keycloak · stianst · Nov 7, 2022 · Nov 7, 2022 · Nov 7, 2022 · Nov 7, 2022
@@ -1051,6 +1051,7 @@ public void setDefaultRole(RoleModel role) {
 
     @Override
     public RoleModel getDefaultRole() {
+        if (isUpdated()) return updated.getDefaultRole();
         return cached.getDefaultRoleId() == null ? null : cacheSession.getRoleById(this, cached.getDefaultRoleId());
     }
 

@@ -35,15 +35,9 @@
 import org.keycloak.models.jpa.entities.RealmAttributes;
 import org.keycloak.models.jpa.entities.RealmEntity;
 import org.keycloak.models.utils.KeycloakModelUtils;
-import org.keycloak.provider.InvalidationHandler;
-import org.keycloak.timer.ScheduledTask;
 
 import javax.persistence.EntityManager;
-import javax.persistence.Query;
 import javax.persistence.TypedQuery;
-import javax.persistence.criteria.CriteriaBuilder;
-import javax.persistence.criteria.CriteriaQuery;
-import javax.persistence.criteria.Root;
 import java.io.IOException;
 import java.util.HashMap;
 import java.util.List;
@@ -284,13 +278,10 @@ private static void setAuthDetails(AdminEvent adminEvent, AdminEventEntity admin
     }
 
     protected void clearExpiredAdminEvents() {
-        CriteriaBuilder cb = em.getCriteriaBuilder();
-        CriteriaQuery<RealmAttributeEntity> cr = cb.createQuery(RealmAttributeEntity.class);
-        Root<RealmAttributeEntity> root = cr.from(RealmAttributeEntity.class);
-        // unable to cast the CLOB to a BIGINT in the select for H2 2.x, therefore comparing strings only in the DB, and filtering again in the next statement
-        cr.select(root).where(cb.and(cb.equal(root.get("name"),RealmAttributes.ADMIN_EVENTS_EXPIRATION),cb.notEqual(root.get("value"), "0")));
-        Map<Long, List<RealmAttributeEntity>> realms = em.createQuery(cr).getResultStream()
-                // filtering again on the attribute as paring the CLOB to BIGINT didn't work in H2 2.x
+        TypedQuery<RealmAttributeEntity> query = em.createNamedQuery("selectRealmAttributesNotEmptyByName", RealmAttributeEntity.class)
+                .setParameter("name", RealmAttributes.ADMIN_EVENTS_EXPIRATION);
+        Map<Long, List<RealmAttributeEntity>> realms = query.getResultStream()
+                // filtering again on the attribute as parsing the CLOB to BIGINT didn't work in H2 2.x, and it also different on OracleDB
                 .filter(attribute -> {
                     try {
                         return Long.parseLong(attribute.getValue()) > 0;

@@ -40,7 +40,7 @@
 import javax.persistence.criteria.Predicate;
 import javax.persistence.criteria.Root;
 
-import org.apache.commons.lang.BooleanUtils;
+import org.hibernate.Session;
 import org.jboss.logging.Logger;
 import org.keycloak.common.util.Time;
 import org.keycloak.connections.jpa.util.JpaUtils;
@@ -776,14 +776,29 @@ public Stream<ClientModel> searchClientsByAttributes(RealmModel realm, Map<Strin
 
         predicates.add(builder.equal(root.get("realmId"), realm.getId()));
 
+        //noinspection resource
+        String dbProductName = em.unwrap(Session.class).doReturningWork(connection -> connection.getMetaData().getDatabaseProductName());
+
         for (Map.Entry<String, String> entry : filteredAttributes.entrySet()) {
             String key = entry.getKey();
             String value = entry.getValue();
 
             Join<ClientEntity, ClientAttributeEntity> attributeJoin = root.join("attributes");
 
             Predicate attrNamePredicate = builder.equal(attributeJoin.get("name"), key);
-            Predicate attrValuePredicate = builder.equal(attributeJoin.get("value"), value);
+
+            Predicate attrValuePredicate;
+            if (dbProductName.equals("Oracle")) {
+                // SELECT * FROM client_attributes WHERE ... DBMS_LOB.COMPARE(value, '0') = 0 ...;
+                // Oracle is not able to compare a CLOB with a VARCHAR unless it being converted with TO_CHAR
+                // But for this all values in the table need to be smaller than 4K, otherwise the cast will fail with
+                // "ORA-22835: Buffer too small for CLOB to CHAR" (even if it is in another row).
+                // This leaves DBMS_LOB.COMPARE as the option to compare the CLOB with the value.
+                attrValuePredicate = builder.equal(builder.function("DBMS_LOB.COMPARE", Integer.class, attributeJoin.get("value"), builder.literal(value)), 0);
+            } else {
+                attrValuePredicate = builder.equal(attributeJoin.get("value"), value);
+            }
+
             predicates.add(builder.and(attrNamePredicate, attrValuePredicate));
         }
 

@@ -36,7 +36,8 @@
  * @version $Revision: 1 $
  */
 @NamedQueries({
-        @NamedQuery(name="deleteRealmAttributesByRealm", query="delete from RealmAttributeEntity attr where attr.realm = :realm")
+        @NamedQuery(name="deleteRealmAttributesByRealm", query="delete from RealmAttributeEntity attr where attr.realm = :realm"),
+        @NamedQuery(name="selectRealmAttributesNotEmptyByName", query="select ra from RealmAttributeEntity ra WHERE ra.name = :name and length(ra.value) > 0")
 })
 @Table(name="REALM_ATTRIBUTE")
 @Entity

@@ -57,7 +57,7 @@
             <plugin>
                 <groupId>org.hibernate.orm.tooling</groupId>
                 <artifactId>hibernate-enhance-maven-plugin</artifactId>
-                <version>${hibernate.core.version}</version>
+                <version>${hibernate-orm.version}</version>
                 <executions>
                     <execution>
                         <configuration>

@@ -111,13 +111,12 @@ public void addLabelsToWatchedSecrets() {
 
                 Log.infof("Adding label to Secret \"%s\"", secret.getMetadata().getName());
 
-                secret = new SecretBuilder(secret)
-                        .editMetadata()
-                        .addToLabels(Constants.KEYCLOAK_COMPONENT_LABEL, WATCHED_SECRETS_LABEL_VALUE)
-                        .endMetadata()
-                        .build();
-
-                client.secrets().inNamespace(secret.getMetadata().getNamespace()).withName(secret.getMetadata().getName()).patch(secret);
+                client.secrets().inNamespace(secret.getMetadata().getNamespace()).withName(secret.getMetadata().getName())
+                        .edit(s -> new SecretBuilder(s)
+                                .editMetadata()
+                                .addToLabels(Constants.KEYCLOAK_COMPONENT_LABEL, WATCHED_SECRETS_LABEL_VALUE)
+                                .endMetadata()
+                                .build());
             }
         }
     }
@@ -194,8 +193,13 @@ public static EventSource getStoreEventSource(KubernetesClient client, String na
     }
 
     private static void cleanObsoleteLabelFromSecret(KubernetesClient client, Secret secret) {
-        secret.getMetadata().getLabels().remove(Constants.KEYCLOAK_COMPONENT_LABEL);
-        client.secrets().inNamespace(secret.getMetadata().getNamespace()).withName(secret.getMetadata().getName()).patch(secret);
+        client.secrets().inNamespace(secret.getMetadata().getNamespace()).withName(secret.getMetadata().getName())
+                .edit(s -> new SecretBuilder(s)
+                        .editMetadata()
+                        .removeFromLabels(Constants.KEYCLOAK_COMPONENT_LABEL)
+                        .endMetadata()
+                        .build()
+                );
     }
 
     public static EventSource getWatchedSecretsEventSource(KubernetesClient client, String namespace) {

@@ -35,6 +35,7 @@
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.TestInfo;
 import org.keycloak.operator.Constants;
 import org.keycloak.operator.crds.v2alpha1.deployment.Keycloak;
 
@@ -103,8 +104,11 @@ public static void before() throws FileNotFoundException {
   }
 
   @BeforeEach
-  public void beforeEach() {
-    Log.info(((operatorDeployment == OperatorDeployment.remote) ? "Remote " : "Local ") + "Run Test :" + namespace);
+  public void beforeEach(TestInfo testInfo) {
+    String testClassName = testInfo.getTestClass().map(c -> c.getSimpleName() + ".").orElse("");
+    Log.info("\n------- STARTING: " + testClassName + testInfo.getDisplayName() + "\n"
+            + "------- Namespace: " + namespace + "\n"
+            + "------- Mode: " + ((operatorDeployment == OperatorDeployment.remote) ? "remote" : "local"));
   }
 
   private static void createK8sClient() {

@@ -24,6 +24,7 @@
 import org.awaitility.Awaitility;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestInfo;
 import org.junit.jupiter.api.condition.EnabledIfSystemProperty;
 import org.keycloak.operator.testsuite.utils.CRAssert;
 import org.keycloak.operator.controllers.KeycloakService;
@@ -49,8 +50,8 @@ public class RealmImportTest extends BaseOperatorTest {
 
     @Override
     @BeforeEach
-    public void beforeEach() {
-        super.beforeEach();
+    public void beforeEach(TestInfo testInfo) {
+        super.beforeEach(testInfo);
         // Recreating the database and the realm import CR to keep this test isolated
         k8sclient.load(getClass().getResourceAsStream("/example-realm.yaml")).inNamespace(namespace).delete();
         k8sclient.load(getClass().getResourceAsStream("/incorrect-realm.yaml")).inNamespace(namespace).delete();

@@ -41,7 +41,7 @@
         <jboss.snapshots.repo.id>jboss-snapshots-repository</jboss.snapshots.repo.id>
         <jboss.snapshots.repo.url>https://s01.oss.sonatype.org/content/repositories/snapshots/</jboss.snapshots.repo.url>
 
-        <quarkus.version>2.13.3.Final</quarkus.version>
+        <quarkus.version>2.13.6.Final</quarkus.version>
 
         <project.build-time>${timestamp}</project.build-time>
 
@@ -65,12 +65,12 @@
         <apache.httpcomponents.httpcore.version>4.4.14</apache.httpcomponents.httpcore.version>
         <apache.mime4j.version>0.6</apache.mime4j.version>
         <jboss.dmr.version>1.5.1.Final</jboss.dmr.version>
-        <bouncycastle.version>1.68</bouncycastle.version>
+        <bouncycastle.version>1.70</bouncycastle.version>
 
         <!-- TODO Are these correct versions? -->
         <bouncycastle.fips.version>1.0.2.3</bouncycastle.fips.version>
-        <bouncycastle.pkixfips.version>1.0.5</bouncycastle.pkixfips.version>
-        <bouncycastle.tlsfips.version>1.0.12.2</bouncycastle.tlsfips.version>
+        <bouncycastle.pkixfips.version>1.0.7</bouncycastle.pkixfips.version>
+        <bouncycastle.tlsfips.version>1.0.14</bouncycastle.tlsfips.version>
 
         <cxf.version>3.3.10</cxf.version>
         <cxf.jetty.version>3.3.10</cxf.jetty.version>
@@ -79,8 +79,8 @@
         <dom4j.version>2.1.3</dom4j.version>
         <h2.version>2.1.214</h2.version>
         <jakarta.persistence.version>2.2.3</jakarta.persistence.version>
-        <hibernate.core.version>5.6.10.Final</hibernate.core.version>
-        <hibernate.c3p0.version>5.6.10.Final</hibernate.c3p0.version>
+        <hibernate-orm.version>5.6.14.Final</hibernate-orm.version>
+        <hibernate.c3p0.version>${hibernate-orm.version}</hibernate.c3p0.version>
         <infinispan.version>13.0.10.Final</infinispan.version>
         <infinispan.protostream.processor.version>4.4.1.Final</infinispan.protostream.processor.version>
         <javax.annotation-api.version>1.3.2</javax.annotation-api.version>
@@ -96,7 +96,7 @@
         <jboss.spec.javax.xml.bind.jboss-jaxb-api_2.3_spec.version>2.0.1.Final</jboss.spec.javax.xml.bind.jboss-jaxb-api_2.3_spec.version>
         <jboss.spec.javax.servlet.jsp.jboss-jsp-api_2.3_spec.version>2.0.0.Final</jboss.spec.javax.servlet.jsp.jboss-jsp-api_2.3_spec.version>
         <log4j.version>1.2.17</log4j.version>
-        <resteasy.version>4.7.4.Final</resteasy.version>
+        <resteasy.version>4.7.7.Final</resteasy.version>
         <resteasy.undertow.version>${resteasy.version}</resteasy.undertow.version>
         <owasp.html.sanitizer.version>20211018.2</owasp.html.sanitizer.version>
         <slf4j-api.version>1.7.30</slf4j-api.version>
@@ -108,7 +108,7 @@
         <sun.activation.version>1.2.2</sun.activation.version>
         <org.glassfish.jaxb.xsom.version>2.3.3-b02</org.glassfish.jaxb.xsom.version>
         <undertow.version>2.2.19.Final</undertow.version>
-        <elytron.version>1.18.3.Final</elytron.version>
+        <wildfly-elytron.version>1.20.1.Final</wildfly-elytron.version>
         <elytron.undertow-server.version>1.9.0.Final</elytron.undertow-server.version>
         <jetty94.version>9.4.40.v20210413</jetty94.version>
         <woodstox.version>6.0.3</woodstox.version>
@@ -143,13 +143,15 @@
 
         <!-- Databases -->
         <mysql.version>8.0.23</mysql.version>
-        <mysql.driver.version>8.0.28</mysql.driver.version>
+        <mysql-jdbc.version>8.0.30</mysql-jdbc.version>
         <postgresql.version>13.2</postgresql.version>
-        <postgresql.driver.version>42.3.3</postgresql.driver.version>
+        <postgresql-jdbc.version>42.5.1</postgresql-jdbc.version>
         <mariadb.version>10.3.27</mariadb.version>
-        <mariadb.driver.version>2.7.2</mariadb.driver.version>
+        <mariadb-jdbc.version>2.7.2</mariadb-jdbc.version>
         <mssql.version>2019-CU10-ubuntu-20.04</mssql.version>
-        <mssql.driver.version>9.2.0.jre8</mssql.driver.version>
+        <mssql-jdbc.version>9.2.0.jre8</mssql-jdbc.version>
+        <!-- this is the oracle driver version also used in the Quarkus BOM -->
+        <oracle-jdbc.version>21.5.0.0</oracle-jdbc.version>
 
         <!-- Test -->
         <greenmail.version>1.3.1b</greenmail.version>
@@ -158,15 +160,17 @@
         <junit.version>4.13.2</junit.version>
         <picketlink.version>2.7.0.Final</picketlink.version>
         <selenium.version>2.35.0</selenium.version>
+        <!-- Needs to be aligned with Quarkus, see e.g. https://github.com/quarkusio/quarkus-quickstarts/blob/2.13.5.Final/getting-started-async/pom.xml#L14 -->
+        <surefire-plugin.version>3.0.0-M7</surefire-plugin.version>
         <xml-apis.version>1.4.01</xml-apis.version>
         <subethasmtp.version>3.1.7</subethasmtp.version>
         <awaitility.version>4.1.1</awaitility.version>
         <assertj-core.version>3.22.0</assertj-core.version>
         <!-- KEYCLOAK-17585 Prevent microprofile-metrics-api upgrades from version "2.3" due to:
              https://issues.redhat.com/browse/KEYCLOAK-17585?focusedCommentId=16002705&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-16002705
         -->
-        <microprofile-metrics-api.version>2.3</microprofile-metrics-api.version>
-        <testcontainers.version>1.16.3</testcontainers.version>
+        <microprofile-metrics-api.version>3.0.1</microprofile-metrics-api.version>
+        <testcontainers.version>1.17.5</testcontainers.version>
 
         <!-- Maven Plugins -->
         <replacer.plugin.version>1.3.5</replacer.plugin.version>
@@ -571,7 +575,7 @@
             <dependency>
                 <groupId>org.hibernate</groupId>
                 <artifactId>hibernate-core</artifactId>
-                <version>${hibernate.core.version}</version>
+                <version>${hibernate-orm.version}</version>
             </dependency>
             <dependency>
                 <groupId>org.hibernate</groupId>
@@ -731,7 +735,7 @@
             <dependency>
                 <groupId>mysql</groupId>
                 <artifactId>mysql-connector-java</artifactId>
-                <version>${mysql.driver.version}</version>
+                <version>${mysql-jdbc.version}</version>
                 <scope>test</scope>
             </dependency>
             <dependency>
@@ -902,7 +906,7 @@
             <dependency>
                 <groupId>org.wildfly.security</groupId>
                 <artifactId>wildfly-elytron</artifactId>
-                <version>${elytron.version}</version>
+                <version>${wildfly-elytron.version}</version>
             </dependency>
             <dependency>
                 <groupId>org.wildfly.common</groupId>
@@ -1762,7 +1766,7 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-surefire-plugin</artifactId>
-                    <version>3.0.0-M7</version>
+                    <version>${surefire-plugin.version}</version>
                     <configuration>
                         <forkMode>once</forkMode>
                         <argLine>-Djava.awt.headless=true ${surefire.memory.settings} ${surefire.system.args} -Duser.language=en -Duser.region=US</argLine>
@@ -1972,7 +1976,7 @@
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-javadoc-plugin</artifactId>
                         <configuration>
-                            <additionalparam>-Xdoclint:none</additionalparam>
+                            <doclint>none</doclint>
                             <failOnError>false</failOnError>
                             <excludePackageNames>cx.*:org.freedesktop*:org.jvnet*</excludePackageNames>
                         </configuration>