mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2025-12-16 20:15:46 -06:00
Code Issues Packages Projects Releases Wiki Activity

Make sure inner transactions are using their own session

Browse Source 
Closes #41942

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
This commit is contained in:
Pedro Igor
2025-09-04 08:31:41 -03:00
committed by GitHub
parent 7ef44e5f93
commit 0dd0a0210a
4 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/AbstractLDAPStorageMapper.java
View File

@@ -31,6 +31,7 @@ import java.util.Collections;
import java.util.List;
import java.util.Set;
import org.keycloak.models.RoleModel;
import org.keycloak.utils.KeycloakSessionUtil;
/**
* Stateful per-request object
@@ -39,14 +40,12 @@ import org.keycloak.models.RoleModel;
*/
public abstract class AbstractLDAPStorageMapper implements LDAPStorageMapper {
protected final KeycloakSession session;
protected final ComponentModel mapperModel;
protected final LDAPStorageProvider ldapProvider;
public AbstractLDAPStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider) {
this.mapperModel = mapperModel;
this.ldapProvider = ldapProvider;
this.session = ldapProvider.getSession();
}
@Override
@@ -99,4 +98,7 @@ public abstract class AbstractLDAPStorageMapper implements LDAPStorageMapper {
}
protected KeycloakSession getSession() {
return KeycloakSessionUtil.getKeycloakSession();
}
}

2
federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/HardcodedLDAPGroupStorageMapper.java
View File

@@ -97,7 +97,7 @@ public class HardcodedLDAPGroupStorageMapper extends AbstractLDAPStorageMapper {
private GroupModel getGroup(RealmModel realm) {
String groupName = mapperModel.getConfig().getFirst(HardcodedLDAPGroupStorageMapper.GROUP);
GroupModel group = KeycloakModelUtils.findGroupByPath(session, realm, groupName);
GroupModel group = KeycloakModelUtils.findGroupByPath(getSession(), realm, groupName);
if (group == null) {
logger.warnf("Hardcoded group '%s' configured in mapper '%s' is not available anymore");
}

8
federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/group/GroupLDAPStorageMapper.java
View File

@@ -374,7 +374,7 @@ public class GroupLDAPStorageMapper extends AbstractLDAPStorageMapper implements
.filter(group -> Objects.equals(group.getName(), groupName)).findFirst().orElse(null);
} else {
// Without preserved inheritance, it's always at groups path
return session.groups().getGroupByName(realm, parent, groupName);
return getSession().groups().getGroupByName(realm, parent, groupName);
}
}
@@ -803,7 +803,7 @@ public class GroupLDAPStorageMapper extends AbstractLDAPStorageMapper implements
* Provides KC group defined as groups path or null (top-level group) if corresponding group is not available.
*/
protected GroupModel getKcGroupsPathGroup(RealmModel realm) {
return config.isTopLevelGroupsPath() ? null : KeycloakModelUtils.findGroupByPath(session, realm, config.getGroupsPath());
return config.isTopLevelGroupsPath() ? null : KeycloakModelUtils.findGroupByPath(getSession(), realm, config.getGroupsPath());
}
protected boolean isGroupInGroupPath(RealmModel realm, GroupModel group) {
@@ -813,7 +813,7 @@ public class GroupLDAPStorageMapper extends AbstractLDAPStorageMapper implements
if (config.isTopLevelGroupsPath()) {
return true; // any group is in the path of the top level path.
}
GroupModel groupPathGroup = KeycloakModelUtils.findGroupByPath(session, realm, config.getGroupsPath());
GroupModel groupPathGroup = KeycloakModelUtils.findGroupByPath(getSession(), realm, config.getGroupsPath());
if (groupPathGroup != null) {
while(!groupPathGroup.getId().equals(group.getId())) {
group = group.getParent();
@@ -847,7 +847,7 @@ public class GroupLDAPStorageMapper extends AbstractLDAPStorageMapper implements
if (parentGroup == null) {
parentGroup = getKcGroupsPathGroup(realm);
}
return parentGroup == null ? session.groups().getTopLevelGroupsStream(realm) :
return parentGroup == null ? getSession().groups().getTopLevelGroupsStream(realm) :
parentGroup.getSubGroupsStream();
}

6
federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapper.java
View File

@@ -163,7 +163,7 @@ public class MSADUserAccountControlStorageMapper extends AbstractLDAPStorageMapp
// User needs to change his MSAD password. Allow him to login, but add UPDATE_PASSWORD required action to authenticationSession
if (user.getRequiredActionsStream().noneMatch(action -> Objects.equals(action, UserModel.RequiredAction.UPDATE_PASSWORD.name()))) {
// This usually happens when 532 was returned, which means that "pwdLastSet" is set to some positive value, which is older than MSAD password expiration policy.
AuthenticationSessionModel authSession = session.getContext().getAuthenticationSession();
AuthenticationSessionModel authSession = getSession().getContext().getAuthenticationSession();
if (authSession != null) {
if (authSession.getRequiredActions().stream().noneMatch(action -> Objects.equals(action, UserModel.RequiredAction.UPDATE_PASSWORD.name()))) {
logger.debugf("Adding requiredAction UPDATE_PASSWORD to the authenticationSession of user %s", user.getUsername());
@@ -226,7 +226,7 @@ public class MSADUserAccountControlStorageMapper extends AbstractLDAPStorageMapp
return control;
}
RealmModel realm = session.getContext().getRealm();
RealmModel realm = getSession().getContext().getRealm();
if (realm == null) {
return control;
@@ -250,7 +250,7 @@ public class MSADUserAccountControlStorageMapper extends AbstractLDAPStorageMapp
}
private String getRealmName() {
RealmModel realm = session.getContext().getRealm();
RealmModel realm = getSession().getContext().getRealm();
return (realm != null) ? realm.getName() : "null";
}