Make sure brokers are managed within the scope of the realm model object

Closes #34356 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2025-12-30 11:29:57 -06:00 · 2025-01-14 05:44:26 -03:00
parent 30b3afbf69
commit 1ca1d5e909
2 changed files with 36 additions and 5 deletions
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmAdapter.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmAdapter.java
@@ -17,6 +17,8 @@

 package org.keycloak.models.cache.infinispan;

+import static org.keycloak.models.utils.KeycloakModelUtils.runOnRealm;
+
 import org.keycloak.Config;
 import org.keycloak.cluster.ClusterProvider;
 import org.keycloak.common.enums.SslRequired;
@@ -917,27 +919,30 @@ public class RealmAdapter implements CachedRealmModel {

    @Override
    public Stream<IdentityProviderModel> getIdentityProvidersStream() {
-        return session.identityProviders().getAllStream();
+        return runOnRealm(session, this, (session) -> session.identityProviders().getAllStream());
    }

    @Override
    public IdentityProviderModel getIdentityProviderByAlias(String alias) {
-        return session.identityProviders().getByAlias(alias);
+        return runOnRealm(session, this, (session) -> session.identityProviders().getByAlias(alias));
    }

    @Override
    public void addIdentityProvider(IdentityProviderModel identityProvider) {
-        session.identityProviders().create(identityProvider);
+        runOnRealm(session, this, (session) -> session.identityProviders().create(identityProvider));
    }

    @Override
    public void updateIdentityProvider(IdentityProviderModel identityProvider) {
-        session.identityProviders().update(identityProvider);
+        runOnRealm(session, this, (session) -> {
+            session.identityProviders().update(identityProvider);
+            return null;
+        });
    }

    @Override
    public void removeIdentityProviderByAlias(String alias) {
-        session.identityProviders().remove(alias);
+        runOnRealm(session, this, (session) -> session.identityProviders().remove(alias));
    }

    @Override
--- a/server-spi-private/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java
+++ b/server-spi-private/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java
@@ -1167,4 +1167,30 @@ public final class KeycloakModelUtils {
        });
    }

+    /**
+     * <p>Runs the given {@code operation} within the scope of the given @{target} realm.
+     *
+     * <p>Only use this method when you need to execute operations in a {@link RealmModel} object that is different
+     * than the one associated with the {@code session}.
+     *
+     * @param session the session
+     * @param target the target realm
+     * @param operation the operation
+     * @return the result from the supplier
+     */
+    public static <T> T runOnRealm(KeycloakSession session, RealmModel target, Function<KeycloakSession, T> operation) {
+        KeycloakContext context = session.getContext();
+        RealmModel currentRealm = context.getRealm();
+
+        if (currentRealm.equals(target)) {
+            return operation.apply(session);
+        }
+
+        try {
+            context.setRealm(target);
+            return operation.apply(session);
+        } finally {
+            context.setRealm(currentRealm);
+        }
+    }
 }