keycloak · hmlnarik · Apr 22, 2022 · Apr 6, 2022
@@ -23,4 +23,5 @@ public interface Constants {
     public static final Integer CURRENT_SCHEMA_VERSION_GROUP = 1;
     public static final Integer CURRENT_SCHEMA_VERSION_REALM = 1;
     public static final Integer CURRENT_SCHEMA_VERSION_ROLE = 1;
+    public static final Integer CURRENT_SCHEMA_VERSION_USER_LOGIN_FAILURE = 1;
 }
@@ -17,7 +17,10 @@
 package org.keycloak.models.map.storage.jpa;
 
 import javax.persistence.EntityManager;
+
+import org.jboss.logging.Logger;
 import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.UserLoginFailureModel;
 import org.keycloak.models.map.common.AbstractEntity;
 import org.keycloak.models.map.storage.MapKeycloakTransaction;
 import org.keycloak.models.map.storage.MapStorage;
@@ -26,6 +29,8 @@
 
 public class JpaMapStorageProvider implements MapStorageProvider {
 
+    private static final Logger logger = Logger.getLogger(JpaMapStorageProvider.class);
+
     private final String SESSION_TX_PREFIX = "jpa-map-tx-";
 
     private final JpaMapStorageProviderFactory factory;
@@ -46,6 +51,9 @@ public void close() {
     @Override
     @SuppressWarnings("unchecked")
     public <V extends AbstractEntity, M> MapStorage<V, M> getStorage(Class<M> modelType, Flag... flags) {
+        if (modelType == UserLoginFailureModel.class) {
+            logger.warn("Enabling JPA storage for user login failures will result in testsuite failures until GHI #11230 is resolved");
+        }
         factory.validateAndUpdateSchema(session, modelType);
         return new MapStorage<V, M>() {
             @Override

@@ -56,6 +56,7 @@
 import org.keycloak.models.KeycloakSessionFactory;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RoleModel;
+import org.keycloak.models.UserLoginFailureModel;
 import org.keycloak.models.dblock.DBLockProvider;
 import org.keycloak.models.map.client.MapProtocolMapperEntity;
 import org.keycloak.models.map.client.MapProtocolMapperEntityImpl;
@@ -94,6 +95,8 @@
 import org.keycloak.models.map.storage.jpa.group.entity.JpaGroupEntity;
 import org.keycloak.models.map.storage.jpa.hibernate.listeners.JpaEntityVersionListener;
 import org.keycloak.models.map.storage.jpa.hibernate.listeners.JpaOptimisticLockingListener;
+import org.keycloak.models.map.storage.jpa.loginFailure.JpaUserLoginFailureMapKeycloakTransaction;
+import org.keycloak.models.map.storage.jpa.loginFailure.entity.JpaUserLoginFailureEntity;
 import org.keycloak.models.map.storage.jpa.realm.JpaRealmMapKeycloakTransaction;
 import org.keycloak.models.map.storage.jpa.realm.entity.JpaComponentEntity;
 import org.keycloak.models.map.storage.jpa.realm.entity.JpaRealmEntity;
@@ -129,7 +132,7 @@ public class JpaMapStorageProviderFactory implements
         .constructor(JpaClientScopeEntity.class,                JpaClientScopeEntity::new)
         //group
         .constructor(JpaGroupEntity.class,                      JpaGroupEntity::new)
-        // realm
+        //realm
         .constructor(JpaRealmEntity.class,                      JpaRealmEntity::new)
         .constructor(JpaComponentEntity.class,                  JpaComponentEntity::new)
         .constructor(MapAuthenticationExecutionEntity.class,    MapAuthenticationExecutionEntityImpl::new)
@@ -144,6 +147,8 @@ public class JpaMapStorageProviderFactory implements
         .constructor(MapWebAuthnPolicyEntity.class,             MapWebAuthnPolicyEntityImpl::new)
         //role
         .constructor(JpaRoleEntity.class,                       JpaRoleEntity::new)
+        //user login-failure
+        .constructor(JpaUserLoginFailureEntity.class,           JpaUserLoginFailureEntity::new)
         .build();
 
     private static final Map<Class<?>, Function<EntityManager, MapKeycloakTransaction>> MODEL_TO_TX = new HashMap<>();
@@ -154,6 +159,7 @@ public class JpaMapStorageProviderFactory implements
         MODEL_TO_TX.put(GroupModel.class,                       JpaGroupMapKeycloakTransaction::new);
         MODEL_TO_TX.put(RealmModel.class,                       JpaRealmMapKeycloakTransaction::new);
         MODEL_TO_TX.put(RoleModel.class,                        JpaRoleMapKeycloakTransaction::new);
+        MODEL_TO_TX.put(UserLoginFailureModel.class,            JpaUserLoginFailureMapKeycloakTransaction::new);
     }
 
     public MapKeycloakTransaction createTransaction(Class<?> modelType, EntityManager em) {

@@ -16,12 +16,13 @@
  */
 package org.keycloak.models.map.storage.jpa.hibernate.jsonb;
 
-import com.fasterxml.jackson.databind.node.ObjectNode;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.function.BiFunction;
 import java.util.function.Function;
+
+import com.fasterxml.jackson.databind.node.ObjectNode;
 import org.keycloak.models.map.storage.jpa.authSession.entity.JpaAuthenticationSessionMetadata;
 import org.keycloak.models.map.storage.jpa.authSession.entity.JpaRootAuthenticationSessionMetadata;
 import org.keycloak.models.map.storage.jpa.client.entity.JpaClientMetadata;
@@ -35,6 +36,8 @@
 import org.keycloak.models.map.storage.jpa.hibernate.jsonb.migration.JpaRealmMigration;
 import org.keycloak.models.map.storage.jpa.hibernate.jsonb.migration.JpaRoleMigration;
 import org.keycloak.models.map.storage.jpa.hibernate.jsonb.migration.JpaRootAuthenticationSessionMigration;
+import org.keycloak.models.map.storage.jpa.hibernate.jsonb.migration.JpaUserLoginFailureMigration;
+import org.keycloak.models.map.storage.jpa.loginFailure.entity.JpaUserLoginFailureMetadata;
 import org.keycloak.models.map.storage.jpa.realm.entity.JpaComponentMetadata;
 import org.keycloak.models.map.storage.jpa.realm.entity.JpaRealmMetadata;
 import org.keycloak.models.map.storage.jpa.role.entity.JpaRoleMetadata;
@@ -45,19 +48,21 @@
 import static org.keycloak.models.map.storage.jpa.Constants.CURRENT_SCHEMA_VERSION_GROUP;
 import static org.keycloak.models.map.storage.jpa.Constants.CURRENT_SCHEMA_VERSION_REALM;
 import static org.keycloak.models.map.storage.jpa.Constants.CURRENT_SCHEMA_VERSION_ROLE;
+import static org.keycloak.models.map.storage.jpa.Constants.CURRENT_SCHEMA_VERSION_USER_LOGIN_FAILURE;
 
 public class JpaEntityMigration {
 
     static final Map<Class<?>, BiFunction<ObjectNode, Integer, ObjectNode>> MIGRATIONS = new HashMap<>();
     static {
-        MIGRATIONS.put(JpaAuthenticationSessionMetadata.class,      (tree, entityVersion) -> migrateTreeTo(entityVersion, CURRENT_SCHEMA_VERSION_AUTH_SESSION, tree, JpaAuthenticationSessionMigration.MIGRATORS));
-        MIGRATIONS.put(JpaRootAuthenticationSessionMetadata.class,  (tree, entityVersion) -> migrateTreeTo(entityVersion, CURRENT_SCHEMA_VERSION_AUTH_SESSION, tree, JpaRootAuthenticationSessionMigration.MIGRATORS));
-        MIGRATIONS.put(JpaClientMetadata.class,                     (tree, entityVersion) -> migrateTreeTo(entityVersion, CURRENT_SCHEMA_VERSION_CLIENT,       tree, JpaClientMigration.MIGRATORS));
-        MIGRATIONS.put(JpaClientScopeMetadata.class,                (tree, entityVersion) -> migrateTreeTo(entityVersion, CURRENT_SCHEMA_VERSION_CLIENT_SCOPE, tree, JpaClientScopeMigration.MIGRATORS));
-        MIGRATIONS.put(JpaComponentMetadata.class,                  (tree, entityVersion) -> migrateTreeTo(entityVersion, CURRENT_SCHEMA_VERSION_REALM,        tree, JpaComponentMigration.MIGRATORS));
-        MIGRATIONS.put(JpaGroupMetadata.class,                      (tree, entityVersion) -> migrateTreeTo(entityVersion, CURRENT_SCHEMA_VERSION_GROUP,        tree, JpaGroupMigration.MIGRATORS));
-        MIGRATIONS.put(JpaRealmMetadata.class,                      (tree, entityVersion) -> migrateTreeTo(entityVersion, CURRENT_SCHEMA_VERSION_REALM,        tree, JpaRealmMigration.MIGRATORS));
-        MIGRATIONS.put(JpaRoleMetadata.class,                       (tree, entityVersion) -> migrateTreeTo(entityVersion, CURRENT_SCHEMA_VERSION_ROLE,         tree, JpaRoleMigration.MIGRATORS));
+        MIGRATIONS.put(JpaAuthenticationSessionMetadata.class,      (tree, entityVersion) -> migrateTreeTo(entityVersion, CURRENT_SCHEMA_VERSION_AUTH_SESSION,      tree, JpaAuthenticationSessionMigration.MIGRATORS));
+        MIGRATIONS.put(JpaRootAuthenticationSessionMetadata.class,  (tree, entityVersion) -> migrateTreeTo(entityVersion, CURRENT_SCHEMA_VERSION_AUTH_SESSION,      tree, JpaRootAuthenticationSessionMigration.MIGRATORS));
+        MIGRATIONS.put(JpaClientMetadata.class,                     (tree, entityVersion) -> migrateTreeTo(entityVersion, CURRENT_SCHEMA_VERSION_CLIENT,            tree, JpaClientMigration.MIGRATORS));
+        MIGRATIONS.put(JpaClientScopeMetadata.class,                (tree, entityVersion) -> migrateTreeTo(entityVersion, CURRENT_SCHEMA_VERSION_CLIENT_SCOPE,      tree, JpaClientScopeMigration.MIGRATORS));
+        MIGRATIONS.put(JpaComponentMetadata.class,                  (tree, entityVersion) -> migrateTreeTo(entityVersion, CURRENT_SCHEMA_VERSION_REALM,             tree, JpaComponentMigration.MIGRATORS));
+        MIGRATIONS.put(JpaGroupMetadata.class,                      (tree, entityVersion) -> migrateTreeTo(entityVersion, CURRENT_SCHEMA_VERSION_GROUP,             tree, JpaGroupMigration.MIGRATORS));
+        MIGRATIONS.put(JpaRealmMetadata.class,                      (tree, entityVersion) -> migrateTreeTo(entityVersion, CURRENT_SCHEMA_VERSION_REALM,             tree, JpaRealmMigration.MIGRATORS));
+        MIGRATIONS.put(JpaRoleMetadata.class,                       (tree, entityVersion) -> migrateTreeTo(entityVersion, CURRENT_SCHEMA_VERSION_ROLE,              tree, JpaRoleMigration.MIGRATORS));
+        MIGRATIONS.put(JpaUserLoginFailureMetadata.class,           (tree, entityVersion) -> migrateTreeTo(entityVersion, CURRENT_SCHEMA_VERSION_USER_LOGIN_FAILURE,tree, JpaUserLoginFailureMigration.MIGRATORS));
     }
 
     private static ObjectNode migrateTreeTo(int entityVersion, Integer supportedVersion, ObjectNode node, List<Function<ObjectNode, ObjectNode>> migrators) {

@@ -0,0 +1,35 @@
+/*
+ * Copyright 2022 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.models.map.storage.jpa.hibernate.jsonb.migration;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.function.Function;
+
+import com.fasterxml.jackson.databind.node.ObjectNode;
+
+/**
+ * Migration functions for user login failures.
+ *
+ * @author <a href="mailto:[email protected]">Stefan Guilhen</a>
+ */
+public class JpaUserLoginFailureMigration {
+
+    public static final List<Function<ObjectNode, ObjectNode>> MIGRATORS = Arrays.asList(
+            o -> o // no migration yet
+    );
+}
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2022 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.models.map.storage.jpa.loginFailure;
+
+import javax.persistence.EntityManager;
+import javax.persistence.criteria.CriteriaBuilder;
+import javax.persistence.criteria.Root;
+import javax.persistence.criteria.Selection;
+
+import org.keycloak.models.UserLoginFailureModel;
+import org.keycloak.models.map.loginFailure.MapUserLoginFailureEntity;
+import org.keycloak.models.map.loginFailure.MapUserLoginFailureEntityDelegate;
+import org.keycloak.models.map.storage.jpa.JpaMapKeycloakTransaction;
+import org.keycloak.models.map.storage.jpa.JpaModelCriteriaBuilder;
+import org.keycloak.models.map.storage.jpa.JpaRootEntity;
+import org.keycloak.models.map.storage.jpa.loginFailure.delegate.JpaUserLoginFailureDelegateProvider;
+import org.keycloak.models.map.storage.jpa.loginFailure.entity.JpaUserLoginFailureEntity;
+
+import static org.keycloak.models.map.storage.jpa.Constants.CURRENT_SCHEMA_VERSION_USER_LOGIN_FAILURE;
+
+/**
+ * A {@link JpaMapKeycloakTransaction} implementation for user login failure entities.
+ *
+ * @author <a href="mailto:[email protected]">Stefan Guilhen</a>
+ */
+public class JpaUserLoginFailureMapKeycloakTransaction extends JpaMapKeycloakTransaction<JpaUserLoginFailureEntity, MapUserLoginFailureEntity, UserLoginFailureModel> {
+
+    @SuppressWarnings("unchecked")
+    public JpaUserLoginFailureMapKeycloakTransaction(EntityManager em) {
+        super(JpaUserLoginFailureEntity.class, em);
+    }
+
+    @Override
+    public Selection<JpaUserLoginFailureEntity> selectCbConstruct(CriteriaBuilder cb, Root<JpaUserLoginFailureEntity> root) {
+        return cb.construct(JpaUserLoginFailureEntity.class,
+                root.get("id"),
+                root.get("version"),
+                root.get("entityVersion"),
+                root.get("realmId"),
+                root.get("userId")
+        );
+    }
+
+    @Override
+    public void setEntityVersion(JpaRootEntity entity) {
+        entity.setEntityVersion(CURRENT_SCHEMA_VERSION_USER_LOGIN_FAILURE);
+    }
+
+    @Override
+    public JpaModelCriteriaBuilder createJpaModelCriteriaBuilder() {
+        return new JpaUserLoginFailureModelCriteriaBuilder();
+    }
+
+    @Override
+    protected MapUserLoginFailureEntity mapToEntityDelegate(JpaUserLoginFailureEntity original) {
+        return new MapUserLoginFailureEntityDelegate(new JpaUserLoginFailureDelegateProvider(original, em));
+    }
+}
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2022 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.models.map.storage.jpa.loginFailure;
+
+import java.util.function.BiFunction;
+
+import javax.persistence.criteria.CriteriaBuilder;
+import javax.persistence.criteria.Predicate;
+import javax.persistence.criteria.Root;
+
+import org.keycloak.models.UserLoginFailureModel;
+import org.keycloak.models.map.storage.CriterionNotSupportedException;
+import org.keycloak.models.map.storage.jpa.JpaModelCriteriaBuilder;
+import org.keycloak.models.map.storage.jpa.loginFailure.entity.JpaUserLoginFailureEntity;
+import org.keycloak.storage.SearchableModelField;
+
+/**
+ * A {@link JpaModelCriteriaBuilder} implementation for user login failures.
+ *
+ * @author <a href="mailto:[email protected]">Stefan Guilhen</a>
+ */
+public class JpaUserLoginFailureModelCriteriaBuilder extends JpaModelCriteriaBuilder<JpaUserLoginFailureEntity, UserLoginFailureModel, JpaUserLoginFailureModelCriteriaBuilder> {
+
+    public JpaUserLoginFailureModelCriteriaBuilder() {
+        super(JpaUserLoginFailureModelCriteriaBuilder::new);
+    }
+
+    private JpaUserLoginFailureModelCriteriaBuilder(BiFunction<CriteriaBuilder, Root<JpaUserLoginFailureEntity>, Predicate> predicateFunc) {
+        super(JpaUserLoginFailureModelCriteriaBuilder::new, predicateFunc);
+    }
+
+    @Override
+    public JpaUserLoginFailureModelCriteriaBuilder compare(SearchableModelField<? super UserLoginFailureModel> modelField, Operator op, Object... value) {
+        switch (op) {
+            case EQ:
+                if (modelField.equals(UserLoginFailureModel.SearchableFields.REALM_ID) ||
+                        modelField.equals(UserLoginFailureModel.SearchableFields.USER_ID)) {
+
+                    validateValue(value, modelField, op, String.class);
+
+                    return new JpaUserLoginFailureModelCriteriaBuilder((cb, root) ->
+                            cb.equal(root.get(modelField.getName()), value[0])
+                    );
+                } else {
+                    throw new CriterionNotSupportedException(modelField, op);
+                }
+            default:
+                throw new CriterionNotSupportedException(modelField, op);
+        }
+    }
+}
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2022 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.models.map.storage.jpa.loginFailure.delegate;
+
+import java.util.UUID;
+
+import javax.persistence.EntityManager;
+
+import org.keycloak.models.map.common.EntityField;
+import org.keycloak.models.map.common.delegate.DelegateProvider;
+import org.keycloak.models.map.loginFailure.MapUserLoginFailureEntity;
+import org.keycloak.models.map.loginFailure.MapUserLoginFailureEntityFields;
+import org.keycloak.models.map.storage.jpa.JpaDelegateProvider;
+import org.keycloak.models.map.storage.jpa.loginFailure.entity.JpaUserLoginFailureEntity;
+
+/**
+ * A {@link DelegateProvider} implementation for {@link JpaUserLoginFailureEntity}.
+ *
+ * @author <a href="mailto:[email protected]">Stefan Guilhen</a>
+ */
+public class JpaUserLoginFailureDelegateProvider extends JpaDelegateProvider<JpaUserLoginFailureEntity> implements DelegateProvider<MapUserLoginFailureEntity>  {
+
+    private final EntityManager em;
+
+    public JpaUserLoginFailureDelegateProvider(JpaUserLoginFailureEntity delegate, EntityManager em) {
+        super(delegate);
+        this.em = em;
+    }
+
+    @Override
+    public MapUserLoginFailureEntity getDelegate(boolean isRead, Enum<? extends EntityField<MapUserLoginFailureEntity>> field, Object... parameters) {
+        if (getDelegate().isMetadataInitialized()) return getDelegate();
+        if (isRead) {
+            if (field instanceof MapUserLoginFailureEntityFields) {
+                switch ((MapUserLoginFailureEntityFields) field) {
+                    case ID:
+                    case REALM_ID:
+                    case USER_ID:
+                        return getDelegate();
+                    default:
+                        setDelegate(em.find(JpaUserLoginFailureEntity.class, UUID.fromString(getDelegate().getId())));
+                }
+            } else {
+                throw new IllegalStateException("Not a valid user login failure field: " + field);
+            }
+        } else {
+            setDelegate(em.find(JpaUserLoginFailureEntity.class, UUID.fromString(getDelegate().getId())));
+        }
+        return getDelegate();
+    }
+}