Package org.keycloak.storage.ldap.mappers.membership.role

Class RoleLDAPStorageMapper

java.lang.Object

org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper

org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper

All Implemented Interfaces:

Provider, LDAPStorageMapper, CommonLDAPGroupMapper

public class RoleLDAPStorageMapper
extends AbstractLDAPStorageMapper
implements CommonLDAPGroupMapper

Map realm roles or roles of particular client to LDAP groups

Author:

Marek Posolda

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
class	RoleLDAPStorageMapper.LDAPRoleMappingsUserDelegate

Field Summary

Fields inherited from class org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper

ldapProvider, mapperModel, session

Constructor Summary

Constructors

Constructor	Description
RoleLDAPStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, RoleLDAPStorageMapperFactory factory)

Method Summary

Modifier and Type	Method	Description
void	addRoleMappingInLDAP(String roleName, LDAPObject ldapUser)
void	beforeLDAPQuery(LDAPQuery query)	Called before LDAP Identity query for retrieve LDAP users was executed.
LDAPQuery	createLDAPGroupQuery()
LDAPObject	createLDAPRole(String roleName)
LDAPQuery	createRoleQuery(boolean includeMemberAttribute)
void	deleteRoleMappingInLDAP(LDAPObject ldapUser, LDAPObject ldapRole)
CommonLDAPGroupMapperConfig	getConfig()
protected List<LDAPObject>	getLDAPRoleMappings(LDAPObject ldapUser)
protected String	getMembershipUserLdapAttribute()
List<UserModel>	getRoleMembers(RealmModel realm, RoleModel role, int firstResult, int maxResults)	Return empty list if doesn't support storing of roles
protected RoleContainerModel	getTargetRoleContainer(RealmModel realm)
LDAPObject	loadLDAPRoleByName(String roleName)
LDAPObject	loadRoleGroupByName(String roleName)
void	onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate)	Called when importing user from LDAP to local keycloak DB.
void	onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser, RealmModel realm)	Called when register new user to LDAP - just after user was created in Keycloak DB
UserModel	proxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm)	Called when invoke proxy on LDAP federation provider
SynchronizationResult	syncDataFromFederationProviderToKeycloak(RealmModel realm)	Sync data from federated storage to Keycloak.
SynchronizationResult	syncDataFromKeycloakToFederationProvider(RealmModel realm)	Sync data from Keycloak back to federated storage

Methods inherited from class org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper

close, getGroupMembers, getLdapProvider, mandatoryAttributeNames, onAuthenticationFailure, parseBooleanParameter

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.storage.ldap.mappers.LDAPStorageMapper

getGroupMembers, getLdapProvider, mandatoryAttributeNames, onAuthenticationFailure

Methods inherited from interface org.keycloak.provider.Provider

close

Constructor Detail

RoleLDAPStorageMapper

public RoleLDAPStorageMapper(ComponentModel mapperModel,
                             LDAPStorageProvider ldapProvider,
                             RoleLDAPStorageMapperFactory factory)

Method Detail

createLDAPGroupQuery

public LDAPQuery createLDAPGroupQuery()

Specified by:

createLDAPGroupQuery in interface CommonLDAPGroupMapper

getConfig

public CommonLDAPGroupMapperConfig getConfig()

Specified by:

getConfig in interface CommonLDAPGroupMapper

onImportUserFromLDAP

public void onImportUserFromLDAP(LDAPObject ldapUser,
                                 UserModel user,
                                 RealmModel realm,
                                 boolean isCreate)

Description copied from interface: LDAPStorageMapper

Called when importing user from LDAP to local keycloak DB.

Specified by:

onImportUserFromLDAP in interface LDAPStorageMapper

isCreate - true if we importing new user from LDAP. False if user already exists in Keycloak, but we are upgrading (syncing) it from LDAP

onRegisterUserToLDAP

public void onRegisterUserToLDAP(LDAPObject ldapUser,
                                 UserModel localUser,
                                 RealmModel realm)

Description copied from interface: LDAPStorageMapper

Called when register new user to LDAP - just after user was created in Keycloak DB

Specified by:

onRegisterUserToLDAP in interface LDAPStorageMapper

syncDataFromFederationProviderToKeycloak

public SynchronizationResult syncDataFromFederationProviderToKeycloak(RealmModel realm)

Description copied from interface: LDAPStorageMapper

Sync data from federated storage to Keycloak. It's useful just if mapper needs some data preloaded from federated storage (For example load roles from federated provider and sync them to Keycloak database) Applicable just if sync is supported

Specified by:

syncDataFromFederationProviderToKeycloak in interface LDAPStorageMapper

Overrides:

syncDataFromFederationProviderToKeycloak in class AbstractLDAPStorageMapper

syncDataFromKeycloakToFederationProvider

public SynchronizationResult syncDataFromKeycloakToFederationProvider(RealmModel realm)

Description copied from interface: LDAPStorageMapper

Sync data from Keycloak back to federated storage

Specified by:

syncDataFromKeycloakToFederationProvider in interface LDAPStorageMapper

Overrides:

syncDataFromKeycloakToFederationProvider in class AbstractLDAPStorageMapper

createRoleQuery

public LDAPQuery createRoleQuery(boolean includeMemberAttribute)

getTargetRoleContainer

protected RoleContainerModel getTargetRoleContainer(RealmModel realm)

createLDAPRole

public LDAPObject createLDAPRole(String roleName)

addRoleMappingInLDAP

public void addRoleMappingInLDAP(String roleName,
                                 LDAPObject ldapUser)

deleteRoleMappingInLDAP

public void deleteRoleMappingInLDAP(LDAPObject ldapUser,
                                    LDAPObject ldapRole)

loadLDAPRoleByName

public LDAPObject loadLDAPRoleByName(String roleName)

getLDAPRoleMappings

protected List<LDAPObject> getLDAPRoleMappings(LDAPObject ldapUser)

proxy

public UserModel proxy(LDAPObject ldapUser,
                       UserModel delegate,
                       RealmModel realm)

Description copied from interface: LDAPStorageMapper

Called when invoke proxy on LDAP federation provider

Specified by:

proxy in interface LDAPStorageMapper

Returns:

beforeLDAPQuery

public void beforeLDAPQuery(LDAPQuery query)

Description copied from interface: LDAPStorageMapper

Called before LDAP Identity query for retrieve LDAP users was executed. It allows to change query somehow (add returning attributes from LDAP, change conditions etc)

Specified by:

beforeLDAPQuery in interface LDAPStorageMapper

getMembershipUserLdapAttribute

protected String getMembershipUserLdapAttribute()

loadRoleGroupByName

public LDAPObject loadRoleGroupByName(String roleName)

getRoleMembers

public List<UserModel> getRoleMembers(RealmModel realm,
                                      RoleModel role,
                                      int firstResult,
                                      int maxResults)

Description copied from interface: LDAPStorageMapper

Return empty list if doesn't support storing of roles

Specified by:

getRoleMembers in interface LDAPStorageMapper

Overrides:

getRoleMembers in class AbstractLDAPStorageMapper

Returns: