Class AbstractUserAdapterFederatedStorage

java.lang.Object
org.keycloak.models.UserModelDefaultMethods
org.keycloak.storage.adapter.AbstractUserAdapterFederatedStorage
All Implemented Interfaces:
RoleMapperModel, UserModel
Direct Known Subclasses:
AbstractUserAdapterFederatedStorage.Streams

public abstract class AbstractUserAdapterFederatedStorage extends UserModelDefaultMethods
Assumes everything is managed by federated storage except for username. getId() returns a default value of "f:" + providerId + ":" + getUsername(). UserModel properties like enabled, firstName, lastName, email, etc. are all stored as attributes in federated storage. isEnabled() defaults to true if the ENABLED_ATTRIBUTE isn't set in federated storage
Version:
$Revision: 1 $
Author:
Bill Burke
  • Field Details

    • FIRST_NAME_ATTRIBUTE

      public static String FIRST_NAME_ATTRIBUTE
    • LAST_NAME_ATTRIBUTE

      public static String LAST_NAME_ATTRIBUTE
    • EMAIL_ATTRIBUTE

      public static String EMAIL_ATTRIBUTE
    • EMAIL_VERIFIED_ATTRIBUTE

      public static String EMAIL_VERIFIED_ATTRIBUTE
    • CREATED_TIMESTAMP_ATTRIBUTE

      public static String CREATED_TIMESTAMP_ATTRIBUTE
    • ENABLED_ATTRIBUTE

      public static String ENABLED_ATTRIBUTE
    • session

      protected KeycloakSession session
    • realm

      protected RealmModel realm
    • storageProviderModel

      protected ComponentModel storageProviderModel
    • storageId

      protected StorageId storageId
  • Constructor Details

  • Method Details

    • getFederatedStorage

      public UserFederatedStorageProvider getFederatedStorage()
    • getRequiredActionsStream

      public Stream<String> getRequiredActionsStream()
      Description copied from interface: UserModel
      Obtains the names of required actions associated with the user.
      Returns:
      a non-null Stream of required action names.
    • addRequiredAction

      public void addRequiredAction(String action)
    • removeRequiredAction

      public void removeRequiredAction(String action)
    • addRequiredAction

      public void addRequiredAction(UserModel.RequiredAction action)
    • removeRequiredAction

      public void removeRequiredAction(UserModel.RequiredAction action)
    • getGroupsInternal

      protected Set<GroupModel> getGroupsInternal()
      Get group membership mappings that are managed by this storage provider
      Returns:
    • appendDefaultGroups

      protected boolean appendDefaultGroups()
      Should the realm's default groups be appended to getGroups() call? If your storage provider is not managing group mappings then it is recommended that this method return true
      Returns:
    • getGroupsStream

      public Stream<GroupModel> getGroupsStream()
      Gets groups from federated storage and automatically appends default groups of realm. Also calls getGroupsInternal() method to pull group membership from provider. Implementors can override that method
      Returns:
      a non-null Stream of groups.
    • joinGroup

      public void joinGroup(GroupModel group)
    • leaveGroup

      public void leaveGroup(GroupModel group)
    • isMemberOf

      public boolean isMemberOf(GroupModel group)
    • getRealmRoleMappingsStream

      public Stream<RoleModel> getRealmRoleMappingsStream()
      Gets role mappings from federated storage and automatically appends default roles. Also calls getRoleMappingsInternal() method to pull role mappings from provider. Implementors can override that method
      Returns:
      Stream of RoleModel. Never returns null.
    • getClientRoleMappingsStream

      public Stream<RoleModel> getClientRoleMappingsStream(ClientModel app)
      Gets role mappings from federated storage and automatically appends default roles. Also calls getRoleMappingsInternal() method to pull role mappings from provider. Implementors can override that method
      Parameters:
      app - ClientModel Client to get the roles for.
      Returns:
      Stream of RoleModel. Never returns null.
    • hasRole

      public boolean hasRole(RoleModel role)
      Description copied from interface: RoleMapperModel
      Returns true if this object is directly or indirectly assigned the given role, false otherwise.

      For example, true is returned for hasRole(R) if:

      • R is directly assigned to this object
      • R is indirectly assigned to this object via composites
      • R is not assigned to this object but this object belongs to a group G which is assigned the role R
      • R is not assigned to this object but this object belongs to a group G, and G belongs to group H which is assigned the role R
      Returns:
      see description
      See Also:
    • grantRole

      public void grantRole(RoleModel role)
      Description copied from interface: RoleMapperModel
      Grants the given role to this object.
    • appendDefaultRolesToRoleMappings

      protected boolean appendDefaultRolesToRoleMappings()
      Should the realm's default roles be appended to getRoleMappings() call? If your storage provider is not managing all role mappings then it is recommended that this method return true
      Returns:
    • getRoleMappingsInternal

      protected Set<RoleModel> getRoleMappingsInternal()
    • getRoleMappingsStream

      public Stream<RoleModel> getRoleMappingsStream()
      Gets role mappings from federated storage and automatically appends default roles. Also calls getRoleMappingsInternal() method to pull role mappings from provider. Implementors can override that method
      Returns:
      Stream of RoleModel. Never returns null.
    • getFederatedRoleMappings

      @Deprecated protected Set<RoleModel> getFederatedRoleMappings()
      Deprecated.
    • getFederatedRoleMappingsStream

      protected Stream<RoleModel> getFederatedRoleMappingsStream()
    • deleteRoleMapping

      public void deleteRoleMapping(RoleModel role)
      Description copied from interface: RoleMapperModel
      Removes the given role mapping from this object.
      Parameters:
      role - Role to remove
    • isEnabled

      public boolean isEnabled()
    • setEnabled

      public void setEnabled(boolean enabled)
    • getFederationLink

      public String getFederationLink()
      This method should not be overriden
      Returns:
    • setFederationLink

      public void setFederationLink(String link)
      This method should not be overriden
    • getServiceAccountClientLink

      public String getServiceAccountClientLink()
      This method should not be overriden
      Returns:
    • setServiceAccountClientLink

      public void setServiceAccountClientLink(String clientInternalId)
      This method should not be overriden
    • getId

      public String getId()
      Defaults to 'f:' + storageProvider.getId() + ':' + getUsername()
      Returns:
    • getCreatedTimestamp

      public Long getCreatedTimestamp()
      Description copied from interface: UserModel
      Get timestamp of user creation. May be null for old users created before this feature introduction.
    • setCreatedTimestamp

      public void setCreatedTimestamp(Long timestamp)
    • setSingleAttribute

      public void setSingleAttribute(String name, String value)
      Description copied from interface: UserModel
      Set single value of specified attribute. Remove all other existing values of this attribute
    • removeAttribute

      public void removeAttribute(String name)
    • setAttribute

      public void setAttribute(String name, List<String> values)
    • getFirstAttribute

      public String getFirstAttribute(String name)
      Returns:
      null if there is not any value of specified attribute or first value otherwise. Don't throw exception if there are more values of the attribute
    • getAttributes

      public Map<String,List<String>> getAttributes()
    • getAttributeStream

      public Stream<String> getAttributeStream(String name)
      Description copied from interface: UserModel
      Obtains all values associated with the specified attribute name.
      Parameters:
      name - the name of the attribute.
      Returns:
      a non-null Stream of attribute values.
    • mapAttribute

      protected String mapAttribute(String attributeName)
    • isEmailVerified

      public boolean isEmailVerified()
    • setEmailVerified

      public void setEmailVerified(boolean verified)
      Stores as attribute in federated storage. EMAIL_VERIFIED_ATTRIBUTE
      Parameters:
      verified -
    • credentialManager

      public SubjectCredentialManager credentialManager()
      Description copied from interface: UserModel
      Instance of a user credential manager to validate and update the credentials of this user.
    • equals

      public boolean equals(Object o)
      Overrides:
      equals in class Object
    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object