Commit graph

1973 commits

Author SHA1 Message Date
Alexander Schwartz
d30646b1f6 Refactor object locking for UserSessions
Closes #12717
2022-07-19 17:47:33 -03:00
Martin Kanis
c8a6846ee0 Remove offline sessions when deleting a realm 2022-07-19 16:40:22 +02:00
Alexander Schwartz
f490638971 Fall back to standard Liquibase locking
As DBLockProvider is "none" for the Map storage providers, there is no locking provided by DB Lock
provider.

Liquibase's classic lock provider has issues that need to be tackled in a follow-up issue, see https://github.com/liquibase/liquibase/issues/1311

Closes #13130
2022-07-19 10:45:31 +02:00
Alexander Schwartz
247cf0d09a Assure that a second thread waits for the first thread to process the database changes
Closes #13130
2022-07-19 10:45:31 +02:00
Alexander Schwartz
b959e5c32a Prevent logging changeset on the console for Quarkus
Closes #13126
2022-07-15 17:12:22 +02:00
Alexander Schwartz
30b41d02b4 Move non-map-storage related classes to new package
Closes #13081
2022-07-15 09:46:29 -03:00
Pedro Igor
f6a2b334d1
Integrate the JPA map store (#13097)
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2022-07-14 17:47:51 -03:00
Vlasta Ramik
ec853a6b83
JPA map storage: User / client session no-downtime store (#12241)
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>

Closes #9666
2022-07-14 12:07:02 -03:00
Alexander Schwartz
d4c97bd3a9
Choose alternatives for CockroachDB for referenced computed columns (#12991) 2022-07-13 15:31:21 -03:00
Pedro Igor
b80731decf
Remove any legacy provider from runtime when running the new store (#12963) 2022-07-13 07:30:14 -03:00
Michal Hajas
34d8629477
Convert ClientSessionIdleTimeout from seconds to milliseconds before … (#13048) 2022-07-13 07:29:52 -03:00
Pedro Igor
5b48d72730 Upgrade Resteasy v4
Closes #10916

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2022-07-11 12:17:51 -03:00
Michal Hajas
0f86427dd0 Make user->client sessions relationship consistent
Closes #12817
2022-07-11 08:42:28 -03:00
Michal Hajas
5f7f4ad850 Reflect SingleUseObject store objectKey changes to HotRod implementation
Closes #12480
2022-07-08 10:34:31 -03:00
Michal Hajas
cbb88ed75d Store enums as Integers in HotRod store
Closes #12502
2022-07-08 10:34:17 -03:00
Alexander Schwartz
29a501552e Disable the JpaUserFederatedStorageProvider when map storage is enabled
Closes #12895
2022-07-07 10:47:42 -03:00
Alexander Schwartz
d91a5eb99f Move methods from UserStorageUtil to LegacyRealmModel
It is better suited to take methods removed from RealmModel earlier.

Closes #12805
2022-07-07 09:57:17 -03:00
Stefan Guilhen
dc88dd5286
Users Map JPA implementation (#12871) 2022-07-05 11:19:31 -03:00
Alexander Schwartz
098d4dda0e
Split PublicKeyStorageProvider (#12897)
Split PublicKeyStorageProvider

- Extract clearCache() method to separate interface and move it to the legacy module
- Make PublicKeyProvider factories environment dependent
- Simple map storage for public keys that just delegates

Resolves #12763

Co-authored-by: Martin Kanis <mkanis@redhat.com>
2022-07-05 09:57:51 -03:00
Alexander Schwartz
63614b1240 Fixing broken build after merging conflicting PRs.
This was introduced via #9852 when #11844 was merged.

Closes #12898
2022-07-04 15:57:25 -03:00
Stefan Guilhen
007fa1f374 Single Use Objects Map JPA implementation
Closes #9852
2022-07-04 10:05:51 -03:00
Alexander Schwartz
4b20e90292 Move session persistence package to legacy-private module
Also, disabling the jpa session persister when map storage is enabled.

Closes #12712
2022-07-04 10:05:26 -03:00
Alexander Schwartz
9143d8bd0e Store composite roles within its own table for JPA Map storage.
This keeps the JSON column small, enables searching by child, and allows modification of the role's children without loading all children.

Closes #11844
2022-07-01 14:13:24 -03:00
Jon Koops
06d1b4faab Restore enum variant of ResourceType
This reverts commit 3b5a578934.
2022-06-30 12:20:51 -03:00
Tero Saarni
3170efd3ad Removed unused imports with double semicolons 2022-06-30 09:34:30 -03:00
Michal Hajas
9b889b44b4 Make HotRod schema no-downtime upgradable
- Split one schema into schema per area
- Check schema stored in the server and update it only when necessary

Closes #9113
2022-06-29 20:57:19 +02:00
Alexander Schwartz
a191d7eb3c Moving CachedObject to the legacy modules
Closes #12656
2022-06-29 20:04:32 +02:00
Alexander Schwartz
b581c203e3 Moving ClientScopeStorageProviderModel to the legacy modules
Closes #12656
2022-06-29 20:04:32 +02:00
Alexander Schwartz
ddeab744d0 Moving RoleStorageProviderModel to the legacy modules
Closes #12656
2022-06-29 20:04:32 +02:00
Alexander Schwartz
05f8f3038f Moving GroupStorageProviderModel to the legacy modules
Closes #12656
2022-06-29 20:04:32 +02:00
Alexander Schwartz
692ce0cd91 Moving ClientStorageProvider to the legacy modules
This prepares the move of CachedObject and CacheableStorageProviderModel

Closes #12531

fixup! Moving ClientStorageProvider to the legacy modules
2022-06-29 20:04:32 +02:00
Alexander Schwartz
05dcc188bb Move over caching related interfaces to the legacy module
Closes #12531
2022-06-29 20:04:32 +02:00
vramik
3b5a578934 Change enum ResourceType to interface with String constants
Closes #12485
2022-06-29 13:35:11 +02:00
vramik
91335ebaad Change returning type to Set in MapClientEntity when obtaining protocol mappers
Closes #11136
2022-06-28 21:47:56 +02:00
Alexander Schwartz
4b499c869c Encapsulate MigrationModelManager in legacy module
Closes #12214
2022-06-28 10:53:04 +02:00
Michal Hajas
e0efdcae22 Make sure HotRod store does not return empty delegate
Closes #12304
2022-06-27 15:10:18 +02:00
Pedro Igor
c972ec4383 Allow to conditionally bootstrap the default persistence unit
Closes #12662
2022-06-27 08:26:37 -03:00
vramik
c058983655 Enable optimistic locking feature on auth sessions
Closes #12242
2022-06-27 09:29:27 +02:00
Patrick Jennings
d048bf22fb Do not try to delete from related federated user tables when deleting a service account linked user. 2022-06-22 22:52:16 +02:00
Stefan Guilhen
cc65d5491d Filter out expired entities in JpaMapKeycloakTransaction
Closes #12623
2022-06-22 11:35:50 +02:00
Stefan Guilhen
7d96f3ad5a Events Map JPA implementation
Closes #9667
2022-06-21 13:53:48 +02:00
Alexander Schwartz
ae7c01b719 Moving the CacheRealmProvider interface to the legacy module 2022-06-21 08:53:06 +02:00
Alexander Schwartz
7855b93390 Moving the UserCache interface to the legacy module
Co-Authored-By: hmlnarik@redhat.com
2022-06-21 08:53:06 +02:00
Alexander Schwartz
896afc4644 rename SingleEntityCredentialManager to SubjectCredentialManager, part 2 2022-06-21 08:53:06 +02:00
Alexander Schwartz
cb0c881821 rename SingleEntityCredentialManager to SubjectCredentialManager 2022-06-21 08:53:06 +02:00
Alexander Schwartz
84d21f0230 for all added files in the PR, update the copyright header or add it if it was missing 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
f1ca325b6b Add map datastore provider 2022-06-21 08:53:06 +02:00
Alexander Schwartz
d41764b19b Inline deprecated methods in legacy code 2022-06-21 08:53:06 +02:00
Alexander Schwartz
08bbb1fb92 Move LDAP REST Endpoints to LDAP package
- Thus remove implicit dependency on services on the legacy modules
- Disable tests for LDAP/Kerberos that won't work when map storage is enabled
2022-06-21 08:53:06 +02:00
Alexander Schwartz
1bc6133e4e redirect calls to userLocalStorage from legacy modules (federation, ldap, sssd, kerberos) 2022-06-21 08:53:06 +02:00
Alexander Schwartz
a109e28be7 moving some functionality around imports 2022-06-21 08:53:06 +02:00
Alexander Schwartz
f89b8c356d Moving logic to create a user from a representation to the legacy module 2022-06-21 08:53:06 +02:00
Alexander Schwartz
a43321c720 Moving logic to create service accounts in local storage only to legacy module 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
e396d0daa1 Renaming SingleUserCredentialManager and UserModel.getUserCredentialManager():
- class SingleUserCredentialManager to SingleEntityCredentialManager
- method UserModel.getUserCredentialManager() to credentialManager()

Renaming of API without "get" prefix to make it consistent with other APIs like for example with KeycloakSession
2022-06-21 08:53:06 +02:00
Alexander Schwartz
14a369a8cc Added LegacySessionSupport SPI
While some methods around onCache() are still called from the legacy code, all other methods log a warning with a stacktrace.
2022-06-21 08:53:06 +02:00
Alexander Schwartz
6f287e7ded Avoid using methods on UserCredentialStoreManager 2022-06-21 08:53:06 +02:00
Alexander Schwartz
bc8fd21dc6 SingleUserCredentialManager moving in
- UserStorageManager now handles authentication for old Kerberos+LDAP style
- new getUserByCredential method in MapUserProvider would eventually do the same.
2022-06-21 08:53:06 +02:00
Alexander Schwartz
82094d113e Move User Storage SPI, introduce ExportImportManager 2022-06-21 08:53:06 +02:00
Hynek Mlnarik
703e868a51 Preparation for moving User Storage SPI
- Introduction of new AdminRealmResource SPI
- Moving handler of /realm/{realm}/user-storage into model/legacy-service
- session.users() and userStorageManager() moved refers legacy module
  IMPORTANT: Broken as UserStorageSyncManager is not yet moved
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
36f76a37ad Move realms, clients, groups, roles, clientscopes into legacy module
- Introduces Datastore SPI for isolating data store methods
- Introduces implementation of the datastore for legacy storage
- Updates DefaultKeycloakSession to leverage Datastore SPI instead
  of direct creating of area providers by the session
2022-06-21 08:53:06 +02:00
Hynek Mlnarik
247ff52187 Introduce legacy datastore module and update dependencies 2022-06-21 08:53:06 +02:00
Michal Hajas
0719d3e49b Remove EXPIRATION fields and add expired entities filtering to all queries automatically
Closes #12563
2022-06-20 21:45:32 +02:00
Michal Hajas
22f9b0fee3 Unify expiration handling for SingleUseObjects
Closes #12205
2022-06-20 21:45:32 +02:00
Michal Hajas
781183e551 Enable indexing for ResourceServerEntity
Closes #12533
2022-06-20 10:17:19 +02:00
vramik
1b3a76d0af Do not persist client sessions of transient user sessions
Closes #12357
2022-06-15 10:54:23 +02:00
vramik
df41f233d5 Introduce unique index for enums stored by storages
Closes #12277
2022-06-15 09:12:10 +02:00
Alexander Schwartz
361a813d81 Keep a list of model instances in the JPA map session.
This allows removing them from the persistence context on bulk delete.

Closes #12384
2022-06-09 12:39:04 -03:00
Martin Kanis
df72cf72f2 Hot Rod map storage: Single-use (action token) no-downtime store 2022-06-06 16:01:18 +02:00
rmartinc
5332a7d435 Issue #9194: Client authentication fails when using signed JWT, if the JWA signing algorithm is not RS256 2022-06-06 12:07:09 +02:00
vramik
c31d37ddf1 Each JpaRootEntity should have its own current schema version
Closes #12272
2022-06-02 17:16:34 +02:00
Michal Hajas
09c0a69a8f Add HotRod no downtime store for events
Closes #9676
2022-06-02 13:30:19 +02:00
Martin Kanis
75754eca6b Extract timestamp from Expirable entity 2022-06-01 13:03:31 +02:00
vramik
be28e866b9 JPA map storage: Authorization services no-downtime store
Closes #9669
2022-05-30 21:05:34 +02:00
Michal Hajas
9b36ea0269 Add cascade removal of client session on user session removal for HotRod
Closes #12096
2022-05-30 09:58:54 +02:00
Michal Hajas
1a98765fb7 Fix cascade removal of client session on user session removal for CHM
Closes #12146
2022-05-30 09:58:54 +02:00
Alexander Schwartz
063960aaa3 Deferred indexes are not available on CockroachDB, therefore, only use them on PostgreSQL
Closes #12176
2022-05-27 08:51:20 -03:00
Marek Posolda
eed944292b
Make script providers working on JDK 17 (#11322)
Closes #9945
2022-05-27 12:28:50 +02:00
Michal Hajas
bc59fad85b Unify way how expirable entities are handled in the new store
Closes #11947
2022-05-26 13:17:27 +02:00
Martin Kanis
0cb3c95ed5 Map storage: Single-use objects (action token) 2022-05-25 16:47:10 +02:00
Pedro Igor
26c87af9f4 Avoiding unnecessary roundtrips to the database when evaluating permissions
Closes #12148

Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
2022-05-25 12:23:15 +02:00
vramik
ad3da7f5e4 JPA map storage: disable failing on unknown properties when deserializing the object
Closes #12173
2022-05-25 09:31:40 +02:00
vramik
24171d2e47 Rename providers from jpa-map-storage to jpa
Closes #12098
2022-05-23 16:47:51 +02:00
vramik
0c3aa597f9 JPA map storage: test failures after cache was disabled
Closes #12118
2022-05-23 13:01:30 +02:00
Alexander Schwartz
d1a92680f5 Optimize querying sub-groups of groups
Closes #12080
2022-05-19 14:46:53 +02:00
Martin Kanis
0e9f2badff Make all fields in HotRod store optional 2022-05-18 20:50:47 +02:00
Alexander Schwartz
1a95a58893 Graceful handling if composite roles have been removed concurrently.
Closes #12003
2022-05-17 13:29:15 +02:00
Michal Hajas
0bda7e6038 Introduce map event store with CHM implementation
Closes #11189
2022-05-17 12:57:35 +02:00
vramik
e1eb9d6d64 Replace equals with == when comparing SearchableFields in Jpa*ModelCriteriaBuilder and Ldap*ModelCriteriaBuilder
Closes #11843
2022-05-16 21:51:38 +02:00
Michal Hajas
b86f205cda Make KeycloakServer runnable with external Infinispan server
Closes #12011
Closes #12014
2022-05-16 21:50:35 +02:00
Martin Kanis
0d6bbd437f
Merge single-use token providers into one
Fixes first part of: #11173

* Merge single-use token providers into one

* Remove PushedAuthzRequestStoreProvider

* Remove OAuth2DeviceTokenStoreProvider

* Delete SamlArtifactSessionMappingStoreProvider

* SingleUseTokenStoreProvider cleanup

* Addressing Michal's comments

* Add contains method

* Add revoked suffix

* Rename to SingleUseObjectProvider
2022-05-11 13:58:58 +02:00
Michal Hajas
d3b43a9f59 Make sure there is always Realm or ResourceServer when searching for authz entities
Closes #11817
2022-05-11 07:20:01 -03:00
Alexander Schwartz
bfab03b837 Throw an IllegalArgumentException once a ClassCastException occurs.
Closes #11775
2022-05-11 09:19:09 +02:00
Michal Hajas
6b5c417742 Add HotRod store for authorization services
Closes #9679
2022-05-06 15:31:38 +02:00
Martin Kanis
00ccc78360 Add index to entityVersion for all HotRod entities 2022-05-05 17:42:13 +02:00
Michal Hajas
fc974fc019 Update composite roles on child role removal
Closes #11769
2022-05-05 15:18:18 +02:00
Alexander Schwartz
e0d7ad1be5 Leverage the equal() method on the wrapped entity instead of creating a string.
Closes #11764
2022-05-03 13:29:12 +02:00
vramik
0d83b51b20 Enhance Map authz entities with REALM_ID (ResourceServer with CLIENT_ID) searchable field
Co-authored-by Michal Hajas <mhajas@redhat.com>

Closes #10883
2022-05-03 12:56:27 +02:00
Sven-Torben Janus
0efa4afd49 Evaluate composite roles for hardcoded LDAP roles/groups
Closes: 11771

see also KEYCLOAK-18308
2022-05-02 14:13:37 +02:00
Alexander Schwartz
cd20f45b8a Ensure that values of attributes are unique in the database
While this is already ensured on the Java level when using a Set, database inconsistencies as occurred with Hibernate could lead to follow-up problems that are hard to analyze (as seen in #11666).

Closes #11671
2022-04-28 12:04:05 +02:00
vramik
2ecf250e37 Deletion of all objects when realm is being removed
Closes #11076
2022-04-28 11:09:17 +02:00