libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
22313 commits 4 branches 5 tags 480 MiB
Commit graph

2148 commits

Author SHA1 Message Date
Michal Hajas
f69497eb28 KEYCLOAK-12988 Deprecate getUsers* methods in favor of searchUsers* variants 
Closes #14018
 2022-09-06 10:38:28 +02:00
Martin Bartoš
e6a5f9c124 Default required action providers are still available after feature disabling 
Closes #13189
 2022-08-31 08:42:47 +02:00
Alexander Schwartz
27ecf7f00f Use session level cache and avoid resolving by ID too often 
Closes #12381
 2022-08-30 16:42:49 +02:00
Alexander Schwartz
bb6b5abfa1 Remove Infinispan workarounds after upgrading to 13.x 
Closes #13962
 2022-08-30 07:32:19 -03:00
Tero Saarni
4f199c7245 Fix compilation errors with Eclipse Java compiler 2022-08-29 19:33:12 +02:00
Pedro Igor
2cc4b54404
Do not cache policies if they no longer exist (#12797) 
Closes #12657

Co-authored-by: Michal Hajas <mhajas@redhat.com>

Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2022-08-25 13:52:30 +02:00
Michal Hajas
05b9e6d59e
Upgrade Infinispan to 13.0.10.Final (#13910) 
Closes #12306
 2022-08-25 13:09:34 +02:00
Arnaud Martin
af0d97e534 Delete broker links for federated users when an identity provider is deleted 
Closes #13731
 2022-08-25 08:24:09 +02:00
mposolda
254483bc5d Use separate transactions for each bulk update of offline sessions in PersisterLastSessionRefreshStore to avoid deadlocks 
closes #13684
 2022-08-23 13:52:11 +02:00
David Anderson
ce1331f550
Remove bouncycastle dependency from keycloak-services (#13489) 
Closes #12857


Co-authored-by: mposolda <mposolda@gmail.com>
 2022-08-22 15:43:59 +02:00
Alexander Schwartz
bd926b8fd0 Remove warning from StoragePropertyMappers about the deployment state version seed 
It duplicates the logic in the provider and is incomplete. A follow-up issue will investigate how a provider can defer a configuration option.

Closes #13807
 2022-08-17 13:55:05 -03:00
Alexander Schwartz
801b20e037 Fix running clusteraware scheduled tasks in Wildfly after legacy migration 
As the parent class is in another module, the protected field "task" is not accessible from the lambda.

Closes #13396
 2022-08-17 13:54:34 -03:00
Sebastian Schuster
1445646e77 Fixed n+1 query retrieving user with brief user representation by allowing explicit eager caching of user attributese 2022-08-11 10:51:07 +02:00
Martin Kanis
57f2f4654a Add limit for authSessions per rootAuthSession in map storage 2022-08-10 12:56:37 +02:00
Michal Hajas
ec808d28bb Remove possibility to start embedded HotRod server in hotrod-map module 
Closes #13247
 2022-08-05 21:08:38 +02:00
Alexander Schwartz
8470a30446 Introduce CLI parameter to set the deployment state version seed 
Closes #12710
 2022-07-27 20:10:17 +02:00
Michal Hajas
8ed9ce29d1 Enable near-caching for HotRod store 
Closes #13303
 2022-07-27 14:09:48 +02:00
Michal Hajas
3589778a10 Add possibility to configure HotRod storage in Quarkus distribution 
Closes #12617
 2022-07-26 14:13:39 +02:00
Michal Hajas
eb1f31e9dd Optimize user-client session relationship for HotRod storage 
Closes #12818
 2022-07-26 09:00:13 +02:00
Douglas Palmer
c00514d659
Support for post_logout_redirect_uris in OIDC client registration (#12282) 
Closes #10135
 2022-07-25 10:57:52 +02:00
Alexander Schwartz
a14501dd77 Remove concurrently removed elements from the result 
Closes #13245
 2022-07-22 08:25:15 +02:00
Alexander Schwartz
cb81a17611 Disable Infinispan for map storage and avoid the component factory when creating a realm independent provider factory 
Provide startup time in UserSessionProvider independent of Infinispan,
cleanup code that is not necessary for the map storage as it isn't using Clustering.
Move classes to the legacy module.

Closes #12972
 2022-07-22 08:20:00 +02:00
Pedro Igor
98ac3829d6 Remove KeycloakIntegratorProvider 
Closes #13233
 2022-07-21 09:05:59 -03:00
Stefan Guilhen
e9c55f45e5 Enable action token JPA provider in map-storage-jpa profile 
Closes #13139
 2022-07-20 16:30:20 -03:00
Alexander Schwartz
4d19099c66 Workarounds to make Listeners and non-autocommit work on Quarkus 
Closes #13200
 2022-07-20 12:06:06 +02:00
Alexander Schwartz
d30646b1f6 Refactor object locking for UserSessions 
Closes #12717
 2022-07-19 17:47:33 -03:00
Martin Kanis
c8a6846ee0 Remove offline sessions when deleting a realm 2022-07-19 16:40:22 +02:00
Alexander Schwartz
f490638971 Fall back to standard Liquibase locking 
As DBLockProvider is "none" for the Map storage providers, there is no locking provided by DB Lock
provider.

Liquibase's classic lock provider has issues that need to be tackled in a follow-up issue, see https://github.com/liquibase/liquibase/issues/1311

Closes #13130
 2022-07-19 10:45:31 +02:00
Alexander Schwartz
247cf0d09a Assure that a second thread waits for the first thread to process the database changes 
Closes #13130
 2022-07-19 10:45:31 +02:00
Alexander Schwartz
b959e5c32a Prevent logging changeset on the console for Quarkus 
Closes #13126
 2022-07-15 17:12:22 +02:00
Alexander Schwartz
30b41d02b4 Move non-map-storage related classes to new package 
Closes #13081
 2022-07-15 09:46:29 -03:00
Pedro Igor
f6a2b334d1
Integrate the JPA map store (#13097) 
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2022-07-14 17:47:51 -03:00
Vlasta Ramik
ec853a6b83
JPA map storage: User / client session no-downtime store (#12241) 
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>

Closes #9666
 2022-07-14 12:07:02 -03:00
Alexander Schwartz
d4c97bd3a9
Choose alternatives for CockroachDB for referenced computed columns (#12991) 2022-07-13 15:31:21 -03:00
Pedro Igor
b80731decf
Remove any legacy provider from runtime when running the new store (#12963) 2022-07-13 07:30:14 -03:00
Michal Hajas
34d8629477
Convert ClientSessionIdleTimeout from seconds to milliseconds before … (#13048) 2022-07-13 07:29:52 -03:00
Pedro Igor
5b48d72730 Upgrade Resteasy v4 
Closes #10916

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2022-07-11 12:17:51 -03:00
Michal Hajas
0f86427dd0 Make user->client sessions relationship consistent 
Closes #12817
 2022-07-11 08:42:28 -03:00
Michal Hajas
5f7f4ad850 Reflect SingleUseObject store objectKey changes to HotRod implementation 
Closes #12480
 2022-07-08 10:34:31 -03:00
Michal Hajas
cbb88ed75d Store enums as Integers in HotRod store 
Closes #12502
 2022-07-08 10:34:17 -03:00
Alexander Schwartz
29a501552e Disable the JpaUserFederatedStorageProvider when map storage is enabled 
Closes #12895
 2022-07-07 10:47:42 -03:00
Alexander Schwartz
d91a5eb99f Move methods from UserStorageUtil to LegacyRealmModel 
It is better suited to take methods removed from RealmModel earlier.

Closes #12805
 2022-07-07 09:57:17 -03:00
Stefan Guilhen
dc88dd5286
Users Map JPA implementation (#12871) 2022-07-05 11:19:31 -03:00
Alexander Schwartz
098d4dda0e
Split PublicKeyStorageProvider (#12897) 
Split PublicKeyStorageProvider

- Extract clearCache() method to separate interface and move it to the legacy module
- Make PublicKeyProvider factories environment dependent
- Simple map storage for public keys that just delegates

Resolves #12763

Co-authored-by: Martin Kanis <mkanis@redhat.com>
 2022-07-05 09:57:51 -03:00
Alexander Schwartz
63614b1240 Fixing broken build after merging conflicting PRs. 
This was introduced via #9852 when #11844 was merged.

Closes #12898
 2022-07-04 15:57:25 -03:00
Stefan Guilhen
007fa1f374 Single Use Objects Map JPA implementation 
Closes #9852
 2022-07-04 10:05:51 -03:00
Alexander Schwartz
4b20e90292 Move session persistence package to legacy-private module 
Also, disabling the jpa session persister when map storage is enabled.

Closes #12712
 2022-07-04 10:05:26 -03:00
Alexander Schwartz
9143d8bd0e Store composite roles within its own table for JPA Map storage. 
This keeps the JSON column small, enables searching by child, and allows modification of the role's children without loading all children.

Closes #11844
 2022-07-01 14:13:24 -03:00
Jon Koops
06d1b4faab Restore enum variant of ResourceType 
This reverts commit 3b5a578934.
 2022-06-30 12:20:51 -03:00
Tero Saarni
3170efd3ad Removed unused imports with double semicolons 2022-06-30 09:34:30 -03:00
Michal Hajas
9b889b44b4 Make HotRod schema no-downtime upgradable 
- Split one schema into schema per area
- Check schema stored in the server and update it only when necessary

Closes #9113
 2022-06-29 20:57:19 +02:00
Alexander Schwartz
a191d7eb3c Moving CachedObject to the legacy modules 
Closes #12656
 2022-06-29 20:04:32 +02:00
Alexander Schwartz
b581c203e3 Moving ClientScopeStorageProviderModel to the legacy modules 
Closes #12656
 2022-06-29 20:04:32 +02:00
Alexander Schwartz
ddeab744d0 Moving RoleStorageProviderModel to the legacy modules 
Closes #12656
 2022-06-29 20:04:32 +02:00
Alexander Schwartz
05f8f3038f Moving GroupStorageProviderModel to the legacy modules 
Closes #12656
 2022-06-29 20:04:32 +02:00
Alexander Schwartz
692ce0cd91 Moving ClientStorageProvider to the legacy modules 
This prepares the move of CachedObject and CacheableStorageProviderModel

Closes #12531

fixup! Moving ClientStorageProvider to the legacy modules
 2022-06-29 20:04:32 +02:00
Alexander Schwartz
05dcc188bb Move over caching related interfaces to the legacy module 
Closes #12531
 2022-06-29 20:04:32 +02:00
vramik
3b5a578934 Change enum ResourceType to interface with String constants 
Closes #12485
 2022-06-29 13:35:11 +02:00
vramik
91335ebaad Change returning type to Set in MapClientEntity when obtaining protocol mappers 
Closes #11136
 2022-06-28 21:47:56 +02:00
Alexander Schwartz
4b499c869c Encapsulate MigrationModelManager in legacy module 
Closes #12214
 2022-06-28 10:53:04 +02:00
Michal Hajas
e0efdcae22 Make sure HotRod store does not return empty delegate 
Closes #12304
 2022-06-27 15:10:18 +02:00
Pedro Igor
c972ec4383 Allow to conditionally bootstrap the default persistence unit 
Closes #12662
 2022-06-27 08:26:37 -03:00
vramik
c058983655 Enable optimistic locking feature on auth sessions 
Closes #12242
 2022-06-27 09:29:27 +02:00
Patrick Jennings
d048bf22fb Do not try to delete from related federated user tables when deleting a service account linked user. 2022-06-22 22:52:16 +02:00
Stefan Guilhen
cc65d5491d Filter out expired entities in JpaMapKeycloakTransaction 
Closes #12623
 2022-06-22 11:35:50 +02:00
Stefan Guilhen
7d96f3ad5a Events Map JPA implementation 
Closes #9667
 2022-06-21 13:53:48 +02:00
Alexander Schwartz
ae7c01b719 Moving the CacheRealmProvider interface to the legacy module 2022-06-21 08:53:06 +02:00
Alexander Schwartz
7855b93390 Moving the UserCache interface to the legacy module 
Co-Authored-By: hmlnarik@redhat.com
 2022-06-21 08:53:06 +02:00
Alexander Schwartz
896afc4644 rename SingleEntityCredentialManager to SubjectCredentialManager, part 2 2022-06-21 08:53:06 +02:00
Alexander Schwartz
cb0c881821 rename SingleEntityCredentialManager to SubjectCredentialManager 2022-06-21 08:53:06 +02:00
Alexander Schwartz
84d21f0230 for all added files in the PR, update the copyright header or add it if it was missing 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
f1ca325b6b Add map datastore provider 2022-06-21 08:53:06 +02:00
Alexander Schwartz
d41764b19b Inline deprecated methods in legacy code 2022-06-21 08:53:06 +02:00
Alexander Schwartz
08bbb1fb92 Move LDAP REST Endpoints to LDAP package 
- Thus remove implicit dependency on services on the legacy modules
- Disable tests for LDAP/Kerberos that won't work when map storage is enabled
 2022-06-21 08:53:06 +02:00
Alexander Schwartz
1bc6133e4e redirect calls to userLocalStorage from legacy modules (federation, ldap, sssd, kerberos) 2022-06-21 08:53:06 +02:00
Alexander Schwartz
a109e28be7 moving some functionality around imports 2022-06-21 08:53:06 +02:00
Alexander Schwartz
f89b8c356d Moving logic to create a user from a representation to the legacy module 2022-06-21 08:53:06 +02:00
Alexander Schwartz
a43321c720 Moving logic to create service accounts in local storage only to legacy module 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
e396d0daa1 Renaming SingleUserCredentialManager and UserModel.getUserCredentialManager(): 
- class SingleUserCredentialManager to SingleEntityCredentialManager
- method UserModel.getUserCredentialManager() to credentialManager()

Renaming of API without "get" prefix to make it consistent with other APIs like for example with KeycloakSession
 2022-06-21 08:53:06 +02:00
Alexander Schwartz
14a369a8cc Added LegacySessionSupport SPI 
While some methods around onCache() are still called from the legacy code, all other methods log a warning with a stacktrace.
 2022-06-21 08:53:06 +02:00
Alexander Schwartz
6f287e7ded Avoid using methods on UserCredentialStoreManager 2022-06-21 08:53:06 +02:00
Alexander Schwartz
bc8fd21dc6 SingleUserCredentialManager moving in 
- UserStorageManager now handles authentication for old Kerberos+LDAP style
- new getUserByCredential method in MapUserProvider would eventually do the same.
 2022-06-21 08:53:06 +02:00
Alexander Schwartz
82094d113e Move User Storage SPI, introduce ExportImportManager 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
703e868a51 Preparation for moving User Storage SPI 
- Introduction of new AdminRealmResource SPI
- Moving handler of /realm/{realm}/user-storage into model/legacy-service
- session.users() and userStorageManager() moved refers legacy module
  IMPORTANT: Broken as UserStorageSyncManager is not yet moved
 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
36f76a37ad Move realms, clients, groups, roles, clientscopes into legacy module 
- Introduces Datastore SPI for isolating data store methods
- Introduces implementation of the datastore for legacy storage
- Updates DefaultKeycloakSession to leverage Datastore SPI instead
  of direct creating of area providers by the session
 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
247ff52187 Introduce legacy datastore module and update dependencies 2022-06-21 08:53:06 +02:00
Michal Hajas
0719d3e49b Remove EXPIRATION fields and add expired entities filtering to all queries automatically 
Closes #12563
 2022-06-20 21:45:32 +02:00
Michal Hajas
22f9b0fee3 Unify expiration handling for SingleUseObjects 
Closes #12205
 2022-06-20 21:45:32 +02:00
Michal Hajas
781183e551 Enable indexing for ResourceServerEntity 
Closes #12533
 2022-06-20 10:17:19 +02:00
vramik
1b3a76d0af Do not persist client sessions of transient user sessions 
Closes #12357
 2022-06-15 10:54:23 +02:00
vramik
df41f233d5 Introduce unique index for enums stored by storages 
Closes #12277
 2022-06-15 09:12:10 +02:00
Alexander Schwartz
361a813d81 Keep a list of model instances in the JPA map session. 
This allows removing them from the persistence context on bulk delete.

Closes #12384
 2022-06-09 12:39:04 -03:00
Martin Kanis
df72cf72f2 Hot Rod map storage: Single-use (action token) no-downtime store 2022-06-06 16:01:18 +02:00
rmartinc
5332a7d435 Issue #9194: Client authentication fails when using signed JWT, if the JWA signing algorithm is not RS256 2022-06-06 12:07:09 +02:00
vramik
c31d37ddf1 Each JpaRootEntity should have its own current schema version 
Closes #12272
 2022-06-02 17:16:34 +02:00
Michal Hajas
09c0a69a8f Add HotRod no downtime store for events 
Closes #9676
 2022-06-02 13:30:19 +02:00
Martin Kanis
75754eca6b Extract timestamp from Expirable entity 2022-06-01 13:03:31 +02:00
vramik
be28e866b9 JPA map storage: Authorization services no-downtime store 
Closes #9669
 2022-05-30 21:05:34 +02:00
Michal Hajas
9b36ea0269 Add cascade removal of client session on user session removal for HotRod 
Closes #12096
 2022-05-30 09:58:54 +02:00
Michal Hajas
1a98765fb7 Fix cascade removal of client session on user session removal for CHM 
Closes #12146
 2022-05-30 09:58:54 +02:00
Alexander Schwartz
063960aaa3 Deferred indexes are not available on CockroachDB, therefore, only use them on PostgreSQL 
Closes #12176
 2022-05-27 08:51:20 -03:00
Marek Posolda
eed944292b
Make script providers working on JDK 17 (#11322) 
Closes #9945
 2022-05-27 12:28:50 +02:00
Michal Hajas
bc59fad85b Unify way how expirable entities are handled in the new store 
Closes #11947
 2022-05-26 13:17:27 +02:00
Martin Kanis
0cb3c95ed5 Map storage: Single-use objects (action token) 2022-05-25 16:47:10 +02:00
Pedro Igor
26c87af9f4 Avoiding unnecessary roundtrips to the database when evaluating permissions 
Closes #12148

Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
 2022-05-25 12:23:15 +02:00
vramik
ad3da7f5e4 JPA map storage: disable failing on unknown properties when deserializing the object 
Closes #12173
 2022-05-25 09:31:40 +02:00
vramik
24171d2e47 Rename providers from jpa-map-storage to jpa 
Closes #12098
 2022-05-23 16:47:51 +02:00
vramik
0c3aa597f9 JPA map storage: test failures after cache was disabled 
Closes #12118
 2022-05-23 13:01:30 +02:00
Alexander Schwartz
d1a92680f5 Optimize querying sub-groups of groups 
Closes #12080
 2022-05-19 14:46:53 +02:00
Martin Kanis
0e9f2badff Make all fields in HotRod store optional 2022-05-18 20:50:47 +02:00
Alexander Schwartz
1a95a58893 Graceful handling if composite roles have been removed concurrently. 
Closes #12003
 2022-05-17 13:29:15 +02:00
Michal Hajas
0bda7e6038 Introduce map event store with CHM implementation 
Closes #11189
 2022-05-17 12:57:35 +02:00
vramik
e1eb9d6d64 Replace equals with == when comparing SearchableFields in Jpa*ModelCriteriaBuilder and Ldap*ModelCriteriaBuilder 
Closes #11843
 2022-05-16 21:51:38 +02:00
Michal Hajas
b86f205cda Make KeycloakServer runnable with external Infinispan server 
Closes #12011
Closes #12014
 2022-05-16 21:50:35 +02:00
Martin Kanis
0d6bbd437f
Merge single-use token providers into one 
Fixes first part of: #11173

* Merge single-use token providers into one

* Remove PushedAuthzRequestStoreProvider

* Remove OAuth2DeviceTokenStoreProvider

* Delete SamlArtifactSessionMappingStoreProvider

* SingleUseTokenStoreProvider cleanup

* Addressing Michal's comments

* Add contains method

* Add revoked suffix

* Rename to SingleUseObjectProvider
 2022-05-11 13:58:58 +02:00
Michal Hajas
d3b43a9f59 Make sure there is always Realm or ResourceServer when searching for authz entities 
Closes #11817
 2022-05-11 07:20:01 -03:00
Alexander Schwartz
bfab03b837 Throw an IllegalArgumentException once a ClassCastException occurs. 
Closes #11775
 2022-05-11 09:19:09 +02:00
Michal Hajas
6b5c417742 Add HotRod store for authorization services 
Closes #9679
 2022-05-06 15:31:38 +02:00
Martin Kanis
00ccc78360 Add index to entityVersion for all HotRod entities 2022-05-05 17:42:13 +02:00
Michal Hajas
fc974fc019 Update composite roles on child role removal 
Closes #11769
 2022-05-05 15:18:18 +02:00
Alexander Schwartz
e0d7ad1be5 Leverage the equal() method on the wrapped entity instead of creating a string. 
Closes #11764
 2022-05-03 13:29:12 +02:00
vramik
0d83b51b20 Enhance Map authz entities with REALM_ID (ResourceServer with CLIENT_ID) searchable field 
Co-authored-by Michal Hajas <mhajas@redhat.com>

Closes #10883
 2022-05-03 12:56:27 +02:00
Sven-Torben Janus
0efa4afd49 Evaluate composite roles for hardcoded LDAP roles/groups 
Closes: 11771

see also KEYCLOAK-18308
 2022-05-02 14:13:37 +02:00
Alexander Schwartz
cd20f45b8a Ensure that values of attributes are unique in the database 
While this is already ensured on the Java level when using a Set, database inconsistencies as occurred with Hibernate could lead to follow-up problems that are hard to analyze (as seen in #11666).

Closes #11671
 2022-04-28 12:04:05 +02:00
vramik
2ecf250e37 Deletion of all objects when realm is being removed 
Closes #11076
 2022-04-28 11:09:17 +02:00
vramik
5248815091 Disable infinispan realm and user cache for map storage tests 
Closes #11213
 2022-04-25 09:38:49 +02:00
Stefan Guilhen
0f147ccdc0 Enlist JPA transaction in JpaMapStorageProvider.getStorage 
Closes #11230

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2022-04-23 08:19:33 +02:00
Hynek Mlnarik
0ce5dfc09c Remove dependency of map on services 
Fixes: 8903
 2022-04-22 17:27:21 +02:00
Alexander Schwartz
90155862f3 LdapMapStorageProvider to use a full inline class for MapStorage 
Closes #11373
 2022-04-22 17:25:33 +02:00
Stefan Guilhen
0c7a8c8684 Login Failures Map JPA implementation 
Closes #9664
 2022-04-22 10:47:04 +02:00
vramik
3d1118223b New Storage: Testsuite fails when JPA Map storage is enabled for groups 
Closes #11369
 2022-04-21 11:14:35 +02:00
Stefan Guilhen
f48d468641 Increase column size for keys that refer to entities that can be stored in different storages (foreign keys) 
Closes #11329
 2022-04-21 08:50:37 +02:00
Stefan Guilhen
b29b27d731 Ensure code does not rely on a particular format for the realm id or component id 2022-04-20 14:40:38 +02:00
Stefan Guilhen
ae90b232ff Realms Map JPA implementation 
Closes #9661
 2022-04-20 14:40:38 +02:00
Pedro Igor
c5e4dc8cec
Associated permissions should only add resource type permissions if the resource is an instance (#11220) 
Closes #11148
 2022-04-19 09:10:14 +02:00
Pedro Igor
52d205ca91
Allow exposing some initial provider config options via web site (#10572) 
* Allow exposing some initial provider config options via web site

Co-authored-by: Stian Thorgersen <stian@redhat.com>

Closes #10571

* Include type to provider options, and hide build-icon column as it's not relevant

Co-authored-by: stianst <stianst@gmail.com>
 2022-04-19 08:01:42 +02:00
Bruno Oliveira da Silva
f9d4566723 Replace the cryptographic algorithm by SHA-2 
The static code scanning analysis detected the usage of MD5 as part of [
MapDeploymentStateProviderFactory](a6dd9dc0f1/model/map/src/main/java/org/keycloak/models/map/deploymentState/MapDeploymentStateProviderFactory.java (L58-L58)).

Even though we could not find any ways of exploiting the code, we should
avoid its usage considering that MD5 is not collision-resistant.

Resolves #11290
 2022-04-18 07:10:04 -03:00
Martin Kanis
a2d7cd7a5c Hot Rod map storage: User / client session no-downtime store 2022-04-14 15:34:22 +02:00
msvechla
820ab52dce
Add support for filtering by enabled attribute on users count endpoint (#9842) 
Resolves #10896
 2022-04-13 13:57:22 -03:00
Alexander Schwartz
5c1a8d401d Store time as seconds as a long in map store 
This avoids overflowing the value in 2038.

Closes #10960
 2022-04-12 14:22:44 +02:00
Alexander Schwartz
a6dd9dc0f1 Avoiding AvlPartitionFactory and using JdbmPartitionFactory for the embedded LDAP to work around unstable tests. 
Fix for #11171 didn't turn out to cover the root cause. Also improved transaction handling in LDAP Map storage.

Closes #11211
 2022-04-12 09:12:21 +02:00
Michal Hajas
6e181a51d5 Add test-jar dependency only if maven.test.skip property is false 
Closes #11192
 2022-04-11 10:37:18 -03:00
Alexander Schwartz
5c810ad0e5 Avoid short-lived connections for ApacheDS to avoid messages around "ignoring the message MessageType UNBIND_REQUEST" 
The comment in LdapRequestHandler.java in ApacheDS notes just before discarding an unbind request: "in some cases the session is becoming null though the client is sending the UnbindRequest before closing".

Also implementing a retry logic for all remaining errors regarding LDAP.

Closes #11171
 2022-04-11 10:03:15 +02:00
Pedro Igor
834a276767 NPE when caching policies based on scopes without a resource 
Closes #11180
 2022-04-08 08:43:08 -03:00
Stefan Guilhen
d952669f69 Add clearUpdatedFlag so the flag in associated protocol mappers can be cleared as well 
Closes #11118
 2022-04-08 09:36:55 +02:00
Michal Hajas
1f2ebf4cba Add HotRod no downtime store for Realms 
Closes #9670
 2022-04-08 09:36:01 +02:00
Martin Kanis
3bb4081bd1 Convert user / client session entities into interface 2022-04-08 09:34:01 +02:00
Michal Hajas
f4f5928727 Add type to filters in MapResourceStore 
Closes #11154
 2022-04-07 15:10:20 -03:00
Joerg Matysiak
235f0f3963 Add index to admin events table to improve performance of admin event view 
Closes #10625
 2022-04-06 09:12:35 +02:00
Martin Kanis
395bd447f2 Hot Rod map storage: Login failure no-downtime store 2022-04-01 20:43:18 +02:00
vramik
8ff768b33b JPA map storage: Authentication session no-downtime store 
Closes #9665
 2022-03-30 13:43:35 +02:00
Martin Kanis
3356e8b098 Convert login failure entities into interface 2022-03-29 18:40:53 +02:00
Stefan Guilhen
d8bee26ec8 Implement AbstractClientEntity.isUpdated to account for changes in associated protocol mappers. 
Closes #10927
 2022-03-29 18:35:28 +02:00
Martin Kanis
e493b08fa7 Add expiration field to root authentication session 2022-03-23 07:47:47 +01:00
Michal Hajas
99c06d1102
Authorization services refactoring 
Closes: #10447 

* Prepare logical layer to distinguish between ResourceServer id and client.id
* Reorder Authz methods: For entities outside of Authz we use RealmModel as first parameter for each method, to be consistent with this we move ResourceServer to the first place for each method in authz
* Prepare Logical (Models/Adapters) layer for returning other models instead of ids
* Replace resourceServerId with resourceServer model in PermissionTicketStore
* Replace resourceServerId with resourceServer model in PolicyStore
* Replace resourceServerId with resourceServer model in ScopeStore
* Replace resourceServerId with resourceServer model in ResourceStore
* Fix PermissionTicketStore bug
* Fix NPEs in caching layer
* Replace primitive int with Integer for pagination parameters
 2022-03-22 20:49:40 +01:00
keycloak-bot
c71aa8b711
Set version to 999-SNAPSHOT (#10784) 2022-03-22 09:22:48 +01:00
Martin Kanis
0faf3987f6 Hot Rod map storage: Authentication session no-downtime store 2022-03-22 09:05:52 +01:00
Martin Kanis
2394855f48 Add merge tasks optimization to ConcurrentHashMapKeycloakTransaction.delete 2022-03-21 16:45:48 +01:00
Michal Hajas
c18a682f50 Do not store undefined values in store 
Closes #10744
 2022-03-17 16:44:33 +01:00
Bruno Oliveira da Silva
8aa394ca6b Update to Liquibase 4.8.0 
Closes #10678

Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
 2022-03-16 13:46:31 -03:00
Alexander Schwartz
8d1a47f768 adding missing log4j configuration to prevent errors in the log 
Closes #10613
 2022-03-14 10:12:49 -03:00
Pedro Igor
ad865e75c1 Change the flush mode to auto and fixing how entities are checked if they are loaded in the EM 
Closes #10411
 2022-03-11 12:21:52 -03:00
Martin Kanis
1a4d7c297a
Change authentication sessions map to set (#10596) 2022-03-10 08:45:24 +01:00
Alexander Schwartz
18f391d8c4 Fix spelling error in field and classname 
It's always a converter, unless electricity is involved.

Closes #10573
 2022-03-09 08:28:52 -03:00
Alexander Schwartz
3c3f003a38 LDAP Map storage support to support read/write for roles 
Closes #9929
 2022-03-08 12:03:10 +01:00
Michal Hajas
f77ce315bb Disable Authz caching for new storage tests 
Closes #10500
 2022-03-07 10:22:55 -03:00
Michael Parlee
722ce950bf Improve user search performance 
Removes bulder.lower() from user search queries on email and username.

Closes #8893
 2022-03-04 14:15:14 +01:00
Martin Kanis
6c64d465ea Convert authentication session entities into interface 2022-03-04 10:50:18 +01:00
Alexander Schwartz
ebfc24d6c1 Ensure that Infinispan shutdowns correctly at the end of the tests. Report any exceptions within another thread as a test failure. 
Adding additional information like a thread dump when it doesn't shutdown as expected.

Closes #10016
 2022-03-04 10:47:01 +01:00
giacomo.altiero
91d37b5686 Single offlineSession imported in Infinispan with correctly calculated lifespan and maxIdle parameters 
Close #8776
 2022-03-01 14:51:29 +01:00
Stefan Guilhen
af7a040d54 Ensure Liquibase validation is performed once per area 
Closes #10132
 2022-02-25 08:48:34 +01:00
Martin Kanis
6249e34177 Hot Rod map storage: Client scope no-downtime store 2022-02-24 13:30:27 +01:00
Michal Hajas
b4281468d0 Convert Map Realm Entities into interfaces 
Closes #9736
 2022-02-24 13:23:19 +01:00
Vlasta Ramik
aa6a131b73
Change String client.id to ClientModel client in ResourceServerStore 
Closes #10442
 2022-02-24 12:46:26 +01:00
Luca Graf
febb447919 KEYCLOAK-19297 Use real 'external' client object id to store AuthenticatedClientSession in UserSession object, so that the client session can be looked by the client object id in further requests. 2022-02-18 12:42:59 +01:00
vramik
589606b1c1 JPA map storage: Groups no-downtime store 
Closes #9660
 2022-02-15 08:54:41 +01:00
keycloak-bot
d9f1a9b207
Set version to 18.0.0-SNAPSHOT (#10165) 2022-02-11 21:28:06 +01:00
Stefan Guilhen
442d9bae2e Add CockroachDB support in the new JPA storage 
Closes #10039
 2022-02-11 18:04:02 +01:00
Martin Kanis
26ac142b99 Hot Rod map storage: Roles no-downtime store 2022-02-11 14:31:34 +01:00
Michal Hajas
b50b8f883b Implement HotRod storage for Users 
Closes #9671
 2022-02-11 10:20:36 +01:00
vramik
8a8d59a124 Add prefix "kc_" to all existing tables 
Closes #10101
 2022-02-11 08:59:23 +01:00
Alexander Schwartz
de7be3d65d Handling JPA Map storage case when parent has been deleted 
Closes #10033
 2022-02-09 14:43:50 +01:00
Stefan Guilhen
7c1d6eae43
Upgrade to Liquibase 4.6.2 
* Upgrade to Liquibase 4.6.2
* Add valid checksums to changesets to allow migration to newest liquibase
* Update liquibase licenses

Co-authored-by: Martin Kanis <mkanis@redhat.com>
 2022-02-09 12:56:46 +01:00
vramik
5701c6c85a JPA delegates can throw NoResultException when entity doesn't have any attributes 
Closes #10067
 2022-02-09 09:18:54 +01:00
vramik
844c210d86 Create common parent for Jpa*AttributeEntity 
Closes #10071
 2022-02-08 22:09:21 +01:00
Alexander Schwartz
45df1adba9 Update generics in JPA Map storage to avoid casting and compiler warnings 
Closes #10060
 2022-02-08 17:38:53 +01:00
Alexander Schwartz
de2c1fbb45 Update the entityVersion also for downgrades, as it needs to match the JSON and auxiliary tables. 
Will trigger also when changes to a child occur, like for example when attributes change.

Closes #9716
 2022-02-07 12:14:05 +01:00
Martin Kanis
0471ec4941 Cross-site validation for lazy loading of offline sessions & Switch default offline sessions to lazy loaded 2022-02-03 21:43:47 +01:00
vramik
7bd0dbb3ce Client Scopes: Added ModelIllegalStateException to handle lazy loading exception. 
Closes #9645
 2022-02-02 21:49:40 +01:00
vramik
165791b1d7 Client Scopes: Ensure that parent's version ID is incremented when an attribute changes 
Closes #9874
 2022-02-02 21:49:22 +01:00
Alexander Schwartz
9d46b45a9c Ensure that parent's version ID is incremented when an attribute changes. 
This is necessary to allow the optimistic locking functionality to work as expected when changing only attributes on an entity.

Closes #9874
 2022-02-01 20:33:10 +01:00
vramik
13e02d5f09 JPA map storage: Client scope no-downtime store 
Closes #9663
 2022-02-01 20:26:00 +01:00
Michal Hajas
c648e121ed Convert authz entities into interfaces 
Closes #9740
 2022-01-31 13:51:56 +01:00
Alexander Schwartz
df7ddbf9b3 Added ModelIllegalStateException to handle lazy loading exception. 
Closes #9645
 2022-01-31 10:10:41 +01:00
Alexander Schwartz
2b81e62b6b Adding workaround for deadlock in tests for Infinispan 12.1.7 
Closes #9648
 2022-01-28 15:29:50 +01:00
bal1imb
9621d513b5 KEYCLOAK-18727 Improve user search query 2022-01-26 17:03:05 +01:00
Alexander Schwartz
9e257d4a01 Added warning when storage contains multi-valued attributes and Keycloak model doesn't support them. 
Closes #9714
 2022-01-26 15:40:00 +01:00
Michal Hajas
de161d02b9 Store updated flag in the entity, not in the delegate 
Closes #9774
 2022-01-26 15:24:42 +01:00
Alexander Schwartz
e2ac7b38f4 Adding missing database constraints for clients in JPA map storage. 
This should ensure consistency for the store even in the event of concurrent creation of clients by multiple callers.

Closes #9610
 2022-01-23 20:34:28 +01:00
vramik
873a44459a Convert MapClientScopeEntity to interface 
Closes #9657
 2022-01-23 16:56:25 +01:00
Martin Kanis
ddcabe61b2 KEYCLOAK-19571 Add indices to HotRodClientEntity fields 2022-01-20 17:46:47 +01:00
vramik
7b89d151c1 KEYCLOAK-18565 JPA roles no-downtime store 2022-01-20 12:02:35 +01:00
Guus der Kinderen
213b1f5042 Closes #9562: Add DB index for UserEntity getRealmUserByServiceAccount 2022-01-20 09:52:54 +01:00
vramik
61fbb2fb2e JPA-Map storage might loose writes due to missing locking mechanism 
Closes #9411
 2022-01-20 09:06:14 +01:00
vramik
22bcdcb630 MapRoleProvider could return also client roles when searching for realm roles 
Closes #9587
 2022-01-19 16:39:59 +01:00
Konstantinos Georgilakis
db0b36460f KEYCLOAK-19148 correct getGroupsCountByNameContaining of MapGroupProvider 2022-01-15 20:15:27 +01:00
Stefan Guilhen
2fd1593abf Set order of LiquibaseDBLockProviderFactory to 1 
- makes it the default provider when no provider is explicitly configured
- avoid NPE at server startup when other providers are present and none is set as default
 2022-01-13 08:30:25 +01:00
Dominik DS
93419a1797
KEYCLOAK-19289 check if values to set is not null (#8426) 
Closes #9529
 2022-01-12 09:22:01 +01:00
Michal Hajas
ab9413b48c Store user nested entities in Set instead of Map 2022-01-10 15:57:45 +01:00
Michal Hajas
9849df3757 Convert MapUserEntity to interface 2022-01-10 15:57:45 +01:00
Alexander Schwartz
9b18688ce2 fixes #9427 regex pattern is now pre-compiled 2022-01-08 17:30:54 +01:00
Martin Kanis
9d5355b7ad Upgrade Infinispan to 12.1.7.Final 2022-01-08 17:29:09 +01:00
Hynek Mlnařík
d39eb95705
Introduce per-field delegation of entities 2022-01-05 14:06:45 +01:00
vramik
dd3d7be2b4 Make JpaClientMapStorage generic 
Closes #9244
 2022-01-05 07:04:05 +01:00
andreaTP
4817e152e3 [ref: 8889] Annotation processor support for Java > 11 2022-01-04 21:26:07 +01:00
Stefan Guilhen
b12830ae4f 8947 - Add liquibase extension to handle JSON operations 2022-01-04 20:58:32 +01:00
Michal Hajas
96b2669a00 Refactoring of constructors for generated entities 2021-12-22 16:00:10 +01:00
vramik
009ca27a38 Make JsonbType generic 
Closes #9165
 2021-12-20 17:40:23 +01:00
keycloak-bot
9f3d4a7d42 Set version to 17.0.0-SNAPSHOT 2021-12-20 10:50:39 +01:00
vramik
44184ab0cb MapRoleProvider uses ILIKE operator when EQ operator should be used 
Closes #9130
 2021-12-16 10:31:43 +01:00
vramik
b4d720d615 Fix DB Migration Script to 13.0.0 
Closes #9138
 2021-12-15 14:00:29 +01:00
vramik
c6312e3308 KEYCLOAK-18717 KEYCLOAK-18716 KEYCLOAK-18715 KEYCLOAK-18713 KEYCLOAK-18712 KEYCLOAK-18711 JPA clients no-downtime store 2021-12-15 13:32:49 +01:00
vramik
848b170a96 Use DeepCloner.Builder().constructorDC in cases when possible 
Closes #9141
 2021-12-15 10:28:08 +01:00
vramik
e61da278ba When ternary conditional operator uses primitive type it could throw NPE in some cases 
Closes #9137
 2021-12-15 10:25:54 +01:00
Michal Hajas
5aa9a09b20 Closes #8969 - Add Groups HotRod storage 2021-12-13 18:12:19 +01:00
Hynek Mlnarik
8e03942e87 Enhance available tree operations 
Fixes #9022
 2021-12-13 18:05:45 +01:00
Hynek Mlnarik
3c7e5c8440 Create delegates and empty instances in DeepCloner 
Fixes: #9030
 2021-12-13 18:04:48 +01:00
Michal Hajas
fc237a8b63 Introduce ancestor interface for entities with attributes 2021-12-10 10:54:44 +01:00
Michal Hajas
7aaa33739b KEYCLOAK-19570 Add annotation processing for HotRod clients 2021-12-08 10:00:00 +01:00
Hynek Mlnarik
3602873df2 Introduce model-entity util methods 
Fixes: #9025
 2021-12-07 16:51:56 +01:00
vramik
783eecf612 Closes #8808 - Convert MapRoleEntity to interface 2021-12-01 15:50:26 +01:00
Kashif Saadat
d9bf511406 KEYCLOAK-19052: Optimised (split) the clearExpiredEvents query to reduce execution time 2021-11-30 22:25:55 +01:00
Michal Hajas
a5c3b83443 Closes #8807 - Make MapGroupEntity generated 2021-11-30 21:44:18 +01:00
Michal Hajas
158640d1f3 Closes #8954 - move Hot Rod classes to hotRod package 2021-11-30 11:52:16 +01:00
vramik
1adce39e1d 8886 Add alwaysDisplayInConsole searchable client field 2021-11-24 13:15:17 +01:00
vramik
6b8890f5dd KEYCLOAK-19525 Inconsistent creation of default-roles-<realm> 2021-11-23 21:30:12 +01:00
Martin Bartoš
1e1a6779be Issue 8814: Replace deprecated hamcrest-all dependencies 2021-11-23 13:56:28 +01:00
Michal Hajas
4291caff3c Fix Delegate bug 2021-11-16 19:47:59 +01:00
Michal Hajas
2f9a5aae0f KEYCLOAK-19028 Add HotRod Map storage implementation 2021-11-11 14:10:00 +01:00
Alec Henninger
cec6a8a884 KEYCLOAK-19700: Attempt to reuse denied device authorization code results in server error 2021-11-08 11:37:51 +01:00
Hynek Mlnarik
58d403cf24 KEYCLOAK-19726 Fix return types of ModelCriteriaBuilder methods 2021-11-05 16:39:40 +01:00
vramik
439e2e4288 KEYCLOAK-19763 fix MapClientProvider.getClientByClientId 2021-11-04 11:48:07 +01:00
Martin Kanis
9c287aff1f KEYCLOAK-19709 Remove MapStorage.createCriteriaBuilder 2021-11-03 20:05:29 +01:00
Hynek Mlnarik
6966e0cfe9 KEYCLOAK-19749 Optimize DefaultModelCriteria creation 2021-11-03 17:42:26 +01:00
Hynek Mlnarik
877ae96590 KEYCLOAK-18854 Introduce storage-independent ModelCriteriaBuilder 2021-10-29 19:21:45 +02:00
Martin Kanis
af97849feb KEYCLOAK-19030 Implement HotRodConnectionProvider 2021-10-27 14:07:19 +02:00
Hynek Mlnarik
53f02a50f6 KEYCLOAK-19562 Introduce generic trees 2021-10-25 13:28:48 +02:00
Michal Hajas
cfbb7f5553 KEYCLOAK-19593 Remove CRUD operations from MapStorage interface 
Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2021-10-21 17:01:33 +02:00
Hynek Mlnarik
8ee992e638 KEYCLOAK-19482 Generate map entity cloners 2021-10-18 13:14:14 +02:00
Martin Kanis
d069ec7949 KEYCLOAK-18737 Show sessions functionality does not work consistently 
Co-authored-by: Pavel Bezdienezhnykh
Co-authored-by: Martin Kanis <mkanis@redhat.com>
 2021-10-13 14:04:14 +02:00