keycloak-uncached
Changes
testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapperTest.java 55(+52 -3)
testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPRoleMappingsTest.java 28(+28 -0)
Details
diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java
index 161ed12..f130f25 100755
--- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java
+++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java
@@ -262,14 +262,14 @@ public class LDAPStorageProvider implements UserStorageProvider,
// Add the user to the default groups and add default required actions
UserModel proxy = proxy(realm, user, ldapUser);
- DefaultRoles.addDefaultRoles(realm, user);
-
+ DefaultRoles.addDefaultRoles(realm, proxy);
+
for (GroupModel g : realm.getDefaultGroups()) {
proxy.joinGroup(g);
}
for (RequiredActionProviderModel r : realm.getRequiredActionProviders()) {
if (r.isEnabled() && r.isDefaultAction()) {
- user.addRequiredAction(r.getAlias());
+ proxy.addRequiredAction(r.getAlias());
}
}
diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapperTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapperTest.java
index b7c9742..b1aca93 100755
--- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapperTest.java
+++ b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapperTest.java
@@ -110,13 +110,23 @@ public class LDAPGroupMapperTest {
LDAPObject group11 = LDAPTestUtils.createLDAPGroup(manager.getSession(), appRealm, ldapModel, "group11");
LDAPObject group12 = LDAPTestUtils.createLDAPGroup(manager.getSession(), appRealm, ldapModel, "group12", descriptionAttrName, "group12 - description");
+ LDAPObject defaultGroup1 = LDAPTestUtils.createLDAPGroup(manager.getSession(), appRealm, ldapModel, "defaultGroup1", descriptionAttrName, "Default Group1 - description");
+ LDAPObject defaultGroup11 = LDAPTestUtils.createLDAPGroup(manager.getSession(), appRealm, ldapModel, "defaultGroup11");
+ LDAPObject defaultGroup12 = LDAPTestUtils.createLDAPGroup(manager.getSession(), appRealm, ldapModel, "defaultGroup12", descriptionAttrName, "Default Group12 - description");
+
LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group1, group11, false);
LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group1, group12, true);
+ LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", defaultGroup1, defaultGroup11, false);
+ LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", defaultGroup1, defaultGroup12, true);
+
// Sync LDAP groups to Keycloak DB
ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "groupsMapper");
new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(appRealm);
+ appRealm.addDefaultGroup(KeycloakModelUtils.findGroupByPath(appRealm, "/defaultGroup1/defaultGroup11"));
+ appRealm.addDefaultGroup(KeycloakModelUtils.findGroupByPath(appRealm, "/defaultGroup1/defaultGroup12"));
+
// Delete all LDAP users
LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm);
@@ -184,7 +194,7 @@ public class LDAPGroupMapperTest {
UserModel johnDb = session.userLocalStorage().getUserByUsername("johnkeycloak", appRealm);
Set<GroupModel> johnDbGroups = johnDb.getGroups();
- Assert.assertEquals(0, johnDbGroups.size());
+ Assert.assertEquals(2, johnDbGroups.size());
// 3 - Check that group mappings are in LDAP and hence available through federation
@@ -251,7 +261,7 @@ public class LDAPGroupMapperTest {
// Assert that mary has both LDAP and DB mapped groups
Set<GroupModel> maryGroups = mary.getGroups();
- Assert.assertEquals(3, maryGroups.size());
+ Assert.assertEquals(5, maryGroups.size());
Assert.assertTrue(maryGroups.contains(group1));
Assert.assertTrue(maryGroups.contains(group11));
Assert.assertTrue(maryGroups.contains(group12));
@@ -331,7 +341,7 @@ public class LDAPGroupMapperTest {
rob.leaveGroup(group11);
rob.leaveGroup(group12);
robGroups = rob.getGroups();
- Assert.assertEquals(0, robGroups.size());
+ Assert.assertEquals(2, robGroups.size());
} finally {
keycloakRule.stopSession(session, false);
}
@@ -523,6 +533,45 @@ public class LDAPGroupMapperTest {
}
+ @Test
+ public void test07_newUserDefaultGroupsImportModeTest() throws Exception {
+
+ // Check user group memberships
+ KeycloakSession session = keycloakRule.startSession();
+ try {
+ RealmModel appRealm = session.realms().getRealmByName("test");
+
+ ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm,ldapModel, "groupsMapper");
+ LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.MODE, LDAPGroupMapperMode.IMPORT.toString());
+ appRealm.updateComponent(mapperModel);
+
+ UserModel david = session.users().addUser(appRealm, "davidkeycloak");
+
+ GroupModel defaultGroup11 = KeycloakModelUtils.findGroupByPath(appRealm, "/defaultGroup1/defaultGroup11");
+ Assert.assertNotNull(defaultGroup11);
+
+ GroupModel defaultGroup12 = KeycloakModelUtils.findGroupByPath(appRealm, "/defaultGroup1/defaultGroup12");
+ Assert.assertNotNull(defaultGroup12);
+
+ GroupModel group31 = KeycloakModelUtils.findGroupByPath(appRealm, "/group3/group31");
+ Assert.assertNotNull(group31);
+ GroupModel group32 = KeycloakModelUtils.findGroupByPath(appRealm, "/group3/group32");
+ Assert.assertNotNull(group32);
+ GroupModel group4 = KeycloakModelUtils.findGroupByPath(appRealm, "/group4");
+ Assert.assertNotNull(group4);
+
+ Set<GroupModel> groups = david.getGroups();
+ Assert.assertTrue(groups.contains(defaultGroup11));
+ Assert.assertTrue(groups.contains(defaultGroup12));
+ Assert.assertFalse(groups.contains(group31));
+ Assert.assertFalse(groups.contains(group32));
+ Assert.assertFalse(groups.contains(group4));
+
+ } finally {
+ keycloakRule.stopSession(session, true);
+ }
+ }
+
private void deleteGroupMappingsInLDAP(GroupLDAPStorageMapper groupMapper, LDAPObject ldapUser, String groupName) {
LDAPObject ldapGroup = groupMapper.loadLDAPGroupByName(groupName);
groupMapper.deleteGroupMappingInLDAP(ldapUser, ldapGroup);
diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPRoleMappingsTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPRoleMappingsTest.java
index 4e04176..278986d 100644
--- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPRoleMappingsTest.java
+++ b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPRoleMappingsTest.java
@@ -528,4 +528,32 @@ public class LDAPRoleMappingsTest {
}
}
+ @Test
+ public void test06_newUserDefaultRolesImportModeTest() throws Exception {
+
+ // Check user group memberships
+ KeycloakSession session = keycloakRule.startSession();
+ try {
+ RealmModel appRealm = session.realms().getRealmByName("test");
+
+ // Set a default role on the realm
+ appRealm.addDefaultRole("realmRole1");
+
+ UserModel david = session.users().addUser(appRealm, "davidkeycloak");
+
+ RoleModel defaultRole = appRealm.getRole("realmRole1");
+ RoleModel realmRole2 = appRealm.getRole("realmRole2");
+
+ Assert.assertNotNull(defaultRole);
+ Assert.assertNotNull(realmRole2);
+
+ Set<RoleModel> davidRoles = david.getRealmRoleMappings();
+
+ Assert.assertTrue(davidRoles.contains(defaultRole));
+ Assert.assertFalse(davidRoles.contains(realmRole2));
+
+ } finally {
+ keycloakRule.stopSession(session, true);
+ }
+ }
}
diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPGroupMapperNoImportTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPGroupMapperNoImportTest.java
index 38ae0da..1f930bd 100755
--- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPGroupMapperNoImportTest.java
+++ b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPGroupMapperNoImportTest.java
@@ -112,29 +112,33 @@ public class LDAPGroupMapperNoImportTest {
LDAPObject group11 = LDAPTestUtils.createLDAPGroup(manager.getSession(), appRealm, ldapModel, "group11");
LDAPObject group12 = LDAPTestUtils.createLDAPGroup(manager.getSession(), appRealm, ldapModel, "group12", descriptionAttrName, "group12 - description");
+ LDAPObject defaultGroup1 = LDAPTestUtils.createLDAPGroup(manager.getSession(), appRealm, ldapModel, "defaultGroup1", descriptionAttrName, "Default Group1 - description");
+ LDAPObject defaultGroup11 = LDAPTestUtils.createLDAPGroup(manager.getSession(), appRealm, ldapModel, "defaultGroup11");
+ LDAPObject defaultGroup12 = LDAPTestUtils.createLDAPGroup(manager.getSession(), appRealm, ldapModel, "defaultGroup12", descriptionAttrName, "Default Group12 - description");
+
LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group1, group11, false);
LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group1, group12, true);
+ LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", defaultGroup1, defaultGroup11, false);
+ LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", defaultGroup1, defaultGroup12, true);
+
// Sync LDAP groups to Keycloak DB
ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "groupsMapper");
new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(appRealm);
+ appRealm.addDefaultGroup(KeycloakModelUtils.findGroupByPath(appRealm, "/defaultGroup1/defaultGroup11"));
+ appRealm.addDefaultGroup(KeycloakModelUtils.findGroupByPath(appRealm, "/defaultGroup1/defaultGroup12"));
+
// Delete all LDAP users
LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm);
- // Add some LDAP users for testing
+ // Add some LDAP users for testing (because these are added directly to LDAP, they will not be added to the default groups defined above)
LDAPObject john = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234");
LDAPTestUtils.updateLDAPPassword(ldapFedProvider, john, "Password1");
LDAPObject mary = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "marykeycloak", "Mary", "Kelly", "mary@email.org", null, "5678");
LDAPTestUtils.updateLDAPPassword(ldapFedProvider, mary, "Password1");
- LDAPObject rob = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "robkeycloak", "Rob", "Brown", "rob@email.org", null, "8910");
- LDAPTestUtils.updateLDAPPassword(ldapFedProvider, rob, "Password1");
-
- LDAPObject james = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "jameskeycloak", "James", "Brown", "james@email.org", null, "8910");
- LDAPTestUtils.updateLDAPPassword(ldapFedProvider, james, "Password1");
-
postSetup(appRealm, ldapFedProvider);
}
@@ -319,6 +323,53 @@ public class LDAPGroupMapperNoImportTest {
}
}
+ @Test
+ public void test03_newUserDefaultGroupsNoImportModeTest() throws Exception {
+
+ // Check user group memberships
+ KeycloakSession session = keycloakRule.startSession();
+ try {
+ RealmModel appRealm = session.realms().getRealmByName("test");
+
+ UserModel rob = session.users().addUser(appRealm, "robkeycloak");
+ // make sure we are in no-import mode
+ Assert.assertNull(session.userLocalStorage().getUserByUsername("robkeycloak", appRealm));
+
+ GroupModel defaultGroup11 = KeycloakModelUtils.findGroupByPath(appRealm, "/defaultGroup1/defaultGroup11");
+ Assert.assertNotNull(defaultGroup11);
+
+ GroupModel defaultGroup12 = KeycloakModelUtils.findGroupByPath(appRealm, "/defaultGroup1/defaultGroup12");
+ Assert.assertNotNull(defaultGroup12);
+
+ GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1");
+ Assert.assertNotNull(group1);
+ GroupModel group11 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group11");
+ Assert.assertNotNull(group11);
+ GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12");
+ Assert.assertNotNull(group12);
+
+ // 4 - Check through userProvider
+ List<UserModel> defaultGroup11Members = session.users().getGroupMembers(appRealm, defaultGroup11, 0, 10);
+ List<UserModel> defaultGroup12Members = session.users().getGroupMembers(appRealm, defaultGroup12, 0, 10);
+
+ Assert.assertEquals(1, defaultGroup11Members.size());
+ Assert.assertEquals("robkeycloak", defaultGroup11Members.get(0).getUsername());
+ Assert.assertEquals(1, defaultGroup12Members.size());
+ Assert.assertEquals("robkeycloak", defaultGroup12Members.get(0).getUsername());
+
+
+ Set<GroupModel> groups = rob.getGroups();
+ Assert.assertTrue(groups.contains(defaultGroup11));
+ Assert.assertTrue(groups.contains(defaultGroup12));
+ Assert.assertFalse(groups.contains(group1));
+ Assert.assertFalse(groups.contains(group11));
+ Assert.assertFalse(groups.contains(group12));
+ } finally {
+ keycloakRule.stopSession(session, true);
+ }
+ }
+
+
private void deleteGroupMappingsInLDAP(GroupLDAPStorageMapper groupMapper, LDAPObject ldapUser, String groupName) {
LDAPObject ldapGroup = groupMapper.loadLDAPGroupByName(groupName);
diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPRoleMappingsNoImportTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPRoleMappingsNoImportTest.java
index f0d31b3..ce47098 100644
--- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPRoleMappingsNoImportTest.java
+++ b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPRoleMappingsNoImportTest.java
@@ -315,6 +315,45 @@ public class LDAPRoleMappingsNoImportTest {
}
}
+ @Test
+ public void test03_newUserDefaultRolesNoImportModeTest() throws Exception {
+
+ // Check user group memberships
+ KeycloakSession session = keycloakRule.startSession();
+ try {
+ session.userCache().clear();
+ RealmModel appRealm = session.realms().getRealmByName("test");
+
+ LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ldapModel, LDAPGroupMapperMode.LDAP_ONLY);
+
+ // Set a default role on the realm
+ appRealm.addDefaultRole("realmRole1");
+
+ UserModel david = session.users().addUser(appRealm, "davidkeycloak");
+
+ // make sure we are in no-import mode
+ Assert.assertNull(session.userLocalStorage().getUserByUsername("davidkeycloak", appRealm));
+
+ RoleModel defaultRole = appRealm.getRole("realmRole1");
+ RoleModel realmRole2 = appRealm.getRole("realmRole2");
+
+ Assert.assertNotNull(defaultRole);
+ Assert.assertNotNull(realmRole2);
+
+ Set<RoleModel> davidRoles = david.getRealmRoleMappings();
+
+ Assert.assertTrue(davidRoles.contains(defaultRole));
+ Assert.assertFalse(davidRoles.contains(realmRole2));
+
+ // Make sure john has not received the default role
+ UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm);
+ Set<RoleModel> johnRoles = john.getRealmRoleMappings();
+
+ Assert.assertFalse(johnRoles.contains(defaultRole));
+ } finally {
+ keycloakRule.stopSession(session, true);
+ }
+ }
private void deleteRoleMappingsInLDAP(RoleLDAPStorageMapper roleMapper, LDAPObject ldapUser, String roleName) {
LDAPObject ldapRole1 = roleMapper.loadLDAPRoleByName(roleName);