Class RoleLDAPStorageMapper
java.lang.Object
org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper
org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper
- All Implemented Interfaces:
Provider
,LDAPStorageMapper
,CommonLDAPGroupMapper
public class RoleLDAPStorageMapper
extends AbstractLDAPStorageMapper
implements CommonLDAPGroupMapper
Map realm roles or roles of particular client to LDAP groups
- Author:
- Marek Posolda
-
Nested Class Summary
-
Field Summary
Fields inherited from class org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper
ldapProvider, mapperModel, session
-
Constructor Summary
ConstructorDescriptionRoleLDAPStorageMapper
(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, RoleLDAPStorageMapperFactory factory) -
Method Summary
Modifier and TypeMethodDescriptionvoid
addRoleMappingInLDAP
(String roleName, LDAPObject ldapUser) void
beforeLDAPQuery
(LDAPQuery query) Called before LDAP Identity query for retrieve LDAP users was executed.createLDAPRole
(String roleName) createRoleQuery
(boolean includeMemberAttribute) void
deleteRoleMappingInLDAP
(LDAPObject ldapUser, LDAPObject ldapRole) protected List<LDAPObject>
getLDAPRoleMappings
(LDAPObject ldapUser) protected String
getRoleMembers
(RealmModel realm, RoleModel role, int firstResult, int maxResults) Return empty list if doesn't support storing of rolesprotected RoleContainerModel
getTargetRoleContainer
(RealmModel realm) loadLDAPRoleByName
(String roleName) loadRoleGroupByName
(String roleName) void
onImportUserFromLDAP
(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate) Called when importing user from LDAP to local keycloak DB.void
onRegisterUserToLDAP
(LDAPObject ldapUser, UserModel localUser, RealmModel realm) Called when register new user to LDAP - just after user was created in Keycloak DBproxy
(LDAPObject ldapUser, UserModel delegate, RealmModel realm) Called when invoke proxy on LDAP federation providerSync data from federated storage to Keycloak.Sync data from Keycloak back to federated storageMethods inherited from class org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper
close, getGroupMembers, getLdapProvider, mandatoryAttributeNames, onAuthenticationFailure, parseBooleanParameter
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.keycloak.storage.ldap.mappers.LDAPStorageMapper
getGroupMembers, getLdapProvider, mandatoryAttributeNames, onAuthenticationFailure
-
Constructor Details
-
RoleLDAPStorageMapper
public RoleLDAPStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider, RoleLDAPStorageMapperFactory factory)
-
-
Method Details
-
createLDAPGroupQuery
- Specified by:
createLDAPGroupQuery
in interfaceCommonLDAPGroupMapper
-
getConfig
- Specified by:
getConfig
in interfaceCommonLDAPGroupMapper
-
onImportUserFromLDAP
public void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate) Description copied from interface:LDAPStorageMapper
Called when importing user from LDAP to local keycloak DB.- Specified by:
onImportUserFromLDAP
in interfaceLDAPStorageMapper
isCreate
- true if we importing new user from LDAP. False if user already exists in Keycloak, but we are upgrading (syncing) it from LDAP
-
onRegisterUserToLDAP
Description copied from interface:LDAPStorageMapper
Called when register new user to LDAP - just after user was created in Keycloak DB- Specified by:
onRegisterUserToLDAP
in interfaceLDAPStorageMapper
-
syncDataFromFederationProviderToKeycloak
Description copied from interface:LDAPStorageMapper
Sync data from federated storage to Keycloak. It's useful just if mapper needs some data preloaded from federated storage (For example load roles from federated provider and sync them to Keycloak database) Applicable just if sync is supported- Specified by:
syncDataFromFederationProviderToKeycloak
in interfaceLDAPStorageMapper
- Overrides:
syncDataFromFederationProviderToKeycloak
in classAbstractLDAPStorageMapper
-
syncDataFromKeycloakToFederationProvider
Description copied from interface:LDAPStorageMapper
Sync data from Keycloak back to federated storage- Specified by:
syncDataFromKeycloakToFederationProvider
in interfaceLDAPStorageMapper
- Overrides:
syncDataFromKeycloakToFederationProvider
in classAbstractLDAPStorageMapper
-
createRoleQuery
-
getTargetRoleContainer
-
createLDAPRole
-
addRoleMappingInLDAP
-
deleteRoleMappingInLDAP
-
loadLDAPRoleByName
-
getLDAPRoleMappings
-
proxy
Description copied from interface:LDAPStorageMapper
Called when invoke proxy on LDAP federation provider- Specified by:
proxy
in interfaceLDAPStorageMapper
- Returns:
-
beforeLDAPQuery
Description copied from interface:LDAPStorageMapper
Called before LDAP Identity query for retrieve LDAP users was executed. It allows to change query somehow (add returning attributes from LDAP, change conditions etc)- Specified by:
beforeLDAPQuery
in interfaceLDAPStorageMapper
-
getMembershipUserLdapAttribute
-
loadRoleGroupByName
-
getRoleMembers
public List<UserModel> getRoleMembers(RealmModel realm, RoleModel role, int firstResult, int maxResults) Description copied from interface:LDAPStorageMapper
Return empty list if doesn't support storing of roles- Specified by:
getRoleMembers
in interfaceLDAPStorageMapper
- Overrides:
getRoleMembers
in classAbstractLDAPStorageMapper
- Returns:
-