Prosoft Git

keycloak-uncached

KEYCLOAK-5698

10/19/2017 9:38:56 PM
Bill Burke

Bill Burke

Commit: 54ebc21

Tree: 82bacf4

Parents: 0371a56

Changes

federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java 2(+1 -1)

model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserCacheSession.java 2(+2 -0)

testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPRoleMappingsTest.java 103(+103 -0)

Details

federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java 2(+1 -1) 

diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java
index 77029c0..6c33cac 100755
--- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java
+++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java
@@ -540,7 +540,7 @@ public class LDAPStorageProviderFactory implements UserStorageProviderFactory<LD
                                     LDAPStorageMapper ldapMapper = ldapFedProvider.getMapperManager().getMapper(mapperModel);
                                     ldapMapper.onImportUserFromLDAP(ldapUser, currentUser, currentRealm, false);
                                 }
-
+                                session.userCache().evict(currentRealm, currentUser);
                                 logger.debugf("Updated user from LDAP: %s", currentUser.getUsername());
                                 syncResult.increaseUpdated();
                             } else {

model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserCacheSession.java 2(+2 -0) 

diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserCacheSession.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserCacheSession.java
index b0e731f..c209979 100755
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserCacheSession.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserCacheSession.java
@@ -108,6 +108,8 @@ public class UserCacheSession implements UserCache {
 
     @Override
     public void evict(RealmModel realm, UserModel user) {
+        if (!transactionActive) throw new IllegalStateException("Cannot call evict() without a transaction");
+        getDelegate(); // invalidations need delegate set
         if (user instanceof CachedUserModel) {
             ((CachedUserModel)user).invalidate();
         } else {

testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPRoleMappingsTest.java 103(+103 -0) 

diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPRoleMappingsTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPRoleMappingsTest.java
index 7329a02..663a05c 100644
--- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPRoleMappingsTest.java
+++ b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPRoleMappingsTest.java
@@ -27,6 +27,7 @@ import org.junit.rules.TestRule;
 import org.junit.runners.MethodSorters;
 import org.keycloak.common.util.MultivaluedHashMap;
 import org.keycloak.component.ComponentModel;
+import org.keycloak.services.managers.UserStorageSyncManager;
 import org.keycloak.storage.UserStorageProvider;
 import org.keycloak.storage.UserStorageProviderModel;
 import org.keycloak.storage.ldap.LDAPStorageProvider;
@@ -44,6 +45,7 @@ import org.keycloak.models.RoleModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.services.managers.RealmManager;
 import org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper;
+import org.keycloak.storage.user.SynchronizationResult;
 import org.keycloak.testsuite.OAuthClient;
 import org.keycloak.testsuite.pages.AppPage;
 import org.keycloak.testsuite.pages.LoginPage;
@@ -72,6 +74,7 @@ public class LDAPRoleMappingsTest {
             LDAPTestUtils.addLocalUser(manager.getSession(), appRealm, "mary", "mary@test.com", "password-app");
 
             MultivaluedHashMap<String,String> ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule);
+            ldapConfig.remove(LDAPConstants.PAGINATION);
             ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "true");
             ldapConfig.putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString());
             UserStorageProviderModel model = new UserStorageProviderModel();
@@ -82,6 +85,8 @@ public class LDAPRoleMappingsTest {
             model.setPriority(0);
             model.setProviderId(LDAPStorageProviderFactory.PROVIDER_NAME);
             model.setConfig(ldapConfig);
+            model.setImportEnabled(true);
+
 
             ldapModel = appRealm.addComponentModel(model);
 
@@ -359,4 +364,102 @@ public class LDAPRoleMappingsTest {
         LDAPObject ldapRole1 = roleMapper.loadLDAPRoleByName(roleName);
         roleMapper.deleteRoleMappingInLDAP(ldapUser, ldapRole1);
     }
+
+    /**
+     * KEYCLOAK-5698
+     */
+    @Test
+    public void test04_syncRoleMappings() {
+        KeycloakSession session = keycloakRule.startSession();
+        try {
+            RealmModel appRealm = session.realms().getRealmByName("test");
+
+            LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel);
+            LDAPObject john = LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "johnrolemapper", "John", "RoleMapper", "johnrolemapper@email.org", null, "1234");
+            LDAPTestUtils.updateLDAPPassword(ldapProvider, john, "Password1");
+            LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ldapModel, LDAPGroupMapperMode.LDAP_ONLY);
+            UserStorageSyncManager usersSyncManager = new UserStorageSyncManager();
+            SynchronizationResult syncResult = usersSyncManager.syncChangedUsers(session.getKeycloakSessionFactory(), appRealm.getId(), new UserStorageProviderModel(ldapModel));
+            syncResult.getAdded();
+        } finally {
+            keycloakRule.stopSession(session, true);
+        }
+
+        session = keycloakRule.startSession();
+        try {
+            // make sure user is cached.
+            RealmModel appRealm = session.realms().getRealmByName("test");
+            UserModel johnRoleMapper = session.users().getUserByUsername("johnrolemapper", appRealm);
+            Assert.assertNotNull(johnRoleMapper);
+            Assert.assertEquals(0, johnRoleMapper.getRealmRoleMappings().size());
+
+        } finally {
+            keycloakRule.stopSession(session, true);
+        }
+
+        session = keycloakRule.startSession();
+        try {
+            RealmModel appRealm = session.realms().getRealmByName("test");
+            // Add some role mappings directly in LDAP
+            LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel);
+            ComponentModel roleMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "realmRolesMapper");
+            RoleLDAPStorageMapper roleMapper = LDAPTestUtils.getRoleMapper(roleMapperModel, ldapProvider, appRealm);
+
+            LDAPObject johnLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "johnrolemapper");
+            roleMapper.addRoleMappingInLDAP("realmRole1", johnLdap);
+            roleMapper.addRoleMappingInLDAP("realmRole2", johnLdap);
+
+            // Get user and check that he has requested roles from LDAP
+            UserModel johnRoleMapper = session.users().getUserByUsername("johnrolemapper", appRealm);
+            RoleModel realmRole1 = appRealm.getRole("realmRole1");
+            RoleModel realmRole2 = appRealm.getRole("realmRole2");
+
+            Set<RoleModel> johnRoles = johnRoleMapper.getRealmRoleMappings();
+            Assert.assertFalse(johnRoles.contains(realmRole1));
+            Assert.assertFalse(johnRoles.contains(realmRole2));
+
+
+
+        } finally {
+            keycloakRule.stopSession(session, true);
+        }
+
+        session = keycloakRule.startSession();
+        try {
+            RealmModel appRealm = session.realms().getRealmByName("test");
+            // Add some role mappings directly in LDAP
+            LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel);
+            ComponentModel roleMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "realmRolesMapper");
+            RoleLDAPStorageMapper roleMapper = LDAPTestUtils.getRoleMapper(roleMapperModel, ldapProvider, appRealm);
+
+            LDAPObject johnLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "johnrolemapper");
+            roleMapper.addRoleMappingInLDAP("realmRole1", johnLdap);
+            roleMapper.addRoleMappingInLDAP("realmRole2", johnLdap);
+
+            UserStorageSyncManager usersSyncManager = new UserStorageSyncManager();
+            SynchronizationResult syncResult = usersSyncManager.syncChangedUsers(session.getKeycloakSessionFactory(), appRealm.getId(), new UserStorageProviderModel(ldapModel));
+        } finally {
+            keycloakRule.stopSession(session, true);
+        }
+
+        session = keycloakRule.startSession();
+        try {
+            RealmModel appRealm = session.realms().getRealmByName("test");
+            // Get user and check that he has requested roles from LDAP
+            UserModel johnRoleMapper = session.users().getUserByUsername("johnrolemapper", appRealm);
+            RoleModel realmRole1 = appRealm.getRole("realmRole1");
+            RoleModel realmRole2 = appRealm.getRole("realmRole2");
+
+            Set<RoleModel> johnRoles = johnRoleMapper.getRealmRoleMappings();
+            Assert.assertTrue(johnRoles.contains(realmRole1));
+            Assert.assertTrue(johnRoles.contains(realmRole2));
+
+
+
+        } finally {
+            keycloakRule.stopSession(session, true);
+        }
+
+    }
+
 }

Bonobo Git Server (6.3.0.632) © 2015 Jakub Chodounský · Official Page · Github