resolve conflicts

connections/mongo/src/main/java/org/keycloak/connections/mongo/DefaultMongoConnectionFactoryProvider.java

@@ -29,7 +29,6 @@ public class DefaultMongoConnectionFactoryProvider implements MongoConnectionPro
             "org.keycloak.models.mongo.keycloak.entities.MongoRoleEntity",
             "org.keycloak.models.entities.IdentityProviderEntity",
             "org.keycloak.models.entities.ClientIdentityProviderMappingEntity",
-            "org.keycloak.models.entities.ProtocolMapperEntity",
             "org.keycloak.models.entities.RequiredCredentialEntity",
             "org.keycloak.models.entities.CredentialEntity",
             "org.keycloak.models.entities.FederatedIdentityEntity",
@@ -38,7 +37,8 @@ public class DefaultMongoConnectionFactoryProvider implements MongoConnectionPro
             "org.keycloak.models.sessions.mongo.entities.MongoUsernameLoginFailureEntity",
             "org.keycloak.models.sessions.mongo.entities.MongoUserSessionEntity",
             "org.keycloak.models.sessions.mongo.entities.MongoClientSessionEntity",
-            "org.keycloak.models.entities.UserFederationProviderEntity"
+            "org.keycloak.models.entities.UserFederationProviderEntity",
+            "org.keycloak.models.entities.ProtocolMapperEntity"
     };
 
     private static final Logger logger = Logger.getLogger(DefaultMongoConnectionFactoryProvider.class);

model/api/src/main/java/org/keycloak/models/entities/ClientIdentityProviderMappingEntity.java

@@ -37,7 +37,7 @@ public class ClientIdentityProviderMappingEntity {
         return this.retrieveToken;
     }
 
-    public void setRetrieveToken(Boolean retrieveToken) {
+    public void setRetrieveToken(boolean retrieveToken) {
         this.retrieveToken = retrieveToken;
     }
 

model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ClientAdapter.java

@@ -29,14 +29,12 @@ public abstract class ClientAdapter<T extends MongoIdentifiableEntity> extends A
     protected final T clientEntity;
     private final RealmModel realm;
     protected  KeycloakSession session;
-    private final RealmProvider model;
 
     public ClientAdapter(KeycloakSession session, RealmModel realm, T clientEntity, MongoStoreInvocationContext invContext) {
         super(invContext);
         this.clientEntity = clientEntity;
         this.realm = realm;
         this.session = session;
-        this.model = session.realms();
     }
 
     @Override
@@ -326,8 +324,8 @@ public abstract class ClientAdapter<T extends MongoIdentifiableEntity> extends A
 
     @Override
     public void updateAllowedIdentityProviders(List<ClientIdentityProviderMappingModel> identityProviders) {
-        List<ClientIdentityProviderMappingEntity> stored = getMongoEntityAsClient().getIdentityProviders();
-        stored.clear();
+        List<ClientIdentityProviderMappingEntity> stored = new ArrayList<ClientIdentityProviderMappingEntity>();
+
         for (ClientIdentityProviderMappingModel model : identityProviders) {
             ClientIdentityProviderMappingEntity entity = new ClientIdentityProviderMappingEntity();
 
@@ -335,6 +333,8 @@ public abstract class ClientAdapter<T extends MongoIdentifiableEntity> extends A
             entity.setRetrieveToken(model.isRetrieveToken());
             stored.add(entity);
         }
+
+        getMongoEntityAsClient().setIdentityProviders(stored);
         updateMongoEntity();
     }
 

services/src/main/java/org/keycloak/protocol/AbstractLoginProtocolFactory.java

@@ -1,5 +1,6 @@
 package org.keycloak.protocol;
 
+import org.jboss.logging.Logger;
 import org.keycloak.Config;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.KeycloakSessionFactory;
@@ -14,6 +15,9 @@ import java.util.List;
  * @version $Revision: 1 $
  */
 public abstract class AbstractLoginProtocolFactory implements LoginProtocolFactory {
+
+    private static final Logger logger = Logger.getLogger(AbstractLoginProtocolFactory.class);
+
     @Override
     public void init(Config.Scope config) {
     }
@@ -27,6 +31,7 @@ public abstract class AbstractLoginProtocolFactory implements LoginProtocolFacto
             for (RealmModel realm : realms) addDefaults(realm);
             session.getTransaction().commit();
         } catch (Exception e) {
+            logger.error("Can't add default mappers to realm", e);
             session.getTransaction().rollback();
         } finally {
             session.close();

testsuite/integration/src/main/java/org/keycloak/testutils/ldap/EmbeddedServersFactory.java

@@ -16,6 +16,7 @@ public class EmbeddedServersFactory {
 
     private static final String DEFAULT_KERBEROS_REALM = "KEYCLOAK.ORG";
     private static final int DEFAULT_KDC_PORT = 6088;
+    private static final String DEFAULT_KDC_ENCRYPTION_TYPES = "aes128-cts-hmac-sha1-96, des-cbc-md5, des3-cbc-sha1-kd";
 
     private String baseDN;
     private String bindHost;
@@ -23,6 +24,7 @@ public class EmbeddedServersFactory {
     private String ldifFile;
     private String kerberosRealm;
     private int kdcPort;
+    private String kdcEncryptionTypes;
 
 
     public static EmbeddedServersFactory readConfiguration() {
@@ -40,6 +42,7 @@ public class EmbeddedServersFactory {
 
         this.kerberosRealm = System.getProperty("kerberos.realm");
         String kdcPort = System.getProperty("kerberos.port");
+        this.kdcEncryptionTypes = System.getProperty("kerberos.encTypes");
 
         if (baseDN == null || baseDN.isEmpty()) {
             baseDN = DEFAULT_BASE_DN;
@@ -56,6 +59,9 @@ public class EmbeddedServersFactory {
             kerberosRealm = DEFAULT_KERBEROS_REALM;
         }
         this.kdcPort = (kdcPort == null || kdcPort.isEmpty()) ? DEFAULT_KDC_PORT : Integer.parseInt(kdcPort);
+        if (kdcEncryptionTypes == null || kdcEncryptionTypes.isEmpty()) {
+            kdcEncryptionTypes = DEFAULT_KDC_ENCRYPTION_TYPES;
+        }
     }
 
 
@@ -77,6 +83,6 @@ public class EmbeddedServersFactory {
             ldifFile = DEFAULT_KERBEROS_LDIF_FILE;
         }
 
-        return new KerberosEmbeddedServer(baseDN, bindHost, bindPort, ldifFile, kerberosRealm, kdcPort);
+        return new KerberosEmbeddedServer(baseDN, bindHost, bindPort, ldifFile, kerberosRealm, kdcPort, kdcEncryptionTypes);
     }
 }

testsuite/integration/src/main/java/org/keycloak/testutils/ldap/KerberosEmbeddedServer.java

@@ -2,6 +2,8 @@ package org.keycloak.testutils.ldap;
 
 import java.io.IOException;
 import java.lang.reflect.Field;
+import java.util.HashSet;
+import java.util.Set;
 
 import javax.security.auth.kerberos.KerberosPrincipal;
 
@@ -20,6 +22,8 @@ import org.apache.directory.server.ldap.handlers.sasl.ntlm.NtlmMechanismHandler;
 import org.apache.directory.server.ldap.handlers.sasl.plain.PlainMechanismHandler;
 import org.apache.directory.server.protocol.shared.transport.UdpTransport;
 import org.apache.directory.shared.kerberos.KerberosTime;
+import org.apache.directory.shared.kerberos.KerberosUtils;
+import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
 import org.jboss.logging.Logger;
 
 /**
@@ -31,6 +35,7 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer {
 
     private final String kerberosRealm;
     private final int kdcPort;
+    private final String kdcEncryptionTypes;
 
     private KdcServer kdcServer;
 
@@ -43,8 +48,9 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer {
     }
 
 
-    protected KerberosEmbeddedServer(String baseDN, String bindHost, int bindPort, String ldifFile, String kerberosRealm, int kdcPort) {
+    protected KerberosEmbeddedServer(String baseDN, String bindHost, int bindPort, String ldifFile, String kerberosRealm, int kdcPort, String kdcEncryptionTypes) {
         super(baseDN, bindHost, bindPort, ldifFile);
+        this.kdcEncryptionTypes = kdcEncryptionTypes;
         this.kerberosRealm = kerberosRealm;
         this.kdcPort = kdcPort;
     }
@@ -54,7 +60,7 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer {
     public void init() throws Exception {
         super.init();
 
-        log.info("Creating KDC server. kerberosRealm: " + kerberosRealm + ", kdcPort: " + kdcPort);
+        log.info("Creating KDC server. kerberosRealm: " + kerberosRealm + ", kdcPort: " + kdcPort + ", kdcEncryptionTypes: " + kdcEncryptionTypes);
         createAndStartKdcServer();
     }
 
@@ -93,6 +99,8 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer {
         kdcConfig.setMaximumTicketLifetime(60000 * 1440);
         kdcConfig.setMaximumRenewableLifetime(60000 * 10080);
         kdcConfig.setPaEncTimestampRequired(false);
+        Set<EncryptionType> encryptionTypes = convertEncryptionTypes();
+        kdcConfig.setEncryptionTypes(encryptionTypes);
 
         kdcServer = new NoReplayKdcServer(kdcConfig);
         kdcServer.setSearchBaseDn(this.baseDN);
@@ -122,6 +130,24 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer {
     }
 
 
+    private Set<EncryptionType> convertEncryptionTypes() {
+        Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
+        String[] configEncTypes = kdcEncryptionTypes.split(",");
+
+        for ( String enc : configEncTypes ) {
+            enc = enc.trim();
+            for ( EncryptionType type : EncryptionType.getEncryptionTypes() ) {
+                if ( type.getName().equalsIgnoreCase( enc ) ) {
+                    encryptionTypes.add( type );
+                }
+            }
+        }
+
+        encryptionTypes = KerberosUtils.orderEtypesByStrength(encryptionTypes);
+        return encryptionTypes;
+    }
+
+
     /**
      * Replacement of apacheDS KdcServer class with disabled ticket replay cache.
      *
@@ -151,12 +177,10 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer {
             @Override
             public void save(KerberosPrincipal serverPrincipal, KerberosPrincipal clientPrincipal, KerberosTime clientTime,
                              int clientMicroSeconds) {
-                return;
             }
 
             @Override
             public void clear() {
-                return;
             }
 
         }