Make sure brokers are managed within the scope of the realm model object

Closes keycloak#34356 Signed-off-by: Pedro Igor <[email protected]>
pedroigor · Dec 19, 2024 · 29d84c3 · 29d84c3
1 parent 206436f
commit 29d84c3
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 5 deletions.
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmAdapter.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmAdapter.java
@@ -17,6 +17,8 @@
 
 package org.keycloak.models.cache.infinispan;
 
+import static org.keycloak.models.utils.KeycloakModelUtils.runOnRealm;
+
 import org.keycloak.Config;
 import org.keycloak.cluster.ClusterProvider;
 import org.keycloak.common.enums.SslRequired;
@@ -916,27 +918,30 @@ public void setSmtpConfig(Map<String, String> smtpConfig) {
 
     @Override
     public Stream<IdentityProviderModel> getIdentityProvidersStream() {
-        return session.identityProviders().getAllStream();
+        return runOnRealm(session, this, (session) -> session.identityProviders().getAllStream());
     }
 
     @Override
     public IdentityProviderModel getIdentityProviderByAlias(String alias) {
-        return session.identityProviders().getByAlias(alias);
+        return runOnRealm(session, this, (session) -> session.identityProviders().getByAlias(alias));
     }
 
     @Override
     public void addIdentityProvider(IdentityProviderModel identityProvider) {
-        session.identityProviders().create(identityProvider);
+        runOnRealm(session, this, (session) -> session.identityProviders().create(identityProvider));
     }
 
     @Override
     public void updateIdentityProvider(IdentityProviderModel identityProvider) {
-        session.identityProviders().update(identityProvider);
+        runOnRealm(session, this, (session) -> {
+            session.identityProviders().update(identityProvider);
+            return null;
+        });
     }
 
     @Override
     public void removeIdentityProviderByAlias(String alias) {
-        session.identityProviders().remove(alias);
+        runOnRealm(session, this, (session) -> session.identityProviders().remove(alias));
     }
 
     @Override

diff --git a/server-spi-private/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java b/server-spi-private/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java
@@ -1215,4 +1215,30 @@ public static void setupAdminPermissionsClient(KeycloakSession session, RealmMod
         RepresentationToModel.toModel(resourceServerRep, session.getProvider(AuthorizationProvider.class), client);
     }
 
+    /**
+     * <p>Runs the given {@code operation} within the scope of the given @{target} realm.
+     *
+     * <p>Only use this method when you need to execute operations in a {@link RealmModel} object that is different
+     * than the one associated with the {@code session}.
+     *
+     * @param session the session
+     * @param target the target realm
+     * @param operation the operation
+     * @return the result from the supplier
+     */
+    public static <T> T runOnRealm(KeycloakSession session, RealmModel target, Function<KeycloakSession, T> operation) {
+        KeycloakContext context = session.getContext();
+        RealmModel currentRealm = context.getRealm();
+
+        if (currentRealm.equals(target)) {
+            return operation.apply(session);
+        }
+
+        try {
+            context.setRealm(target);
+            return operation.apply(session);
+        } finally {
+            context.setRealm(currentRealm);
+        }
+    }
 }