keycloak-aplcache
Changes
connections/mongo/src/main/java/org/keycloak/connections/mongo/DefaultMongoConnectionFactoryProvider.java 53(+36 -17)
federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/SPNEGOAuthenticator.java 1(+0 -1)
Details
diff --git a/connections/mongo/src/main/java/org/keycloak/connections/mongo/DefaultMongoConnectionFactoryProvider.java b/connections/mongo/src/main/java/org/keycloak/connections/mongo/DefaultMongoConnectionFactoryProvider.java
index 7bc507a..73d6b84 100755
--- a/connections/mongo/src/main/java/org/keycloak/connections/mongo/DefaultMongoConnectionFactoryProvider.java
+++ b/connections/mongo/src/main/java/org/keycloak/connections/mongo/DefaultMongoConnectionFactoryProvider.java
@@ -16,6 +16,7 @@ import org.keycloak.models.KeycloakSessionFactory;
import javax.net.ssl.SSLSocketFactory;
import java.lang.reflect.Method;
+import java.net.UnknownHostException;
import java.util.Collections;
/**
@@ -50,7 +51,7 @@ public class DefaultMongoConnectionFactoryProvider implements MongoConnectionPro
private MongoStore mongoStore;
private DB db;
- private Config.Scope config;
+ protected Config.Scope config;
@Override
public MongoConnectionProvider create(KeycloakSession session) {
@@ -77,21 +78,9 @@ public class DefaultMongoConnectionFactoryProvider implements MongoConnectionPro
synchronized (this) {
if (client == null) {
try {
- String host = config.get("host", ServerAddress.defaultHost());
- int port = config.getInt("port", ServerAddress.defaultPort());
- String dbName = config.get("db", "keycloak");
-
- String user = config.get("user");
- String password = config.get("password");
-
- MongoClientOptions clientOptions = getClientOptions();
- if (user != null && password != null) {
- MongoCredential credential = MongoCredential.createMongoCRCredential(user, dbName, password.toCharArray());
- client = new MongoClient(new ServerAddress(host, port), Collections.singletonList(credential), clientOptions);
- } else {
- client = new MongoClient(new ServerAddress(host, port), clientOptions);
- }
+ this.client = createMongoClient();
+ String dbName = config.get("db", "keycloak");
this.db = client.getDB(dbName);
String databaseSchema = config.get("databaseSchema");
@@ -110,8 +99,6 @@ public class DefaultMongoConnectionFactoryProvider implements MongoConnectionPro
}
this.mongoStore = new MongoStoreImpl(db, getManagedEntities());
-
- logger.debugv("Initialized mongo model. host: %s, port: %d, db: %s", host, port, dbName);
} catch (Exception e) {
throw new RuntimeException(e);
}
@@ -140,6 +127,38 @@ public class DefaultMongoConnectionFactoryProvider implements MongoConnectionPro
return "default";
}
+ /**
+ * Override this method if you want more possibility to configure Mongo client. It can be also used to inject mongo client
+ * from different source.
+ *
+ * This method can assume that "config" is already set and can use it.
+ *
+ * @return mongoClient instance, which will be shared for whole Keycloak
+ *
+ * @throws UnknownHostException
+ */
+ protected MongoClient createMongoClient() throws UnknownHostException {
+ String host = config.get("host", ServerAddress.defaultHost());
+ int port = config.getInt("port", ServerAddress.defaultPort());
+ String dbName = config.get("db", "keycloak");
+
+ String user = config.get("user");
+ String password = config.get("password");
+
+ MongoClientOptions clientOptions = getClientOptions();
+
+ MongoClient client;
+ if (user != null && password != null) {
+ MongoCredential credential = MongoCredential.createMongoCRCredential(user, dbName, password.toCharArray());
+ client = new MongoClient(new ServerAddress(host, port), Collections.singletonList(credential), clientOptions);
+ } else {
+ client = new MongoClient(new ServerAddress(host, port), clientOptions);
+ }
+
+ logger.debugv("Initialized mongo model. host: %s, port: %d, db: %s", host, port, dbName);
+ return client;
+ }
+
protected MongoClientOptions getClientOptions() {
MongoClientOptions.Builder builder = MongoClientOptions.builder();
checkIntOption("connectionsPerHost", builder);
diff --git a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/SPNEGOAuthenticator.java b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/SPNEGOAuthenticator.java
index 6dd2576..9c56f75 100644
--- a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/SPNEGOAuthenticator.java
+++ b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/SPNEGOAuthenticator.java
@@ -108,7 +108,6 @@ public class SPNEGOAuthenticator {
if (gssContext.isEstablished()) {
authenticatedKerberosPrincipal = gssContext.getSrcName().toString();
- // What should be done with delegation credential? Figure out if there are use-cases for storing it as claims in FederatedIdentity
if (gssContext.getCredDelegState()) {
delegationCredential = gssContext.getDelegCred();
}
diff --git a/model/api/src/main/java/org/keycloak/models/RealmModel.java b/model/api/src/main/java/org/keycloak/models/RealmModel.java
index 9c29604..8b901a2 100755
--- a/model/api/src/main/java/org/keycloak/models/RealmModel.java
+++ b/model/api/src/main/java/org/keycloak/models/RealmModel.java
@@ -181,7 +181,7 @@ public interface RealmModel extends RoleContainerModel {
public IdentityProviderMapperModel getIdentityProviderMapperById(String id);
public IdentityProviderMapperModel getIdentityProviderMapperByName(String brokerAlias, String name);
-
+ // Should return list sorted by UserFederationProviderModel.priority
List<UserFederationProviderModel> getUserFederationProviders();
UserFederationProviderModel addUserFederationProvider(String providerName, Map<String, String> config, int priority, String displayName, int fullSyncPeriod, int changedSyncPeriod, int lastSync);
diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/DefaultCacheRealmProvider.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/DefaultCacheRealmProvider.java
index f73f752..436e189 100755
--- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/DefaultCacheRealmProvider.java
+++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/DefaultCacheRealmProvider.java
@@ -203,7 +203,7 @@ public class DefaultCacheRealmProvider implements CacheRealmProvider {
// Return cache delegates to ensure cache invalidated during write operations
List<RealmModel> cachedRealms = new LinkedList<RealmModel>();
for (RealmModel realm : backendRealms) {
- RealmModel cached = session.realms().getRealm(realm.getId());
+ RealmModel cached = getRealm(realm.getId());
cachedRealms.add(cached);
}
return cachedRealms;
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java b/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java
index fafb2e9..82ed245 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java
@@ -300,14 +300,11 @@ public class TokenManager {
Set<ProtocolMapperModel> mappings = new ClientSessionCode(realm, clientSession).getRequestedProtocolMappers();
KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory();
for (ProtocolMapperModel mapping : mappings) {
- if (!mapping.getProtocol().equals(OIDCLoginProtocol.LOGIN_PROTOCOL)) continue;
ProtocolMapper mapper = (ProtocolMapper)sessionFactory.getProviderFactory(ProtocolMapper.class, mapping.getProtocolMapper());
if (mapper == null || !(mapper instanceof OIDCIDTokenMapper)) continue;
token = ((OIDCIDTokenMapper)mapper).transformIDToken(token, mapping, session, userSession, clientSession);
-
-
}
}