Skip to content

Commit

Permalink
Merge remote-tracking branch 'upstream/master'
Browse files Browse the repository at this point in the history
  • Loading branch information
@patriot1burke
patriot1burke committed Apr 12, 2016
2 parents cca91dd + ca46621 commit 515ed22
Show file tree
Hide file tree
Showing 67 changed files with 1,207 additions and 575 deletions.
6 changes: 3 additions & 3 deletions adapters/oidc/js/src/main/resources/keycloak.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -192,7 +192,7 @@
redirectUri += (redirectUri.indexOf('?') == -1 ? '?' : '&') + 'prompt=' + options.prompt;
}

sessionStorage.oauthState = JSON.stringify({ state: state, nonce: nonce, redirectUri: encodeURIComponent(redirectUri) });
localStorage.oauthState = JSON.stringify({ state: state, nonce: nonce, redirectUri: encodeURIComponent(redirectUri) });

var action = 'auth';
if (options && options.action == 'register') {
Expand Down Expand Up @@ -689,10 +689,10 @@
function parseCallback(url) {
var oauth = new CallbackParser(url, kc.responseMode).parseUri();

var sessionState = sessionStorage.oauthState && JSON.parse(sessionStorage.oauthState);
var sessionState = localStorage.oauthState && JSON.parse(localStorage.oauthState);

if (sessionState && (oauth.code || oauth.error || oauth.access_token || oauth.id_token) && oauth.state && oauth.state == sessionState.state) {
delete sessionStorage.oauthState;
delete localStorage.oauthState;

oauth.redirectUri = sessionState.redirectUri;
oauth.storedNonce = sessionState.nonce;
Expand Down
10 changes: 8 additions & 2 deletions core/src/main/java/org/keycloak/representations/idm/AuthenticatorConfigRepresentation.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,17 @@
*/
public class AuthenticatorConfigRepresentation implements Serializable {

private String id;
private String alias;
private Map<String, String> config = new HashMap<String, String>();

public String getId() {
return id;
}

public void setId(String id) {
this.id = id;
}

public String getAlias() {
return alias;
Expand All @@ -39,8 +47,6 @@ public void setAlias(String alias) {
this.alias = alias;
}



public Map<String, String> getConfig() {
return config;
}
Expand Down
2 changes: 1 addition & 1 deletion docbook/auth-server-docs/reference/en/en-US/modules/logout.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
<para>
There are multiple ways you can logout from a web application. For Java EE servlet containers, you can call
HttpServletRequest.logout().
For any other browser application, you can point the browser at the url <literal>http://auth-server/auth/realms/{realm-name}/tokens/logout?redirect_uri=encodedRedirectUri</literal>.
For any other browser application, you can point the browser at the url <literal>http://auth-server/auth/realms/{realm-name}/protocol/openid-connect/logout?redirect_uri=encodedRedirectUri</literal>.
This will log you out if you have an SSO session with your browser.
</para>
</section>
2 changes: 1 addition & 1 deletion integration/admin-client/src/main/java/org/keycloak/admin/client/Keycloak.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ public class Keycloak {

Keycloak(String serverUrl, String realm, String username, String password, String clientId, String clientSecret, String grantType, ResteasyClient resteasyClient) {
config = new Config(serverUrl, realm, username, password, clientId, clientSecret, grantType);
client = resteasyClient != null ? resteasyClient : new ResteasyClientBuilder().build();
client = resteasyClient != null ? resteasyClient : new ResteasyClientBuilder().connectionPoolSize(10).build();

tokenManager = new TokenManager(config, client);

Expand Down
10 changes: 10 additions & 0 deletions integration/admin-client/src/main/java/org/keycloak/admin/client/resource/UserResource.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.util.List;
import java.util.Map;

/**
* @author rodrigo.sasaki@icarros.com.br
Expand Down Expand Up @@ -132,4 +133,13 @@ public interface UserResource {
@Path("role-mappings")
public RoleMappingResource roles();


@GET
@Path("consents")
public List<Map<String, Object>> getConsents();

@DELETE
@Path("consents/{client}")
public void revokeConsent(@PathParam("client") String clientId);

}
11 changes: 4 additions & 7 deletions integration/admin-client/src/main/java/org/keycloak/admin/client/resource/UsersResource.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,13 +19,7 @@

import org.keycloak.representations.idm.UserRepresentation;

import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.util.List;
Expand Down Expand Up @@ -59,4 +53,7 @@ List<UserRepresentation> search(@QueryParam("search") String search,
@Path("{id}")
UserResource get(@PathParam("id") String id);

@Path("{id}")
@DELETE
Response delete(@PathParam("id") String id);
}
13 changes: 9 additions & 4 deletions ...g/keycloak/connections/jpa/updater/liquibase/conn/DefaultLiquibaseConnectionProvider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
import org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider;
import org.keycloak.connections.jpa.updater.liquibase.PostgresPlusDatabase;
import org.keycloak.connections.jpa.updater.liquibase.lock.CustomInsertLockRecordGenerator;
import org.keycloak.connections.jpa.updater.liquibase.lock.CustomLockDatabaseChangeLogGenerator;
import org.keycloak.connections.jpa.updater.liquibase.lock.CustomLockService;
import org.keycloak.connections.jpa.updater.liquibase.lock.DummyLockService;
import org.keycloak.models.KeycloakSession;
Expand Down Expand Up @@ -68,6 +69,7 @@ public LiquibaseConnectionProvider create(KeycloakSession session) {

protected void baseLiquibaseInitialization() {
ServiceLocator sl = ServiceLocator.getInstance();
sl.setResourceAccessor(new ClassLoaderResourceAccessor(getClass().getClassLoader()));

if (!System.getProperties().containsKey("liquibase.scan.packages")) {
if (sl.getPackages().remove("liquibase.core")) {
Expand All @@ -84,6 +86,10 @@ protected void baseLiquibaseInitialization() {

sl.getPackages().remove("liquibase.ext");
sl.getPackages().remove("liquibase.sdk");

String lockPackageName = DummyLockService.class.getPackage().getName();
logger.debugf("Added package %s to liquibase", lockPackageName);
sl.addPackageToScan(lockPackageName);
}

LogFactory.setInstance(new LogWrapper());
Expand All @@ -93,6 +99,9 @@ protected void baseLiquibaseInitialization() {

// Change command for creating lock and drop DELETE lock record from it
SqlGeneratorFactory.getInstance().register(new CustomInsertLockRecordGenerator());

// Use "SELECT FOR UPDATE" for locking database
SqlGeneratorFactory.getInstance().register(new CustomLockDatabaseChangeLogGenerator());
}


Expand Down Expand Up @@ -125,10 +134,6 @@ public Liquibase getLiquibase(Connection connection, String defaultSchema) throw
String changelog = (database instanceof DB2Database) ? LiquibaseJpaUpdaterProvider.DB2_CHANGELOG : LiquibaseJpaUpdaterProvider.CHANGELOG;
logger.debugf("Using changelog file: %s", changelog);

// We wrap liquibase update in CustomLockService provided by DBLockProvider. No need to lock inside liquibase itself.
// NOTE: This can't be done in baseLiquibaseInitialization() as liquibase always restarts lock service
LockServiceFactory.getInstance().register(new DummyLockService());

return new Liquibase(changelog, new ClassLoaderResourceAccessor(getClass().getClassLoader()), database);
}

Expand Down
86 changes: 86 additions & 0 deletions ...keycloak/connections/jpa/updater/liquibase/lock/CustomLockDatabaseChangeLogGenerator.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package org.keycloak.connections.jpa.updater.liquibase.lock;

import liquibase.database.Database;
import liquibase.database.core.DB2Database;
import liquibase.database.core.H2Database;
import liquibase.database.core.MSSQLDatabase;
import liquibase.database.core.MySQLDatabase;
import liquibase.database.core.OracleDatabase;
import liquibase.database.core.PostgresDatabase;
import liquibase.sql.Sql;
import liquibase.sql.UnparsedSql;
import liquibase.sqlgenerator.SqlGeneratorChain;
import liquibase.sqlgenerator.core.LockDatabaseChangeLogGenerator;
import liquibase.statement.core.LockDatabaseChangeLogStatement;
import org.jboss.logging.Logger;

/**
* We use "SELECT FOR UPDATE" pessimistic locking (Same algorithm like Hibernate LockMode.PESSIMISTIC_WRITE )
*
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class CustomLockDatabaseChangeLogGenerator extends LockDatabaseChangeLogGenerator {

private static final Logger logger = Logger.getLogger(CustomLockDatabaseChangeLogGenerator.class);

@Override
public int getPriority() {
return super.getPriority() + 1; // Ensure bigger priority than LockDatabaseChangeLogGenerator
}

@Override
public Sql[] generateSql(LockDatabaseChangeLogStatement statement, Database database, SqlGeneratorChain sqlGeneratorChain) {

Sql selectForUpdateSql = generateSelectForUpdate(database);

return new Sql[] { selectForUpdateSql };
}


private Sql generateSelectForUpdate(Database database) {
String catalog = database.getLiquibaseCatalogName();
String schema = database.getLiquibaseSchemaName();
String rawLockTableName = database.getDatabaseChangeLogLockTableName();

String lockTableName = database.escapeTableName(catalog, schema, rawLockTableName);
String idColumnName = database.escapeColumnName(catalog, schema, rawLockTableName, "ID");

String sqlBase = "SELECT " + idColumnName + " FROM " + lockTableName;
String sqlWhere = " WHERE " + idColumnName + "=1";

String sql;
if (database instanceof MySQLDatabase || database instanceof PostgresDatabase || database instanceof H2Database ||
database instanceof OracleDatabase) {
sql = sqlBase + sqlWhere + " FOR UPDATE";
} else if (database instanceof MSSQLDatabase) {
sql = sqlBase + " WITH (UPDLOCK, ROWLOCK)" + sqlWhere;
} else if (database instanceof DB2Database) {
sql = sqlBase + sqlWhere + " FOR READ ONLY WITH RS USE AND KEEP UPDATE LOCKS";
} else {
sql = sqlBase + sqlWhere;
logger.warnf("No direct support for database %s . Database lock may not work correctly", database.getClass().getName());
}

logger.debugf("SQL command for pessimistic lock: %s", sql);

return new UnparsedSql(sql);
}

}
Loading

0 comments on commit 515ed22

Please sign in to comment.