Search in sources :

Example 56 with RealmModel

use of org.keycloak.models.RealmModel in project keycloak by keycloak.

the class GroupLDAPStorageMapper method syncFlatGroupStructure.

private void syncFlatGroupStructure(RealmModel realm, SynchronizationResult syncResult, Map<String, LDAPObject> ldapGroupsMap) {
    Set<String> visitedGroupIds = new HashSet<>();
    // Just add flat structure of groups with all groups at groups path
    LDAPConfig ldapConfig = ldapProvider.getLdapIdentityStore().getConfig();
    final int groupsPerTransaction = ldapConfig.getBatchSizeForSync();
    Set<Map.Entry<String, LDAPObject>> entries = ldapGroupsMap.entrySet();
    for (Iterator<Map.Entry<String, LDAPObject>> it = entries.iterator(); it.hasNext(); ) {
        KeycloakModelUtils.runJobInTransaction(ldapProvider.getSession().getKeycloakSessionFactory(), session -> {
            // KEYCLOAK-8253 The retrieval of the current realm to operate at, was intentionally left
            // outside the following for loop! This prevents the scenario, when LDAP group sync time
            // initially improves, but during the time (after ~20K groups are synced) degrades again
            // due to the realm cache being bloated with huge amount of (temporary) realm entities
            RealmModel currentRealm = session.realms().getRealm(realm.getId());
            // List of group path groups known to the whole transaction
            Map<String, GroupModel> transactionGroupPathGroups = getKcSubGroups(currentRealm, null).collect(Collectors.toMap(GroupModel::getName, Function.identity()));
            for (int i = 0; i < groupsPerTransaction && it.hasNext(); i++) {
                Map.Entry<String, LDAPObject> groupEntry = it.next();
                String groupName = groupEntry.getKey();
                GroupModel kcExistingGroup = transactionGroupPathGroups.get(groupName);
                if (kcExistingGroup != null) {
                    syncExistingGroup(kcExistingGroup, groupEntry, syncResult, visitedGroupIds, groupName);
                } else {
                    syncNonExistingGroup(realm, groupEntry, syncResult, visitedGroupIds, groupName);
                }
            }
        });
    }
    // Possibly remove keycloak groups, which don't exist in LDAP
    if (config.isDropNonExistingGroupsDuringSync()) {
        dropNonExistingKcGroups(realm, syncResult, visitedGroupIds);
    }
}
Also used : GroupModel(org.keycloak.models.GroupModel) RealmModel(org.keycloak.models.RealmModel) LDAPConfig(org.keycloak.storage.ldap.LDAPConfig) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) HashMap(java.util.HashMap) Map(java.util.Map) HashSet(java.util.HashSet)

Example 57 with RealmModel

use of org.keycloak.models.RealmModel in project keycloak by keycloak.

the class RoleLDAPStorageMapper method syncDataFromKeycloakToFederationProvider.

// Sync roles from Keycloak back to LDAP
@Override
public SynchronizationResult syncDataFromKeycloakToFederationProvider(RealmModel realm) {
    SynchronizationResult syncResult = new SynchronizationResult() {

        @Override
        public String getStatus() {
            return String.format("%d roles imported to LDAP, %d roles already existed in LDAP", getAdded(), getUpdated());
        }
    };
    if (config.getMode() != LDAPGroupMapperMode.LDAP_ONLY) {
        logger.warnf("Ignored sync for federation mapper '%s' as it's mode is '%s'", mapperModel.getName(), config.getMode().toString());
        return syncResult;
    }
    logger.debugf("Syncing roles from Keycloak into LDAP. Mapper is [%s], LDAP provider is [%s]", mapperModel.getName(), ldapProvider.getModel().getName());
    // Send LDAP query to see which roles exists there
    try (LDAPQuery ldapQuery = createRoleQuery(false)) {
        List<LDAPObject> ldapRoles = LDAPUtils.loadAllLDAPObjects(ldapQuery, ldapProvider);
        Set<String> ldapRoleNames = new HashSet<>();
        String rolesRdnAttr = config.getRoleNameLdapAttribute();
        for (LDAPObject ldapRole : ldapRoles) {
            String roleName = ldapRole.getAttributeAsString(rolesRdnAttr);
            ldapRoleNames.add(roleName);
        }
        RoleContainerModel roleContainer = getTargetRoleContainer(realm);
        Stream<RoleModel> keycloakRoles = roleContainer.getRolesStream();
        Consumer<String> syncRoleFromKCToLDAP = roleName -> {
            if (ldapRoleNames.contains(roleName)) {
                syncResult.increaseUpdated();
            } else {
                logger.debugf("Syncing role [%s] from Keycloak to LDAP", roleName);
                createLDAPRole(roleName);
                syncResult.increaseAdded();
            }
        };
        keycloakRoles.map(RoleModel::getName).forEach(syncRoleFromKCToLDAP);
        return syncResult;
    }
}
Also used : ClientModel(org.keycloak.models.ClientModel) AbstractLDAPStorageMapper(org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) Logger(org.jboss.logging.Logger) RoleContainerModel(org.keycloak.models.RoleContainerModel) RoleUtils(org.keycloak.models.utils.RoleUtils) HashSet(java.util.HashSet) UserRolesRetrieveStrategy(org.keycloak.storage.ldap.mappers.membership.UserRolesRetrieveStrategy) UserModel(org.keycloak.models.UserModel) ComponentModel(org.keycloak.component.ComponentModel) LDAPGroupMapperMode(org.keycloak.storage.ldap.mappers.membership.LDAPGroupMapperMode) UserModelDelegate(org.keycloak.models.utils.UserModelDelegate) MembershipType(org.keycloak.storage.ldap.mappers.membership.MembershipType) LDAPQueryConditionsBuilder(org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder) RealmModel(org.keycloak.models.RealmModel) LDAPConfig(org.keycloak.storage.ldap.LDAPConfig) Collection(java.util.Collection) Set(java.util.Set) RoleModel(org.keycloak.models.RoleModel) LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) Collectors(java.util.stream.Collectors) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) Objects(java.util.Objects) Consumer(java.util.function.Consumer) List(java.util.List) Stream(java.util.stream.Stream) LDAPUtils(org.keycloak.storage.ldap.LDAPUtils) ModelException(org.keycloak.models.ModelException) CommonLDAPGroupMapperConfig(org.keycloak.storage.ldap.mappers.membership.CommonLDAPGroupMapperConfig) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) CommonLDAPGroupMapper(org.keycloak.storage.ldap.mappers.membership.CommonLDAPGroupMapper) Collections(java.util.Collections) Condition(org.keycloak.storage.ldap.idm.query.Condition) LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) RoleModel(org.keycloak.models.RoleModel) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) RoleContainerModel(org.keycloak.models.RoleContainerModel) HashSet(java.util.HashSet)

Example 58 with RealmModel

use of org.keycloak.models.RealmModel in project keycloak by keycloak.

the class JpaRealmProvider method addClientScopes.

@Override
public void addClientScopes(RealmModel realm, ClientModel client, Set<ClientScopeModel> clientScopes, boolean defaultScope) {
    // Defaults to openid-connect
    String clientProtocol = client.getProtocol() == null ? OIDCLoginProtocol.LOGIN_PROTOCOL : client.getProtocol();
    Map<String, ClientScopeModel> existingClientScopes = getClientScopes(realm, client, true);
    existingClientScopes.putAll(getClientScopes(realm, client, false));
    clientScopes.stream().filter(clientScope -> !existingClientScopes.containsKey(clientScope.getName())).filter(clientScope -> Objects.equals(clientScope.getProtocol(), clientProtocol)).forEach(clientScope -> {
        ClientScopeClientMappingEntity entity = new ClientScopeClientMappingEntity();
        entity.setClientScopeId(clientScope.getId());
        entity.setClientId(client.getId());
        entity.setDefaultScope(defaultScope);
        em.persist(entity);
        em.flush();
        em.detach(entity);
    });
}
Also used : GroupEntity(org.keycloak.models.jpa.entities.GroupEntity) Join(javax.persistence.criteria.Join) ClientProvider(org.keycloak.models.ClientProvider) RoleContainerModel(org.keycloak.models.RoleContainerModel) StackUtil.getShortStackTrace(org.keycloak.common.util.StackUtil.getShortStackTrace) Predicate(javax.persistence.criteria.Predicate) Map(java.util.Map) CriteriaBuilder(javax.persistence.criteria.CriteriaBuilder) DeploymentStateProvider(org.keycloak.models.DeploymentStateProvider) ClientEntity(org.keycloak.models.jpa.entities.ClientEntity) Time(org.keycloak.common.util.Time) CriteriaQuery(javax.persistence.criteria.CriteriaQuery) ClientScopeModel(org.keycloak.models.ClientScopeModel) RealmModel(org.keycloak.models.RealmModel) RoleProvider(org.keycloak.models.RoleProvider) StreamsUtil.closing(org.keycloak.utils.StreamsUtil.closing) Set(java.util.Set) RoleModel(org.keycloak.models.RoleModel) Collectors(java.util.stream.Collectors) PaginationUtils.paginateQuery(org.keycloak.models.jpa.PaginationUtils.paginateQuery) Objects(java.util.Objects) List(java.util.List) Stream(java.util.stream.Stream) OIDCLoginProtocol(org.keycloak.protocol.oidc.OIDCLoginProtocol) RoleEntity(org.keycloak.models.jpa.entities.RoleEntity) ClientModel(org.keycloak.models.ClientModel) ClientScopeEntity(org.keycloak.models.jpa.entities.ClientScopeEntity) RealmLocalizationTextsEntity(org.keycloak.models.jpa.entities.RealmLocalizationTextsEntity) KeycloakModelUtils(org.keycloak.models.utils.KeycloakModelUtils) Logger(org.jboss.logging.Logger) HashMap(java.util.HashMap) MigrationModel(org.keycloak.migration.MigrationModel) Function(java.util.function.Function) TypedQuery(javax.persistence.TypedQuery) ArrayList(java.util.ArrayList) RealmProvider(org.keycloak.models.RealmProvider) CriteriaDelete(javax.persistence.criteria.CriteriaDelete) GroupModel(org.keycloak.models.GroupModel) GroupProvider(org.keycloak.models.GroupProvider) ClientModelLazyDelegate(org.keycloak.models.delegate.ClientModelLazyDelegate) Root(javax.persistence.criteria.Root) RoleRemovedEvent(org.keycloak.models.RoleContainerModel.RoleRemovedEvent) KeycloakSession(org.keycloak.models.KeycloakSession) ClientScopeClientMappingEntity(org.keycloak.models.jpa.entities.ClientScopeClientMappingEntity) EntityManager(javax.persistence.EntityManager) JpaUtils(org.keycloak.connections.jpa.util.JpaUtils) ModelException(org.keycloak.models.ModelException) ModelDuplicateException(org.keycloak.models.ModelDuplicateException) LockModeType(javax.persistence.LockModeType) RealmEntity(org.keycloak.models.jpa.entities.RealmEntity) ClientScopeProvider(org.keycloak.models.ClientScopeProvider) ClientAttributeEntity(org.keycloak.models.jpa.entities.ClientAttributeEntity) ClientScopeClientMappingEntity(org.keycloak.models.jpa.entities.ClientScopeClientMappingEntity) ClientScopeModel(org.keycloak.models.ClientScopeModel)

Example 59 with RealmModel

use of org.keycloak.models.RealmModel in project keycloak by keycloak.

the class JpaRealmProvider method removeRole.

@Override
public boolean removeRole(RoleModel role) {
    RealmModel realm;
    if (role.getContainer() instanceof RealmModel) {
        realm = (RealmModel) role.getContainer();
    } else if (role.getContainer() instanceof ClientModel) {
        realm = ((ClientModel) role.getContainer()).getRealm();
    } else {
        throw new IllegalStateException("RoleModel's container isn not instance of either RealmModel or ClientModel");
    }
    session.users().preRemove(realm, role);
    RoleEntity roleEntity = em.getReference(RoleEntity.class, role.getId());
    if (roleEntity == null || !roleEntity.getRealmId().equals(realm.getId())) {
        // Throw model exception to ensure transaction rollback and revert previous operations (removing default roles) as well
        throw new ModelException("Role not found or trying to remove role from incorrect realm");
    }
    String compositeRoleTable = JpaUtils.getTableNameForNativeQuery("COMPOSITE_ROLE", em);
    em.createNativeQuery("delete from " + compositeRoleTable + " where CHILD_ROLE = :role").setParameter("role", roleEntity).executeUpdate();
    em.createNamedQuery("deleteClientScopeRoleMappingByRole").setParameter("role", roleEntity).executeUpdate();
    em.flush();
    em.remove(roleEntity);
    session.getKeycloakSessionFactory().publish(roleRemovedEvent(role));
    em.flush();
    return true;
}
Also used : RealmModel(org.keycloak.models.RealmModel) RoleEntity(org.keycloak.models.jpa.entities.RoleEntity) ClientModel(org.keycloak.models.ClientModel) ModelException(org.keycloak.models.ModelException)

Example 60 with RealmModel

use of org.keycloak.models.RealmModel in project keycloak by keycloak.

the class JpaUserSessionPersisterProvider method getUserSessionsCountsByClients.

@Override
public Map<String, Long> getUserSessionsCountsByClients(RealmModel realm, boolean offline) {
    String offlineStr = offlineToString(offline);
    TypedQuery<Object[]> query = em.createNamedQuery("findClientSessionsClientIds", Object[].class);
    query.setParameter("offline", offlineStr);
    query.setParameter("realmId", realm.getId());
    return closing(query.getResultStream()).collect(Collectors.toMap(row -> {
        String clientId = row[0].toString();
        if (clientId.equals(PersistentClientSessionEntity.EXTERNAL)) {
            final String externalClientId = row[1].toString();
            final String clientStorageProvider = row[2].toString();
            clientId = new StorageId(clientStorageProvider, externalClientId).getId();
        }
        return clientId;
    }, row -> (Long) row[3]));
}
Also used : ClientModel(org.keycloak.models.ClientModel) Logger(org.jboss.logging.Logger) HashMap(java.util.HashMap) TypedQuery(javax.persistence.TypedQuery) Function(java.util.function.Function) StorageId(org.keycloak.storage.StorageId) HashSet(java.util.HashSet) UserModel(org.keycloak.models.UserModel) AuthenticatedClientSessionModel(org.keycloak.models.AuthenticatedClientSessionModel) Map(java.util.Map) PersistentAuthenticatedClientSessionAdapter(org.keycloak.models.session.PersistentAuthenticatedClientSessionAdapter) PersistentUserSessionModel(org.keycloak.models.session.PersistentUserSessionModel) Time(org.keycloak.common.util.Time) RealmModel(org.keycloak.models.RealmModel) UserSessionPersisterProvider(org.keycloak.models.session.UserSessionPersisterProvider) Collection(java.util.Collection) StreamsUtil.closing(org.keycloak.utils.StreamsUtil.closing) KeycloakSession(org.keycloak.models.KeycloakSession) Set(java.util.Set) UserSessionModel(org.keycloak.models.UserSessionModel) EntityManager(javax.persistence.EntityManager) Collectors(java.util.stream.Collectors) PersistentClientSessionModel(org.keycloak.models.session.PersistentClientSessionModel) Objects(java.util.Objects) PaginationUtils.paginateQuery(org.keycloak.models.jpa.PaginationUtils.paginateQuery) Query(javax.persistence.Query) List(java.util.List) PersistentUserSessionAdapter(org.keycloak.models.session.PersistentUserSessionAdapter) Stream(java.util.stream.Stream) SessionTimeoutHelper(org.keycloak.models.utils.SessionTimeoutHelper) LockModeType(javax.persistence.LockModeType) Collections(java.util.Collections) StorageId(org.keycloak.storage.StorageId)

Aggregations

RealmModel (org.keycloak.models.RealmModel)591 Test (org.junit.Test)249 UserModel (org.keycloak.models.UserModel)225 KeycloakSession (org.keycloak.models.KeycloakSession)152 ClientModel (org.keycloak.models.ClientModel)149 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)90 ModelTest (org.keycloak.testsuite.arquillian.annotation.ModelTest)84 ComponentModel (org.keycloak.component.ComponentModel)83 RoleModel (org.keycloak.models.RoleModel)73 UserSessionModel (org.keycloak.models.UserSessionModel)64 LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)62 List (java.util.List)55 LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)51 GroupModel (org.keycloak.models.GroupModel)47 HashMap (java.util.HashMap)38 Collectors (java.util.stream.Collectors)34 CachedUserModel (org.keycloak.models.cache.CachedUserModel)34 Path (javax.ws.rs.Path)30 AbstractAuthTest (org.keycloak.testsuite.AbstractAuthTest)30 Map (java.util.Map)29