keycloak-aplcache
Changes
connections/mongo/src/main/java/org/keycloak/connections/mongo/DefaultMongoConnectionFactoryProvider.java 4(+3 -1)
model/api/src/main/java/org/keycloak/models/entities/ClientIdentityProviderMappingEntity.java 6(+3 -3)
Details
diff --git a/connections/mongo/src/main/java/org/keycloak/connections/mongo/DefaultMongoConnectionFactoryProvider.java b/connections/mongo/src/main/java/org/keycloak/connections/mongo/DefaultMongoConnectionFactoryProvider.java
index 3c0db05..649ad7e 100755
--- a/connections/mongo/src/main/java/org/keycloak/connections/mongo/DefaultMongoConnectionFactoryProvider.java
+++ b/connections/mongo/src/main/java/org/keycloak/connections/mongo/DefaultMongoConnectionFactoryProvider.java
@@ -28,6 +28,7 @@ public class DefaultMongoConnectionFactoryProvider implements MongoConnectionPro
"org.keycloak.models.mongo.keycloak.entities.MongoUserEntity",
"org.keycloak.models.mongo.keycloak.entities.MongoRoleEntity",
"org.keycloak.models.entities.IdentityProviderEntity",
+ "org.keycloak.models.entities.ClientIdentityProviderMappingEntity",
"org.keycloak.models.entities.RequiredCredentialEntity",
"org.keycloak.models.entities.CredentialEntity",
"org.keycloak.models.entities.FederatedIdentityEntity",
@@ -36,7 +37,8 @@ public class DefaultMongoConnectionFactoryProvider implements MongoConnectionPro
"org.keycloak.models.sessions.mongo.entities.MongoUsernameLoginFailureEntity",
"org.keycloak.models.sessions.mongo.entities.MongoUserSessionEntity",
"org.keycloak.models.sessions.mongo.entities.MongoClientSessionEntity",
- "org.keycloak.models.entities.UserFederationProviderEntity"
+ "org.keycloak.models.entities.UserFederationProviderEntity",
+ "org.keycloak.models.entities.ProtocolMapperEntity"
};
private static final Logger logger = Logger.getLogger(DefaultMongoConnectionFactoryProvider.class);
diff --git a/model/api/src/main/java/org/keycloak/models/entities/ClientIdentityProviderMappingEntity.java b/model/api/src/main/java/org/keycloak/models/entities/ClientIdentityProviderMappingEntity.java
index a788aac..f1df39f 100644
--- a/model/api/src/main/java/org/keycloak/models/entities/ClientIdentityProviderMappingEntity.java
+++ b/model/api/src/main/java/org/keycloak/models/entities/ClientIdentityProviderMappingEntity.java
@@ -23,7 +23,7 @@ package org.keycloak.models.entities;
public class ClientIdentityProviderMappingEntity {
private String id;
- private Boolean retrieveToken;
+ private boolean retrieveToken;
public String getId() {
return this.id;
@@ -33,11 +33,11 @@ public class ClientIdentityProviderMappingEntity {
this.id = id;
}
- public Boolean isRetrieveToken() {
+ public boolean isRetrieveToken() {
return this.retrieveToken;
}
- public void setRetrieveToken(Boolean retrieveToken) {
+ public void setRetrieveToken(boolean retrieveToken) {
this.retrieveToken = retrieveToken;
}
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ClientAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ClientAdapter.java
index c0202c1..1072181 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ClientAdapter.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ClientAdapter.java
@@ -29,14 +29,12 @@ public abstract class ClientAdapter<T extends MongoIdentifiableEntity> extends A
protected final T clientEntity;
private final RealmModel realm;
protected KeycloakSession session;
- private final RealmProvider model;
public ClientAdapter(KeycloakSession session, RealmModel realm, T clientEntity, MongoStoreInvocationContext invContext) {
super(invContext);
this.clientEntity = clientEntity;
this.realm = realm;
this.session = session;
- this.model = session.realms();
}
@Override
@@ -326,13 +324,14 @@ public abstract class ClientAdapter<T extends MongoIdentifiableEntity> extends A
@Override
public void updateAllowedIdentityProviders(List<ClientIdentityProviderMappingModel> identityProviders) {
- List<ClientIdentityProviderMappingEntity> stored = getMongoEntityAsClient().getIdentityProviders();
+ List<ClientIdentityProviderMappingEntity> stored = new ArrayList<ClientIdentityProviderMappingEntity>();
for (ClientIdentityProviderMappingModel model : identityProviders) {
ClientIdentityProviderMappingEntity entity = new ClientIdentityProviderMappingEntity();
entity.setId(model.getIdentityProvider());
entity.setRetrieveToken(model.isRetrieveToken());
+ stored.add(entity);
}
getMongoEntityAsClient().setIdentityProviders(stored);
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
index d48ae7d..be033a3 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
@@ -910,7 +910,7 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
mapping.setConsentRequired(entity.isConsentRequired());
mapping.setConsentText(entity.getConsentText());
Map<String, String> config = new HashMap<String, String>();
- if (entity.getConfig() != null) config.putAll(config);
+ if (entity.getConfig() != null) config.putAll(entity.getConfig());
mapping.setConfig(config);
return mapping;
}
diff --git a/services/src/main/java/org/keycloak/protocol/AbstractLoginProtocolFactory.java b/services/src/main/java/org/keycloak/protocol/AbstractLoginProtocolFactory.java
index 7483105..88f0f14 100755
--- a/services/src/main/java/org/keycloak/protocol/AbstractLoginProtocolFactory.java
+++ b/services/src/main/java/org/keycloak/protocol/AbstractLoginProtocolFactory.java
@@ -1,5 +1,6 @@
package org.keycloak.protocol;
+import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
@@ -14,6 +15,9 @@ import java.util.List;
* @version $Revision: 1 $
*/
public abstract class AbstractLoginProtocolFactory implements LoginProtocolFactory {
+
+ private static final Logger logger = Logger.getLogger(AbstractLoginProtocolFactory.class);
+
@Override
public void init(Config.Scope config) {
}
@@ -27,6 +31,7 @@ public abstract class AbstractLoginProtocolFactory implements LoginProtocolFacto
for (RealmModel realm : realms) addDefaults(realm);
session.getTransaction().commit();
} catch (Exception e) {
+ logger.error("Can't add default mappers to realm", e);
session.getTransaction().rollback();
} finally {
session.close();
diff --git a/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/EmbeddedServersFactory.java b/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/EmbeddedServersFactory.java
index a377d9b..d739b6c 100644
--- a/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/EmbeddedServersFactory.java
+++ b/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/EmbeddedServersFactory.java
@@ -16,6 +16,7 @@ public class EmbeddedServersFactory {
private static final String DEFAULT_KERBEROS_REALM = "KEYCLOAK.ORG";
private static final int DEFAULT_KDC_PORT = 6088;
+ private static final String DEFAULT_KDC_ENCRYPTION_TYPES = "aes128-cts-hmac-sha1-96, des-cbc-md5, des3-cbc-sha1-kd";
private String baseDN;
private String bindHost;
@@ -23,6 +24,7 @@ public class EmbeddedServersFactory {
private String ldifFile;
private String kerberosRealm;
private int kdcPort;
+ private String kdcEncryptionTypes;
public static EmbeddedServersFactory readConfiguration() {
@@ -40,6 +42,7 @@ public class EmbeddedServersFactory {
this.kerberosRealm = System.getProperty("kerberos.realm");
String kdcPort = System.getProperty("kerberos.port");
+ this.kdcEncryptionTypes = System.getProperty("kerberos.encTypes");
if (baseDN == null || baseDN.isEmpty()) {
baseDN = DEFAULT_BASE_DN;
@@ -56,6 +59,9 @@ public class EmbeddedServersFactory {
kerberosRealm = DEFAULT_KERBEROS_REALM;
}
this.kdcPort = (kdcPort == null || kdcPort.isEmpty()) ? DEFAULT_KDC_PORT : Integer.parseInt(kdcPort);
+ if (kdcEncryptionTypes == null || kdcEncryptionTypes.isEmpty()) {
+ kdcEncryptionTypes = DEFAULT_KDC_ENCRYPTION_TYPES;
+ }
}
@@ -77,6 +83,6 @@ public class EmbeddedServersFactory {
ldifFile = DEFAULT_KERBEROS_LDIF_FILE;
}
- return new KerberosEmbeddedServer(baseDN, bindHost, bindPort, ldifFile, kerberosRealm, kdcPort);
+ return new KerberosEmbeddedServer(baseDN, bindHost, bindPort, ldifFile, kerberosRealm, kdcPort, kdcEncryptionTypes);
}
}
diff --git a/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/KerberosEmbeddedServer.java b/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/KerberosEmbeddedServer.java
index 527c9b3..f568342 100644
--- a/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/KerberosEmbeddedServer.java
+++ b/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/KerberosEmbeddedServer.java
@@ -2,6 +2,8 @@ package org.keycloak.testutils.ldap;
import java.io.IOException;
import java.lang.reflect.Field;
+import java.util.HashSet;
+import java.util.Set;
import javax.security.auth.kerberos.KerberosPrincipal;
@@ -20,6 +22,8 @@ import org.apache.directory.server.ldap.handlers.sasl.ntlm.NtlmMechanismHandler;
import org.apache.directory.server.ldap.handlers.sasl.plain.PlainMechanismHandler;
import org.apache.directory.server.protocol.shared.transport.UdpTransport;
import org.apache.directory.shared.kerberos.KerberosTime;
+import org.apache.directory.shared.kerberos.KerberosUtils;
+import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
import org.jboss.logging.Logger;
/**
@@ -31,6 +35,7 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer {
private final String kerberosRealm;
private final int kdcPort;
+ private final String kdcEncryptionTypes;
private KdcServer kdcServer;
@@ -43,8 +48,9 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer {
}
- protected KerberosEmbeddedServer(String baseDN, String bindHost, int bindPort, String ldifFile, String kerberosRealm, int kdcPort) {
+ protected KerberosEmbeddedServer(String baseDN, String bindHost, int bindPort, String ldifFile, String kerberosRealm, int kdcPort, String kdcEncryptionTypes) {
super(baseDN, bindHost, bindPort, ldifFile);
+ this.kdcEncryptionTypes = kdcEncryptionTypes;
this.kerberosRealm = kerberosRealm;
this.kdcPort = kdcPort;
}
@@ -54,7 +60,7 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer {
public void init() throws Exception {
super.init();
- log.info("Creating KDC server. kerberosRealm: " + kerberosRealm + ", kdcPort: " + kdcPort);
+ log.info("Creating KDC server. kerberosRealm: " + kerberosRealm + ", kdcPort: " + kdcPort + ", kdcEncryptionTypes: " + kdcEncryptionTypes);
createAndStartKdcServer();
}
@@ -93,6 +99,8 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer {
kdcConfig.setMaximumTicketLifetime(60000 * 1440);
kdcConfig.setMaximumRenewableLifetime(60000 * 10080);
kdcConfig.setPaEncTimestampRequired(false);
+ Set<EncryptionType> encryptionTypes = convertEncryptionTypes();
+ kdcConfig.setEncryptionTypes(encryptionTypes);
kdcServer = new NoReplayKdcServer(kdcConfig);
kdcServer.setSearchBaseDn(this.baseDN);
@@ -122,6 +130,24 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer {
}
+ private Set<EncryptionType> convertEncryptionTypes() {
+ Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
+ String[] configEncTypes = kdcEncryptionTypes.split(",");
+
+ for ( String enc : configEncTypes ) {
+ enc = enc.trim();
+ for ( EncryptionType type : EncryptionType.getEncryptionTypes() ) {
+ if ( type.getName().equalsIgnoreCase( enc ) ) {
+ encryptionTypes.add( type );
+ }
+ }
+ }
+
+ encryptionTypes = KerberosUtils.orderEtypesByStrength(encryptionTypes);
+ return encryptionTypes;
+ }
+
+
/**
* Replacement of apacheDS KdcServer class with disabled ticket replay cache.
*
@@ -151,12 +177,10 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer {
@Override
public void save(KerberosPrincipal serverPrincipal, KerberosPrincipal clientPrincipal, KerberosTime clientTime,
int clientMicroSeconds) {
- return;
}
@Override
public void clear() {
- return;
}
}