keycloak-aplcache
Changes
model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/ClientSessionAdapter.java 22(+16 -6)
Details
diff --git a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.4.0.xml b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.4.0.xml
index 5fc0f23..d3cd6c4 100755
--- a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.4.0.xml
+++ b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.4.0.xml
@@ -102,7 +102,7 @@
<column name="NAME" type="VARCHAR(255)">
<constraints nullable="false"/>
</column>
- <column name="VALUE" type="VARCHAR(255)"/>
+ <column name="VALUE" type="VARCHAR(2048)"/>
<column name="CLIENT_SESSION" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProvider.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProvider.java
index 1fa601d..4edbc83 100755
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProvider.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProvider.java
@@ -301,6 +301,12 @@ public class LDAPFederationProvider implements UserFederationProvider {
return null;
}
+ // Check here if user already exists
+ String ldapUsername = LDAPUtils.getUsername(ldapUser, ldapIdentityStore.getConfig());
+ if (session.userStorage().getUserByUsername(ldapUsername, realm) != null) {
+ throw new ModelDuplicateException("User with username '" + ldapUsername + "' already exists in Keycloak. It conflicts with LDAP user with email '" + email + "'");
+ }
+
return importUserFromLDAP(session, realm, ldapUser);
}
diff --git a/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/ClientSessionAdapter.java b/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/ClientSessionAdapter.java
index 4c645c7..2f9e199 100755
--- a/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/ClientSessionAdapter.java
+++ b/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/ClientSessionAdapter.java
@@ -278,12 +278,22 @@ public class ClientSessionAdapter implements ClientSessionModel {
@Override
public void setExecutionStatus(String authenticator, ExecutionStatus status) {
- ClientSessionAuthStatusEntity authStatus = new ClientSessionAuthStatusEntity();
- authStatus.setAuthenticator(authenticator);
- authStatus.setClientSession(entity);
- authStatus.setStatus(status);
- em.persist(authStatus);
- entity.getAuthanticatorStatus().add(authStatus);
+ boolean exists = false;
+ for (ClientSessionAuthStatusEntity authStatus : entity.getAuthanticatorStatus()) {
+ if (authStatus.getAuthenticator().equals(authenticator)) {
+ authStatus.setStatus(status);
+ exists = true;
+ }
+ }
+
+ if (!exists) {
+ ClientSessionAuthStatusEntity authStatus = new ClientSessionAuthStatusEntity();
+ authStatus.setAuthenticator(authenticator);
+ authStatus.setClientSession(entity);
+ authStatus.setStatus(status);
+ em.persist(authStatus);
+ entity.getAuthanticatorStatus().add(authStatus);
+ }
em.flush();
diff --git a/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/JpaUserSessionProvider.java b/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/JpaUserSessionProvider.java
index 20ac967..e8b460a 100755
--- a/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/JpaUserSessionProvider.java
+++ b/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/JpaUserSessionProvider.java
@@ -238,6 +238,14 @@ public class JpaUserSessionProvider implements UserSessionProvider {
.setParameter("realmId", realm.getId())
.setParameter("userId", user.getId())
.executeUpdate();
+ em.createNamedQuery("removeClientSessionAuthStatusByUser")
+ .setParameter("realmId", realm.getId())
+ .setParameter("userId", user.getId())
+ .executeUpdate();
+ em.createNamedQuery("removeClientUserSessionNoteByUser")
+ .setParameter("realmId", realm.getId())
+ .setParameter("userId", user.getId())
+ .executeUpdate();
em.createNamedQuery("removeClientSessionByUser")
.setParameter("realmId", realm.getId())
.setParameter("userId", user.getId())
@@ -270,6 +278,14 @@ public class JpaUserSessionProvider implements UserSessionProvider {
.setParameter("realmId", realm.getId())
.setParameter("maxTime", dettachedClientSessionExpired)
.executeUpdate();
+ em.createNamedQuery("removeDetachedClientSessionAuthStatusByExpired")
+ .setParameter("realmId", realm.getId())
+ .setParameter("maxTime", dettachedClientSessionExpired)
+ .executeUpdate();
+ em.createNamedQuery("removeDetachedUserClientSessionNoteByExpired")
+ .setParameter("realmId", realm.getId())
+ .setParameter("maxTime", dettachedClientSessionExpired)
+ .executeUpdate();
em.createNamedQuery("removeDetachedClientSessionByExpired")
.setParameter("realmId", realm.getId())
.setParameter("maxTime", dettachedClientSessionExpired)
@@ -289,6 +305,16 @@ public class JpaUserSessionProvider implements UserSessionProvider {
.setParameter("maxTime", maxTime)
.setParameter("idleTime", idleTime)
.executeUpdate();
+ em.createNamedQuery("removeClientSessionAuthStatusByExpired")
+ .setParameter("realmId", realm.getId())
+ .setParameter("maxTime", maxTime)
+ .setParameter("idleTime", idleTime)
+ .executeUpdate();
+ em.createNamedQuery("removeClientUserSessionNoteByExpired")
+ .setParameter("realmId", realm.getId())
+ .setParameter("maxTime", maxTime)
+ .setParameter("idleTime", idleTime)
+ .executeUpdate();
em.createNamedQuery("removeClientSessionByExpired")
.setParameter("realmId", realm.getId())
.setParameter("maxTime", maxTime)
@@ -311,6 +337,8 @@ public class JpaUserSessionProvider implements UserSessionProvider {
em.createNamedQuery("removeClientSessionNoteByRealm").setParameter("realmId", realm.getId()).executeUpdate();
em.createNamedQuery("removeClientSessionRoleByRealm").setParameter("realmId", realm.getId()).executeUpdate();
em.createNamedQuery("removeClientSessionProtMapperByRealm").setParameter("realmId", realm.getId()).executeUpdate();
+ em.createNamedQuery("removeClientSessionAuthStatusByRealm").setParameter("realmId", realm.getId()).executeUpdate();
+ em.createNamedQuery("removeClientUserSessionNoteByRealm").setParameter("realmId", realm.getId()).executeUpdate();
em.createNamedQuery("removeClientSessionByRealm").setParameter("realmId", realm.getId()).executeUpdate();
em.createNamedQuery("removeUserSessionNoteByRealm").setParameter("realmId", realm.getId()).executeUpdate();
em.createNamedQuery("removeUserSessionByRealm").setParameter("realmId", realm.getId()).executeUpdate();
@@ -327,6 +355,8 @@ public class JpaUserSessionProvider implements UserSessionProvider {
em.createNamedQuery("removeClientSessionNoteByClient").setParameter("realmId", realm.getId()).setParameter("clientId", client.getId()).executeUpdate();
em.createNamedQuery("removeClientSessionRoleByClient").setParameter("realmId", realm.getId()).setParameter("clientId", client.getId()).executeUpdate();
em.createNamedQuery("removeClientSessionProtMapperByClient").setParameter("realmId", realm.getId()).setParameter("clientId", client.getId()).executeUpdate();
+ em.createNamedQuery("removeClientSessionAuthStatusByClient").setParameter("realmId", realm.getId()).setParameter("clientId", client.getId()).executeUpdate();
+ em.createNamedQuery("removeClientUserSessionNoteByClient").setParameter("realmId", realm.getId()).setParameter("clientId", client.getId()).executeUpdate();
em.createNamedQuery("removeClientSessionByClient").setParameter("realmId", realm.getId()).setParameter("clientId", client.getId()).executeUpdate();
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/SyncProvidersTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/SyncProvidersTest.java
index 9b03d5b..e5e893a 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/SyncProvidersTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/SyncProvidersTest.java
@@ -211,10 +211,18 @@ public class SyncProvidersTest {
// Assert user successfully synced now
result = new UsersSyncManager().syncAllUsers(session.getKeycloakSessionFactory(), "test", ldapModel);
Assert.assertEquals(0, result.getFailed());
- FederationTestUtils.assertUserImported(session.userStorage(), testRealm, "user7-something", "User7FNN", "User7LNL", "user7-changed@email.org", "126");
} finally {
keycloakRule.stopSession(session, true);
}
+
+ // Assert user imported in another transaction
+ session = keycloakRule.startSession();
+ try {
+ RealmModel testRealm = session.realms().getRealm("test");
+ FederationTestUtils.assertUserImported(session.userStorage(), testRealm, "user7-something", "User7FNN", "User7LNL", "user7-changed@email.org", "126");
+ } finally {
+ keycloakRule.stopSession(session, false);
+ }
}
// KEYCLOAK-1571