Example 56 with RealmModel
use of org.keycloak.models.RealmModel in project keycloak by keycloak.
the class GroupLDAPStorageMapper method syncFlatGroupStructure.
private void syncFlatGroupStructure(RealmModel realm, SynchronizationResult syncResult, Map<String, LDAPObject> ldapGroupsMap) {
Set<String> visitedGroupIds = new HashSet<>();
// Just add flat structure of groups with all groups at groups path
LDAPConfig ldapConfig = ldapProvider.getLdapIdentityStore().getConfig();
final int groupsPerTransaction = ldapConfig.getBatchSizeForSync();
Set<Map.Entry<String, LDAPObject>> entries = ldapGroupsMap.entrySet();
for (Iterator<Map.Entry<String, LDAPObject>> it = entries.iterator(); it.hasNext(); ) {
KeycloakModelUtils.runJobInTransaction(ldapProvider.getSession().getKeycloakSessionFactory(), session -> {
// KEYCLOAK-8253 The retrieval of the current realm to operate at, was intentionally left
// outside the following for loop! This prevents the scenario, when LDAP group sync time
// initially improves, but during the time (after ~20K groups are synced) degrades again
// due to the realm cache being bloated with huge amount of (temporary) realm entities
RealmModel currentRealm = session.realms().getRealm(realm.getId());
// List of group path groups known to the whole transaction
Map<String, GroupModel> transactionGroupPathGroups = getKcSubGroups(currentRealm, null).collect(Collectors.toMap(GroupModel::getName, Function.identity()));
for (int i = 0; i < groupsPerTransaction && it.hasNext(); i++) {
Map.Entry<String, LDAPObject> groupEntry = it.next();
String groupName = groupEntry.getKey();
GroupModel kcExistingGroup = transactionGroupPathGroups.get(groupName);
if (kcExistingGroup != null) {
syncExistingGroup(kcExistingGroup, groupEntry, syncResult, visitedGroupIds, groupName);
} else {
syncNonExistingGroup(realm, groupEntry, syncResult, visitedGroupIds, groupName);
}
}
});
}
// Possibly remove keycloak groups, which don't exist in LDAP
if (config.isDropNonExistingGroupsDuringSync()) {
dropNonExistingKcGroups(realm, syncResult, visitedGroupIds);
}
}
Also used :
GroupModel(org.keycloak.models.GroupModel)
RealmModel(org.keycloak.models.RealmModel)
LDAPConfig(org.keycloak.storage.ldap.LDAPConfig)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
HashMap(java.util.HashMap)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 57 with RealmModel
use of org.keycloak.models.RealmModel in project keycloak by keycloak.
the class RoleLDAPStorageMapper method syncDataFromKeycloakToFederationProvider.
// Sync roles from Keycloak back to LDAP
@Override
public SynchronizationResult syncDataFromKeycloakToFederationProvider(RealmModel realm) {
SynchronizationResult syncResult = new SynchronizationResult() {
@Override
public String getStatus() {
return String.format("%d roles imported to LDAP, %d roles already existed in LDAP", getAdded(), getUpdated());
}
};
if (config.getMode() != LDAPGroupMapperMode.LDAP_ONLY) {
logger.warnf("Ignored sync for federation mapper '%s' as it's mode is '%s'", mapperModel.getName(), config.getMode().toString());
return syncResult;
}
logger.debugf("Syncing roles from Keycloak into LDAP. Mapper is [%s], LDAP provider is [%s]", mapperModel.getName(), ldapProvider.getModel().getName());
// Send LDAP query to see which roles exists there
try (LDAPQuery ldapQuery = createRoleQuery(false)) {
List<LDAPObject> ldapRoles = LDAPUtils.loadAllLDAPObjects(ldapQuery, ldapProvider);
Set<String> ldapRoleNames = new HashSet<>();
String rolesRdnAttr = config.getRoleNameLdapAttribute();
for (LDAPObject ldapRole : ldapRoles) {
String roleName = ldapRole.getAttributeAsString(rolesRdnAttr);
ldapRoleNames.add(roleName);
}
RoleContainerModel roleContainer = getTargetRoleContainer(realm);
Stream<RoleModel> keycloakRoles = roleContainer.getRolesStream();
Consumer<String> syncRoleFromKCToLDAP = roleName -> {
if (ldapRoleNames.contains(roleName)) {
syncResult.increaseUpdated();
} else {
logger.debugf("Syncing role [%s] from Keycloak to LDAP", roleName);
createLDAPRole(roleName);
syncResult.increaseAdded();
}
};
keycloakRoles.map(RoleModel::getName).forEach(syncRoleFromKCToLDAP);
return syncResult;
}
}
Also used :
ClientModel(org.keycloak.models.ClientModel)
AbstractLDAPStorageMapper(org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper)
LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider)
Logger(org.jboss.logging.Logger)
RoleContainerModel(org.keycloak.models.RoleContainerModel)
RoleUtils(org.keycloak.models.utils.RoleUtils)
HashSet(java.util.HashSet)
UserRolesRetrieveStrategy(org.keycloak.storage.ldap.mappers.membership.UserRolesRetrieveStrategy)
UserModel(org.keycloak.models.UserModel)
ComponentModel(org.keycloak.component.ComponentModel)
LDAPGroupMapperMode(org.keycloak.storage.ldap.mappers.membership.LDAPGroupMapperMode)
UserModelDelegate(org.keycloak.models.utils.UserModelDelegate)
MembershipType(org.keycloak.storage.ldap.mappers.membership.MembershipType)
LDAPQueryConditionsBuilder(org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder)
RealmModel(org.keycloak.models.RealmModel)
LDAPConfig(org.keycloak.storage.ldap.LDAPConfig)
Collection(java.util.Collection)
Set(java.util.Set)
RoleModel(org.keycloak.models.RoleModel)
LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery)
Collectors(java.util.stream.Collectors)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
Objects(java.util.Objects)
Consumer(java.util.function.Consumer)
List(java.util.List)
Stream(java.util.stream.Stream)
LDAPUtils(org.keycloak.storage.ldap.LDAPUtils)
ModelException(org.keycloak.models.ModelException)
CommonLDAPGroupMapperConfig(org.keycloak.storage.ldap.mappers.membership.CommonLDAPGroupMapperConfig)
SynchronizationResult(org.keycloak.storage.user.SynchronizationResult)
CommonLDAPGroupMapper(org.keycloak.storage.ldap.mappers.membership.CommonLDAPGroupMapper)
Collections(java.util.Collections)
Condition(org.keycloak.storage.ldap.idm.query.Condition)
LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
RoleModel(org.keycloak.models.RoleModel)
SynchronizationResult(org.keycloak.storage.user.SynchronizationResult)
RoleContainerModel(org.keycloak.models.RoleContainerModel)
HashSet(java.util.HashSet)
Example 58 with RealmModel
use of org.keycloak.models.RealmModel in project keycloak by keycloak.
the class JpaRealmProvider method addClientScopes.
@Override
public void addClientScopes(RealmModel realm, ClientModel client, Set<ClientScopeModel> clientScopes, boolean defaultScope) {
// Defaults to openid-connect
String clientProtocol = client.getProtocol() == null ? OIDCLoginProtocol.LOGIN_PROTOCOL : client.getProtocol();
Map<String, ClientScopeModel> existingClientScopes = getClientScopes(realm, client, true);
existingClientScopes.putAll(getClientScopes(realm, client, false));
clientScopes.stream().filter(clientScope -> !existingClientScopes.containsKey(clientScope.getName())).filter(clientScope -> Objects.equals(clientScope.getProtocol(), clientProtocol)).forEach(clientScope -> {
ClientScopeClientMappingEntity entity = new ClientScopeClientMappingEntity();
entity.setClientScopeId(clientScope.getId());
entity.setClientId(client.getId());
entity.setDefaultScope(defaultScope);
em.persist(entity);
em.flush();
em.detach(entity);
});
}
Also used :
GroupEntity(org.keycloak.models.jpa.entities.GroupEntity)
Join(javax.persistence.criteria.Join)
ClientProvider(org.keycloak.models.ClientProvider)
RoleContainerModel(org.keycloak.models.RoleContainerModel)
StackUtil.getShortStackTrace(org.keycloak.common.util.StackUtil.getShortStackTrace)
Predicate(javax.persistence.criteria.Predicate)
Map(java.util.Map)
CriteriaBuilder(javax.persistence.criteria.CriteriaBuilder)
DeploymentStateProvider(org.keycloak.models.DeploymentStateProvider)
ClientEntity(org.keycloak.models.jpa.entities.ClientEntity)
Time(org.keycloak.common.util.Time)
CriteriaQuery(javax.persistence.criteria.CriteriaQuery)
ClientScopeModel(org.keycloak.models.ClientScopeModel)
RealmModel(org.keycloak.models.RealmModel)
RoleProvider(org.keycloak.models.RoleProvider)
StreamsUtil.closing(org.keycloak.utils.StreamsUtil.closing)
Set(java.util.Set)
RoleModel(org.keycloak.models.RoleModel)
Collectors(java.util.stream.Collectors)
PaginationUtils.paginateQuery(org.keycloak.models.jpa.PaginationUtils.paginateQuery)
Objects(java.util.Objects)
List(java.util.List)
Stream(java.util.stream.Stream)
OIDCLoginProtocol(org.keycloak.protocol.oidc.OIDCLoginProtocol)
RoleEntity(org.keycloak.models.jpa.entities.RoleEntity)
ClientModel(org.keycloak.models.ClientModel)
ClientScopeEntity(org.keycloak.models.jpa.entities.ClientScopeEntity)
RealmLocalizationTextsEntity(org.keycloak.models.jpa.entities.RealmLocalizationTextsEntity)
KeycloakModelUtils(org.keycloak.models.utils.KeycloakModelUtils)
Logger(org.jboss.logging.Logger)
HashMap(java.util.HashMap)
MigrationModel(org.keycloak.migration.MigrationModel)
Function(java.util.function.Function)
TypedQuery(javax.persistence.TypedQuery)
ArrayList(java.util.ArrayList)
RealmProvider(org.keycloak.models.RealmProvider)
CriteriaDelete(javax.persistence.criteria.CriteriaDelete)
GroupModel(org.keycloak.models.GroupModel)
GroupProvider(org.keycloak.models.GroupProvider)
ClientModelLazyDelegate(org.keycloak.models.delegate.ClientModelLazyDelegate)
Root(javax.persistence.criteria.Root)
RoleRemovedEvent(org.keycloak.models.RoleContainerModel.RoleRemovedEvent)
KeycloakSession(org.keycloak.models.KeycloakSession)
ClientScopeClientMappingEntity(org.keycloak.models.jpa.entities.ClientScopeClientMappingEntity)
EntityManager(javax.persistence.EntityManager)
JpaUtils(org.keycloak.connections.jpa.util.JpaUtils)
ModelException(org.keycloak.models.ModelException)
ModelDuplicateException(org.keycloak.models.ModelDuplicateException)
LockModeType(javax.persistence.LockModeType)
RealmEntity(org.keycloak.models.jpa.entities.RealmEntity)
ClientScopeProvider(org.keycloak.models.ClientScopeProvider)
ClientAttributeEntity(org.keycloak.models.jpa.entities.ClientAttributeEntity)
ClientScopeClientMappingEntity(org.keycloak.models.jpa.entities.ClientScopeClientMappingEntity)
ClientScopeModel(org.keycloak.models.ClientScopeModel)
Example 59 with RealmModel
use of org.keycloak.models.RealmModel in project keycloak by keycloak.
the class JpaRealmProvider method removeRole.
@Override
public boolean removeRole(RoleModel role) {
RealmModel realm;
if (role.getContainer() instanceof RealmModel) {
realm = (RealmModel) role.getContainer();
} else if (role.getContainer() instanceof ClientModel) {
realm = ((ClientModel) role.getContainer()).getRealm();
} else {
throw new IllegalStateException("RoleModel's container isn not instance of either RealmModel or ClientModel");
}
session.users().preRemove(realm, role);
RoleEntity roleEntity = em.getReference(RoleEntity.class, role.getId());
if (roleEntity == null || !roleEntity.getRealmId().equals(realm.getId())) {
// Throw model exception to ensure transaction rollback and revert previous operations (removing default roles) as well
throw new ModelException("Role not found or trying to remove role from incorrect realm");
}
String compositeRoleTable = JpaUtils.getTableNameForNativeQuery("COMPOSITE_ROLE", em);
em.createNativeQuery("delete from " + compositeRoleTable + " where CHILD_ROLE = :role").setParameter("role", roleEntity).executeUpdate();
em.createNamedQuery("deleteClientScopeRoleMappingByRole").setParameter("role", roleEntity).executeUpdate();
em.flush();
em.remove(roleEntity);
session.getKeycloakSessionFactory().publish(roleRemovedEvent(role));
em.flush();
return true;
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
RoleEntity(org.keycloak.models.jpa.entities.RoleEntity)
ClientModel(org.keycloak.models.ClientModel)
ModelException(org.keycloak.models.ModelException)
Example 60 with RealmModel
use of org.keycloak.models.RealmModel in project keycloak by keycloak.
the class JpaUserSessionPersisterProvider method getUserSessionsCountsByClients.
@Override
public Map<String, Long> getUserSessionsCountsByClients(RealmModel realm, boolean offline) {
String offlineStr = offlineToString(offline);
TypedQuery<Object[]> query = em.createNamedQuery("findClientSessionsClientIds", Object[].class);
query.setParameter("offline", offlineStr);
query.setParameter("realmId", realm.getId());
return closing(query.getResultStream()).collect(Collectors.toMap(row -> {
String clientId = row[0].toString();
if (clientId.equals(PersistentClientSessionEntity.EXTERNAL)) {
final String externalClientId = row[1].toString();
final String clientStorageProvider = row[2].toString();
clientId = new StorageId(clientStorageProvider, externalClientId).getId();
}
return clientId;
}, row -> (Long) row[3]));
}
Also used :
ClientModel(org.keycloak.models.ClientModel)
Logger(org.jboss.logging.Logger)
HashMap(java.util.HashMap)
TypedQuery(javax.persistence.TypedQuery)
Function(java.util.function.Function)
StorageId(org.keycloak.storage.StorageId)
HashSet(java.util.HashSet)
UserModel(org.keycloak.models.UserModel)
AuthenticatedClientSessionModel(org.keycloak.models.AuthenticatedClientSessionModel)
Map(java.util.Map)
PersistentAuthenticatedClientSessionAdapter(org.keycloak.models.session.PersistentAuthenticatedClientSessionAdapter)
PersistentUserSessionModel(org.keycloak.models.session.PersistentUserSessionModel)
Time(org.keycloak.common.util.Time)
RealmModel(org.keycloak.models.RealmModel)
UserSessionPersisterProvider(org.keycloak.models.session.UserSessionPersisterProvider)
Collection(java.util.Collection)
StreamsUtil.closing(org.keycloak.utils.StreamsUtil.closing)
KeycloakSession(org.keycloak.models.KeycloakSession)
Set(java.util.Set)
UserSessionModel(org.keycloak.models.UserSessionModel)
EntityManager(javax.persistence.EntityManager)
Collectors(java.util.stream.Collectors)
PersistentClientSessionModel(org.keycloak.models.session.PersistentClientSessionModel)
Objects(java.util.Objects)
PaginationUtils.paginateQuery(org.keycloak.models.jpa.PaginationUtils.paginateQuery)
Query(javax.persistence.Query)
List(java.util.List)
PersistentUserSessionAdapter(org.keycloak.models.session.PersistentUserSessionAdapter)
Stream(java.util.stream.Stream)
SessionTimeoutHelper(org.keycloak.models.utils.SessionTimeoutHelper)
LockModeType(javax.persistence.LockModeType)
Collections(java.util.Collections)
StorageId(org.keycloak.storage.StorageId)
Aggregations
RealmModel (org.keycloak.models.RealmModel)591
Test (org.junit.Test)249
UserModel (org.keycloak.models.UserModel)225
KeycloakSession (org.keycloak.models.KeycloakSession)152
ClientModel (org.keycloak.models.ClientModel)149
AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)90
ModelTest (org.keycloak.testsuite.arquillian.annotation.ModelTest)84
ComponentModel (org.keycloak.component.ComponentModel)83
RoleModel (org.keycloak.models.RoleModel)73
UserSessionModel (org.keycloak.models.UserSessionModel)64
LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)62
List (java.util.List)55
LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)51
GroupModel (org.keycloak.models.GroupModel)47
HashMap (java.util.HashMap)38
Collectors (java.util.stream.Collectors)34
CachedUserModel (org.keycloak.models.cache.CachedUserModel)34
Path (javax.ws.rs.Path)30
AbstractAuthTest (org.keycloak.testsuite.AbstractAuthTest)30
Map (java.util.Map)29
