keycloak-uncached
Changes
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedUser.java 6(+0 -6)
Details
diff --git a/model/api/src/main/java/org/keycloak/models/entities/UserEntity.java b/model/api/src/main/java/org/keycloak/models/entities/UserEntity.java
index d1bd157..2297eed 100644
--- a/model/api/src/main/java/org/keycloak/models/entities/UserEntity.java
+++ b/model/api/src/main/java/org/keycloak/models/entities/UserEntity.java
@@ -18,7 +18,6 @@ public class UserEntity extends AbstractIdentifiableEntity {
private boolean emailVerified;
private boolean totp;
private boolean enabled;
- private int notBefore;
private String realmId;
@@ -86,14 +85,6 @@ public class UserEntity extends AbstractIdentifiableEntity {
this.enabled = enabled;
}
- public int getNotBefore() {
- return notBefore;
- }
-
- public void setNotBefore(int notBefore) {
- this.notBefore = notBefore;
- }
-
public String getRealmId() {
return realmId;
}
diff --git a/model/api/src/main/java/org/keycloak/models/UserModel.java b/model/api/src/main/java/org/keycloak/models/UserModel.java
index 08c02a3..621148e 100755
--- a/model/api/src/main/java/org/keycloak/models/UserModel.java
+++ b/model/api/src/main/java/org/keycloak/models/UserModel.java
@@ -58,9 +58,6 @@ public interface UserModel {
void setTotp(boolean totp);
- int getNotBefore();
- void setNotBefore(int notBefore);
-
void updateCredential(UserCredentialModel cred);
List<UserCredentialValueModel> getCredentialsDirectly();
diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedUser.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedUser.java
index bc2a338..ee0318f 100755
--- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedUser.java
+++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedUser.java
@@ -26,7 +26,6 @@ public class CachedUser {
private String email;
private String emailKey;
private boolean emailVerified;
- private int notBefore;
private List<UserCredentialValueModel> credentials = new LinkedList<UserCredentialValueModel>();
private boolean enabled;
private boolean totp;
@@ -48,7 +47,6 @@ public class CachedUser {
this.emailKey = realm.getId() + "." + this.email;
}
this.emailVerified = user.isEmailVerified();
- this.notBefore = user.getNotBefore();
this.credentials.addAll(user.getCredentialsDirectly());
this.enabled = user.isEnabled();
this.totp = user.isTotp();
@@ -91,10 +89,6 @@ public class CachedUser {
return emailVerified;
}
- public int getNotBefore() {
- return notBefore;
- }
-
public List<UserCredentialValueModel> getCredentials() {
return credentials;
}
diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/UserAdapter.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/UserAdapter.java
index b586df5..b48e1c5 100755
--- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/UserAdapter.java
+++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/UserAdapter.java
@@ -173,18 +173,6 @@ public class UserAdapter implements UserModel {
}
@Override
- public int getNotBefore() {
- if (updated != null) return updated.getNotBefore();
- return cached.getNotBefore();
- }
-
- @Override
- public void setNotBefore(int notBefore) {
- getDelegateForUpdate();
- updated.setNotBefore(notBefore);
- }
-
- @Override
public void updateCredential(UserCredentialModel cred) {
getDelegateForUpdate();
updated.updateCredential(cred);
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java
index 075fc87..75389c9 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserEntity.java
@@ -56,7 +56,6 @@ public class UserEntity {
protected boolean enabled;
protected boolean totp;
protected boolean emailVerified;
- protected int notBefore;
// Hack just to workaround the fact that on MS-SQL you can't have unique constraint with multiple NULL values TODO: Find better solution (like unique index with 'where' but that's proprietary)
protected String emailConstraint = KeycloakModelUtils.generateId();
@@ -194,11 +193,4 @@ public class UserEntity {
this.authenticationLink = authenticationLink;
}
- public int getNotBefore() {
- return notBefore;
- }
-
- public void setNotBefore(int notBefore) {
- this.notBefore = notBefore;
- }
}
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/UserAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/UserAdapter.java
index 8e613bb..2904284 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/UserAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/UserAdapter.java
@@ -174,16 +174,6 @@ public class UserAdapter implements UserModel {
}
@Override
- public int getNotBefore() {
- return user.getNotBefore();
- }
-
- @Override
- public void setNotBefore(int notBefore) {
- user.setNotBefore(notBefore);
- }
-
- @Override
public void updateCredential(UserCredentialModel cred) {
CredentialEntity credentialEntity = getCredentialEntity(user, cred.getType());
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/UserAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/UserAdapter.java
index 003a7e6..0a1ba68 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/UserAdapter.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/UserAdapter.java
@@ -71,16 +71,6 @@ public class UserAdapter extends AbstractMongoAdapter<MongoUserEntity> implement
}
@Override
- public int getNotBefore() {
- return user.getNotBefore();
- }
-
- @Override
- public void setNotBefore(int notBefore) {
- user.setNotBefore(notBefore);
- }
-
- @Override
public String getFirstName() {
return user.getFirstName();
}
diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
index 2246803..96aab65 100755
--- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
@@ -205,11 +205,6 @@ public class AuthenticationManager {
return null;
}
- if (token.getIssuedAt() < user.getNotBefore()) {
- logger.info("Stale cookie");
- return null;
- }
-
UserSessionModel session = realm.getUserSession(token.getSessionState());
if (!isSessionValid(realm, session)) {
if (session != null) logout(realm, session, uriInfo);
diff --git a/services/src/main/java/org/keycloak/services/managers/TokenManager.java b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
index 5b3c000..73270e9 100755
--- a/services/src/main/java/org/keycloak/services/managers/TokenManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
@@ -155,7 +155,7 @@ public class TokenManager {
throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Unmatching clients", "Unmatching clients");
}
- if (refreshToken.getIssuedAt() < client.getNotBefore() || refreshToken.getIssuedAt() < user.getNotBefore()) {
+ if (refreshToken.getIssuedAt() < client.getNotBefore()) {
throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Stale refresh token");
}
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
index bb4a4d8..5b503a5 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
@@ -277,8 +277,6 @@ public class UsersResource {
throw new NotFoundException("User not found");
}
realm.removeUserSessions(user);
- // set notBefore so that user will be forced to log in.
- user.setNotBefore(Time.currentTime());
new ResourceAdminManager().logoutUser(uriInfo.getRequestUri(), realm, user.getId(), null);
}