Package org.keycloak.storage.adapter
Class AbstractUserAdapterFederatedStorage
java.lang.Object
org.keycloak.models.UserModelDefaultMethods
org.keycloak.storage.adapter.AbstractUserAdapterFederatedStorage
- All Implemented Interfaces:
RoleMapperModel
,UserModel
- Direct Known Subclasses:
AbstractUserAdapterFederatedStorage.Streams
Assumes everything is managed by federated storage except for username. getId() returns a default value
of "f:" + providerId + ":" + getUsername(). UserModel properties like enabled, firstName, lastName, email, etc. are all
stored as attributes in federated storage.
isEnabled() defaults to true if the ENABLED_ATTRIBUTE isn't set in federated storage
- Version:
- $Revision: 1 $
- Author:
- Bill Burke
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic class
Deprecated.This interface is no longer necessary; collection-based methods were removed from the parent interface and therefore the parent interface can be used directlyNested classes/interfaces inherited from interface org.keycloak.models.UserModel
UserModel.RequiredAction, UserModel.SearchableFields, UserModel.UserRemovedEvent
-
Field Summary
Modifier and TypeFieldDescriptionstatic String
static String
static String
static String
static String
static String
protected RealmModel
protected KeycloakSession
protected StorageId
protected ComponentModel
Fields inherited from interface org.keycloak.models.UserModel
COMPARE_BY_USERNAME, DISABLED_REASON, EMAIL, EMAIL_VERIFIED, ENABLED, EXACT, FIRST_NAME, GROUPS, IDP_ALIAS, IDP_USER_ID, INCLUDE_SERVICE_ACCOUNT, LAST_NAME, LOCALE, SEARCH, USERNAME
-
Constructor Summary
ConstructorDescriptionAbstractUserAdapterFederatedStorage
(KeycloakSession session, RealmModel realm, ComponentModel storageProviderModel) -
Method Summary
Modifier and TypeMethodDescriptionvoid
addRequiredAction
(String action) void
protected boolean
Should the realm's default groups be appended to getGroups() call? If your storage provider is not managing group mappings then it is recommended that this method return trueprotected boolean
Should the realm's default roles be appended to getRoleMappings() call? If your storage provider is not managing all role mappings then it is recommended that this method return trueInstance of a user credential manager to validate and update the credentials of this user.void
deleteRoleMapping
(RoleModel role) Removes the given role mapping from this object.boolean
getAttributeStream
(String name) Obtains all values associated with the specified attribute name.Gets role mappings from federated storage and automatically appends default roles.Get timestamp of user creation.Deprecated.UsegetFederatedRoleMappingsStream()
insteadThis method should not be overridengetFirstAttribute
(String name) protected Set<GroupModel>
Get group membership mappings that are managed by this storage providerGets groups from federated storage and automatically appends default groups of realm.getId()
Defaults to 'f:' + storageProvider.getId() + ':' + getUsername()Gets role mappings from federated storage and automatically appends default roles.Obtains the names of required actions associated with the user.Gets role mappings from federated storage and automatically appends default roles.This method should not be overridenvoid
Grants the given role to this object.int
hashCode()
boolean
Returnstrue
if this object is directly or indirectly assigned the given role,false
otherwise.boolean
boolean
boolean
isMemberOf
(GroupModel group) void
joinGroup
(GroupModel group) void
leaveGroup
(GroupModel group) protected String
mapAttribute
(String attributeName) void
removeAttribute
(String name) void
removeRequiredAction
(String action) void
void
setAttribute
(String name, List<String> values) void
setCreatedTimestamp
(Long timestamp) void
setEmailVerified
(boolean verified) Stores as attribute in federated storage.void
setEnabled
(boolean enabled) void
setFederationLink
(String link) This method should not be overridenvoid
setServiceAccountClientLink
(String clientInternalId) This method should not be overridenvoid
setSingleAttribute
(String name, String value) Set single value of specified attribute.Methods inherited from class org.keycloak.models.UserModelDefaultMethods
getEmail, getFirstName, getLastName, setEmail, setFirstName, setLastName, toString
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
Methods inherited from interface org.keycloak.models.RoleMapperModel
hasDirectRole
Methods inherited from interface org.keycloak.models.UserModel
getGroupsCount, getGroupsCountByNameContaining, getGroupsStream, getUsername, setUsername
-
Field Details
-
FIRST_NAME_ATTRIBUTE
-
LAST_NAME_ATTRIBUTE
-
EMAIL_ATTRIBUTE
-
EMAIL_VERIFIED_ATTRIBUTE
-
CREATED_TIMESTAMP_ATTRIBUTE
-
ENABLED_ATTRIBUTE
-
session
-
realm
-
storageProviderModel
-
storageId
-
-
Constructor Details
-
AbstractUserAdapterFederatedStorage
public AbstractUserAdapterFederatedStorage(KeycloakSession session, RealmModel realm, ComponentModel storageProviderModel)
-
-
Method Details
-
getFederatedStorage
-
getRequiredActionsStream
Description copied from interface:UserModel
Obtains the names of required actions associated with the user.- Returns:
- a non-null
Stream
of required action names.
-
addRequiredAction
-
removeRequiredAction
-
addRequiredAction
-
removeRequiredAction
-
getGroupsInternal
Get group membership mappings that are managed by this storage provider- Returns:
-
appendDefaultGroups
protected boolean appendDefaultGroups()Should the realm's default groups be appended to getGroups() call? If your storage provider is not managing group mappings then it is recommended that this method return true- Returns:
-
getGroupsStream
Gets groups from federated storage and automatically appends default groups of realm. Also calls getGroupsInternal() method to pull group membership from provider. Implementors can override that method- Returns:
- a non-null
Stream
of groups.
-
joinGroup
-
leaveGroup
-
isMemberOf
-
getRealmRoleMappingsStream
Gets role mappings from federated storage and automatically appends default roles. Also calls getRoleMappingsInternal() method to pull role mappings from provider. Implementors can override that method- Returns:
- Stream of
RoleModel
. Never returnsnull
.
-
getClientRoleMappingsStream
Gets role mappings from federated storage and automatically appends default roles. Also calls getRoleMappingsInternal() method to pull role mappings from provider. Implementors can override that method- Parameters:
app
-ClientModel
Client to get the roles for.- Returns:
- Stream of
RoleModel
. Never returnsnull
.
-
hasRole
Description copied from interface:RoleMapperModel
Returnstrue
if this object is directly or indirectly assigned the given role,false
otherwise.For example,
true
is returned for hasRole(R) if:- R is directly assigned to this object
- R is indirectly assigned to this object via composites
- R is not assigned to this object but this object belongs to a group G which is assigned the role R
- R is not assigned to this object but this object belongs to a group G, and G belongs to group H which is assigned the role R
- Returns:
- see description
- See Also:
-
grantRole
Description copied from interface:RoleMapperModel
Grants the given role to this object. -
appendDefaultRolesToRoleMappings
protected boolean appendDefaultRolesToRoleMappings()Should the realm's default roles be appended to getRoleMappings() call? If your storage provider is not managing all role mappings then it is recommended that this method return true- Returns:
-
getRoleMappingsInternal
-
getRoleMappingsStream
Gets role mappings from federated storage and automatically appends default roles. Also calls getRoleMappingsInternal() method to pull role mappings from provider. Implementors can override that method- Returns:
- Stream of
RoleModel
. Never returnsnull
.
-
getFederatedRoleMappings
Deprecated.UsegetFederatedRoleMappingsStream()
instead -
getFederatedRoleMappingsStream
-
deleteRoleMapping
Description copied from interface:RoleMapperModel
Removes the given role mapping from this object.- Parameters:
role
- Role to remove
-
isEnabled
public boolean isEnabled() -
setEnabled
public void setEnabled(boolean enabled) -
getFederationLink
This method should not be overriden- Returns:
-
setFederationLink
This method should not be overriden -
getServiceAccountClientLink
This method should not be overriden- Returns:
-
setServiceAccountClientLink
This method should not be overriden -
getId
Defaults to 'f:' + storageProvider.getId() + ':' + getUsername()- Returns:
-
getCreatedTimestamp
Description copied from interface:UserModel
Get timestamp of user creation. May be null for old users created before this feature introduction. -
setCreatedTimestamp
-
setSingleAttribute
Description copied from interface:UserModel
Set single value of specified attribute. Remove all other existing values of this attribute -
removeAttribute
-
setAttribute
-
getFirstAttribute
- Returns:
- null if there is not any value of specified attribute or first value otherwise. Don't throw exception if there are more values of the attribute
-
getAttributes
-
getAttributeStream
Description copied from interface:UserModel
Obtains all values associated with the specified attribute name.- Parameters:
name
- the name of the attribute.- Returns:
- a non-null
Stream
of attribute values.
-
mapAttribute
-
isEmailVerified
public boolean isEmailVerified() -
setEmailVerified
public void setEmailVerified(boolean verified) Stores as attribute in federated storage. EMAIL_VERIFIED_ATTRIBUTE- Parameters:
verified
-
-
credentialManager
Description copied from interface:UserModel
Instance of a user credential manager to validate and update the credentials of this user. -
equals
-
hashCode
public int hashCode()
-