Class RoleLDAPStorageMapper
- java.lang.Object
-
- org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper
-
- org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper
-
- All Implemented Interfaces:
Provider
,LDAPStorageMapper
,CommonLDAPGroupMapper
public class RoleLDAPStorageMapper extends AbstractLDAPStorageMapper implements CommonLDAPGroupMapper
Map realm roles or roles of particular client to LDAP groups- Author:
- Marek Posolda
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description class
RoleLDAPStorageMapper.LDAPRoleMappingsUserDelegate
-
Field Summary
-
Fields inherited from class org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper
ldapProvider, mapperModel, session
-
-
Constructor Summary
Constructors Constructor Description RoleLDAPStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, RoleLDAPStorageMapperFactory factory)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addRoleMappingInLDAP(String roleName, LDAPObject ldapUser)
void
beforeLDAPQuery(LDAPQuery query)
Called before LDAP Identity query for retrieve LDAP users was executed.LDAPQuery
createLDAPGroupQuery()
LDAPObject
createLDAPRole(String roleName)
LDAPQuery
createRoleQuery(boolean includeMemberAttribute)
void
deleteRoleMappingInLDAP(LDAPObject ldapUser, LDAPObject ldapRole)
CommonLDAPGroupMapperConfig
getConfig()
protected List<LDAPObject>
getLDAPRoleMappings(LDAPObject ldapUser)
protected String
getMembershipUserLdapAttribute()
List<UserModel>
getRoleMembers(RealmModel realm, RoleModel role, int firstResult, int maxResults)
Return empty list if doesn't support storing of rolesprotected RoleContainerModel
getTargetRoleContainer(RealmModel realm)
LDAPObject
loadLDAPRoleByName(String roleName)
LDAPObject
loadRoleGroupByName(String roleName)
void
onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate)
Called when importing user from LDAP to local keycloak DB.void
onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser, RealmModel realm)
Called when register new user to LDAP - just after user was created in Keycloak DBUserModel
proxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm)
Called when invoke proxy on LDAP federation providerSynchronizationResult
syncDataFromFederationProviderToKeycloak(RealmModel realm)
Sync data from federated storage to Keycloak.SynchronizationResult
syncDataFromKeycloakToFederationProvider(RealmModel realm)
Sync data from Keycloak back to federated storage-
Methods inherited from class org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper
close, getGroupMembers, getLdapProvider, mandatoryAttributeNames, onAuthenticationFailure, parseBooleanParameter
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.keycloak.storage.ldap.mappers.LDAPStorageMapper
getGroupMembers, getLdapProvider, mandatoryAttributeNames, onAuthenticationFailure
-
-
-
-
Constructor Detail
-
RoleLDAPStorageMapper
public RoleLDAPStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, RoleLDAPStorageMapperFactory factory)
-
-
Method Detail
-
createLDAPGroupQuery
public LDAPQuery createLDAPGroupQuery()
- Specified by:
createLDAPGroupQuery
in interfaceCommonLDAPGroupMapper
-
getConfig
public CommonLDAPGroupMapperConfig getConfig()
- Specified by:
getConfig
in interfaceCommonLDAPGroupMapper
-
onImportUserFromLDAP
public void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate)
Description copied from interface:LDAPStorageMapper
Called when importing user from LDAP to local keycloak DB.- Specified by:
onImportUserFromLDAP
in interfaceLDAPStorageMapper
isCreate
- true if we importing new user from LDAP. False if user already exists in Keycloak, but we are upgrading (syncing) it from LDAP
-
onRegisterUserToLDAP
public void onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser, RealmModel realm)
Description copied from interface:LDAPStorageMapper
Called when register new user to LDAP - just after user was created in Keycloak DB- Specified by:
onRegisterUserToLDAP
in interfaceLDAPStorageMapper
-
syncDataFromFederationProviderToKeycloak
public SynchronizationResult syncDataFromFederationProviderToKeycloak(RealmModel realm)
Description copied from interface:LDAPStorageMapper
Sync data from federated storage to Keycloak. It's useful just if mapper needs some data preloaded from federated storage (For example load roles from federated provider and sync them to Keycloak database) Applicable just if sync is supported- Specified by:
syncDataFromFederationProviderToKeycloak
in interfaceLDAPStorageMapper
- Overrides:
syncDataFromFederationProviderToKeycloak
in classAbstractLDAPStorageMapper
-
syncDataFromKeycloakToFederationProvider
public SynchronizationResult syncDataFromKeycloakToFederationProvider(RealmModel realm)
Description copied from interface:LDAPStorageMapper
Sync data from Keycloak back to federated storage- Specified by:
syncDataFromKeycloakToFederationProvider
in interfaceLDAPStorageMapper
- Overrides:
syncDataFromKeycloakToFederationProvider
in classAbstractLDAPStorageMapper
-
createRoleQuery
public LDAPQuery createRoleQuery(boolean includeMemberAttribute)
-
getTargetRoleContainer
protected RoleContainerModel getTargetRoleContainer(RealmModel realm)
-
createLDAPRole
public LDAPObject createLDAPRole(String roleName)
-
addRoleMappingInLDAP
public void addRoleMappingInLDAP(String roleName, LDAPObject ldapUser)
-
deleteRoleMappingInLDAP
public void deleteRoleMappingInLDAP(LDAPObject ldapUser, LDAPObject ldapRole)
-
loadLDAPRoleByName
public LDAPObject loadLDAPRoleByName(String roleName)
-
getLDAPRoleMappings
protected List<LDAPObject> getLDAPRoleMappings(LDAPObject ldapUser)
-
proxy
public UserModel proxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm)
Description copied from interface:LDAPStorageMapper
Called when invoke proxy on LDAP federation provider- Specified by:
proxy
in interfaceLDAPStorageMapper
- Returns:
-
beforeLDAPQuery
public void beforeLDAPQuery(LDAPQuery query)
Description copied from interface:LDAPStorageMapper
Called before LDAP Identity query for retrieve LDAP users was executed. It allows to change query somehow (add returning attributes from LDAP, change conditions etc)- Specified by:
beforeLDAPQuery
in interfaceLDAPStorageMapper
-
getMembershipUserLdapAttribute
protected String getMembershipUserLdapAttribute()
-
loadRoleGroupByName
public LDAPObject loadRoleGroupByName(String roleName)
-
getRoleMembers
public List<UserModel> getRoleMembers(RealmModel realm, RoleModel role, int firstResult, int maxResults)
Description copied from interface:LDAPStorageMapper
Return empty list if doesn't support storing of roles- Specified by:
getRoleMembers
in interfaceLDAPStorageMapper
- Overrides:
getRoleMembers
in classAbstractLDAPStorageMapper
- Returns:
-
-