloak-bot
d9f1a9b207
Set version to 18.0.0-SNAPSHOT (#10165) 2022-02-11 21:28:06 +01:00
Stefan Guilhen
442d9bae2e Add CockroachDB support in the new JPA storage
Closes #10039
2022-02-11 18:04:02 +01:00
Martin Kanis
26ac142b99 Hot Rod map storage: Roles no-downtime store 2022-02-11 14:31:34 +01:00
Michal Hajas
b50b8f883b Implement HotRod storage for Users
Closes #9671
2022-02-11 10:20:36 +01:00
vramik
8a8d59a124 Add prefix "kc_" to all existing tables
Closes #10101
2022-02-11 08:59:23 +01:00
Alexander Schwartz
de7be3d65d Handling JPA Map storage case when parent has been deleted
Closes #10033
2022-02-09 14:43:50 +01:00
Stefan Guilhen
7c1d6eae43
Upgrade to Liquibase 4.6.2
* Upgrade to Liquibase 4.6.2
* Add valid checksums to changesets to allow migration to newest liquibase
* Update liquibase licenses

Co-authored-by: Martin Kanis <mkanis@redhat.com>
2022-02-09 12:56:46 +01:00
vramik
5701c6c85a JPA delegates can throw NoResultException when entity doesn't have any attributes
Closes #10067
2022-02-09 09:18:54 +01:00
vramik
844c210d86 Create common parent for Jpa*AttributeEntity
Closes #10071
2022-02-08 22:09:21 +01:00
Alexander Schwartz
45df1adba9 Update generics in JPA Map storage to avoid casting and compiler warnings
Closes #10060
2022-02-08 17:38:53 +01:00
Alexander Schwartz
de2c1fbb45 Update the entityVersion also for downgrades, as it needs to match the JSON and auxiliary tables.
Will trigger also when changes to a child occur, like for example when attributes change.

Closes #9716
2022-02-07 12:14:05 +01:00
Martin Kanis
0471ec4941 Cross-site validation for lazy loading of offline sessions & Switch default offline sessions to lazy loaded 2022-02-03 21:43:47 +01:00
vramik
7bd0dbb3ce Client Scopes: Added ModelIllegalStateException to handle lazy loading exception.
Closes #9645
2022-02-02 21:49:40 +01:00
vramik
165791b1d7 Client Scopes: Ensure that parent's version ID is incremented when an attribute changes
Closes #9874
2022-02-02 21:49:22 +01:00
Alexander Schwartz
9d46b45a9c Ensure that parent's version ID is incremented when an attribute changes.
This is necessary to allow the optimistic locking functionality to work as expected when changing only attributes on an entity.

Closes #9874
2022-02-01 20:33:10 +01:00
vramik
13e02d5f09 JPA map storage: Client scope no-downtime store
Closes #9663
2022-02-01 20:26:00 +01:00
Michal Hajas
c648e121ed Convert authz entities into interfaces
Closes #9740
2022-01-31 13:51:56 +01:00
Alexander Schwartz
df7ddbf9b3 Added ModelIllegalStateException to handle lazy loading exception.
Closes #9645
2022-01-31 10:10:41 +01:00
Alexander Schwartz
2b81e62b6b Adding workaround for deadlock in tests for Infinispan 12.1.7
Closes #9648
2022-01-28 15:29:50 +01:00
bal1imb
9621d513b5 KEYCLOAK-18727 Improve user search query 2022-01-26 17:03:05 +01:00
Alexander Schwartz
9e257d4a01 Added warning when storage contains multi-valued attributes and Keycloak model doesn't support them.
Closes #9714
2022-01-26 15:40:00 +01:00
Michal Hajas
de161d02b9 Store updated flag in the entity, not in the delegate
Closes #9774
2022-01-26 15:24:42 +01:00
Alexander Schwartz
e2ac7b38f4 Adding missing database constraints for clients in JPA map storage.
This should ensure consistency for the store even in the event of concurrent creation of clients by multiple callers.

Closes #9610
2022-01-23 20:34:28 +01:00
vramik
873a44459a Convert MapClientScopeEntity to interface
Closes #9657
2022-01-23 16:56:25 +01:00
Martin Kanis
ddcabe61b2 KEYCLOAK-19571 Add indices to HotRodClientEntity fields 2022-01-20 17:46:47 +01:00
vramik
7b89d151c1 KEYCLOAK-18565 JPA roles no-downtime store 2022-01-20 12:02:35 +01:00
Guus der Kinderen
213b1f5042 Closes #9562: Add DB index for UserEntity getRealmUserByServiceAccount 2022-01-20 09:52:54 +01:00
vramik
61fbb2fb2e JPA-Map storage might loose writes due to missing locking mechanism
Closes #9411
2022-01-20 09:06:14 +01:00
vramik
22bcdcb630 MapRoleProvider could return also client roles when searching for realm roles
Closes #9587
2022-01-19 16:39:59 +01:00
Konstantinos Georgilakis
db0b36460f KEYCLOAK-19148 correct getGroupsCountByNameContaining of MapGroupProvider 2022-01-15 20:15:27 +01:00
Stefan Guilhen
2fd1593abf Set order of LiquibaseDBLockProviderFactory to 1
- makes it the default provider when no provider is explicitly configured
- avoid NPE at server startup when other providers are present and none is set as default
2022-01-13 08:30:25 +01:00
Dominik DS
93419a1797
KEYCLOAK-19289 check if values to set is not null (#8426)
Closes #9529
2022-01-12 09:22:01 +01:00
Michal Hajas
ab9413b48c Store user nested entities in Set instead of Map 2022-01-10 15:57:45 +01:00
Michal Hajas
9849df3757 Convert MapUserEntity to interface 2022-01-10 15:57:45 +01:00
Alexander Schwartz
9b18688ce2 fixes #9427 regex pattern is now pre-compiled 2022-01-08 17:30:54 +01:00
Martin Kanis
9d5355b7ad Upgrade Infinispan to 12.1.7.Final 2022-01-08 17:29:09 +01:00
Hynek Mlnařík
d39eb95705
Introduce per-field delegation of entities 2022-01-05 14:06:45 +01:00
vramik
dd3d7be2b4 Make JpaClientMapStorage generic
Closes #9244
2022-01-05 07:04:05 +01:00
andreaTP
4817e152e3 [ref: 8889] Annotation processor support for Java > 11 2022-01-04 21:26:07 +01:00
Stefan Guilhen
b12830ae4f 8947 - Add liquibase extension to handle JSON operations 2022-01-04 20:58:32 +01:00
Michal Hajas
96b2669a00 Refactoring of constructors for generated entities 2021-12-22 16:00:10 +01:00
vramik
009ca27a38 Make JsonbType generic
Closes #9165
2021-12-20 17:40:23 +01:00
keycloak-bot
9f3d4a7d42 Set version to 17.0.0-SNAPSHOT 2021-12-20 10:50:39 +01:00
vramik
44184ab0cb MapRoleProvider uses ILIKE operator when EQ operator should be used
Closes #9130
2021-12-16 10:31:43 +01:00
vramik
b4d720d615 Fix DB Migration Script to 13.0.0
Closes #9138
2021-12-15 14:00:29 +01:00
vramik
c6312e3308 KEYCLOAK-18717 KEYCLOAK-18716 KEYCLOAK-18715 KEYCLOAK-18713 KEYCLOAK-18712 KEYCLOAK-18711 JPA clients no-downtime store 2021-12-15 13:32:49 +01:00
vramik
848b170a96 Use DeepCloner.Builder().constructorDC in cases when possible
Closes #9141
2021-12-15 10:28:08 +01:00
vramik
e61da278ba When ternary conditional operator uses primitive type it could throw NPE in some cases
Closes #9137
2021-12-15 10:25:54 +01:00
Michal Hajas
5aa9a09b20 Closes #8969 - Add Groups HotRod storage 2021-12-13 18:12:19 +01:00
Hynek Mlnarik
8e03942e87 Enhance available tree operations
Fixes #9022
2021-12-13 18:05:45 +01:00
Hynek Mlnarik
3c7e5c8440 Create delegates and empty instances in DeepCloner
Fixes: #9030
2021-12-13 18:04:48 +01:00
Michal Hajas
fc237a8b63 Introduce ancestor interface for entities with attributes 2021-12-10 10:54:44 +01:00
Michal Hajas
7aaa33739b KEYCLOAK-19570 Add annotation processing for HotRod clients 2021-12-08 10:00:00 +01:00
Hynek Mlnarik
3602873df2 Introduce model-entity util methods
Fixes: #9025
2021-12-07 16:51:56 +01:00
vramik
783eecf612 Closes #8808 - Convert MapRoleEntity to interface 2021-12-01 15:50:26 +01:00
Kashif Saadat
d9bf511406 KEYCLOAK-19052: Optimised (split) the clearExpiredEvents query to reduce execution time 2021-11-30 22:25:55 +01:00
Michal Hajas
a5c3b83443 Closes #8807 - Make MapGroupEntity generated 2021-11-30 21:44:18 +01:00
Michal Hajas
158640d1f3 Closes #8954 - move Hot Rod classes to hotRod package 2021-11-30 11:52:16 +01:00
vramik
1adce39e1d 8886 Add alwaysDisplayInConsole searchable client field 2021-11-24 13:15:17 +01:00
vramik
6b8890f5dd KEYCLOAK-19525 Inconsistent creation of default-roles-<realm> 2021-11-23 21:30:12 +01:00
Martin Bartoš
1e1a6779be Issue 8814: Replace deprecated hamcrest-all dependencies 2021-11-23 13:56:28 +01:00
Michal Hajas
4291caff3c Fix Delegate bug 2021-11-16 19:47:59 +01:00
Michal Hajas
2f9a5aae0f KEYCLOAK-19028 Add HotRod Map storage implementation 2021-11-11 14:10:00 +01:00
Alec Henninger
cec6a8a884 KEYCLOAK-19700: Attempt to reuse denied device authorization code results in server error 2021-11-08 11:37:51 +01:00
Hynek Mlnarik
58d403cf24 KEYCLOAK-19726 Fix return types of ModelCriteriaBuilder methods 2021-11-05 16:39:40 +01:00
vramik
439e2e4288 KEYCLOAK-19763 fix MapClientProvider.getClientByClientId 2021-11-04 11:48:07 +01:00
Martin Kanis
9c287aff1f KEYCLOAK-19709 Remove MapStorage.createCriteriaBuilder 2021-11-03 20:05:29 +01:00
Hynek Mlnarik
6966e0cfe9 KEYCLOAK-19749 Optimize DefaultModelCriteria creation 2021-11-03 17:42:26 +01:00
Hynek Mlnarik
877ae96590 KEYCLOAK-18854 Introduce storage-independent ModelCriteriaBuilder 2021-10-29 19:21:45 +02:00
Martin Kanis
af97849feb KEYCLOAK-19030 Implement HotRodConnectionProvider 2021-10-27 14:07:19 +02:00
Hynek Mlnarik
53f02a50f6 KEYCLOAK-19562 Introduce generic trees 2021-10-25 13:28:48 +02:00
Michal Hajas
cfbb7f5553 KEYCLOAK-19593 Remove CRUD operations from MapStorage interface
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2021-10-21 17:01:33 +02:00
Hynek Mlnarik
8ee992e638 KEYCLOAK-19482 Generate map entity cloners 2021-10-18 13:14:14 +02:00
Martin Kanis
d069ec7949 KEYCLOAK-18737 Show sessions functionality does not work consistently
Co-authored-by: Pavel Bezdienezhnykh
Co-authored-by: Martin Kanis <mkanis@redhat.com>
2021-10-13 14:04:14 +02:00
vramik
dacf28af84 KEYCLOAK-19536 Removal of client creates new instance of provider for each client role 2021-10-13 13:05:18 +02:00
Hynek Mlnarik
675e1b0941 KEYCLOAK-19505 Generate map entity delegates 2021-10-12 14:04:21 +02:00
Bart Monhemius
5b0986e490 [KEYCLOAK-18891] Add support for searching users by custom user attributes
Users can now be searched by custom attributes using 'q' in the query parameters. The implementation is roughly the same as search clients by custom attributes.
2021-10-12 13:08:47 +02:00
Hynek Mlnarik
576292a662 KEYCLOAK-19480 Introduce MapProtocolMapperEntity 2021-10-11 14:05:32 +02:00
Michal Hajas
6e591305f9 KEYCLOAK-19481 Make Id and RealmId mutable fields 2021-10-08 20:18:58 +02:00
Hynek Mlnarik
3abf9283a8 KEYCLOAK-19374 Create implementation based on annotation processor
Use of boxed types as started in 009d4ca445 is finalized here
to enable storing data in a map. MapClientEntity methods are
reordered for the sake of grouping the collection-based
properties together and understanding the connections between those.
2021-10-07 10:54:25 +02:00
Martin Kanis
30b3caee9f KEYCLOAK-18445 Add support for cross-site model tests 2021-10-06 14:37:06 +02:00
Michal Hajas
da0c945475 KEYCLOAK-18940 Add support for searching composite roles 2021-10-01 12:41:19 +02:00
Daniel Fesenmeyer
0a2f8f5b63 KEYCLOAK-17887 fix endpoint for creating or updating realm localization texts for a given locale (UnsupportedOperation was thrown because RealmAdapter tried to change unmodifiable map):
- fix RealmAdapter to create a new map instead of trying to change unmodifiable map
- only provide POST endpoints for creating or updating the texts (to have the endpoints consistent with other Admin API endpoints)
- add tests
2021-09-30 15:07:56 +02:00
stianst
f471a110cd KEYCLOAK-19408 Better client secrets 2021-09-29 18:19:43 +02:00
Martin Kanis
d606da9065 KEYCLOAK-18981 Infinispan: prevent fetching all sessions from remotes 2021-09-29 14:53:07 +02:00
Sven-Torben Janus
7c0d10130e KEYCLOAK-18981 Infinispan: prevent fetching all sessions from remotes 2021-09-24 17:34:01 +02:00
Pedro Igor
10e425315f [KEYCLOAK-19274] - Avoid loading queries from properties at runtime for Dist.X 2021-09-24 09:26:43 +02:00
Daniel Fesenmeyer
339224578e KEYCLOAK-10603 adjust assignments to roles (user-role and group-role assignments, client-scope and client "scope mappings"): allow assignments of roles which are already indirectly assigned (e.g. by composite role)
- extend RoleMapperModel with method hasDirectRole(RoleModel), which only checks for direct assignment in contrast to the existing method hasRole(RoleModel)
- extend ScopeContainerModel with method hasDirectScope(RoleModel), which only checks for direct scope mapping in contrast to the existing method hasScope(RoleModel)
- use the new hasDirectRole and hasDirectScope methods to check whether a role is in the "available" list and whether it can be assigned (previously, the hasRole method was used for this purpose)
- add hint to UI that available roles contain effectively assigned roles which are not directly assigned
- adjust and extend tests
2021-09-22 13:56:29 +02:00
Luca Graf
2c22ccbf97 KEYCLOAK-19286 Use client storage provider id to construct client StorageId, so that a valid 'external' client id will be generated. 2021-09-20 19:43:20 +02:00
Dominik
4090114398 KEYCLOAK-16246 Revert changes from workaround made in KEYCLOAK-16244 after upgrading to quarkus 2
Also fixed a small type in testclass.
This reverts commit 9b2f2015f7.
2021-09-16 15:42:48 -03:00
rmartinc
47484c1aed KEYCLOAK-18842: deleteExpiredClientSessions very slow on MariaDB 2021-09-10 08:25:33 +02:00
vramik
d216f8f748 KEYCLOAK-19104 Add custom ForeignKeySnapshotGenerator 2021-09-02 09:59:26 +02:00
Martin Kanis
6886bd6651 KEYCLOAK-18941 ExecutionException when computed future - InfinispanCacheInitializer 2021-08-05 18:28:27 +02:00
Hynek Mlnarik
2acb43a627 KEYCLOAK-18617 Fix index on client attributes 2021-08-05 15:35:55 +02:00
keycloak-bot
262ec3d031 Set version to 16.0.0-SNAPSHOT 2021-07-30 14:56:10 +02:00
Hynek Mlnarik
0cdce1340d KEYCLOAK-18680 Always close result stream 2021-07-30 09:40:39 +02:00
Hynek Mlnarik
8889122dc1 KEYCLOAK-18845 Remove key type in map storage (simplify generics) 2021-07-23 17:04:20 +02:00
Hynek Mlnarik
07402d9aac KEYCLOAK-18845 Remove key type in map storage (move StringKeyConvertor to CHM) 2021-07-23 17:04:20 +02:00
Hynek Mlnarik
44cd6cd5fb KEYCLOAK-18824 Simplify MapStorageTransaction and move registerEntityForChanges to CHM transaction 2021-07-21 20:58:26 +02:00
Pedro Igor
d29d945cc4 [KEYCLOAK-18857] - Do not force default to RS256 when verifying tokens sent by clients and JWK does not hold an algorithm 2021-07-21 11:09:02 +02:00
Hynek Mlnarik
1f3650dcd9 KEYCLOAK-18815 Update MapKeycloakTransaction return types to match MapStorage 2021-07-20 21:48:27 +02:00
Hynek Mlnarik
009d4ca445 KEYCLOAK-18747 Turn MapClientEntity into interface + introduce delegates
Given that the Map*Entity is turned into an interface, it makes more sense
to use non-primitive types to allow for null values. This enables signalizing
that an entity does not define a particular value, and builds a base for definition
of instances with defaults: If a value is not present in the queried instance
(i.e. is `null`), the value would be obtained from a delegate containing
the defaults.
2021-07-17 15:45:46 +02:00
bal1imb
fbaeb18a5f KEYCLOAK-18471 Added ID to admin event object. 2021-07-16 12:46:07 +02:00
mhajas
dc1c9b944f KEYCLOAK-18370 Introduce QueryParameters 2021-07-15 13:25:31 +02:00
Daniel Fesenmeyer
a25c70784c KEYCLOAK-18467 support unicode for realm localization texts 2021-07-15 10:30:42 +02:00
vramik
a8fdd79d1b KEYCLOAK-17763 Inefficient call to ClientProvider.getClientsStream() 2021-07-12 11:51:15 +02:00
Hryhorii Hevorkian
2803685cd7 KEYCLOAK-18353 Implement Pushed Authorization Request inside the Keycloak
Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2021-07-03 08:47:42 +02:00
Hynek Mlnarik
f15536a88c KEYCLOAK-18635 Move classes specific to ConcurrentHashMap to chm package 2021-07-02 06:55:19 +02:00
vramik
4db2c3f570 KEYCLOAK-15572 make attributes multi-valued for map storage entities 2021-07-01 12:21:33 +02:00
vramik
2b9b50d50a KEYCLOAK-18194 fix migration of default role when realm id contains apostrophe 2021-07-01 11:22:11 +02:00
Hynek Mlnarik
f0e777c592 KEYCLOAK-18414 Remove unnecessary id parameter from update operation 2021-07-01 11:18:53 +02:00
Hynek Mlnarik
0523dad4d5 KEYCLOAK-18414 Remove unnecessary id parameter from create operation 2021-07-01 11:18:53 +02:00
lbortoli
164f3df080 KEYCLOAK-18502 - Support for additional parameters from the backchannel authentication request and backchannel authentication callback. 2021-07-01 00:31:26 +02:00
Hynek Mlnarik
8a83ec83ac KEYCLOAK-18589 map-storage profile for KeycloakServer 2021-06-30 20:47:17 +02:00
mhajas
b8565408ca KEYCLOAK-17781 Make exists and notExists collection aware 2021-06-30 10:48:39 +02:00
Sebastian Rose
ca6b78b730 KEYCLOAK-18390 GroupProvider search implementation of JPA and Map delivers different results 2021-06-29 14:59:01 +02:00
Hynek Mlnarik
bfb134a6ce KEYCLOAK-18091 Fail session loading when interrupted 2021-06-22 08:50:08 +02:00
keycloak-bot
13f7831a77 Set version to 15.0.0-SNAPSHOT 2021-06-18 10:42:27 +02:00
vramik
e3c76035b2 KEYCLOAK-18359 Default role migration is not performed correctly when empty realm id 2021-06-14 20:54:37 +02:00
Michal Hajas
d2a8a95d79 KEYCLOAK-18369 Create MapKeycloakTransaction interface 2021-06-14 08:31:59 +02:00
Václav Muzikář
9854f21ace KEYCLOAK-18332 Client Scopes are reset to realm's default when Client is updated 2021-06-11 07:41:18 +02:00
mposolda
91865fa93e KEYCLOAK-18368 Invalidate client session after refresh token re-use 2021-06-09 14:43:29 +02:00
vramik
95bf912dc9 KEYCLOAK-18035 Fix update client with default default scope assigned as optional 2021-06-07 16:22:55 +02:00