Java源码示例:org.keycloak.models.KeycloakSessionFactory
示例1
@Override
public void postInit(KeycloakSessionFactory factory) {
factory.register(new ProviderEventListener() {
@Override
public void onEvent(ProviderEvent event) {
if (keysCache == null) {
return;
}
SessionAndKeyHolder cacheKey = getCacheKeyToInvalidate(event);
if (cacheKey != null) {
log.debugf("Invalidating %s from keysCache", cacheKey);
InfinispanPublicKeyStorageProvider provider = (InfinispanPublicKeyStorageProvider) cacheKey.session.getProvider(PublicKeyStorageProvider.class, getId());
for (String ck : cacheKey.cacheKeys) provider.addInvalidation(ck);
}
}
});
}
示例2
@Override
public void importModel(KeycloakSessionFactory factory, Strategy strategy) throws IOException {
logger.infof("Full importing from file %s", this.file.getAbsolutePath());
BetterRealmRepresentation masterRealm = getMasterRealm();
KeycloakModelUtils.runJobInTransaction(factory, session -> {
// Import master realm first, if exists
if (masterRealm != null) {
importRealm(session, masterRealm, strategy);
}
realmReps.stream().filter(r -> r != masterRealm).forEach(r -> importRealm(session, r, strategy));
if (masterRealm != null) {
// If master was imported, we may need to re-create realm management clients
for (RealmModel realm : session.realms().getRealms()) {
if (realm.getMasterAdminClient() == null) {
logger.infof("Re-created management client in master realm for realm '%s'", realm.getName());
new RealmManager(session).setupMasterAdminManagement(realm);
}
}
}
});
}
示例3
protected void syncMappers(KeycloakSessionFactory sessionFactory, final String realmId, final ComponentModel model) {
KeycloakModelUtils.runJobInTransaction(sessionFactory, new KeycloakSessionTask() {
@Override
public void run(KeycloakSession session) {
RealmModel realm = session.realms().getRealm(realmId);
session.getContext().setRealm(realm);
session.getProvider(UserStorageProvider.class, model);
List<ComponentModel> mappers = realm.getComponents(model.getId(), LDAPStorageMapper.class.getName());
for (ComponentModel mapperModel : mappers) {
LDAPStorageMapper ldapMapper = session.getProvider(LDAPStorageMapper.class, mapperModel);
SynchronizationResult syncResult = ldapMapper.syncDataFromFederationProviderToKeycloak(realm);
if (syncResult.getAdded() > 0 || syncResult.getUpdated() > 0 || syncResult.getRemoved() > 0 || syncResult.getFailed() > 0) {
logger.infof("Sync of federation mapper '%s' finished. Status: %s", mapperModel.getName(), syncResult.toString());
}
}
}
});
}
示例4
private void updateFederatedIdentity(BrokeredIdentityContext context, UserModel federatedUser) {
FederatedIdentityModel federatedIdentityModel = this.session.users().getFederatedIdentity(federatedUser, context.getIdpConfig().getAlias(), this.realmModel);
// Skip DB write if tokens are null or equal
updateToken(context, federatedUser, federatedIdentityModel);
context.getIdp().updateBrokeredUser(session, realmModel, federatedUser, context);
Set<IdentityProviderMapperModel> mappers = realmModel.getIdentityProviderMappersByAlias(context.getIdpConfig().getAlias());
if (mappers != null) {
KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory();
for (IdentityProviderMapperModel mapper : mappers) {
IdentityProviderMapper target = (IdentityProviderMapper)sessionFactory.getProviderFactory(IdentityProviderMapper.class, mapper.getIdentityProviderMapper());
IdentityProviderMapperSyncModeDelegate.delegateUpdateBrokeredUser(session, realmModel, federatedUser, mapper, context, target);
}
}
}
示例5
default void registerSynchronizationListeners(KeycloakSessionFactory factory) {
Map<Class<? extends ProviderEvent>, Synchronizer> synchronizers = new HashMap<>();
synchronizers.put(ClientRemovedEvent.class, new ClientApplicationSynchronizer());
synchronizers.put(RealmRemovedEvent.class, new RealmSynchronizer());
synchronizers.put(UserRemovedEvent.class, new UserSynchronizer());
synchronizers.put(GroupModel.GroupRemovedEvent.class, new GroupSynchronizer());
factory.register(event -> {
try {
synchronizers.forEach((eventType, synchronizer) -> {
if (eventType.isInstance(event)) {
synchronizer.synchronize(event, factory);
}
});
} catch (Exception e) {
throw new RuntimeException("Error synchronizing authorization data.", e);
}
});
}
示例6
@Override
public SynchronizationResult sync(KeycloakSessionFactory sessionFactory, String realmId, UserStorageProviderModel model) {
syncMappers(sessionFactory, realmId, model);
logger.infof("Sync all users from LDAP to local store: realm: %s, federation provider: %s", realmId, model.getName());
try (LDAPQuery userQuery = createQuery(sessionFactory, realmId, model)) {
SynchronizationResult syncResult = syncImpl(sessionFactory, userQuery, realmId, model);
// TODO: Remove all existing keycloak users, which have federation links, but are not in LDAP. Perhaps don't check users, which were just added or updated during this sync?
logger.infof("Sync all users finished: %s", syncResult.getStatus());
return syncResult;
}
}
示例7
public static void setupScheduledTasks(final KeycloakSessionFactory sessionFactory) {
long interval = Config.scope("scheduled").getLong("interval", 900L) * 1000;
KeycloakSession session = sessionFactory.create();
try {
TimerProvider timer = session.getProvider(TimerProvider.class);
timer.schedule(new ClusterAwareScheduledTaskRunner(sessionFactory, new ClearExpiredEvents(), interval), interval, "ClearExpiredEvents");
timer.schedule(new ClusterAwareScheduledTaskRunner(sessionFactory, new ClearExpiredClientInitialAccessTokens(), interval), interval, "ClearExpiredClientInitialAccessTokens");
timer.schedule(new ScheduledTaskRunner(sessionFactory, new ClearExpiredUserSessions()), interval, ClearExpiredUserSessions.TASK_NAME);
new UserStorageSyncManager().bootstrapPeriodic(sessionFactory, timer);
} finally {
session.close();
}
}
示例8
@Override
public void onStartup(Runnable startupHook) {
startupHook.run();
KeycloakApplication keycloakApplication = Resteasy.getContextData(KeycloakApplication.class);
ServletContext context = Resteasy.getContextData(ServletContext.class);
context.setAttribute(KeycloakSessionFactory.class.getName(), keycloakApplication.getSessionFactory());
}
示例9
@Override
public void importModel(KeycloakSessionFactory factory, final Strategy strategy) throws IOException {
logger.infof("Full importing from file %s", this.file.getAbsolutePath());
checkRealmReps();
KeycloakModelUtils.runJobInTransaction(factory, new ExportImportSessionTask() {
@Override
protected void runExportImportTask(KeycloakSession session) throws IOException {
ImportUtils.importRealms(session, realmReps.values(), strategy);
}
});
}
示例10
public SynchronizationResult syncAllUsers(final KeycloakSessionFactory sessionFactory, final String realmId, final UserStorageProviderModel provider) {
UserStorageProviderFactory factory = (UserStorageProviderFactory) sessionFactory.getProviderFactory(UserStorageProvider.class, provider.getProviderId());
if (!(factory instanceof ImportSynchronization) || !provider.isImportEnabled() || !provider.isEnabled()) {
return SynchronizationResult.ignored();
}
final Holder holder = new Holder();
// Ensure not executed concurrently on this or any other cluster node
KeycloakModelUtils.runJobInTransaction(sessionFactory, new KeycloakSessionTask() {
@Override
public void run(KeycloakSession session) {
ClusterProvider clusterProvider = session.getProvider(ClusterProvider.class);
// shared key for "full" and "changed" . Improve if needed
String taskKey = provider.getId() + "::sync";
// 30 seconds minimal timeout for now
int timeout = Math.max(30, provider.getFullSyncPeriod());
holder.result = clusterProvider.executeIfNotExecuted(taskKey, timeout, new Callable<SynchronizationResult>() {
@Override
public SynchronizationResult call() throws Exception {
updateLastSyncInterval(sessionFactory, provider, realmId);
return ((ImportSynchronization)factory).sync(sessionFactory, realmId, provider);
}
});
}
});
if (holder.result == null || !holder.result.isExecuted()) {
logger.debugf("syncAllUsers for federation provider %s was ignored as it's already in progress", provider.getName());
return SynchronizationResult.ignored();
} else {
return holder.result.getResult();
}
}
示例11
public JtaTransactionWrapper(KeycloakSessionFactory factory, TransactionManager tm) {
this.tm = tm;
this.factory = factory;
try {
suspended = tm.suspend();
logger.debug("new JtaTransactionWrapper");
logger.debugv("was existing? {0}", suspended != null);
tm.begin();
ut = tm.getTransaction();
//ended = new Exception();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
示例12
MgmtPermissions(KeycloakSession session, RealmModel realm) {
this.session = session;
this.realm = realm;
KeycloakSessionFactory keycloakSessionFactory = session.getKeycloakSessionFactory();
AuthorizationProviderFactory factory = (AuthorizationProviderFactory) keycloakSessionFactory.getProviderFactory(AuthorizationProvider.class);
this.authz = factory.create(session, realm);
}
示例13
@Override
public void exportRealm(KeycloakSessionFactory factory, final String realmName) throws IOException {
logger.infof("Exporting realm '%s' into file %s", realmName, this.file.getAbsolutePath());
KeycloakModelUtils.runJobInTransaction(factory, new ExportImportSessionTask() {
@Override
protected void runExportImportTask(KeycloakSession session) throws IOException {
RealmModel realm = session.realms().getRealmByName(realmName);
RealmRepresentation realmRep = ExportUtils.exportRealm(session, realm, true, true);
writeToFile(realmRep);
}
});
}
示例14
@Override
public void synchronize(GroupModel.GroupRemovedEvent event, KeycloakSessionFactory factory) {
ProviderFactory<AuthorizationProvider> providerFactory = factory.getProviderFactory(AuthorizationProvider.class);
AuthorizationProvider authorizationProvider = providerFactory.create(event.getKeycloakSession());
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
PolicyStore policyStore = storeFactory.getPolicyStore();
GroupModel group = event.getGroup();
Map<String, String[]> attributes = new HashMap<>();
attributes.put("type", new String[] {"group"});
attributes.put("config:groups", new String[] {group.getId()});
List<Policy> search = policyStore.findByResourceServer(attributes, null, -1, -1);
for (Policy policy : search) {
PolicyProviderFactory policyFactory = authorizationProvider.getProviderFactory(policy.getType());
GroupPolicyRepresentation representation = GroupPolicyRepresentation.class.cast(policyFactory.toRepresentation(policy, authorizationProvider));
Set<GroupPolicyRepresentation.GroupDefinition> groups = representation.getGroups();
groups.removeIf(groupDefinition -> groupDefinition.getId().equals(group.getId()));
if (groups.isEmpty()) {
policyFactory.onRemove(policy, authorizationProvider);
policyStore.delete(policy.getId());
} else {
policyFactory.onUpdate(policy, representation, authorizationProvider);
}
}
}
示例15
@Override
public void initCache() {
final ComponentRegistry cr = this.workCache.getAdvancedCache().getComponentRegistry();
try {
cr.registerComponent(sessionFactory, KeycloakSessionFactory.class);
} catch (UnsupportedOperationException | CacheConfigurationException ex) {
if (cr.getComponent(KeycloakSessionFactory.class) != sessionFactory) {
throw ex;
}
}
}
示例16
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
servletRequest.setCharacterEncoding("UTF-8");
final HttpServletRequest request = (HttpServletRequest)servletRequest;
KeycloakSessionFactory sessionFactory = (KeycloakSessionFactory) servletRequest.getServletContext().getAttribute(KeycloakSessionFactory.class.getName());
KeycloakSession session = sessionFactory.create();
Resteasy.pushContext(KeycloakSession.class, session);
ClientConnection connection = new ClientConnection() {
@Override
public String getRemoteAddr() {
return request.getRemoteAddr();
}
@Override
public String getRemoteHost() {
return request.getRemoteHost();
}
@Override
public int getRemotePort() {
return request.getRemotePort();
}
@Override
public String getLocalAddr() {
return request.getLocalAddr();
}
@Override
public int getLocalPort() {
return request.getLocalPort();
}
};
session.getContext().setConnection(connection);
Resteasy.pushContext(ClientConnection.class, connection);
KeycloakTransaction tx = session.getTransactionManager();
Resteasy.pushContext(KeycloakTransaction.class, tx);
tx.begin();
try {
filterChain.doFilter(servletRequest, servletResponse);
} finally {
if (servletRequest.isAsyncStarted()) {
servletRequest.getAsyncContext().addListener(createAsyncLifeCycleListener(session));
} else {
closeSession(session);
}
}
}
示例17
@Override
public void postInit(KeycloakSessionFactory factory) {
}
示例18
private Response afterFirstBrokerLogin(ClientSessionCode<AuthenticationSessionModel> clientSessionCode) {
AuthenticationSessionModel authSession = clientSessionCode.getClientSession();
try {
this.event.detail(Details.CODE_ID, authSession.getParentSession().getId())
.removeDetail("auth_method");
SerializedBrokeredIdentityContext serializedCtx = SerializedBrokeredIdentityContext.readFromAuthenticationSession(authSession, AbstractIdpAuthenticator.BROKERED_CONTEXT_NOTE);
if (serializedCtx == null) {
throw new IdentityBrokerException("Not found serialized context in clientSession");
}
BrokeredIdentityContext context = serializedCtx.deserialize(session, authSession);
String providerId = context.getIdpConfig().getAlias();
event.detail(Details.IDENTITY_PROVIDER, providerId);
event.detail(Details.IDENTITY_PROVIDER_USERNAME, context.getUsername());
// Ensure the first-broker-login flow was successfully finished
String authProvider = authSession.getAuthNote(AbstractIdpAuthenticator.FIRST_BROKER_LOGIN_SUCCESS);
if (authProvider == null || !authProvider.equals(providerId)) {
throw new IdentityBrokerException("Invalid request. Not found the flag that first-broker-login flow was finished");
}
// firstBrokerLogin workflow finished. Removing note now
authSession.removeAuthNote(AbstractIdpAuthenticator.BROKERED_CONTEXT_NOTE);
UserModel federatedUser = authSession.getAuthenticatedUser();
if (federatedUser == null) {
throw new IdentityBrokerException("Couldn't found authenticated federatedUser in authentication session");
}
event.user(federatedUser);
event.detail(Details.USERNAME, federatedUser.getUsername());
if (context.getIdpConfig().isAddReadTokenRoleOnCreate()) {
ClientModel brokerClient = realmModel.getClientByClientId(Constants.BROKER_SERVICE_CLIENT_ID);
if (brokerClient == null) {
throw new IdentityBrokerException("Client 'broker' not available. Maybe realm has not migrated to support the broker token exchange service");
}
RoleModel readTokenRole = brokerClient.getRole(Constants.READ_TOKEN_ROLE);
federatedUser.grantRole(readTokenRole);
}
// Add federated identity link here
FederatedIdentityModel federatedIdentityModel = new FederatedIdentityModel(context.getIdpConfig().getAlias(), context.getId(),
context.getUsername(), context.getToken());
session.users().addFederatedIdentity(realmModel, federatedUser, federatedIdentityModel);
String isRegisteredNewUser = authSession.getAuthNote(AbstractIdpAuthenticator.BROKER_REGISTERED_NEW_USER);
if (Boolean.parseBoolean(isRegisteredNewUser)) {
logger.debugf("Registered new user '%s' after first login with identity provider '%s'. Identity provider username is '%s' . ", federatedUser.getUsername(), providerId, context.getUsername());
context.getIdp().importNewUser(session, realmModel, federatedUser, context);
Set<IdentityProviderMapperModel> mappers = realmModel.getIdentityProviderMappersByAlias(providerId);
if (mappers != null) {
KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory();
for (IdentityProviderMapperModel mapper : mappers) {
IdentityProviderMapper target = (IdentityProviderMapper)sessionFactory.getProviderFactory(IdentityProviderMapper.class, mapper.getIdentityProviderMapper());
target.importNewUser(session, realmModel, federatedUser, mapper, context);
}
}
if (context.getIdpConfig().isTrustEmail() && !Validation.isBlank(federatedUser.getEmail()) && !Boolean.parseBoolean(authSession.getAuthNote(AbstractIdpAuthenticator.UPDATE_PROFILE_EMAIL_CHANGED))) {
logger.debugf("Email verified automatically after registration of user '%s' through Identity provider '%s' ", federatedUser.getUsername(), context.getIdpConfig().getAlias());
federatedUser.setEmailVerified(true);
}
event.event(EventType.REGISTER)
.detail(Details.REGISTER_METHOD, "broker")
.detail(Details.EMAIL, federatedUser.getEmail())
.success();
} else {
logger.debugf("Linked existing keycloak user '%s' with identity provider '%s' . Identity provider username is '%s' .", federatedUser.getUsername(), providerId, context.getUsername());
event.event(EventType.FEDERATED_IDENTITY_LINK)
.success();
updateFederatedIdentity(context, federatedUser);
}
return finishOrRedirectToPostBrokerLogin(authSession, context, true, clientSessionCode);
} catch (Exception e) {
return redirectToErrorPage(authSession, Response.Status.INTERNAL_SERVER_ERROR, Messages.IDENTITY_PROVIDER_UNEXPECTED_ERROR, e);
}
}
示例19
@Override
public void postInit(KeycloakSessionFactory factory) {
}
示例20
@Override
public void postInit(KeycloakSessionFactory factory) {
// NOOP
}
示例21
@Override
public void postInit(KeycloakSessionFactory factory) {
// NOOP
}
示例22
@Override
public void postInit(KeycloakSessionFactory factory) {
}
示例23
@Override
public void postInit(KeycloakSessionFactory factory) {
// NOOP
}
示例24
@Override
public void postInit(KeycloakSessionFactory factory) {
// NOOP
}
示例25
@Override
public void postInit(KeycloakSessionFactory factory) {
}
示例26
@Override
public void postInit(KeycloakSessionFactory factory) {
// NOOP
}
示例27
@Override
public void postInit(final KeycloakSessionFactory factory) {
// no-op
}
示例28
@Override
public void postInit(KeycloakSessionFactory factory) {
// NOP
}
示例29
@Override
public void postInit(KeycloakSessionFactory factory) {
// no-op
}
示例30
@Override
public void postInit(KeycloakSessionFactory factory) {
}
