Keycloak:使用GoogleIdP登录时,外部ID从KeycloakId密钥中删除
我有一个以独立模式运行的 Keycloak 身份验证服务器。我的要求是用户应该能够使用他们的 Google 帐户登录,因此我按照 Keycloak文档中的步骤添加了 Google IdP 。新用户使用其 Google 帐户成功登录后,应创建新帐户并将其存储在 Postgresql 数据库中。为了实现这一点,我按照此示例创建了自定义用户存储提供程序。该示例仅涵盖获取用户详细信息部分。为了支持添加新用户,我实现addUser了org.keycloak.storage.user.UserRegistrationProvider接口方法:
@Override
public UserModel addUser(RealmModel realmModel, String s) {
logger.info("create user with username: " + s);
UserEntity userEntity = new UserEntity(s, null, s, s);
em.persist(userEntity);
em.flush();
return new UserAdapter(kcSession, realmModel, model, userEntity);
}
在测试流程时,Keycloak 在执行getUserById自定义提供程序方法时抛出异常。根据日志,此方法被多次调用。该方法如下所示:
@Override
public UserModel getUserById(String id, RealmModel realm) {
logger.info("getUserById: " + id);
String persistenceId = StorageId.externalId(id);
System.out.println("!!! :" + StorageId.keycloakId(model, id));
System.out.println("!!! " + persistenceId);
Query query = em.createNativeQuery(UserStoreQueries.GET_USER_BY_ID);
query.setParameter(1, Long.valueOf(persistenceId));
Object[] result = (Object[]) query.getSingleResult();
if (result == null) {
logger.info("Could not find user by id: " + id);
return null;
}
return new UserAdapter(kcSession, realm, model, prepareUserEntity(result));
}
在从数据库获取用户之前,该方法尝试从组合的 Keycloak ID 键中提取用户 ID(哪个用户表主键)并使用它来获取用户详细信息。问题是在最后一个方法调用中,提取的 ID 值以某种方式变得等于 NULL,但是在之前的方法调用中它不是,见下文:
14:55:05,276 INFO [com.redhat.custom.storage.user.CustomUserStorageProvider] (default task-1) getUserByEmail: kris@gmail.com
14:55:05,328 INFO [com.redhat.custom.storage.user.CustomUserStorageProvider] (default task-1) Could not find user by email: kris@gmail.com
14:55:05,336 INFO [com.redhat.custom.storage.user.CustomUserStorageProvider] (default task-1) getUserByUsername: kris@gmail.com
14:55:05,342 INFO [com.redhat.custom.storage.user.CustomUserStorageProvider] (default task-1) Could not find user by username: kris@gmail.com
14:55:05,343 INFO [com.redhat.custom.storage.user.CustomUserStorageProvider] (default task-1) create user with username: kris@gmail.com
14:55:05,519 INFO [com.redhat.custom.storage.user.CustomUserStorageProvider] (default task-1) getUserById: f:1b171a2b-0d7f-42eb-9c93-89fd7c71347b:9
14:55:05,519 INFO [stdout] (default task-1) !!! :f:1b171a2b-0d7f-42eb-9c93-89fd7c71347b:f:1b171a2b-0d7f-42eb-9c93-89fd7c71347b:9
14:55:05,520 INFO [stdout] (default task-1) !!! 9
14:55:05,563 INFO [com.redhat.custom.storage.user.CustomUserStorageProvider] (default task-1) getUserById: f:1b171a2b-0d7f-42eb-9c93-89fd7c71347b:9
14:55:05,563 INFO [stdout] (default task-1) !!! :f:1b171a2b-0d7f-42eb-9c93-89fd7c71347b:f:1b171a2b-0d7f-42eb-9c93-89fd7c71347b:9
14:55:05,564 INFO [stdout] (default task-1) !!! 9
14:55:05,718 INFO [com.redhat.custom.storage.user.CustomUserStorageProvider] (default task-1) getUserById: f:1b171a2b-0d7f-42eb-9c93-89fd7c71347b:null
14:55:05,719 INFO [stdout] (default task-1) !!! :f:1b171a2b-0d7f-42eb-9c93-89fd7c71347b:f:1b171a2b-0d7f-42eb-9c93-89fd7c71347b:null
14:55:05,719 INFO [stdout] (default task-1) !!! null
14:55:05,720 ERROR [org.jboss.as.ejb3.invocation] (default task-1) WFLYEJB0034: Jakarta Enterprise Beans Invocation failed on component CustomUserStorageProvider for method public default org.keycloak.models.UserModel org.keycloak.storage.user.UserLookupProvider.getUserById(org.keycloak.models.RealmModel,java.lang.String): javax.ejb.EJBTransactionRolledbackException: For input string: "null"
at org.jboss.as.ejb3@23.0.2.Final//org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInCallerTx(CMTTxInterceptor.java:219)
at org.jboss.as.ejb3@23.0.2.Final//org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:392)
at org.jboss.as.ejb3@23.0.2.Final//org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:160)
at org.jboss.invocation@1.6.0.Final//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
at org.jboss.invocation@1.6.0.Final//org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509)
at org.jboss.weld.core@3.1.6.Final//org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:81)
我坚持这一点。感谢,如果有人能解释我为什么我的用户表 PK ID 值从 Keycloak 组合键中删除?
THE END
二维码