Class RealmCacheSession
- java.lang.Object
-
- org.keycloak.models.cache.infinispan.RealmCacheSession
-
- All Implemented Interfaces:
CacheRealmProvider
,ClientProvider
,ClientScopeProvider
,GroupProvider
,RealmProvider
,RoleProvider
,Provider
,ClientLookupProvider
,ClientScopeLookupProvider
,GroupLookupProvider
,RoleLookupProvider
public class RealmCacheSession extends Object implements CacheRealmProvider
- the high level architecture of this cache is an invalidation cache. - the cache is manual/custom versioned. When a model is updated, we remove it from the cache which causes an invalidation message to be sent across the cluster. - We had to do it this way because Infinispan REPEATABLE_READ wouldn't cut it in invalidation mode. Also, REPEATABLE_READ doesn't work very well on relationships and items that are not in the cache. - There are two Infinispan caches. One clustered that holds actual objects and a another local one that holds revision numbers of cached objects. Whenever a cached object is removed (invalidated), the local revision cache number or that key is bumped higher based on a local version counter. Whenever a cache entry is fetched, this revision number is also fetched and compared against the revision number in the cache entry to see if the cache entry is stale. Whenever a cache entry is added, this revision number is also checked against the revision cache. - Revision entries are actually never removed (although they could be evicted by cache eviction policies). The reason for this is that it is possible for a stale object to be inserted if one thread loads and the data is updated in the database before it is added to the cache. So, we keep the version number around for this. - In a transaction, objects are registered to be invalidated. If an object is marked for invalidation within a transaction a cached object should never be returned. An DB adapter should always be returned. - After DB commits, the objects marked for invalidation are invalidated, or rather removed from the cache. At this time the revision cache entry for this object has its version number bumped. - Whenever an object is marked for invalidation, the cache is also searched for any objects that are related to this object and need to also be evicted/removed. We use the Infinispan Stream SPI for this. ClientList caches: - lists of clients are cached in a specific cache entry i.e. realm clients, find client by clientId - realm client lists need to be invalidated and evited whenever a client is added or removed from a realm. RealmProvider now has addClient/removeClient at its top level. All adapaters should use these methods so that the appropriate invalidations can be registered. - whenever a client is added/removed the realm of the client is added to a listInvalidations set this set must be checked before sending back or caching a cached query. This check is required to avoid caching an uncommitted removal/add in a query cache. - when a client is removed, any queries that contain that client must also be removed. - a client removal will also cause anything that is contained and cached within that client to be removed Clustered caches: - There is a Infinispan @Listener registered. If an invalidation event happens, this is treated like the object was removed from the database and will perform evictions based on that assumption. - Eviction events will also cascade other evictions, but not assume this is a db removal. - With an invalidation cache, if you remove an entry on node 1 and this entry does not exist on node 2, node 2 will not receive a @Listener invalidation event. so, hat we have to put a marker entry in the invalidation cache before we read from the DB, so if the DB changes in between reading and adding a cache entry, the cache will be notified and bump the version information. DBs with Repeatable Read: - DBs like MySQL are Repeatable Read by default. So, if you query a Client for instance, it will always return the same result in the same transaction even if the DB was updated in between these queries. This makes it possible to store stale cache entries. To avoid this problem, this class stores the current local version counter at the beginningof the transaction. Whenever an entry is added to the cache, the current coutner is compared against the counter at the beginning of the tx. If the current is greater, then don't cache. Groups and Roles: - roles are tricky because of composites. Composite lists are cached too. So, when a role is removed we also iterate and invalidate any role or group that contains that role being removed. - any relationship should be resolved from session.realms(). For example if JPA.getClientByClientId() is invoked, JPA should find the id of the client and then call session.realms().getClientById(). THis is to ensure that the cached object is invoked and all proper invalidation are being invoked.- Version:
- $Revision: 1 $
- Author:
- Bill Burke
-
-
Field Summary
Fields Modifier and Type Field Description protected RealmCacheManager
cache
protected boolean
clearAll
protected ClientProvider
clientDelegate
protected ClientScopeProvider
clientScopeDelegate
protected GroupProvider
groupDelegate
protected Set<InvalidationEvent>
invalidationEvents
protected Set<String>
invalidations
protected Set<String>
listInvalidations
protected static org.jboss.logging.Logger
logger
protected Map<String,ClientModel>
managedApplications
protected Map<String,ClientScopeAdapter>
managedClientScopes
protected Map<String,GroupAdapter>
managedGroups
protected Map<String,RealmAdapter>
managedRealms
protected Map<String,RoleAdapter>
managedRoles
static String
REALM_CLIENTS_QUERY_SUFFIX
protected RealmProvider
realmDelegate
protected RoleProvider
roleDelegate
static String
ROLES_QUERY_SUFFIX
protected KeycloakSession
session
protected boolean
setRollbackOnly
protected long
startupRevision
protected boolean
transactionActive
-
Constructor Summary
Constructors Constructor Description RealmCacheSession(RealmCacheManager cache, KeycloakSession session)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description ClientModel
addClient(RealmModel realm, String clientId)
Adds a client with givenclientId
to the given realm.ClientModel
addClient(RealmModel realm, String id, String clientId)
Adds a client with given internal ID andclientId
to the given realm.RoleModel
addClientRole(ClientModel client, String name)
Adds a client role with givenname
to the given client.RoleModel
addClientRole(ClientModel client, String id, String name)
Adds a client role with given internal ID andname
to the given client.ClientScopeModel
addClientScope(RealmModel realm, String name)
Creates new client scope with givenname
to the given realm.ClientScopeModel
addClientScope(RealmModel realm, String id, String name)
Creates new client scope with given internal ID andname
to the given realm.void
addClientScopes(RealmModel realm, ClientModel client, Set<ClientScopeModel> clientScopes, boolean defaultScope)
Assign clientScopes to the client.RoleModel
addRealmRole(RealmModel realm, String name)
Adds a realm role with givenname
to the given realm.RoleModel
addRealmRole(RealmModel realm, String id, String name)
Adds a realm role with given internal ID andname
to the given realm.void
addTopLevelGroup(RealmModel realm, GroupModel subGroup)
Removes parent group for the given group in the given realm.protected ClientModel
cacheClient(RealmModel realm, ClientModel delegate, Long revision)
void
clear()
void
close()
ClientInitialAccessModel
createClientInitialAccessModel(RealmModel realm, int expiration, int count)
GroupModel
createGroup(RealmModel realm, String id, String name, GroupModel toParent)
Creates a new group with the given name, id, name and parent to the given realm.RealmModel
createRealm(String name)
Creates new realm with the given name.RealmModel
createRealm(String id, String name)
Created new realm with given ID and name.boolean
deleteLocalizationText(RealmModel realm, String locale, String key)
boolean
deleteLocalizationTextsByLocale(RealmModel realm, String locale)
void
evictRealmOnRemoval(RealmModel realm)
Map<ClientModel,Set<String>>
getAllRedirectUrisOfEnabledClients(RealmModel realm)
Returns a map of (rootUrl, {validRedirectUris}) for all enabled clients.Stream<ClientModel>
getAlwaysDisplayInConsoleClientsStream(RealmModel realm)
Returns a stream of clients that are expected to always show up in account console.ClientModel
getClientByClientId(RealmModel realm, String clientId)
Exact search for a client by its public client identifier.ClientModel
getClientById(RealmModel realm, String id)
Exact search for a client by its internal ID.ClientProvider
getClientDelegate()
ClientInitialAccessModel
getClientInitialAccessModel(RealmModel realm, String id)
RoleModel
getClientRole(ClientModel client, String name)
Exact search for a client role by given name.Stream<RoleModel>
getClientRolesStream(ClientModel client)
Returns all the client roles of the given client.Stream<RoleModel>
getClientRolesStream(ClientModel client, Integer first, Integer max)
Returns the client roles of the given client.ClientScopeModel
getClientScopeById(RealmModel realm, String id)
Exact search for a client scope by its internal ID..ClientScopeProvider
getClientScopeDelegate()
Map<String,ClientScopeModel>
getClientScopes(RealmModel realm, ClientModel client, boolean defaultScopes)
Return all default scopes (ifdefaultScope
istrue
) or all optional scopes (ifdefaultScope
isfalse
) linked with the clientStream<ClientScopeModel>
getClientScopesStream(RealmModel realm)
Returns all the client scopes of the given realm as a stream.long
getClientsCount(RealmModel realm)
Returns number of clients in the given realmStream<ClientModel>
getClientsStream(RealmModel realm)
Returns all the clients of the given realm as a stream.Stream<ClientModel>
getClientsStream(RealmModel realm, Integer firstResult, Integer maxResults)
Returns the clients of the given realm as a stream.GroupModel
getGroupById(RealmModel realm, String id)
Returns a group from the given realm with the corresponding idGroupProvider
getGroupDelegate()
Stream<GroupModel>
getGroupsByRoleStream(RealmModel realm, RoleModel role, Integer firstResult, Integer maxResults)
Returns groups with the given role in the given realm.Long
getGroupsCount(RealmModel realm, Boolean onlyTopGroups)
Returns a number of groups/top level groups (i.e.Long
getGroupsCount(RealmModel realm, Stream<String> ids, String search)
Returns a number of groups that contains the search string in the nameLong
getGroupsCountByNameContaining(RealmModel realm, String search)
Returns the number of top level groups containing groups with the given string in name for the given realm.Stream<GroupModel>
getGroupsStream(RealmModel realm)
Returns groups for the given realm.Stream<GroupModel>
getGroupsStream(RealmModel realm, Stream<String> ids, String search, Integer first, Integer max)
Returns a paginated stream of groups with given ids and given search value in group names.String
getLocalizationTextsById(RealmModel realm, String locale, String key)
RealmModel
getRealm(String id)
Exact search for a realm by its internal ID.RealmModel
getRealmByName(String name)
Exact search for a realm by its name.RealmProvider
getRealmDelegate()
RoleModel
getRealmRole(RealmModel realm, String name)
Exact search for a role by given name.Stream<RoleModel>
getRealmRolesStream(RealmModel realm)
Returns all the realm roles of the given realm as a stream.Stream<RoleModel>
getRealmRolesStream(RealmModel realm, Integer first, Integer max)
Returns the realm roles of the given realm as a stream.Stream<RealmModel>
getRealmsStream()
Returns realms as a stream.Stream<RealmModel>
getRealmsWithProviderTypeStream(Class<?> type)
Returns stream of realms which has component with the given provider type.RoleModel
getRoleById(RealmModel realm, String id)
Exact search for a role by its internal ID..RoleProvider
getRoleDelegate()
Stream<RoleModel>
getRolesStream(RealmModel realm, Stream<String> ids, String search, Integer first, Integer max)
Returns a paginated stream of roles with given ids and given search value in role names.long
getStartupRevision()
Stream<GroupModel>
getTopLevelGroupsStream(RealmModel realm)
Returns all top level groups (i.e.Stream<GroupModel>
getTopLevelGroupsStream(RealmModel realm, Integer first, Integer max)
Returns top level groups (i.e.boolean
isInvalid(String id)
Stream<ClientInitialAccessModel>
listClientInitialAccessStream(RealmModel realm)
Returns client's initial access as a stream.void
moveGroup(RealmModel realm, GroupModel group, GroupModel toParent)
This method is used for moving groups in group structure, for example: making an existing child group child group of some other group, setting a top level group (i.e.void
registerClientInvalidation(String id, String clientId, String realmId)
void
registerClientScopeInvalidation(String id, String realmId)
void
registerGroupInvalidation(String id)
void
registerRealmInvalidation(String id, String name)
void
registerRoleInvalidation(String id, String roleName, String roleContainerId)
boolean
removeClient(RealmModel realm, String id)
Removes given client from the given realm.void
removeClientInitialAccessModel(RealmModel realm, String id)
void
removeClients(RealmModel realm)
Removes all clients from the given realm.boolean
removeClientScope(RealmModel realm, String id)
Removes client scope from the given realm.void
removeClientScope(RealmModel realm, ClientModel client, ClientScopeModel clientScope)
Unassign clientScope from the client.void
removeClientScopes(RealmModel realm)
Removes all client scopes from the given realm.void
removeExpiredClientInitialAccess()
Removes all expired client initial accesses from all realms.boolean
removeGroup(RealmModel realm, GroupModel group)
Removes the given group for the given realm.boolean
removeRealm(String id)
Removes realm with the given id.boolean
removeRole(RoleModel role)
Removes given realm role from the given realm.void
removeRoles(ClientModel client)
Removes all roles from the given client.void
removeRoles(RealmModel realm)
Removes all roles from the given realm.protected void
runInvalidations()
void
saveLocalizationText(RealmModel realm, String locale, String key, String text)
void
saveLocalizationTexts(RealmModel realm, String locale, Map<String,String> localizationTexts)
Stream<ClientModel>
searchClientsByAttributes(RealmModel realm, Map<String,String> attributes, Integer firstResult, Integer maxResults)
Stream<ClientModel>
searchClientsByClientIdStream(RealmModel realm, String clientId, Integer firstResult, Integer maxResults)
Case-insensitive search for clients that contain the given string in their public client identifier.Stream<RoleModel>
searchForClientRolesStream(ClientModel client, String search, Integer first, Integer max)
Case-insensitive search for client roles that contain the given string in their name or description.Stream<GroupModel>
searchForGroupByNameStream(RealmModel realm, String search, Boolean exact, Integer firstResult, Integer maxResults)
Returns the group hierarchy with the given string in name for the given realm.Stream<GroupModel>
searchForGroupByNameStream(RealmModel realm, String search, Integer first, Integer max)
Returns the group hierarchy with the given string in name for the given realm.Stream<RoleModel>
searchForRolesStream(RealmModel realm, String search, Integer first, Integer max)
Case-insensitive search for roles that contain the given string in their name or description.Stream<GroupModel>
searchGroupsByAttributes(RealmModel realm, Map<String,String> attributes, Integer firstResult, Integer maxResults)
Returns the groups filtered by attribute names and attribute values for the given realm.boolean
updateLocalizationText(RealmModel realm, String locale, String key, String text)
protected ClientModel
validateCache(RealmModel realm, CachedClient cached)
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.keycloak.models.GroupProvider
getGroupsStream, getGroupsStream
-
Methods inherited from interface org.keycloak.models.RealmProvider
addClientRole, addClientRole, createGroup, createGroup, createGroup, decreaseRemainingCount, getClientRole, getClientRoles, getClientRoles, getClientScopeById, getRealmRoles, getRoleById, removeRole, searchForClientRoles, searchForRoles
-
-
-
-
Field Detail
-
logger
protected static final org.jboss.logging.Logger logger
-
REALM_CLIENTS_QUERY_SUFFIX
public static final String REALM_CLIENTS_QUERY_SUFFIX
- See Also:
- Constant Field Values
-
ROLES_QUERY_SUFFIX
public static final String ROLES_QUERY_SUFFIX
- See Also:
- Constant Field Values
-
cache
protected RealmCacheManager cache
-
session
protected KeycloakSession session
-
realmDelegate
protected RealmProvider realmDelegate
-
clientDelegate
protected ClientProvider clientDelegate
-
clientScopeDelegate
protected ClientScopeProvider clientScopeDelegate
-
groupDelegate
protected GroupProvider groupDelegate
-
roleDelegate
protected RoleProvider roleDelegate
-
transactionActive
protected boolean transactionActive
-
setRollbackOnly
protected boolean setRollbackOnly
-
managedRealms
protected Map<String,RealmAdapter> managedRealms
-
managedApplications
protected Map<String,ClientModel> managedApplications
-
managedClientScopes
protected Map<String,ClientScopeAdapter> managedClientScopes
-
managedRoles
protected Map<String,RoleAdapter> managedRoles
-
managedGroups
protected Map<String,GroupAdapter> managedGroups
-
invalidationEvents
protected Set<InvalidationEvent> invalidationEvents
-
clearAll
protected boolean clearAll
-
startupRevision
protected final long startupRevision
-
-
Constructor Detail
-
RealmCacheSession
public RealmCacheSession(RealmCacheManager cache, KeycloakSession session)
-
-
Method Detail
-
getStartupRevision
public long getStartupRevision()
-
isInvalid
public boolean isInvalid(String id)
-
clear
public void clear()
- Specified by:
clear
in interfaceCacheRealmProvider
-
getRealmDelegate
public RealmProvider getRealmDelegate()
- Specified by:
getRealmDelegate
in interfaceCacheRealmProvider
-
getClientDelegate
public ClientProvider getClientDelegate()
-
getClientScopeDelegate
public ClientScopeProvider getClientScopeDelegate()
-
getRoleDelegate
public RoleProvider getRoleDelegate()
-
getGroupDelegate
public GroupProvider getGroupDelegate()
-
registerRealmInvalidation
public void registerRealmInvalidation(String id, String name)
- Specified by:
registerRealmInvalidation
in interfaceCacheRealmProvider
-
registerClientInvalidation
public void registerClientInvalidation(String id, String clientId, String realmId)
- Specified by:
registerClientInvalidation
in interfaceCacheRealmProvider
-
registerClientScopeInvalidation
public void registerClientScopeInvalidation(String id, String realmId)
- Specified by:
registerClientScopeInvalidation
in interfaceCacheRealmProvider
-
registerRoleInvalidation
public void registerRoleInvalidation(String id, String roleName, String roleContainerId)
- Specified by:
registerRoleInvalidation
in interfaceCacheRealmProvider
-
registerGroupInvalidation
public void registerGroupInvalidation(String id)
- Specified by:
registerGroupInvalidation
in interfaceCacheRealmProvider
-
runInvalidations
protected void runInvalidations()
-
createRealm
public RealmModel createRealm(String name)
Description copied from interface:RealmProvider
Creates new realm with the given name. The internal ID will be generated automatically.- Specified by:
createRealm
in interfaceRealmProvider
- Parameters:
name
- String name of the realm- Returns:
- Model of the created realm.
-
createRealm
public RealmModel createRealm(String id, String name)
Description copied from interface:RealmProvider
Created new realm with given ID and name.- Specified by:
createRealm
in interfaceRealmProvider
- Parameters:
id
- Internal ID of the realm ornull
if one is to be created by the underlying store. If the store expects the ID to have a certain format (for exampleUUID
) and the supplied ID doesn't follow the expected format, the store may replace theid
with a new one at its own discretion.name
- String name of the realm- Returns:
- Model of the created realm.
-
getRealm
public RealmModel getRealm(String id)
Description copied from interface:RealmProvider
Exact search for a realm by its internal ID.- Specified by:
getRealm
in interfaceRealmProvider
- Parameters:
id
- Internal ID of the realm.- Returns:
- Model of the realm
-
getRealmByName
public RealmModel getRealmByName(String name)
Description copied from interface:RealmProvider
Exact search for a realm by its name.- Specified by:
getRealmByName
in interfaceRealmProvider
- Parameters:
name
- String name of the realm- Returns:
- Model of the realm
-
getRealmsWithProviderTypeStream
public Stream<RealmModel> getRealmsWithProviderTypeStream(Class<?> type)
Description copied from interface:RealmProvider
Returns stream of realms which has component with the given provider type.- Specified by:
getRealmsWithProviderTypeStream
in interfaceRealmProvider
- Parameters:
type
-Class<?>
Type of the provider.- Returns:
- Stream of
RealmModel
. Never returnsnull
.
-
getRealmsStream
public Stream<RealmModel> getRealmsStream()
Description copied from interface:RealmProvider
Returns realms as a stream.- Specified by:
getRealmsStream
in interfaceRealmProvider
- Returns:
- Stream of
RealmModel
. Never returnsnull
.
-
removeRealm
public boolean removeRealm(String id)
Description copied from interface:RealmProvider
Removes realm with the given id.- Specified by:
removeRealm
in interfaceRealmProvider
- Parameters:
id
- of realm.- Returns:
true
if the realm was successfully removed.
-
evictRealmOnRemoval
public void evictRealmOnRemoval(RealmModel realm)
-
addClient
public ClientModel addClient(RealmModel realm, String clientId)
Description copied from interface:ClientProvider
Adds a client with givenclientId
to the given realm. The internal ID of the client will be created automatically.- Specified by:
addClient
in interfaceClientProvider
- Specified by:
addClient
in interfaceRealmProvider
- Parameters:
realm
- Realm owning this client.clientId
- String that identifies the client to the external parties. Maps toclient_id
in OIDC orentityID
in SAML.- Returns:
- Model of the created client.
-
addClient
public ClientModel addClient(RealmModel realm, String id, String clientId)
Description copied from interface:ClientProvider
Adds a client with given internal ID andclientId
to the given realm.- Specified by:
addClient
in interfaceClientProvider
- Specified by:
addClient
in interfaceRealmProvider
- Parameters:
realm
- Realm owning this client.id
- Internal ID of the client ornull
if one is to be created by the underlying storeclientId
- String that identifies the client to the external parties. Maps toclient_id
in OIDC orentityID
in SAML.- Returns:
- Model of the created client.
-
getClientsStream
public Stream<ClientModel> getClientsStream(RealmModel realm, Integer firstResult, Integer maxResults)
Description copied from interface:ClientProvider
Returns the clients of the given realm as a stream.- Specified by:
getClientsStream
in interfaceClientProvider
- Parameters:
realm
- Realm.firstResult
- First result to return. Ignored if negative ornull
.maxResults
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of the clients. Never returns
null
.
-
getClientsStream
public Stream<ClientModel> getClientsStream(RealmModel realm)
Description copied from interface:ClientProvider
Returns all the clients of the given realm as a stream. Effectively the same as the callgetClientsStream(realm, null, null)
.- Specified by:
getClientsStream
in interfaceClientProvider
- Parameters:
realm
- Realm.- Returns:
- Stream of the clients. Never returns
null
.
-
getAlwaysDisplayInConsoleClientsStream
public Stream<ClientModel> getAlwaysDisplayInConsoleClientsStream(RealmModel realm)
Description copied from interface:ClientProvider
Returns a stream of clients that are expected to always show up in account console.- Specified by:
getAlwaysDisplayInConsoleClientsStream
in interfaceClientProvider
- Parameters:
realm
- Realm owning the clients.- Returns:
- Stream of the clients. Never returns
null
.
-
getAllRedirectUrisOfEnabledClients
public Map<ClientModel,Set<String>> getAllRedirectUrisOfEnabledClients(RealmModel realm)
Description copied from interface:ClientProvider
Returns a map of (rootUrl, {validRedirectUris}) for all enabled clients.- Specified by:
getAllRedirectUrisOfEnabledClients
in interfaceClientProvider
- Returns:
-
removeClients
public void removeClients(RealmModel realm)
Description copied from interface:ClientProvider
Removes all clients from the given realm.- Specified by:
removeClients
in interfaceClientProvider
- Parameters:
realm
- Realm.
-
removeClient
public boolean removeClient(RealmModel realm, String id)
Description copied from interface:ClientProvider
Removes given client from the given realm.- Specified by:
removeClient
in interfaceClientProvider
- Parameters:
realm
- Realm.id
- Internal ID of the client- Returns:
true
if the client existed and has been removed,false
otherwise.
-
addRealmRole
public RoleModel addRealmRole(RealmModel realm, String name)
Description copied from interface:RoleProvider
Adds a realm role with givenname
to the given realm. The internal ID of the role will be created automatically.- Specified by:
addRealmRole
in interfaceRealmProvider
- Specified by:
addRealmRole
in interfaceRoleProvider
- Parameters:
realm
- Realm owning this role.name
- String name of the role.- Returns:
- Model of the created role.
-
addRealmRole
public RoleModel addRealmRole(RealmModel realm, String id, String name)
Description copied from interface:RoleProvider
Adds a realm role with given internal ID andname
to the given realm.- Specified by:
addRealmRole
in interfaceRealmProvider
- Specified by:
addRealmRole
in interfaceRoleProvider
- Parameters:
realm
- Realm owning this role.id
- Internal ID of the role ornull
if one is to be created by the underlying storename
- String name of the role.- Returns:
- Model of the created client.
-
getRealmRolesStream
public Stream<RoleModel> getRealmRolesStream(RealmModel realm)
Description copied from interface:RoleProvider
Returns all the realm roles of the given realm as a stream. Effectively the same as the callgetRealmRolesStream(realm, null, null)
.- Specified by:
getRealmRolesStream
in interfaceRoleProvider
- Parameters:
realm
- Realm.- Returns:
- Stream of the roles. Never returns
null
.
-
getClientRolesStream
public Stream<RoleModel> getClientRolesStream(ClientModel client)
Description copied from interface:RoleProvider
Returns all the client roles of the given client. Effectively the same as the callgetClientRoles(client, null, null)
.- Specified by:
getClientRolesStream
in interfaceRoleProvider
- Parameters:
client
- Client.- Returns:
- Stream of the roles. Never returns
null
.
-
getRealmRolesStream
public Stream<RoleModel> getRealmRolesStream(RealmModel realm, Integer first, Integer max)
Description copied from interface:RoleProvider
Returns the realm roles of the given realm as a stream.- Specified by:
getRealmRolesStream
in interfaceRoleProvider
- Parameters:
realm
- Realm.first
- First result to return. Ignored if negative ornull
.max
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of the roles. Never returns
null
.
-
getRolesStream
public Stream<RoleModel> getRolesStream(RealmModel realm, Stream<String> ids, String search, Integer first, Integer max)
Description copied from interface:RoleProvider
Returns a paginated stream of roles with given ids and given search value in role names.- Specified by:
getRolesStream
in interfaceRoleProvider
- Parameters:
realm
- Realm. Cannot benull
.ids
- Stream of ids. Returns emptyStream
whennull
.search
- Case-insensitive string to search by role's name or description. Ignored ifnull
.first
- Index of the first result to return. Ignored if negative ornull
.max
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of desired roles. Never returns
null
.
-
getClientRolesStream
public Stream<RoleModel> getClientRolesStream(ClientModel client, Integer first, Integer max)
Description copied from interface:RoleProvider
Returns the client roles of the given client.- Specified by:
getClientRolesStream
in interfaceRoleProvider
- Parameters:
client
- Client.first
- First result to return. Ignored if negative ornull
.max
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of the roles. Never returns
null
.
-
searchForClientRolesStream
public Stream<RoleModel> searchForClientRolesStream(ClientModel client, String search, Integer first, Integer max)
Description copied from interface:RoleLookupProvider
Case-insensitive search for client roles that contain the given string in their name or description.- Specified by:
searchForClientRolesStream
in interfaceRoleLookupProvider
- Parameters:
client
- Client.search
- String to search by role's name or description.first
- First result to return. Ignored if negative ornull
.max
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of the client roles their name or description contains given search string.
Never returns
null
.
-
searchForRolesStream
public Stream<RoleModel> searchForRolesStream(RealmModel realm, String search, Integer first, Integer max)
Description copied from interface:RoleLookupProvider
Case-insensitive search for roles that contain the given string in their name or description.- Specified by:
searchForRolesStream
in interfaceRoleLookupProvider
- Parameters:
realm
- Realm.search
- Searched substring of the role's name or description.first
- First result to return. Ignored if negative ornull
.max
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of the realm roles their name or description contains given search string.
Never returns
null
.
-
addClientRole
public RoleModel addClientRole(ClientModel client, String name)
Description copied from interface:RoleProvider
Adds a client role with givenname
to the given client. The internal ID of the role will be created automatically.- Specified by:
addClientRole
in interfaceRoleProvider
- Parameters:
client
- Client owning this role.name
- String name of the role.- Returns:
- Model of the created role.
-
addClientRole
public RoleModel addClientRole(ClientModel client, String id, String name)
Description copied from interface:RoleProvider
Adds a client role with given internal ID andname
to the given client.- Specified by:
addClientRole
in interfaceRoleProvider
- Parameters:
client
- Client owning this role.id
- Internal ID of the client role ornull
if one is to be created by the underlying store.name
- String name of the role.- Returns:
- Model of the created role.
-
getRealmRole
public RoleModel getRealmRole(RealmModel realm, String name)
Description copied from interface:RoleLookupProvider
Exact search for a role by given name.- Specified by:
getRealmRole
in interfaceRealmProvider
- Specified by:
getRealmRole
in interfaceRoleLookupProvider
- Parameters:
realm
- Realm.name
- String name of the role.- Returns:
- Model of the role, or
null
if no role is found.
-
getClientRole
public RoleModel getClientRole(ClientModel client, String name)
Description copied from interface:RoleLookupProvider
Exact search for a client role by given name.- Specified by:
getClientRole
in interfaceRoleLookupProvider
- Parameters:
client
- Client.name
- String name of the role.- Returns:
- Model of the role, or
null
if no role is found.
-
removeRole
public boolean removeRole(RoleModel role)
Description copied from interface:RoleProvider
Removes given realm role from the given realm.- Specified by:
removeRole
in interfaceRoleProvider
- Parameters:
role
- Role to be removed.- Returns:
true
if the role existed and has been removed,false
otherwise.
-
removeRoles
public void removeRoles(RealmModel realm)
Description copied from interface:RoleProvider
Removes all roles from the given realm.- Specified by:
removeRoles
in interfaceRoleProvider
- Parameters:
realm
- Realm.
-
removeRoles
public void removeRoles(ClientModel client)
Description copied from interface:RoleProvider
Removes all roles from the given client.- Specified by:
removeRoles
in interfaceRoleProvider
- Parameters:
client
- Client.
-
getRoleById
public RoleModel getRoleById(RealmModel realm, String id)
Description copied from interface:RoleLookupProvider
Exact search for a role by its internal ID..- Specified by:
getRoleById
in interfaceRoleLookupProvider
- Parameters:
realm
- Realm.id
- Internal ID of the role.- Returns:
- Model of the role.
-
getGroupById
public GroupModel getGroupById(RealmModel realm, String id)
Description copied from interface:GroupLookupProvider
Returns a group from the given realm with the corresponding id- Specified by:
getGroupById
in interfaceGroupLookupProvider
- Specified by:
getGroupById
in interfaceRealmProvider
- Parameters:
realm
- Realm.id
- Id.- Returns:
- GroupModel with the corresponding id.
-
moveGroup
public void moveGroup(RealmModel realm, GroupModel group, GroupModel toParent)
Description copied from interface:GroupProvider
This method is used for moving groups in group structure, for example:- making an existing child group child group of some other group,
- setting a top level group (i.e. group without parent group) child of some group,
- making a child group top level group (i.e. removing its parent group).
- Specified by:
moveGroup
in interfaceGroupProvider
- Specified by:
moveGroup
in interfaceRealmProvider
- Parameters:
realm
- Realm owning this group.group
- Group to update.toParent
- New parent group, ornull
if we are moving the group to top level group.
-
getGroupsStream
public Stream<GroupModel> getGroupsStream(RealmModel realm)
Description copied from interface:GroupProvider
Returns groups for the given realm.- Specified by:
getGroupsStream
in interfaceGroupProvider
- Parameters:
realm
- Realm.- Returns:
- Stream of groups in the Realm.
-
getGroupsStream
public Stream<GroupModel> getGroupsStream(RealmModel realm, Stream<String> ids, String search, Integer first, Integer max)
Description copied from interface:GroupProvider
Returns a paginated stream of groups with given ids and given search value in group names.- Specified by:
getGroupsStream
in interfaceGroupProvider
- Parameters:
realm
- Realm.ids
- Stream of ids.search
- Case insensitive string which will be searched for. Ignored if null.first
- Index of the first result to return. Ignored if negative ornull
.max
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of desired groups. Never returns
null
.
-
getGroupsCount
public Long getGroupsCount(RealmModel realm, Stream<String> ids, String search)
Description copied from interface:GroupProvider
Returns a number of groups that contains the search string in the name- Specified by:
getGroupsCount
in interfaceGroupProvider
- Parameters:
realm
- Realm.ids
- List of ids.search
- Case insensitive string which will be searched for. Ignored if null.- Returns:
- Number of groups.
-
getGroupsCount
public Long getGroupsCount(RealmModel realm, Boolean onlyTopGroups)
Description copied from interface:GroupProvider
Returns a number of groups/top level groups (i.e. groups without parent group) for the given realm.- Specified by:
getGroupsCount
in interfaceGroupProvider
- Specified by:
getGroupsCount
in interfaceRealmProvider
- Parameters:
realm
- Realm.onlyTopGroups
- When true the function returns a count of top level groups only.- Returns:
- Number of groups/top level groups.
-
getClientsCount
public long getClientsCount(RealmModel realm)
Description copied from interface:ClientProvider
Returns number of clients in the given realm- Specified by:
getClientsCount
in interfaceClientProvider
- Specified by:
getClientsCount
in interfaceRealmProvider
- Parameters:
realm
- Realm.- Returns:
- Number of the clients in the given realm.
-
getGroupsCountByNameContaining
public Long getGroupsCountByNameContaining(RealmModel realm, String search)
Description copied from interface:GroupProvider
Returns the number of top level groups containing groups with the given string in name for the given realm.- Specified by:
getGroupsCountByNameContaining
in interfaceGroupProvider
- Specified by:
getGroupsCountByNameContaining
in interfaceRealmProvider
- Parameters:
realm
- Realm.search
- Case insensitive string which will be searched for.- Returns:
- Number of groups with the given string in its name.
-
getGroupsByRoleStream
public Stream<GroupModel> getGroupsByRoleStream(RealmModel realm, RoleModel role, Integer firstResult, Integer maxResults)
Description copied from interface:GroupProvider
Returns groups with the given role in the given realm.- Specified by:
getGroupsByRoleStream
in interfaceGroupProvider
- Parameters:
realm
- Realm.role
- Role.firstResult
- First result to return. Ignored if negative ornull
.maxResults
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of groups with the given role. Never returns
null
.
-
getTopLevelGroupsStream
public Stream<GroupModel> getTopLevelGroupsStream(RealmModel realm)
Description copied from interface:GroupProvider
Returns all top level groups (i.e. groups without parent group) for the given realm.- Specified by:
getTopLevelGroupsStream
in interfaceGroupProvider
- Parameters:
realm
- Realm.- Returns:
- Stream of all top level groups in the realm. Never returns
null
.
-
getTopLevelGroupsStream
public Stream<GroupModel> getTopLevelGroupsStream(RealmModel realm, Integer first, Integer max)
Description copied from interface:GroupProvider
Returns top level groups (i.e. groups without parent group) for the given realm.- Specified by:
getTopLevelGroupsStream
in interfaceGroupProvider
- Parameters:
realm
- Realm.first
- First result to return. Ignored if negative ornull
.max
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of top level groups in the realm. Never returns
null
.
-
searchForGroupByNameStream
public Stream<GroupModel> searchForGroupByNameStream(RealmModel realm, String search, Integer first, Integer max)
Description copied from interface:GroupLookupProvider
Returns the group hierarchy with the given string in name for the given realm. For a matching group node the parent group is fetched by id (with all children) and added to the result stream. This is done until the group node does not have a parent (root group)- Specified by:
searchForGroupByNameStream
in interfaceGroupLookupProvider
- Parameters:
realm
- Realm.search
- Case sensitive searched string.first
- First result to return. Ignored if negative ornull
.max
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of root groups that have the given string in their name themself or a group in their child-collection has.
The returned hierarchy contains siblings that do not necessarily have a matching name. Never returns
null
.
-
searchForGroupByNameStream
public Stream<GroupModel> searchForGroupByNameStream(RealmModel realm, String search, Boolean exact, Integer firstResult, Integer maxResults)
Description copied from interface:GroupLookupProvider
Returns the group hierarchy with the given string in name for the given realm. For a matching group node the parent group is fetched by id (with all children) and added to the result stream. This is done until the group node does not have a parent (root group)- Specified by:
searchForGroupByNameStream
in interfaceGroupLookupProvider
- Parameters:
realm
- Realm.search
- Case sensitive searched string.exact
- Boolean which defines wheather search param should be matched exactly.firstResult
- First result to return. Ignored if negative ornull
.maxResults
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of root groups that have the given string in their name themself or a group in their child-collection has.
The returned hierarchy contains siblings that do not necessarily have a matching name. Never returns
null
.
-
searchGroupsByAttributes
public Stream<GroupModel> searchGroupsByAttributes(RealmModel realm, Map<String,String> attributes, Integer firstResult, Integer maxResults)
Description copied from interface:GroupLookupProvider
Returns the groups filtered by attribute names and attribute values for the given realm.- Specified by:
searchGroupsByAttributes
in interfaceGroupLookupProvider
- Parameters:
realm
- Realm.attributes
- name-value pairs that are compared to group attributes.firstResult
- First result to return. Ignored if negative ornull
.maxResults
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of groups with attributes matching all searched attributes. Never returns
null
.
-
removeGroup
public boolean removeGroup(RealmModel realm, GroupModel group)
Description copied from interface:GroupProvider
Removes the given group for the given realm.- Specified by:
removeGroup
in interfaceGroupProvider
- Specified by:
removeGroup
in interfaceRealmProvider
- Parameters:
realm
- Realm.group
- Group.- Returns:
- true if the group was removed, false if group doesn't exist or doesn't belong to the given realm
-
createGroup
public GroupModel createGroup(RealmModel realm, String id, String name, GroupModel toParent)
Description copied from interface:GroupProvider
Creates a new group with the given name, id, name and parent to the given realm.- Specified by:
createGroup
in interfaceGroupProvider
- Specified by:
createGroup
in interfaceRealmProvider
- Parameters:
realm
- Realm.id
- Id, will be generated ifnull
.name
- Name.toParent
- Parent group, ornull
if the group is top level group- Returns:
- Model of the created group
-
addTopLevelGroup
public void addTopLevelGroup(RealmModel realm, GroupModel subGroup)
Description copied from interface:GroupProvider
Removes parent group for the given group in the given realm.- Specified by:
addTopLevelGroup
in interfaceGroupProvider
- Specified by:
addTopLevelGroup
in interfaceRealmProvider
- Parameters:
realm
- Realm.subGroup
- Group.
-
getClientById
public ClientModel getClientById(RealmModel realm, String id)
Description copied from interface:ClientLookupProvider
Exact search for a client by its internal ID.- Specified by:
getClientById
in interfaceClientLookupProvider
- Parameters:
realm
- Realm to limit the search.id
- Internal ID- Returns:
- Model of the client, or
null
if no client is found.
-
cacheClient
protected ClientModel cacheClient(RealmModel realm, ClientModel delegate, Long revision)
-
validateCache
protected ClientModel validateCache(RealmModel realm, CachedClient cached)
-
searchClientsByClientIdStream
public Stream<ClientModel> searchClientsByClientIdStream(RealmModel realm, String clientId, Integer firstResult, Integer maxResults)
Description copied from interface:ClientLookupProvider
Case-insensitive search for clients that contain the given string in their public client identifier.- Specified by:
searchClientsByClientIdStream
in interfaceClientLookupProvider
- Parameters:
realm
- Realm to limit the search for clients.clientId
- Searched substring of the public client identifier (client_id
in OIDC orentityID
in SAML.)firstResult
- First result to return. Ignored if negative ornull
.maxResults
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of ClientModel or an empty stream if no client is found. Never returns
null
.
-
searchClientsByAttributes
public Stream<ClientModel> searchClientsByAttributes(RealmModel realm, Map<String,String> attributes, Integer firstResult, Integer maxResults)
- Specified by:
searchClientsByAttributes
in interfaceClientLookupProvider
-
getClientByClientId
public ClientModel getClientByClientId(RealmModel realm, String clientId)
Description copied from interface:ClientLookupProvider
Exact search for a client by its public client identifier.- Specified by:
getClientByClientId
in interfaceClientLookupProvider
- Parameters:
realm
- Realm to limit the search for clients.clientId
- String that identifies the client to the external parties. Maps toclient_id
in OIDC orentityID
in SAML.- Returns:
- Model of the client, or
null
if no client is found.
-
getClientScopeById
public ClientScopeModel getClientScopeById(RealmModel realm, String id)
Description copied from interface:ClientScopeLookupProvider
Exact search for a client scope by its internal ID..- Specified by:
getClientScopeById
in interfaceClientScopeLookupProvider
- Specified by:
getClientScopeById
in interfaceRealmProvider
- Parameters:
realm
- Realm.id
- Internal ID of the role.- Returns:
- Model of the client scope.
-
getClientScopesStream
public Stream<ClientScopeModel> getClientScopesStream(RealmModel realm)
Description copied from interface:ClientScopeProvider
Returns all the client scopes of the given realm as a stream.- Specified by:
getClientScopesStream
in interfaceClientScopeProvider
- Parameters:
realm
- Realm.- Returns:
- Stream of the client scopes. Never returns
null
.
-
addClientScope
public ClientScopeModel addClientScope(RealmModel realm, String name)
Description copied from interface:ClientScopeProvider
Creates new client scope with givenname
to the given realm. Spaces inname
will be replaced by underscore so that scope name can be used as value of scope parameter. The internal ID will be created automatically.- Specified by:
addClientScope
in interfaceClientScopeProvider
- Parameters:
realm
- Realm owning this client scope.name
- String name of the client scope.- Returns:
- Model of the created client scope.
-
addClientScope
public ClientScopeModel addClientScope(RealmModel realm, String id, String name)
Description copied from interface:ClientScopeProvider
Creates new client scope with given internal ID andname
to the given realm. Spaces inname
will be replaced by underscore so that scope name can be used as value of scope parameter.- Specified by:
addClientScope
in interfaceClientScopeProvider
- Parameters:
realm
- Realm owning this client scope.id
- Internal ID of the client scope ornull
if one is to be created by the underlying storename
- String name of the client scope.- Returns:
- Model of the created client scope.
-
removeClientScope
public boolean removeClientScope(RealmModel realm, String id)
Description copied from interface:ClientScopeProvider
Removes client scope from the given realm.- Specified by:
removeClientScope
in interfaceClientScopeProvider
- Parameters:
realm
- Realm.id
- Internal ID of the client scope- Returns:
true
if the client scope existed and has been removed,false
otherwise.
-
removeClientScopes
public void removeClientScopes(RealmModel realm)
Description copied from interface:ClientScopeProvider
Removes all client scopes from the given realm.- Specified by:
removeClientScopes
in interfaceClientScopeProvider
- Parameters:
realm
- Realm.
-
addClientScopes
public void addClientScopes(RealmModel realm, ClientModel client, Set<ClientScopeModel> clientScopes, boolean defaultScope)
Description copied from interface:ClientProvider
Assign clientScopes to the client. Add as default scopes (if parameter 'defaultScope' is true) or optional scopes (if parameter 'defaultScope' is false)- Specified by:
addClientScopes
in interfaceClientProvider
- Parameters:
realm
- Realm.client
- Client.clientScopes
- to be assigneddefaultScope
- if true the scopes are assigned as default, or optional in case of false
-
removeClientScope
public void removeClientScope(RealmModel realm, ClientModel client, ClientScopeModel clientScope)
Description copied from interface:ClientProvider
Unassign clientScope from the client.- Specified by:
removeClientScope
in interfaceClientProvider
- Parameters:
realm
- Realm.client
- Client.clientScope
- to be unassigned
-
getClientScopes
public Map<String,ClientScopeModel> getClientScopes(RealmModel realm, ClientModel client, boolean defaultScopes)
Description copied from interface:ClientLookupProvider
Return all default scopes (ifdefaultScope
istrue
) or all optional scopes (ifdefaultScope
isfalse
) linked with the client- Specified by:
getClientScopes
in interfaceClientLookupProvider
- Parameters:
realm
- Realmclient
- ClientdefaultScopes
- if true default scopes, if false optional scopes, are returned- Returns:
- map where key is the name of the clientScope, value is particular clientScope. Returns empty map if no scopes linked (never returns null).
-
createClientInitialAccessModel
public ClientInitialAccessModel createClientInitialAccessModel(RealmModel realm, int expiration, int count)
- Specified by:
createClientInitialAccessModel
in interfaceRealmProvider
-
getClientInitialAccessModel
public ClientInitialAccessModel getClientInitialAccessModel(RealmModel realm, String id)
- Specified by:
getClientInitialAccessModel
in interfaceRealmProvider
-
removeClientInitialAccessModel
public void removeClientInitialAccessModel(RealmModel realm, String id)
- Specified by:
removeClientInitialAccessModel
in interfaceRealmProvider
-
listClientInitialAccessStream
public Stream<ClientInitialAccessModel> listClientInitialAccessStream(RealmModel realm)
Description copied from interface:RealmProvider
Returns client's initial access as a stream.- Specified by:
listClientInitialAccessStream
in interfaceRealmProvider
- Parameters:
realm
-RealmModel
The realm where to list client's initial access.- Returns:
- Stream of
ClientInitialAccessModel
. Never returnsnull
.
-
removeExpiredClientInitialAccess
public void removeExpiredClientInitialAccess()
Description copied from interface:RealmProvider
Removes all expired client initial accesses from all realms.- Specified by:
removeExpiredClientInitialAccess
in interfaceRealmProvider
-
saveLocalizationText
public void saveLocalizationText(RealmModel realm, String locale, String key, String text)
- Specified by:
saveLocalizationText
in interfaceRealmProvider
-
saveLocalizationTexts
public void saveLocalizationTexts(RealmModel realm, String locale, Map<String,String> localizationTexts)
- Specified by:
saveLocalizationTexts
in interfaceRealmProvider
-
updateLocalizationText
public boolean updateLocalizationText(RealmModel realm, String locale, String key, String text)
- Specified by:
updateLocalizationText
in interfaceRealmProvider
-
deleteLocalizationTextsByLocale
public boolean deleteLocalizationTextsByLocale(RealmModel realm, String locale)
- Specified by:
deleteLocalizationTextsByLocale
in interfaceRealmProvider
-
deleteLocalizationText
public boolean deleteLocalizationText(RealmModel realm, String locale, String key)
- Specified by:
deleteLocalizationText
in interfaceRealmProvider
-
getLocalizationTextsById
public String getLocalizationTextsById(RealmModel realm, String locale, String key)
- Specified by:
getLocalizationTextsById
in interfaceRealmProvider
-
-