Details
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java
index 4703da9..9c25a38 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java
@@ -125,11 +125,13 @@ public class ApplicationAdapter implements ApplicationModel {
@Override
public boolean removeRoleById(String id) {
- ApplicationRoleEntity role = em.find(ApplicationRoleEntity.class, id);
- if (role == null) {
+ RoleAdapter roleAdapter = getRoleById(id);
+ if (roleAdapter == null) {
return false;
}
+ ApplicationRoleEntity role = (ApplicationRoleEntity)roleAdapter.getRole();
+
application.getRoles().remove(role);
application.getDefaultRoles().remove(role);
@@ -154,8 +156,13 @@ public class ApplicationAdapter implements ApplicationModel {
}
@Override
- public RoleModel getRoleById(String id) {
- return realm.getRoleById(id);
+ public RoleAdapter getRoleById(String id) {
+ RoleEntity entity = em.find(RoleEntity.class, id);
+
+ // Check if it's application role and belongs to this application
+ if (entity == null || !(entity instanceof ApplicationRoleEntity)) return null;
+ ApplicationRoleEntity appRoleEntity = (ApplicationRoleEntity)entity;
+ return (appRoleEntity.getApplication().equals(this.application)) ? new RoleAdapter(this.realm, em, appRoleEntity) : null;
}
@Override
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java
index e44da8b..19a5981 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java
@@ -6,6 +6,7 @@ import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.JoinTable;
+import javax.persistence.ManyToOne;
import javax.persistence.OneToMany;
import javax.persistence.OneToOne;
import java.util.ArrayList;
@@ -40,6 +41,9 @@ public class ApplicationEntity {
@JoinTable(name="ApplicationDefaultRoles")
Collection<RoleEntity> defaultRoles = new ArrayList<RoleEntity>();
+ @ManyToOne()
+ private RealmEntity realm;
+
public String getId() {
return id;
}
@@ -107,4 +111,12 @@ public class ApplicationEntity {
public void setDefaultRoles(Collection<RoleEntity> defaultRoles) {
this.defaultRoles = defaultRoles;
}
+
+ public RealmEntity getRealm() {
+ return realm;
+ }
+
+ public void setRealm(RealmEntity realm) {
+ this.realm = realm;
+ }
}
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
index d744bff..e29b59d 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
@@ -68,7 +68,7 @@ public class RealmEntity {
@JoinTable(name="OAuthClient_RequiredCreds")
Collection<RequiredCredentialEntity> requiredOAuthClCredentials = new ArrayList<RequiredCredentialEntity>();
- @OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true)
+ @OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "realm")
Collection<ApplicationEntity> applications = new ArrayList<ApplicationEntity>();
@OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "realm")
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
index 608788e..46e2b7d 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
@@ -431,7 +431,11 @@ public class RealmAdapter implements RealmModel {
@Override
public UserModel getUserById(String id) {
- return new UserAdapter(em.find(UserEntity.class, id));
+ UserEntity entity = em.find(UserEntity.class, id);
+
+ // Check if user belongs to this realm
+ if (entity == null || !this.realm.equals(entity.getRealm())) return null;
+ return new UserAdapter(entity);
}
@Override
@@ -562,6 +566,7 @@ public class RealmAdapter implements RealmModel {
applicationData.setApplicationUser(user);
applicationData.setName(name);
applicationData.setEnabled(true);
+ applicationData.setRealm(realm);
realm.getApplications().add(applicationData);
em.persist(applicationData);
em.flush();
@@ -606,7 +611,9 @@ public class RealmAdapter implements RealmModel {
@Override
public ApplicationModel getApplicationById(String id) {
ApplicationEntity app = em.find(ApplicationEntity.class, id);
- if (app == null) return null;
+
+ // Check if application belongs to this realm
+ if (app == null || !this.realm.equals(app.getRealm())) return null;
return new ApplicationAdapter(this, em, app);
}
@@ -783,7 +790,9 @@ public class RealmAdapter implements RealmModel {
@Override
public OAuthClientModel getOAuthClientById(String id) {
OAuthClientEntity client = em.find(OAuthClientEntity.class, id);
- if (client == null) return null;
+
+ // Check if client belongs to this realm
+ if (client == null || !this.realm.equals(client.getRealm())) return null;
return new OAuthClientAdapter(client);
}
@@ -846,7 +855,6 @@ public class RealmAdapter implements RealmModel {
@Override
public boolean removeRoleById(String id) {
RoleModel role = getRoleById(id);
- if (role == null) return false;
if (role == null) {
return false;
@@ -877,8 +885,11 @@ public class RealmAdapter implements RealmModel {
@Override
public RoleModel getRoleById(String id) {
RoleEntity entity = em.find(RoleEntity.class, id);
- if (entity == null) return null;
- return new RoleAdapter(this, em, entity);
+
+ // Check if it's realm role and belongs to this realm
+ if (entity == null || !(entity instanceof RealmRoleEntity)) return null;
+ RealmRoleEntity realmRoleEntity = (RealmRoleEntity)entity;
+ return (realmRoleEntity.getRealm().equals(this.realm)) ? new RoleAdapter(this, em, realmRoleEntity) : null;
}
@Override
@@ -894,8 +905,8 @@ public class RealmAdapter implements RealmModel {
protected TypedQuery<UserRoleMappingEntity> getUserRoleMappingEntityTypedQuery(UserAdapter user, RoleAdapter role) {
TypedQuery<UserRoleMappingEntity> query = em.createNamedQuery("userHasRole", UserRoleMappingEntity.class);
- query.setParameter("user", ((UserAdapter)user).getUser());
- query.setParameter("role", ((RoleAdapter) role).getRole());
+ query.setParameter("user", user.getUser());
+ query.setParameter("role", role.getRole());
return query;
}
@@ -938,6 +949,8 @@ public class RealmAdapter implements RealmModel {
@Override
public void deleteRoleMapping(UserModel user, RoleModel role) {
+ if (user == null || role == null) return;
+
TypedQuery<UserRoleMappingEntity> query = getUserRoleMappingEntityTypedQuery((UserAdapter) user, (RoleAdapter) role);
List<UserRoleMappingEntity> results = query.getResultList();
if (results.size() == 0) return;
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
index 2604dfe..758c2cc 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
@@ -576,6 +576,8 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel {
@Override
public void deleteRoleMapping(UserModel user, RoleModel role) {
+ if (user == null || role == null) return;
+
UserEntity userEntity = ((UserAdapter)user).getUser();
getMongoStore().pullItemFromList(userEntity, "roleIds", role.getId(), invocationContext);
}
diff --git a/model/tests/src/test/java/org/keycloak/model/test/AbstractModelTest.java b/model/tests/src/test/java/org/keycloak/model/test/AbstractModelTest.java
index f334236..c7c9671 100644
--- a/model/tests/src/test/java/org/keycloak/model/test/AbstractModelTest.java
+++ b/model/tests/src/test/java/org/keycloak/model/test/AbstractModelTest.java
@@ -3,12 +3,15 @@ package org.keycloak.model.test;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.util.Set;
import org.jboss.resteasy.logging.Logger;
import org.junit.After;
+import org.junit.Assert;
import org.junit.Before;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
+import org.keycloak.models.RoleModel;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.resources.KeycloakApplication;
@@ -60,4 +63,33 @@ public class AbstractModelTest {
return JsonSerialization.readValue(bytes, RealmRepresentation.class);
}
+
+
+ // Helper methods for role equality
+
+ public static void assertRolesEquals(Set<RoleModel> expected, Set<RoleModel> actual) {
+ Assert.assertEquals(expected.size(), actual.size());
+ for (RoleModel current : actual) {
+ assertRolesContains(current, expected);
+ }
+ }
+
+ public static void assertRolesContains(RoleModel expected, Set<RoleModel> actual) {
+ for (RoleModel current : actual) {
+ if (current.getId().equals(expected.getId())) {
+ assertRolesEquals(current, expected);
+ return;
+ }
+ }
+
+ Assert.fail("Role with id=" + expected.getId() + " name=" + expected.getName() + " not in set " + actual);
+ }
+
+ public static void assertRolesEquals(RoleModel expected, RoleModel actual) {
+ Assert.assertEquals(expected.getId(), actual.getId());
+ Assert.assertEquals(expected.getName(), actual.getName());
+ Assert.assertEquals(expected.getDescription(), actual.getDescription());
+ Assert.assertEquals(expected.getContainer(), actual.getContainer());
+ Assert.assertEquals(expected.getComposites().size(), actual.getComposites().size());
+ }
}
diff --git a/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java b/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java
index ea6fa66..6e71d6e 100755
--- a/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java
+++ b/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java
@@ -430,13 +430,60 @@ public class AdapterTest extends AbstractModelTest {
Set<RoleModel> roles = realmModel.getRoles();
Assert.assertEquals(5, roles.size());
UserModel user = realmModel.addUser("bburke");
- RoleModel role = realmModel.getRole("user");
- realmModel.grantRole(user, role);
- Assert.assertTrue(realmModel.hasRole(user, role));
- System.out.println("Role id: " + role.getId());
- role = realmModel.getRoleById(role.getId());
- Assert.assertNotNull(role);
- Assert.assertEquals("user", role.getName());
+ RoleModel realmUserRole = realmModel.getRole("user");
+ realmModel.grantRole(user, realmUserRole);
+ Assert.assertTrue(realmModel.hasRole(user, realmUserRole));
+ RoleModel found = realmModel.getRoleById(realmUserRole.getId());
+ Assert.assertNotNull(found);
+ assertRolesEquals(found, realmUserRole);
+
+ // Test app roles
+ ApplicationModel application = realmModel.addApplication("app1");
+ application.addRole("user");
+ application.addRole("bar");
+ Set<RoleModel> appRoles = application.getRoles();
+ Assert.assertEquals(2, appRoles.size());
+ RoleModel appBarRole = application.getRole("bar");
+
+ // This should return null because it's realmRole
+ Assert.assertNull(application.getRoleById(realmUserRole.getId()));
+
+ // This should return null because appBarRole is application role
+ Assert.assertNull(realmModel.getRoleById(appBarRole.getId()));
+ found = application.getRoleById(appBarRole.getId());
+ Assert.assertNotNull(found);
+ assertRolesEquals(found, appBarRole);
+
+ realmModel.grantRole(user, appBarRole);
+ realmModel.grantRole(user, application.getRole("user"));
+
+ roles = realmModel.getRealmRoleMappings(user);
+ Assert.assertEquals(roles.size(), 2);
+ assertRolesContains(realmUserRole, roles);
+ Assert.assertTrue(realmModel.hasRole(user, realmUserRole));
+ // Role "foo" is default realm role
+ Assert.assertTrue(realmModel.hasRole(user, realmModel.getRole("foo")));
+
+ roles = application.getApplicationRoleMappings(user);
+ Assert.assertEquals(roles.size(), 2);
+ assertRolesContains(application.getRole("user"), roles);
+ assertRolesContains(appBarRole, roles);
+ Assert.assertTrue(realmModel.hasRole(user, appBarRole));
+
+ // Test that application role 'user' don't clash with realm role 'user'
+ Assert.assertNotEquals(realmModel.getRole("user").getId(), application.getRole("user").getId());
+
+ Assert.assertEquals(6, realmModel.getRoleMappings(user).size());
+
+ // Revoke some roles
+ realmModel.deleteRoleMapping(user, realmModel.getRole("foo"));
+ realmModel.deleteRoleMapping(user, appBarRole);
+ roles = realmModel.getRoleMappings(user);
+ Assert.assertEquals(4, roles.size());
+ assertRolesContains(realmUserRole, roles);
+ assertRolesContains(application.getRole("user"), roles);
+ Assert.assertFalse(realmModel.hasRole(user, appBarRole));
}
+ // TODO: test scopes
}
diff --git a/model/tests/src/test/java/org/keycloak/model/test/ApplicationModelTest.java b/model/tests/src/test/java/org/keycloak/model/test/ApplicationModelTest.java
index d2e460c..3cac578 100755
--- a/model/tests/src/test/java/org/keycloak/model/test/ApplicationModelTest.java
+++ b/model/tests/src/test/java/org/keycloak/model/test/ApplicationModelTest.java
@@ -33,6 +33,7 @@ public class ApplicationModelTest extends AbstractModelTest {
application.setName("app-name");
application.addRole("role-1");
application.addRole("role-2");
+ application.addRole("role-3");
application.addDefaultRole("role-1");
application.addDefaultRole("role-2");
diff --git a/model/tests/src/test/java/org/keycloak/model/test/ModelTest.java b/model/tests/src/test/java/org/keycloak/model/test/ModelTest.java
index 33e8490..b15e888 100755
--- a/model/tests/src/test/java/org/keycloak/model/test/ModelTest.java
+++ b/model/tests/src/test/java/org/keycloak/model/test/ModelTest.java
@@ -68,15 +68,6 @@ public class ModelTest extends AbstractModelTest {
Assert.assertEquals(expected.getSocialConfig(), actual.getSocialConfig());
}
- public static void assertEquals(List<RoleModel> expected, List<RoleModel> actual) {
- Assert.assertEquals(expected.size(), actual.size());
- Iterator<RoleModel> exp = expected.iterator();
- Iterator<RoleModel> act = actual.iterator();
- while (exp.hasNext()) {
- Assert.assertEquals(exp.next().getName(), act.next().getName());
- }
- }
-
private RealmModel importExport(RealmModel src, String copyName) {
RealmRepresentation representation = ModelToRepresentation.toRepresentation(src);
RealmModel copy = realmManager.createRealm(copyName);
diff --git a/model/tests/src/test/java/org/keycloak/model/test/MultipleRealmsTest.java b/model/tests/src/test/java/org/keycloak/model/test/MultipleRealmsTest.java
new file mode 100644
index 0000000..25808e3
--- /dev/null
+++ b/model/tests/src/test/java/org/keycloak/model/test/MultipleRealmsTest.java
@@ -0,0 +1,110 @@
+package org.keycloak.model.test;
+
+import java.util.List;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.keycloak.models.ApplicationModel;
+import org.keycloak.models.OAuthClientModel;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.RoleModel;
+import org.keycloak.models.UserCredentialModel;
+import org.keycloak.models.UserModel;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class MultipleRealmsTest extends AbstractModelTest {
+
+ private RealmModel realm1;
+ private RealmModel realm2;
+
+ @Before
+ public void before() throws Exception {
+ super.before();
+ realm1 = identitySession.createRealm("id1", "realm1");
+ realm2 = identitySession.createRealm("id2", "realm2");
+
+ createObjects(realm1);
+ createObjects(realm2);
+ }
+
+ @Test
+ public void testUsers() {
+ UserModel r1user1 = realm1.getUser("user1");
+ UserModel r2user1 = realm2.getUser("user1");
+ Assert.assertEquals(r1user1.getLoginName(), r2user1.getLoginName());
+ Assert.assertNotEquals(r1user1.getId(), r2user1.getId());
+
+ // Test password
+ realm1.updateCredential(r1user1, UserCredentialModel.password("pass1"));
+ realm2.updateCredential(r2user1, UserCredentialModel.password("pass2"));
+
+ Assert.assertTrue(realm1.validatePassword(r1user1, "pass1"));
+ Assert.assertFalse(realm1.validatePassword(r1user1, "pass2"));
+ Assert.assertFalse(realm2.validatePassword(r2user1, "pass1"));
+ Assert.assertTrue(realm2.validatePassword(r2user1, "pass2"));
+
+ // Test searching
+ Assert.assertEquals(2, realm1.searchForUser("user").size());
+
+ realm1.removeUser("user1");
+ realm1.removeUser("user2");
+ Assert.assertEquals(0, realm1.searchForUser("user").size());
+ Assert.assertEquals(2, realm2.searchForUser("user").size());
+ }
+
+ @Test
+ public void testGetById() {
+ Assert.assertEquals(realm1, identitySession.getRealm("id1"));
+ Assert.assertEquals(realm1, identitySession.getRealmByName("realm1"));
+ Assert.assertEquals(realm2, identitySession.getRealm("id2"));
+ Assert.assertEquals(realm2, identitySession.getRealmByName("realm2"));
+
+ ApplicationModel r1app1 = realm1.getApplicationByName("app1");
+ ApplicationModel r1app2 = realm1.getApplicationByName("app2");
+ ApplicationModel r2app1 = realm2.getApplicationByName("app1");
+ ApplicationModel r2app2 = realm2.getApplicationByName("app2");
+
+ Assert.assertEquals(r1app1, realm1.getApplicationById(r1app1.getId()));
+ Assert.assertNull(realm2.getApplicationById(r1app1.getId()));
+
+ OAuthClientModel r2cl1 = realm2.getOAuthClient("cl1");
+ Assert.assertNull(realm1.getOAuthClientById(r2cl1.getId()));
+ Assert.assertEquals(r2cl1.getId(), realm2.getOAuthClientById(r2cl1.getId()).getId());
+
+ RoleModel r1App1Role = r1app1.getRole("app1Role1");
+ Assert.assertNull(realm1.getRoleById(r1App1Role.getId()));
+ Assert.assertNull(realm2.getRoleById(r1App1Role.getId()));
+ Assert.assertEquals(r1App1Role, r1app1.getRoleById(r1App1Role.getId()));
+ Assert.assertNull(r1app2.getRoleById(r1App1Role.getId()));
+ Assert.assertNull(r2app1.getRoleById(r1App1Role.getId()));
+ Assert.assertNull(r2app2.getRoleById(r1App1Role.getId()));
+
+ RoleModel r2Role1 = realm2.getRole("role2");
+ Assert.assertNull(realm1.getRoleById(r2Role1.getId()));
+ Assert.assertEquals(r2Role1, realm2.getRoleById(r2Role1.getId()));
+ Assert.assertNull(r1app1.getRoleById(r2Role1.getId()));
+ Assert.assertNull(r1app2.getRoleById(r2Role1.getId()));
+ Assert.assertNull(r2app1.getRoleById(r2Role1.getId()));
+ Assert.assertNull(r2app2.getRoleById(r2Role1.getId()));
+ }
+
+ private void createObjects(RealmModel realm) {
+ ApplicationModel app1 = realm.addApplication("app1");
+ realm.addApplication("app2");
+
+ realm.addUser("user1");
+ realm.addUser("user2");
+
+ realm.addRole("role1");
+ realm.addRole("role2");
+
+ app1.addRole("app1Role1");
+ app1.addScope(realm.getRole("role1"));
+
+ realm.addOAuthClient("cl1");
+ }
+
+}
