Package org.keycloak.storage.adapter
Class AbstractUserAdapterFederatedStorage
- java.lang.Object
-
- org.keycloak.models.UserModelDefaultMethods
-
- org.keycloak.storage.adapter.AbstractUserAdapterFederatedStorage
-
- All Implemented Interfaces:
RoleMapperModel
,UserModel
- Direct Known Subclasses:
AbstractUserAdapterFederatedStorage.Streams
public abstract class AbstractUserAdapterFederatedStorage extends UserModelDefaultMethods
Assumes everything is managed by federated storage except for username. getId() returns a default value of "f:" + providerId + ":" + getUsername(). UserModel properties like enabled, firstName, lastName, email, etc. are all stored as attributes in federated storage. isEnabled() defaults to true if the ENABLED_ATTRIBUTE isn't set in federated storage- Version:
- $Revision: 1 $
- Author:
- Bill Burke
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
AbstractUserAdapterFederatedStorage.Streams
TheStreams(org.keycloak.models.KeycloakSession,org.keycloak.models.RealmModel,org.keycloak.component.ComponentModel)
interface makes all collection-based methods inAbstractUserAdapterFederatedStorage
default by providing implementations that delegate to theStream
-based variants instead of the other way around.-
Nested classes/interfaces inherited from interface org.keycloak.models.UserModel
UserModel.RequiredAction, UserModel.SearchableFields, UserModel.UserRemovedEvent
-
-
Field Summary
Fields Modifier and Type Field Description static String
CREATED_TIMESTAMP_ATTRIBUTE
static String
EMAIL_ATTRIBUTE
static String
EMAIL_VERIFIED_ATTRIBUTE
static String
ENABLED_ATTRIBUTE
static String
FIRST_NAME_ATTRIBUTE
static String
LAST_NAME_ATTRIBUTE
protected RealmModel
realm
protected KeycloakSession
session
protected StorageId
storageId
protected ComponentModel
storageProviderModel
-
Fields inherited from interface org.keycloak.models.UserModel
COMPARE_BY_USERNAME, DISABLED_REASON, EMAIL, EMAIL_VERIFIED, ENABLED, EXACT, FIRST_NAME, GROUPS, IDP_ALIAS, IDP_USER_ID, INCLUDE_SERVICE_ACCOUNT, LAST_NAME, LOCALE, SEARCH, USERNAME
-
-
Constructor Summary
Constructors Constructor Description AbstractUserAdapterFederatedStorage(KeycloakSession session, RealmModel realm, ComponentModel storageProviderModel)
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description void
addRequiredAction(String action)
void
addRequiredAction(UserModel.RequiredAction action)
protected boolean
appendDefaultGroups()
Should the realm's default groups be appended to getGroups() call? If your storage provider is not managing group mappings then it is recommended that this method return trueprotected boolean
appendDefaultRolesToRoleMappings()
Should the realm's default roles be appended to getRoleMappings() call? If your storage provider is not managing all role mappings then it is recommended that this method return trueSubjectCredentialManager
credentialManager()
Instance of a user credential manager to validate and update the credentials of this user.void
deleteRoleMapping(RoleModel role)
Removes the given role mapping from this object.boolean
equals(Object o)
List<String>
getAttribute(String name)
Deprecated.UsegetAttributeStream(String)
insteadMap<String,List<String>>
getAttributes()
Stream<String>
getAttributeStream(String name)
Obtains all values associated with the specified attribute name.Set<RoleModel>
getClientRoleMappings(ClientModel app)
Deprecated.UsegetClientRoleMappingsStream(ClientModel)
insteadStream<RoleModel>
getClientRoleMappingsStream(ClientModel app)
Returns stream of client roles that are directly set to this object for the given client.Long
getCreatedTimestamp()
Get timestamp of user creation.protected Set<RoleModel>
getFederatedRoleMappings()
UserFederatedStorageProvider
getFederatedStorage()
String
getFederationLink()
This method should not be overridenString
getFirstAttribute(String name)
Set<GroupModel>
getGroups()
Deprecated.UsegetGroupsStream()
insteadprotected Set<GroupModel>
getGroupsInternal()
Get group membership mappings that are managed by this storage providerStream<GroupModel>
getGroupsStream()
Obtains the groups associated with the user.String
getId()
Defaults to 'f:' + storageProvider.getId() + ':' + getUsername()Set<RoleModel>
getRealmRoleMappings()
Deprecated.UsegetRealmRoleMappingsStream()
insteadStream<RoleModel>
getRealmRoleMappingsStream()
Returns stream of realm roles that are directly set to this object.Set<String>
getRequiredActions()
Deprecated.UsegetRequiredActionsStream()
insteadStream<String>
getRequiredActionsStream()
Obtains the names of required actions associated with the user.Set<RoleModel>
getRoleMappings()
Deprecated.UsegetRoleMappingsStream()
insteadprotected Set<RoleModel>
getRoleMappingsInternal()
Stream<RoleModel>
getRoleMappingsStream()
Returns stream of all role (both realm all client) that are directly set to this object.String
getServiceAccountClientLink()
This method should not be overridenvoid
grantRole(RoleModel role)
Grants the given role to this object.int
hashCode()
boolean
hasRole(RoleModel role)
Returnstrue
if this object is directly or indirectly assigned the given role,false
otherwise.boolean
isEmailVerified()
boolean
isEnabled()
boolean
isMemberOf(GroupModel group)
void
joinGroup(GroupModel group)
void
leaveGroup(GroupModel group)
protected String
mapAttribute(String attributeName)
void
removeAttribute(String name)
void
removeRequiredAction(String action)
void
removeRequiredAction(UserModel.RequiredAction action)
void
setAttribute(String name, List<String> values)
void
setCreatedTimestamp(Long timestamp)
void
setEmailVerified(boolean verified)
Stores as attribute in federated storage.void
setEnabled(boolean enabled)
void
setFederationLink(String link)
This method should not be overridenvoid
setServiceAccountClientLink(String clientInternalId)
This method should not be overridenvoid
setSingleAttribute(String name, String value)
Set single value of specified attribute.-
Methods inherited from class org.keycloak.models.UserModelDefaultMethods
getEmail, getFirstName, getLastName, setEmail, setFirstName, setLastName, toString
-
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
-
Methods inherited from interface org.keycloak.models.RoleMapperModel
hasDirectRole
-
Methods inherited from interface org.keycloak.models.UserModel
getGroupsCount, getGroupsCountByNameContaining, getGroupsStream, getUsername, setUsername
-
-
-
-
Field Detail
-
FIRST_NAME_ATTRIBUTE
public static String FIRST_NAME_ATTRIBUTE
-
LAST_NAME_ATTRIBUTE
public static String LAST_NAME_ATTRIBUTE
-
EMAIL_ATTRIBUTE
public static String EMAIL_ATTRIBUTE
-
EMAIL_VERIFIED_ATTRIBUTE
public static String EMAIL_VERIFIED_ATTRIBUTE
-
CREATED_TIMESTAMP_ATTRIBUTE
public static String CREATED_TIMESTAMP_ATTRIBUTE
-
ENABLED_ATTRIBUTE
public static String ENABLED_ATTRIBUTE
-
session
protected KeycloakSession session
-
realm
protected RealmModel realm
-
storageProviderModel
protected ComponentModel storageProviderModel
-
storageId
protected StorageId storageId
-
-
Constructor Detail
-
AbstractUserAdapterFederatedStorage
public AbstractUserAdapterFederatedStorage(KeycloakSession session, RealmModel realm, ComponentModel storageProviderModel)
-
-
Method Detail
-
getFederatedStorage
public UserFederatedStorageProvider getFederatedStorage()
-
getRequiredActions
public Set<String> getRequiredActions()
Deprecated.UsegetRequiredActionsStream()
instead
-
getRequiredActionsStream
public Stream<String> getRequiredActionsStream()
Description copied from interface:UserModel
Obtains the names of required actions associated with the user.- Returns:
- a non-null
Stream
of required action names.
-
addRequiredAction
public void addRequiredAction(String action)
-
removeRequiredAction
public void removeRequiredAction(String action)
-
addRequiredAction
public void addRequiredAction(UserModel.RequiredAction action)
-
removeRequiredAction
public void removeRequiredAction(UserModel.RequiredAction action)
-
getGroupsInternal
protected Set<GroupModel> getGroupsInternal()
Get group membership mappings that are managed by this storage provider- Returns:
-
appendDefaultGroups
protected boolean appendDefaultGroups()
Should the realm's default groups be appended to getGroups() call? If your storage provider is not managing group mappings then it is recommended that this method return true- Returns:
-
getGroups
public Set<GroupModel> getGroups()
Deprecated.UsegetGroupsStream()
insteadGets groups from federated storage and automatically appends default groups of realm. Also calls getGroupsInternal() method to pull group membership from provider. Implementors can override that method- Returns:
-
getGroupsStream
public Stream<GroupModel> getGroupsStream()
Description copied from interface:UserModel
Obtains the groups associated with the user.- Returns:
- a non-null
Stream
of groups.
-
joinGroup
public void joinGroup(GroupModel group)
-
leaveGroup
public void leaveGroup(GroupModel group)
-
isMemberOf
public boolean isMemberOf(GroupModel group)
-
getRealmRoleMappings
public Set<RoleModel> getRealmRoleMappings()
Deprecated.UsegetRealmRoleMappingsStream()
insteadGets role mappings from federated storage and automatically appends default roles. Also calls getRoleMappingsInternal() method to pull role mappings from provider. Implementors can override that method- Returns:
-
getRealmRoleMappingsStream
public Stream<RoleModel> getRealmRoleMappingsStream()
Description copied from interface:RoleMapperModel
Returns stream of realm roles that are directly set to this object.- Returns:
- Stream of
RoleModel
. Never returnsnull
.
-
getClientRoleMappings
public Set<RoleModel> getClientRoleMappings(ClientModel app)
Deprecated.UsegetClientRoleMappingsStream(ClientModel)
insteadGets role mappings from federated storage and automatically appends default roles. Also calls getRoleMappingsInternal() method to pull role mappings from provider. Implementors can override that method- Returns:
-
getClientRoleMappingsStream
public Stream<RoleModel> getClientRoleMappingsStream(ClientModel app)
Description copied from interface:RoleMapperModel
Returns stream of client roles that are directly set to this object for the given client.- Parameters:
app
-ClientModel
Client to get the roles for.- Returns:
- Stream of
RoleModel
. Never returnsnull
.
-
hasRole
public boolean hasRole(RoleModel role)
Description copied from interface:RoleMapperModel
Returnstrue
if this object is directly or indirectly assigned the given role,false
otherwise.For example,
true
is returned for hasRole(R) if:- R is directly assigned to this object
- R is indirectly assigned to this object via composites
- R is not assigned to this object but this object belongs to a group G which is assigned the role R
- R is not assigned to this object but this object belongs to a group G, and G belongs to group H which is assigned the role R
- Returns:
- see description
- See Also:
if you want to check if this object is directly assigned to a role
-
grantRole
public void grantRole(RoleModel role)
Description copied from interface:RoleMapperModel
Grants the given role to this object.
-
appendDefaultRolesToRoleMappings
protected boolean appendDefaultRolesToRoleMappings()
Should the realm's default roles be appended to getRoleMappings() call? If your storage provider is not managing all role mappings then it is recommended that this method return true- Returns:
-
getRoleMappings
public Set<RoleModel> getRoleMappings()
Deprecated.UsegetRoleMappingsStream()
insteadGets role mappings from federated storage and automatically appends default roles. Also calls getRoleMappingsInternal() method to pull role mappings from provider. Implementors can override that method- Returns:
-
getRoleMappingsStream
public Stream<RoleModel> getRoleMappingsStream()
Description copied from interface:RoleMapperModel
Returns stream of all role (both realm all client) that are directly set to this object.- Returns:
- Stream of
RoleModel
. Never returnsnull
.
-
deleteRoleMapping
public void deleteRoleMapping(RoleModel role)
Description copied from interface:RoleMapperModel
Removes the given role mapping from this object.- Parameters:
role
- Role to remove
-
isEnabled
public boolean isEnabled()
-
setEnabled
public void setEnabled(boolean enabled)
-
getFederationLink
public String getFederationLink()
This method should not be overriden- Returns:
-
setFederationLink
public void setFederationLink(String link)
This method should not be overriden
-
getServiceAccountClientLink
public String getServiceAccountClientLink()
This method should not be overriden- Returns:
-
setServiceAccountClientLink
public void setServiceAccountClientLink(String clientInternalId)
This method should not be overriden
-
getId
public String getId()
Defaults to 'f:' + storageProvider.getId() + ':' + getUsername()- Returns:
-
getCreatedTimestamp
public Long getCreatedTimestamp()
Description copied from interface:UserModel
Get timestamp of user creation. May be null for old users created before this feature introduction.
-
setCreatedTimestamp
public void setCreatedTimestamp(Long timestamp)
-
setSingleAttribute
public void setSingleAttribute(String name, String value)
Description copied from interface:UserModel
Set single value of specified attribute. Remove all other existing values of this attribute
-
removeAttribute
public void removeAttribute(String name)
-
getFirstAttribute
public String getFirstAttribute(String name)
- Returns:
- null if there is not any value of specified attribute or first value otherwise. Don't throw exception if there are more values of the attribute
-
getAttribute
public List<String> getAttribute(String name)
Deprecated.UsegetAttributeStream(String)
instead
-
getAttributeStream
public Stream<String> getAttributeStream(String name)
Description copied from interface:UserModel
Obtains all values associated with the specified attribute name.- Parameters:
name
- the name of the attribute.- Returns:
- a non-null
Stream
of attribute values.
-
isEmailVerified
public boolean isEmailVerified()
-
setEmailVerified
public void setEmailVerified(boolean verified)
Stores as attribute in federated storage. EMAIL_VERIFIED_ATTRIBUTE- Parameters:
verified
-
-
credentialManager
public SubjectCredentialManager credentialManager()
Description copied from interface:UserModel
Instance of a user credential manager to validate and update the credentials of this user.
-
-