Martin Kanis
00ccc78360
Add index to entityVersion for all HotRod entities
2022-05-05 17:42:13 +02:00
Michal Hajas
fc974fc019
Update composite roles on child role removal
...
Closes #11769
2022-05-05 15:18:18 +02:00
Alexander Schwartz
e0d7ad1be5
Leverage the equal() method on the wrapped entity instead of creating a string.
...
Closes #11764
2022-05-03 13:29:12 +02:00
vramik
0d83b51b20
Enhance Map authz entities with REALM_ID (ResourceServer with CLIENT_ID) searchable field
...
Co-authored-by Michal Hajas <mhajas@redhat.com>
Closes #10883
2022-05-03 12:56:27 +02:00
Sven-Torben Janus
0efa4afd49
Evaluate composite roles for hardcoded LDAP roles/groups
...
Closes: 11771
see also KEYCLOAK-18308
2022-05-02 14:13:37 +02:00
Alexander Schwartz
cd20f45b8a
Ensure that values of attributes are unique in the database
...
While this is already ensured on the Java level when using a Set, database inconsistencies as occurred with Hibernate could lead to follow-up problems that are hard to analyze (as seen in #11666 ).
Closes #11671
2022-04-28 12:04:05 +02:00
vramik
2ecf250e37
Deletion of all objects when realm is being removed
...
Closes #11076
2022-04-28 11:09:17 +02:00
vramik
5248815091
Disable infinispan realm and user cache for map storage tests
...
Closes #11213
2022-04-25 09:38:49 +02:00
Stefan Guilhen
0f147ccdc0
Enlist JPA transaction in JpaMapStorageProvider.getStorage
...
Closes #11230
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2022-04-23 08:19:33 +02:00
Hynek Mlnarik
0ce5dfc09c
Remove dependency of map on services
...
Fixes: 8903
2022-04-22 17:27:21 +02:00
Alexander Schwartz
90155862f3
LdapMapStorageProvider to use a full inline class for MapStorage
...
Closes #11373
2022-04-22 17:25:33 +02:00
Stefan Guilhen
0c7a8c8684
Login Failures Map JPA implementation
...
Closes #9664
2022-04-22 10:47:04 +02:00
vramik
3d1118223b
New Storage: Testsuite fails when JPA Map storage is enabled for groups
...
Closes #11369
2022-04-21 11:14:35 +02:00
Stefan Guilhen
f48d468641
Increase column size for keys that refer to entities that can be stored in different storages (foreign keys)
...
Closes #11329
2022-04-21 08:50:37 +02:00
Stefan Guilhen
b29b27d731
Ensure code does not rely on a particular format for the realm id or component id
2022-04-20 14:40:38 +02:00
Stefan Guilhen
ae90b232ff
Realms Map JPA implementation
...
Closes #9661
2022-04-20 14:40:38 +02:00
Pedro Igor
c5e4dc8cec
Associated permissions should only add resource type permissions if the resource is an instance ( #11220 )
...
Closes #11148
2022-04-19 09:10:14 +02:00
Pedro Igor
52d205ca91
Allow exposing some initial provider config options via web site ( #10572 )
...
* Allow exposing some initial provider config options via web site
Co-authored-by: Stian Thorgersen <stian@redhat.com>
Closes #10571
* Include type to provider options, and hide build-icon column as it's not relevant
Co-authored-by: stianst <stianst@gmail.com>
2022-04-19 08:01:42 +02:00
Bruno Oliveira da Silva
f9d4566723
Replace the cryptographic algorithm by SHA-2
...
The static code scanning analysis detected the usage of MD5 as part of [
MapDeploymentStateProviderFactory](a6dd9dc0f1/model/map/src/main/java/org/keycloak/models/map/deploymentState/MapDeploymentStateProviderFactory.java (L58-L58)
).
Even though we could not find any ways of exploiting the code, we should
avoid its usage considering that MD5 is not collision-resistant.
Resolves #11290
2022-04-18 07:10:04 -03:00
Martin Kanis
a2d7cd7a5c
Hot Rod map storage: User / client session no-downtime store
2022-04-14 15:34:22 +02:00
msvechla
820ab52dce
Add support for filtering by enabled attribute on users count endpoint ( #9842 )
...
Resolves #10896
2022-04-13 13:57:22 -03:00
Alexander Schwartz
5c1a8d401d
Store time as seconds as a long in map store
...
This avoids overflowing the value in 2038.
Closes #10960
2022-04-12 14:22:44 +02:00
Alexander Schwartz
a6dd9dc0f1
Avoiding AvlPartitionFactory and using JdbmPartitionFactory for the embedded LDAP to work around unstable tests.
...
Fix for #11171 didn't turn out to cover the root cause. Also improved transaction handling in LDAP Map storage.
Closes #11211
2022-04-12 09:12:21 +02:00
Michal Hajas
6e181a51d5
Add test-jar dependency only if maven.test.skip property is false
...
Closes #11192
2022-04-11 10:37:18 -03:00
Alexander Schwartz
5c810ad0e5
Avoid short-lived connections for ApacheDS to avoid messages around "ignoring the message MessageType UNBIND_REQUEST"
...
The comment in LdapRequestHandler.java in ApacheDS notes just before discarding an unbind request: "in some cases the session is becoming null though the client is sending the UnbindRequest before closing".
Also implementing a retry logic for all remaining errors regarding LDAP.
Closes #11171
2022-04-11 10:03:15 +02:00
Pedro Igor
834a276767
NPE when caching policies based on scopes without a resource
...
Closes #11180
2022-04-08 08:43:08 -03:00
Stefan Guilhen
d952669f69
Add clearUpdatedFlag so the flag in associated protocol mappers can be cleared as well
...
Closes #11118
2022-04-08 09:36:55 +02:00
Michal Hajas
1f2ebf4cba
Add HotRod no downtime store for Realms
...
Closes #9670
2022-04-08 09:36:01 +02:00
Martin Kanis
3bb4081bd1
Convert user / client session entities into interface
2022-04-08 09:34:01 +02:00
Michal Hajas
f4f5928727
Add type to filters in MapResourceStore
...
Closes #11154
2022-04-07 15:10:20 -03:00
Joerg Matysiak
235f0f3963
Add index to admin events table to improve performance of admin event view
...
Closes #10625
2022-04-06 09:12:35 +02:00
Martin Kanis
395bd447f2
Hot Rod map storage: Login failure no-downtime store
2022-04-01 20:43:18 +02:00
vramik
8ff768b33b
JPA map storage: Authentication session no-downtime store
...
Closes #9665
2022-03-30 13:43:35 +02:00
Martin Kanis
3356e8b098
Convert login failure entities into interface
2022-03-29 18:40:53 +02:00
Stefan Guilhen
d8bee26ec8
Implement AbstractClientEntity.isUpdated to account for changes in associated protocol mappers.
...
Closes #10927
2022-03-29 18:35:28 +02:00
Martin Kanis
e493b08fa7
Add expiration field to root authentication session
2022-03-23 07:47:47 +01:00
Michal Hajas
99c06d1102
Authorization services refactoring
...
Closes : #10447
* Prepare logical layer to distinguish between ResourceServer id and client.id
* Reorder Authz methods: For entities outside of Authz we use RealmModel as first parameter for each method, to be consistent with this we move ResourceServer to the first place for each method in authz
* Prepare Logical (Models/Adapters) layer for returning other models instead of ids
* Replace resourceServerId with resourceServer model in PermissionTicketStore
* Replace resourceServerId with resourceServer model in PolicyStore
* Replace resourceServerId with resourceServer model in ScopeStore
* Replace resourceServerId with resourceServer model in ResourceStore
* Fix PermissionTicketStore bug
* Fix NPEs in caching layer
* Replace primitive int with Integer for pagination parameters
2022-03-22 20:49:40 +01:00
keycloak-bot
c71aa8b711
Set version to 999-SNAPSHOT ( #10784 )
2022-03-22 09:22:48 +01:00
Martin Kanis
0faf3987f6
Hot Rod map storage: Authentication session no-downtime store
2022-03-22 09:05:52 +01:00
Martin Kanis
2394855f48
Add merge tasks optimization to ConcurrentHashMapKeycloakTransaction.delete
2022-03-21 16:45:48 +01:00
Michal Hajas
c18a682f50
Do not store undefined values in store
...
Closes #10744
2022-03-17 16:44:33 +01:00
Bruno Oliveira da Silva
8aa394ca6b
Update to Liquibase 4.8.0
...
Closes #10678
Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
2022-03-16 13:46:31 -03:00
Alexander Schwartz
8d1a47f768
adding missing log4j configuration to prevent errors in the log
...
Closes #10613
2022-03-14 10:12:49 -03:00
Pedro Igor
ad865e75c1
Change the flush mode to auto and fixing how entities are checked if they are loaded in the EM
...
Closes #10411
2022-03-11 12:21:52 -03:00
Martin Kanis
1a4d7c297a
Change authentication sessions map to set ( #10596 )
2022-03-10 08:45:24 +01:00
Alexander Schwartz
18f391d8c4
Fix spelling error in field and classname
...
It's always a converter, unless electricity is involved.
Closes #10573
2022-03-09 08:28:52 -03:00
Alexander Schwartz
3c3f003a38
LDAP Map storage support to support read/write for roles
...
Closes #9929
2022-03-08 12:03:10 +01:00
Michal Hajas
f77ce315bb
Disable Authz caching for new storage tests
...
Closes #10500
2022-03-07 10:22:55 -03:00
Michael Parlee
722ce950bf
Improve user search performance
...
Removes bulder.lower() from user search queries on email and username.
Closes #8893
2022-03-04 14:15:14 +01:00
Martin Kanis
6c64d465ea
Convert authentication session entities into interface
2022-03-04 10:50:18 +01:00
Alexander Schwartz
ebfc24d6c1
Ensure that Infinispan shutdowns correctly at the end of the tests. Report any exceptions within another thread as a test failure.
...
Adding additional information like a thread dump when it doesn't shutdown as expected.
Closes #10016
2022-03-04 10:47:01 +01:00
giacomo.altiero
91d37b5686
Single offlineSession imported in Infinispan with correctly calculated lifespan and maxIdle parameters
...
Close #8776
2022-03-01 14:51:29 +01:00
Stefan Guilhen
af7a040d54
Ensure Liquibase validation is performed once per area
...
Closes #10132
2022-02-25 08:48:34 +01:00
Martin Kanis
6249e34177
Hot Rod map storage: Client scope no-downtime store
2022-02-24 13:30:27 +01:00
Michal Hajas
b4281468d0
Convert Map Realm Entities into interfaces
...
Closes #9736
2022-02-24 13:23:19 +01:00
Vlasta Ramik
aa6a131b73
Change String client.id to ClientModel client in ResourceServerStore
...
Closes #10442
2022-02-24 12:46:26 +01:00
Luca Graf
febb447919
KEYCLOAK-19297 Use real 'external' client object id to store AuthenticatedClientSession in UserSession object, so that the client session can be looked by the client object id in further requests.
2022-02-18 12:42:59 +01:00
vramik
589606b1c1
JPA map storage: Groups no-downtime store
...
Closes #9660
2022-02-15 08:54:41 +01:00
keycloak-bot
d9f1a9b207
Set version to 18.0.0-SNAPSHOT ( #10165 )
2022-02-11 21:28:06 +01:00
Stefan Guilhen
442d9bae2e
Add CockroachDB support in the new JPA storage
...
Closes #10039
2022-02-11 18:04:02 +01:00
Martin Kanis
26ac142b99
Hot Rod map storage: Roles no-downtime store
2022-02-11 14:31:34 +01:00
Michal Hajas
b50b8f883b
Implement HotRod storage for Users
...
Closes #9671
2022-02-11 10:20:36 +01:00
vramik
8a8d59a124
Add prefix "kc_" to all existing tables
...
Closes #10101
2022-02-11 08:59:23 +01:00
Alexander Schwartz
de7be3d65d
Handling JPA Map storage case when parent has been deleted
...
Closes #10033
2022-02-09 14:43:50 +01:00
Stefan Guilhen
7c1d6eae43
Upgrade to Liquibase 4.6.2
...
* Upgrade to Liquibase 4.6.2
* Add valid checksums to changesets to allow migration to newest liquibase
* Update liquibase licenses
Co-authored-by: Martin Kanis <mkanis@redhat.com>
2022-02-09 12:56:46 +01:00
vramik
5701c6c85a
JPA delegates can throw NoResultException when entity doesn't have any attributes
...
Closes #10067
2022-02-09 09:18:54 +01:00
vramik
844c210d86
Create common parent for Jpa*AttributeEntity
...
Closes #10071
2022-02-08 22:09:21 +01:00
Alexander Schwartz
45df1adba9
Update generics in JPA Map storage to avoid casting and compiler warnings
...
Closes #10060
2022-02-08 17:38:53 +01:00
Alexander Schwartz
de2c1fbb45
Update the entityVersion also for downgrades, as it needs to match the JSON and auxiliary tables.
...
Will trigger also when changes to a child occur, like for example when attributes change.
Closes #9716
2022-02-07 12:14:05 +01:00
Martin Kanis
0471ec4941
Cross-site validation for lazy loading of offline sessions & Switch default offline sessions to lazy loaded
2022-02-03 21:43:47 +01:00
vramik
7bd0dbb3ce
Client Scopes: Added ModelIllegalStateException to handle lazy loading exception.
...
Closes #9645
2022-02-02 21:49:40 +01:00
vramik
165791b1d7
Client Scopes: Ensure that parent's version ID is incremented when an attribute changes
...
Closes #9874
2022-02-02 21:49:22 +01:00
Alexander Schwartz
9d46b45a9c
Ensure that parent's version ID is incremented when an attribute changes.
...
This is necessary to allow the optimistic locking functionality to work as expected when changing only attributes on an entity.
Closes #9874
2022-02-01 20:33:10 +01:00
vramik
13e02d5f09
JPA map storage: Client scope no-downtime store
...
Closes #9663
2022-02-01 20:26:00 +01:00
Michal Hajas
c648e121ed
Convert authz entities into interfaces
...
Closes #9740
2022-01-31 13:51:56 +01:00
Alexander Schwartz
df7ddbf9b3
Added ModelIllegalStateException to handle lazy loading exception.
...
Closes #9645
2022-01-31 10:10:41 +01:00
Alexander Schwartz
2b81e62b6b
Adding workaround for deadlock in tests for Infinispan 12.1.7
...
Closes #9648
2022-01-28 15:29:50 +01:00
bal1imb
9621d513b5
KEYCLOAK-18727 Improve user search query
2022-01-26 17:03:05 +01:00
Alexander Schwartz
9e257d4a01
Added warning when storage contains multi-valued attributes and Keycloak model doesn't support them.
...
Closes #9714
2022-01-26 15:40:00 +01:00
Michal Hajas
de161d02b9
Store updated flag in the entity, not in the delegate
...
Closes #9774
2022-01-26 15:24:42 +01:00
Alexander Schwartz
e2ac7b38f4
Adding missing database constraints for clients in JPA map storage.
...
This should ensure consistency for the store even in the event of concurrent creation of clients by multiple callers.
Closes #9610
2022-01-23 20:34:28 +01:00
vramik
873a44459a
Convert MapClientScopeEntity to interface
...
Closes #9657
2022-01-23 16:56:25 +01:00
Martin Kanis
ddcabe61b2
KEYCLOAK-19571 Add indices to HotRodClientEntity fields
2022-01-20 17:46:47 +01:00
vramik
7b89d151c1
KEYCLOAK-18565 JPA roles no-downtime store
2022-01-20 12:02:35 +01:00
Guus der Kinderen
213b1f5042
Closes #9562 : Add DB index for UserEntity getRealmUserByServiceAccount
2022-01-20 09:52:54 +01:00
vramik
61fbb2fb2e
JPA-Map storage might loose writes due to missing locking mechanism
...
Closes #9411
2022-01-20 09:06:14 +01:00
vramik
22bcdcb630
MapRoleProvider could return also client roles when searching for realm roles
...
Closes #9587
2022-01-19 16:39:59 +01:00
Konstantinos Georgilakis
db0b36460f
KEYCLOAK-19148 correct getGroupsCountByNameContaining of MapGroupProvider
2022-01-15 20:15:27 +01:00
Stefan Guilhen
2fd1593abf
Set order of LiquibaseDBLockProviderFactory to 1
...
- makes it the default provider when no provider is explicitly configured
- avoid NPE at server startup when other providers are present and none is set as default
2022-01-13 08:30:25 +01:00
Dominik DS
93419a1797
KEYCLOAK-19289 check if values to set is not null ( #8426 )
...
Closes #9529
2022-01-12 09:22:01 +01:00
Michal Hajas
ab9413b48c
Store user nested entities in Set instead of Map
2022-01-10 15:57:45 +01:00
Michal Hajas
9849df3757
Convert MapUserEntity to interface
2022-01-10 15:57:45 +01:00
Alexander Schwartz
9b18688ce2
fixes #9427 regex pattern is now pre-compiled
2022-01-08 17:30:54 +01:00
Martin Kanis
9d5355b7ad
Upgrade Infinispan to 12.1.7.Final
2022-01-08 17:29:09 +01:00
Hynek Mlnařík
d39eb95705
Introduce per-field delegation of entities
2022-01-05 14:06:45 +01:00
vramik
dd3d7be2b4
Make JpaClientMapStorage generic
...
Closes #9244
2022-01-05 07:04:05 +01:00
andreaTP
4817e152e3
[ref: 8889] Annotation processor support for Java > 11
2022-01-04 21:26:07 +01:00
Stefan Guilhen
b12830ae4f
8947 - Add liquibase extension to handle JSON operations
2022-01-04 20:58:32 +01:00
Michal Hajas
96b2669a00
Refactoring of constructors for generated entities
2021-12-22 16:00:10 +01:00
vramik
009ca27a38
Make JsonbType generic
...
Closes #9165
2021-12-20 17:40:23 +01:00