Class KeycloakModelUtils

    • Method Detail

      • generateId

        public static String generateId()
      • getPublicKey

        public static PublicKey getPublicKey​(String publicKeyPem)
      • getPrivateKey

        public static PrivateKey getPrivateKey​(String privateKeyPem)
      • getSecretKey

        public static Key getSecretKey​(String secret)
      • getPemFromKey

        public static String getPemFromKey​(Key key)
      • getDefaultClientAuthenticatorType

        public static String getDefaultClientAuthenticatorType()
      • generateCodeSecret

        public static String generateCodeSecret()
      • searchFor

        public static boolean searchFor​(RoleModel role,
                                        RoleModel composite,
                                        Set<String> visited)
        Deep search if given role is descendant of composite role
        Parameters:
        role - role to check
        composite - composite role
        visited - set of already visited roles (used for recursion)
        Returns:
        true if "role" is descendant of "composite"
      • findUserByNameOrEmail

        public static UserModel findUserByNameOrEmail​(KeycloakSession session,
                                                      RealmModel realm,
                                                      String username)
        Try to find user by username or email for authentication
        Parameters:
        realm - realm
        username - username or email of user
        Returns:
        found user
      • runJobInRetriableTransaction

        public static <V> V runJobInRetriableTransaction​(KeycloakSessionFactory factory,
                                                         KeycloakSessionTaskWithResult<V> callable,
                                                         int attemptsCount,
                                                         int retryIntervalMillis)
        Creates a new KeycloakSession and runs the specified callable in a new transaction. If the transaction fails with a SQL retriable error, the method re-executes the specified callable until it either succeeds or the maximum number of attempts is reached, leaving some increasing random delay milliseconds between the invocations. It uses the exponential backoff + jitter algorithm to compute the delay, which is limited to attemptsCount * retryIntervalMillis. More details https://aws.amazon.com/blogs/architecture/exponential-backoff-and-jitter/
        Type Parameters:
        V - the type returned by the callable.
        Parameters:
        factory - a reference to the KeycloakSessionFactory.
        callable - a reference to the KeycloakSessionTaskWithResult that will be executed in a retriable way.
        attemptsCount - the maximum number of attempts to execute the callable.
        retryIntervalMillis - the base interval value in millis used to compute the delay.
        Returns:
        the value computed by the callable.
      • isExceptionRetriable

        public static boolean isExceptionRetriable​(Throwable exception)
        Checks if the specified exception is retriable or not. A retriable exception must be an instance of SQLException and must have a 40001 SQL retriable state. This is a standard SQL state as defined in SQL standard, and across the implementations its meaning boils down to "deadlock" (applies to Postgres, MSSQL, Oracle, MySQL, and others).
        Parameters:
        exception - the exception to be checked.
        Returns:
        true if the exception is retriable; false otherwise.
      • runJobInTransactionWithTimeout

        public static void runJobInTransactionWithTimeout​(KeycloakSessionFactory factory,
                                                          KeycloakSessionTask task,
                                                          int timeoutInSeconds)
        Wrap given runnable job into KeycloakTransaction. Set custom timeout for the JTA transaction (in case we're in the environment with JTA enabled)
        Parameters:
        factory -
        task -
        timeoutInSeconds -
      • setTransactionLimit

        public static void setTransactionLimit​(KeycloakSessionFactory factory,
                                               int timeoutInSeconds)
      • getMasterRealmAdminApplicationClientId

        public static String getMasterRealmAdminApplicationClientId​(String realmName)
      • toLowerCaseSafe

        public static String toLowerCaseSafe​(String str)
      • setupDefaultRole

        public static void setupDefaultRole​(RealmModel realm,
                                            String defaultRoleName)
        Creates default role for particular realm with the given name.
        Parameters:
        realm - Realm
        defaultRoleName - Name of the newly created defaultRole
      • setupDeleteAccount

        public static void setupDeleteAccount​(ClientModel accountClient)
      • deepFindAuthenticationExecutions

        public static void deepFindAuthenticationExecutions​(RealmModel realm,
                                                            AuthenticationFlowModel flow,
                                                            List<AuthenticationExecutionModel> result)
        Recursively find all AuthenticationExecutionModel from specified flow or all it's subflows
        Parameters:
        realm -
        flow -
        result - input should be empty list. At the end will be all executions added to this list
      • normalizeGroupPath

        public static String normalizeGroupPath​(String groupPath)
      • parseRole

        public static String[] parseRole​(String role)
      • buildRoleQualifier

        public static String buildRoleQualifier​(String clientId,
                                                String roleName)
      • isFlowUsed

        public static boolean isFlowUsed​(RealmModel realm,
                                         AuthenticationFlowModel model)
        Check to see if a flow is currently in use
        Parameters:
        realm -
        model -
        Returns:
      • findClientScopeById

        public static ClientScopeModel findClientScopeById​(RealmModel realm,
                                                           ClientModel client,
                                                           String clientScopeId)
        Lookup clientScope OR client by id. Method is useful if you know just ID, but you don't know if underlying model is clientScope or client
      • convertClientScopeName

        public static String convertClientScopeName​(String previousName)
        Replace spaces in the name with underscore, so that scope name can be used as value of scope parameter
      • setupAuthorizationServices

        public static void setupAuthorizationServices​(RealmModel realm)
      • isRealmProviderJpa

        public static boolean isRealmProviderJpa​(KeycloakSession session)
        Returns:
        true if implementation of realmProvider is "jpa" . Which is always the case in standard Keycloak installations.
      • getSecretLengthByAuthenticationType

        public static int getSecretLengthByAuthenticationType​(String clientAuthenticatorType,
                                                              String signingAlg)
        Parameters:
        clientAuthenticatorType -
        Returns:
        secret size based on authentication type