Skip to content

Commit

Permalink
KEYCLOAK-5698
Browse files Browse the repository at this point in the history
  • Loading branch information
@patriot1burke
patriot1burke committed Oct 19, 2017
1 parent 0371a56 commit 54ebc21
Show file tree
Hide file tree
Showing 3 changed files with 106 additions and 1 deletion.
2 changes: 1 addition & 1 deletion federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -540,7 +540,7 @@ public void run(KeycloakSession session) {
LDAPStorageMapper ldapMapper = ldapFedProvider.getMapperManager().getMapper(mapperModel);
ldapMapper.onImportUserFromLDAP(ldapUser, currentUser, currentRealm, false);
}

session.userCache().evict(currentRealm, currentUser);
logger.debugf("Updated user from LDAP: %s", currentUser.getUsername());
syncResult.increaseUpdated();
} else {
Expand Down
2 changes: 2 additions & 0 deletions model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserCacheSession.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,8 @@ public void registerUserInvalidation(RealmModel realm,CachedUser user) {

@Override
public void evict(RealmModel realm, UserModel user) {
if (!transactionActive) throw new IllegalStateException("Cannot call evict() without a transaction");
getDelegate(); // invalidations need delegate set
if (user instanceof CachedUserModel) {
((CachedUserModel)user).invalidate();
} else {
Expand Down
103 changes: 103 additions & 0 deletions ...ed/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPRoleMappingsTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
import org.junit.runners.MethodSorters;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.component.ComponentModel;
import org.keycloak.services.managers.UserStorageSyncManager;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.UserStorageProviderModel;
import org.keycloak.storage.ldap.LDAPStorageProvider;
Expand All @@ -44,6 +45,7 @@
import org.keycloak.models.UserModel;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper;
import org.keycloak.storage.user.SynchronizationResult;
import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.LoginPage;
Expand Down Expand Up @@ -72,6 +74,7 @@ public void config(RealmManager manager, RealmModel adminstrationRealm, RealmMod
LDAPTestUtils.addLocalUser(manager.getSession(), appRealm, "mary", "mary@test.com", "password-app");

MultivaluedHashMap<String,String> ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule);
ldapConfig.remove(LDAPConstants.PAGINATION);
ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "true");
ldapConfig.putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString());
UserStorageProviderModel model = new UserStorageProviderModel();
Expand All @@ -82,6 +85,8 @@ public void config(RealmManager manager, RealmModel adminstrationRealm, RealmMod
model.setPriority(0);
model.setProviderId(LDAPStorageProviderFactory.PROVIDER_NAME);
model.setConfig(ldapConfig);
model.setImportEnabled(true);


ldapModel = appRealm.addComponentModel(model);

Expand Down Expand Up @@ -359,4 +364,102 @@ private void deleteRoleMappingsInLDAP(RoleLDAPStorageMapper roleMapper, LDAPObje
LDAPObject ldapRole1 = roleMapper.loadLDAPRoleByName(roleName);
roleMapper.deleteRoleMappingInLDAP(ldapUser, ldapRole1);
}

/**
* KEYCLOAK-5698
*/
@Test
public void test04_syncRoleMappings() {
KeycloakSession session = keycloakRule.startSession();
try {
RealmModel appRealm = session.realms().getRealmByName("test");

LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel);
LDAPObject john = LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "johnrolemapper", "John", "RoleMapper", "johnrolemapper@email.org", null, "1234");
LDAPTestUtils.updateLDAPPassword(ldapProvider, john, "Password1");
LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ldapModel, LDAPGroupMapperMode.LDAP_ONLY);
UserStorageSyncManager usersSyncManager = new UserStorageSyncManager();
SynchronizationResult syncResult = usersSyncManager.syncChangedUsers(session.getKeycloakSessionFactory(), appRealm.getId(), new UserStorageProviderModel(ldapModel));
syncResult.getAdded();
} finally {
keycloakRule.stopSession(session, true);
}

session = keycloakRule.startSession();
try {
// make sure user is cached.
RealmModel appRealm = session.realms().getRealmByName("test");
UserModel johnRoleMapper = session.users().getUserByUsername("johnrolemapper", appRealm);
Assert.assertNotNull(johnRoleMapper);
Assert.assertEquals(0, johnRoleMapper.getRealmRoleMappings().size());

} finally {
keycloakRule.stopSession(session, true);
}

session = keycloakRule.startSession();
try {
RealmModel appRealm = session.realms().getRealmByName("test");
// Add some role mappings directly in LDAP
LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel);
ComponentModel roleMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "realmRolesMapper");
RoleLDAPStorageMapper roleMapper = LDAPTestUtils.getRoleMapper(roleMapperModel, ldapProvider, appRealm);

LDAPObject johnLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "johnrolemapper");
roleMapper.addRoleMappingInLDAP("realmRole1", johnLdap);
roleMapper.addRoleMappingInLDAP("realmRole2", johnLdap);

// Get user and check that he has requested roles from LDAP
UserModel johnRoleMapper = session.users().getUserByUsername("johnrolemapper", appRealm);
RoleModel realmRole1 = appRealm.getRole("realmRole1");
RoleModel realmRole2 = appRealm.getRole("realmRole2");

Set<RoleModel> johnRoles = johnRoleMapper.getRealmRoleMappings();
Assert.assertFalse(johnRoles.contains(realmRole1));
Assert.assertFalse(johnRoles.contains(realmRole2));



} finally {
keycloakRule.stopSession(session, true);
}

session = keycloakRule.startSession();
try {
RealmModel appRealm = session.realms().getRealmByName("test");
// Add some role mappings directly in LDAP
LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel);
ComponentModel roleMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "realmRolesMapper");
RoleLDAPStorageMapper roleMapper = LDAPTestUtils.getRoleMapper(roleMapperModel, ldapProvider, appRealm);

LDAPObject johnLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "johnrolemapper");
roleMapper.addRoleMappingInLDAP("realmRole1", johnLdap);
roleMapper.addRoleMappingInLDAP("realmRole2", johnLdap);

UserStorageSyncManager usersSyncManager = new UserStorageSyncManager();
SynchronizationResult syncResult = usersSyncManager.syncChangedUsers(session.getKeycloakSessionFactory(), appRealm.getId(), new UserStorageProviderModel(ldapModel));
} finally {
keycloakRule.stopSession(session, true);
}

session = keycloakRule.startSession();
try {
RealmModel appRealm = session.realms().getRealmByName("test");
// Get user and check that he has requested roles from LDAP
UserModel johnRoleMapper = session.users().getUserByUsername("johnrolemapper", appRealm);
RoleModel realmRole1 = appRealm.getRole("realmRole1");
RoleModel realmRole2 = appRealm.getRole("realmRole2");

Set<RoleModel> johnRoles = johnRoleMapper.getRealmRoleMappings();
Assert.assertTrue(johnRoles.contains(realmRole1));
Assert.assertTrue(johnRoles.contains(realmRole2));



} finally {
keycloakRule.stopSession(session, true);
}

}

}

0 comments on commit 54ebc21

Please sign in to comment.