Search in sources :

Example 6 with UserProvider

use of org.keycloak.models.UserProvider in project keycloak by keycloak.

the class LDAPSyncTest method test01LDAPSync.

// @Test
// public void test01runit() throws Exception {
// Thread.sleep(10000000);
// }
@Test
public void test01LDAPSync() {
    // wait a bit
    WaitUtils.pause(getLDAPRule().getSleepTime());
    // Sync 5 users from LDAP
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        UserStorageSyncManager usersSyncManager = new UserStorageSyncManager();
        KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory();
        SynchronizationResult syncResult = usersSyncManager.syncAllUsers(sessionFactory, "test", ctx.getLdapModel());
        LDAPTestAsserts.assertSyncEquals(syncResult, 5, 0, 0, 0);
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel testRealm = ctx.getRealm();
        UserProvider userProvider = session.userLocalStorage();
        // Assert users imported
        LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user1", "User1FN", "User1LN", "user1@email.org", "121");
        LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user2", "User2FN", "User2LN", "user2@email.org", "122");
        LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user3", "User3FN", "User3LN", "user3@email.org", "123");
        LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user4", "User4FN", "User4LN", "user4@email.org", "124");
        LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user5", "User5FN", "User5LN", "user5@email.org", "125");
        // Assert lastSync time updated
        Assert.assertTrue(ctx.getLdapModel().getLastSync() > 0);
        testRealm.getUserStorageProvidersStream().forEachOrdered(persistentFedModel -> {
            if (LDAPStorageProviderFactory.PROVIDER_NAME.equals(persistentFedModel.getProviderId())) {
                Assert.assertTrue(persistentFedModel.getLastSync() > 0);
            } else {
                // Dummy provider has still 0
                Assert.assertEquals(0, persistentFedModel.getLastSync());
            }
        });
    });
    // wait a bit
    WaitUtils.pause(getLDAPRule().getSleepTime());
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel testRealm = ctx.getRealm();
        UserProvider userProvider = session.userLocalStorage();
        UserStorageSyncManager usersSyncManager = new UserStorageSyncManager();
        // Add user to LDAP and update 'user5' in LDAP
        LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), testRealm, "user6", "User6FN", "User6LN", "user6@email.org", null, "126");
        LDAPObject ldapUser5 = ctx.getLdapProvider().loadLDAPUserByUsername(testRealm, "user5");
        // NOTE: Changing LDAP attributes directly here
        ldapUser5.setSingleAttribute(LDAPConstants.EMAIL, "user5Updated@email.org");
        ldapUser5.setSingleAttribute(LDAPConstants.POSTAL_CODE, "521");
        ctx.getLdapProvider().getLdapIdentityStore().update(ldapUser5);
        // Assert still old users in local provider
        LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user5", "User5FN", "User5LN", "user5@email.org", "125");
        Assert.assertNull(userProvider.getUserByUsername(testRealm, "user6"));
        // Trigger partial sync
        KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory();
        SynchronizationResult syncResult = usersSyncManager.syncChangedUsers(sessionFactory, "test", ctx.getLdapModel());
        LDAPTestAsserts.assertSyncEquals(syncResult, 1, 1, 0, 0);
    });
    testingClient.server().run(session -> {
        RealmModel testRealm = session.realms().getRealm("test");
        UserProvider userProvider = session.userLocalStorage();
        // Assert users updated in local provider
        LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user5", "User5FN", "User5LN", "user5updated@email.org", "521");
        LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user6", "User6FN", "User6LN", "user6@email.org", "126");
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserStorageSyncManager(org.keycloak.services.managers.UserStorageSyncManager) UserProvider(org.keycloak.models.UserProvider) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) KeycloakSessionFactory(org.keycloak.models.KeycloakSessionFactory) Test(org.junit.Test)

Example 7 with UserProvider

use of org.keycloak.models.UserProvider in project keycloak by keycloak.

the class LDAPSyncTest method test03LDAPSyncWhenUsernameChanged.

@Test
public void test03LDAPSyncWhenUsernameChanged() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory();
        // Add user to LDAP
        LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "beckybecks", "Becky", "Becks", "becky-becks@email.org", null, "123");
        SynchronizationResult syncResult = new UserStorageSyncManager().syncAllUsers(sessionFactory, "test", ctx.getLdapModel());
        Assert.assertEquals(0, syncResult.getFailed());
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel testRealm = ctx.getRealm();
        UserStorageSyncManager usersSyncManager = new UserStorageSyncManager();
        // Update user 'beckybecks' in LDAP
        LDAPObject ldapUser = ctx.getLdapProvider().loadLDAPUserByUsername(testRealm, "beckybecks");
        // NOTE: Changing LDAP Username directly here
        String userNameLdapAttributeName = ctx.getLdapProvider().getLdapIdentityStore().getConfig().getUsernameLdapAttribute();
        ldapUser.setSingleAttribute(userNameLdapAttributeName, "beckyupdated");
        ldapUser.setSingleAttribute(LDAPConstants.EMAIL, "becky-updated@email.org");
        ctx.getLdapProvider().getLdapIdentityStore().update(ldapUser);
        // Assert still old users in local provider
        LDAPTestAsserts.assertUserImported(session.userLocalStorage(), testRealm, "beckybecks", "Becky", "Becks", "becky-becks@email.org", "123");
        // Trigger partial sync
        KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory();
        SynchronizationResult syncResult = usersSyncManager.syncChangedUsers(sessionFactory, "test", ctx.getLdapModel());
        Assert.assertEquals(0, syncResult.getFailed());
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel testRealm = session.realms().getRealm("test");
        UserProvider userProvider = session.userLocalStorage();
        // Assert users updated in local provider
        LDAPTestAsserts.assertUserImported(session.users(), testRealm, "beckyupdated", "Becky", "Becks", "becky-updated@email.org", "123");
        UserModel updatedLocalUser = userProvider.getUserByUsername(testRealm, "beckyupdated");
        LDAPObject ldapUser = ctx.getLdapProvider().loadLDAPUserByUsername(testRealm, "beckyupdated");
        // Assert old user 'beckybecks' does not exists locally
        Assert.assertNull(userProvider.getUserByUsername(testRealm, "beckybecks"));
        // Assert UUID didn't change
        Assert.assertEquals(updatedLocalUser.getAttributeStream(LDAPConstants.LDAP_ID).findFirst().get(), ldapUser.getUuid());
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) UserStorageSyncManager(org.keycloak.services.managers.UserStorageSyncManager) UserProvider(org.keycloak.models.UserProvider) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) KeycloakSessionFactory(org.keycloak.models.KeycloakSessionFactory) Test(org.junit.Test)

Example 8 with UserProvider

use of org.keycloak.models.UserProvider in project keycloak by keycloak.

the class UserPolicyProviderFactory method onExport.

@Override
public void onExport(Policy policy, PolicyRepresentation representation, AuthorizationProvider authorizationProvider) {
    UserPolicyRepresentation userRep = toRepresentation(policy, authorizationProvider);
    Map<String, String> config = new HashMap<>();
    try {
        UserProvider userProvider = authorizationProvider.getKeycloakSession().users();
        RealmModel realm = authorizationProvider.getRealm();
        config.put("users", JsonSerialization.writeValueAsString(userRep.getUsers().stream().map(id -> userProvider.getUserById(realm, id).getUsername()).collect(Collectors.toList())));
    } catch (IOException cause) {
        throw new RuntimeException("Failed to export user policy [" + policy.getName() + "]", cause);
    }
    representation.setConfig(config);
}
Also used : RealmModel(org.keycloak.models.RealmModel) PolicyProviderFactory(org.keycloak.authorization.policy.provider.PolicyProviderFactory) RealmModel(org.keycloak.models.RealmModel) Set(java.util.Set) KeycloakSession(org.keycloak.models.KeycloakSession) IOException(java.io.IOException) HashMap(java.util.HashMap) Config(org.keycloak.Config) Collectors(java.util.stream.Collectors) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) HashSet(java.util.HashSet) JsonSerialization(org.keycloak.util.JsonSerialization) Policy(org.keycloak.authorization.model.Policy) UserProvider(org.keycloak.models.UserProvider) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) UserModel(org.keycloak.models.UserModel) Map(java.util.Map) KeycloakSessionFactory(org.keycloak.models.KeycloakSessionFactory) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) PolicyProvider(org.keycloak.authorization.policy.provider.PolicyProvider) HashMap(java.util.HashMap) UserProvider(org.keycloak.models.UserProvider) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) IOException(java.io.IOException)

Example 9 with UserProvider

use of org.keycloak.models.UserProvider in project keycloak by keycloak.

the class ResourceService method getUser.

private UserModel getUser(String requester) {
    UserProvider users = provider.getKeycloakSession().users();
    UserModel user = users.getUserByUsername(provider.getRealm(), requester);
    if (user == null) {
        user = users.getUserByEmail(provider.getRealm(), requester);
    }
    if (user == null) {
        throw new NotFoundException(requester);
    }
    return user;
}
Also used : UserModel(org.keycloak.models.UserModel) UserProvider(org.keycloak.models.UserProvider) NotFoundException(javax.ws.rs.NotFoundException)

Example 10 with UserProvider

use of org.keycloak.models.UserProvider in project keycloak by keycloak.

the class PermissionTicketService method getUserId.

private String getUserId(String userIdOrName) {
    UserProvider userProvider = authorization.getKeycloakSession().users();
    RealmModel realm = authorization.getRealm();
    UserModel userModel = userProvider.getUserById(realm, userIdOrName);
    if (userModel != null) {
        return userModel.getId();
    }
    userModel = userProvider.getUserByUsername(realm, userIdOrName);
    if (userModel != null) {
        return userModel.getId();
    }
    return userIdOrName;
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) UserProvider(org.keycloak.models.UserProvider)

Aggregations

UserProvider (org.keycloak.models.UserProvider)12 UserModel (org.keycloak.models.UserModel)10 RealmModel (org.keycloak.models.RealmModel)9 KeycloakSession (org.keycloak.models.KeycloakSession)4 IOException (java.io.IOException)3 HashMap (java.util.HashMap)3 HashSet (java.util.HashSet)3 Test (org.junit.Test)3 KeycloakSessionFactory (org.keycloak.models.KeycloakSessionFactory)3 ArrayList (java.util.ArrayList)2 Map (java.util.Map)2 Set (java.util.Set)2 UserStorageSyncManager (org.keycloak.services.managers.UserStorageSyncManager)2 LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)2 SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)2 TypeReference (com.fasterxml.jackson.core.type.TypeReference)1 File (java.io.File)1 FileInputStream (java.io.FileInputStream)1 LinkedList (java.util.LinkedList)1 List (java.util.List)1