Package org.keycloak.models.utils
Class KeycloakModelUtils
java.lang.Object
org.keycloak.models.utils.KeycloakModelUtils
Set of helper methods, which are useful in various model implementations.
- Author:
- Marek Posolda, Daniel Fesenmeyer
-
Field Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic String
buildGroupPath
(GroupModel group) static String
buildGroupPath
(GroupModel group, GroupModel otherParentGroup) static String
buildRoleQualifier
(String clientId, String roleName) static void
cloneContextRealmClientSessionToSession
(KeycloakContext origContext, KeycloakSession targetSession) Sets up the context for the specified session with the RealmModel, clientModel and AuthenticatedSessionModel.static void
cloneContextRealmClientToSession
(KeycloakContext origContext, KeycloakSession targetSession) Sets up the context for the specified session with the RealmModel.componentModelGetter
(String realmId, String componentId) static String
convertClientScopeName
(String previousName) Replace spaces in the name with underscore, so that scope name can be used as value of scope parameterstatic ComponentModel
createComponentModel
(String name, String parentId, String providerId, String providerType, String... config) static ClientModel
createManagementClient
(RealmModel realm, String name) static ClientModel
createPublicClient
(RealmModel realm, String name) static void
deepDeleteAuthenticationFlow
(RealmModel realm, AuthenticationFlowModel authFlow, Runnable flowUnavailableHandler, Runnable builtinFlowHandler) Recursively remove authentication flow (including all subflows and executions) from the model storagestatic void
deepFindAuthenticationExecutions
(RealmModel realm, AuthenticationFlowModel flow, List<AuthenticationExecutionModel> result) Recursively find all AuthenticationExecutionModel from specified flow or all it's subflowsstatic ClientScopeModel
findClientScopeById
(RealmModel realm, ClientModel client, String clientScopeId) Lookup clientScope OR client by id.static GroupModel
findGroupByPath
(KeycloakSession session, RealmModel realm, String path) Finds group by path.static GroupModel
findGroupByPath
(KeycloakSession session, RealmModel realm, String[] path) Finds group by path.static UserModel
findUserByNameOrEmail
(KeycloakSession session, RealmModel realm, String username) Try to find user by username or email for authenticationstatic String
static String
static CertificateRepresentation
generateKeyPairCertificate
(String subject) static String
generateSecret
(ClientModel client) static X509Certificate
getCertificate
(String cert) static ClientScopeModel
getClientScopeByName
(RealmModel realm, String clientScopeName) getClientScopeMappingsStream
(ClientModel client, ScopeContainerModel container) static <T extends Provider>
ProviderFactory<T>getComponentFactory
(KeycloakSessionFactory factory, Class<T> providerClass, Config.Scope config, String spiName) static ComponentModel
getComponentModel
(KeycloakSessionFactory factory, String realmId, String componentId) static String
static String
getIdentityProviderDisplayName
(KeycloakSession session, IdentityProviderModel provider) static String
getMasterRealmAdminApplicationClientId
(String realmName) static String
getPemFromCertificate
(X509Certificate certificate) static String
getPemFromKey
(Key key) static PrivateKey
getPrivateKey
(String privateKeyPem) static PublicKey
getPublicKey
(String publicKeyPem) static RoleModel
getRoleFromString
(RealmModel realm, String roleName) static Key
getSecretKey
(String secret) static int
getSecretLengthByAuthenticationType
(String clientAuthenticatorType, String signingAlg) static boolean
isFlowUsed
(RealmModel realm, AuthenticationFlowModel model) Check to see if a flow is currently in usestatic boolean
isRealmProviderJpa
(KeycloakSession session) static boolean
Returnstrue
if given realm has attributeConstants.REALM_ATTR_USERNAME_CASE_SENSITIVE
set and its value istrue
.static String
normalizeGroupPath
(String groupPath) static String[]
static Collection<String>
resolveAttribute
(GroupModel group, String name, boolean aggregateAttrs) static Collection<String>
resolveAttribute
(UserModel user, String name, boolean aggregateAttrs) static void
runJobInTransaction
(KeycloakSessionFactory factory, KeycloakContext context, KeycloakSessionTask task) Wrap given runnable job into KeycloakTransaction.static void
runJobInTransaction
(KeycloakSessionFactory factory, KeycloakSessionTask task) Wrap given runnable job into KeycloakTransaction.static <V> V
runJobInTransactionWithResult
(KeycloakSessionFactory factory, KeycloakContext context, KeycloakSessionTaskWithResult<V> callable) Wrap a given callable job into a KeycloakTransaction.static <V> V
runJobInTransactionWithResult
(KeycloakSessionFactory factory, KeycloakSessionTaskWithResult<V> callable) Wrap a given callable job into a KeycloakTransaction.static void
runJobInTransactionWithTimeout
(KeycloakSessionFactory factory, KeycloakSessionTask task, int timeoutInSeconds) Wrap given runnable job into KeycloakTransaction.static boolean
Deep search if given role is descendant of composite rolestatic void
setDefaultGroups
(KeycloakSession session, RealmModel realm, Stream<String> groups) Sets the default groups on the realmstatic void
setTransactionLimit
(KeycloakSessionFactory factory, int timeoutInSeconds) static void
static void
setupDefaultRole
(RealmModel realm, String defaultRoleName) Creates default role for particular realm with the given name.static void
setupDeleteAccount
(ClientModel accountClient) static RoleModel
setupOfflineRole
(RealmModel realm) static void
suspendJtaTransaction
(KeycloakSessionFactory factory, Runnable runnable) static String
toLowerCaseSafe
(String str)
-
Field Details
-
AUTH_TYPE_CLIENT_SECRET
- See Also:
-
AUTH_TYPE_CLIENT_SECRET_JWT
- See Also:
-
GROUP_PATH_SEPARATOR
- See Also:
-
-
Method Details
-
generateId
-
getPublicKey
-
getCertificate
-
getPrivateKey
-
getSecretKey
-
getPemFromKey
-
getPemFromCertificate
-
generateKeyPairCertificate
-
generateSecret
-
getDefaultClientAuthenticatorType
-
generateCodeSecret
-
createManagementClient
-
createPublicClient
-
searchFor
Deep search if given role is descendant of composite role- Parameters:
role
- role to checkcomposite
- composite rolevisited
- set of already visited roles (used for recursion)- Returns:
- true if "role" is descendant of "composite"
-
findUserByNameOrEmail
public static UserModel findUserByNameOrEmail(KeycloakSession session, RealmModel realm, String username) Try to find user by username or email for authentication- Parameters:
realm
- realmusername
- username or email of user- Returns:
- found user
-
runJobInTransaction
Wrap given runnable job into KeycloakTransaction.- Parameters:
factory
- The session factory to usetask
- The task to execute
-
runJobInTransaction
public static void runJobInTransaction(KeycloakSessionFactory factory, KeycloakContext context, KeycloakSessionTask task) Wrap given runnable job into KeycloakTransaction.- Parameters:
factory
- The session factory to usecontext
- The context from the previous sessiontask
- The task to execute
-
cloneContextRealmClientToSession
public static void cloneContextRealmClientToSession(KeycloakContext origContext, KeycloakSession targetSession) Sets up the context for the specified session with the RealmModel.- Parameters:
origContext
- The original context to propagatetargetSession
- The new target session to propagate the context to
-
cloneContextRealmClientSessionToSession
public static void cloneContextRealmClientSessionToSession(KeycloakContext origContext, KeycloakSession targetSession) Sets up the context for the specified session with the RealmModel, clientModel and AuthenticatedSessionModel.- Parameters:
origContext
- The original context to propagatetargetSession
- The new target session to propagate the context to
-
runJobInTransactionWithResult
public static <V> V runJobInTransactionWithResult(KeycloakSessionFactory factory, KeycloakSessionTaskWithResult<V> callable) Wrap a given callable job into a KeycloakTransaction.- Type Parameters:
V
- The type for the result- Parameters:
factory
- The session factorycallable
- The callable to execute- Returns:
- The return value from the callable
-
runJobInTransactionWithResult
public static <V> V runJobInTransactionWithResult(KeycloakSessionFactory factory, KeycloakContext context, KeycloakSessionTaskWithResult<V> callable) Wrap a given callable job into a KeycloakTransaction.- Type Parameters:
V
- The type for the result- Parameters:
factory
- The session factorycontext
- The context from the previous session to usecallable
- The callable to execute- Returns:
- The return value from the callable
-
runJobInTransactionWithTimeout
public static void runJobInTransactionWithTimeout(KeycloakSessionFactory factory, KeycloakSessionTask task, int timeoutInSeconds) Wrap given runnable job into KeycloakTransaction. Set custom timeout for the JTA transaction (in case we're in the environment with JTA enabled)- Parameters:
factory
-task
-timeoutInSeconds
-
-
setTransactionLimit
-
componentModelGetter
public static Function<KeycloakSessionFactory,ComponentModel> componentModelGetter(String realmId, String componentId) -
getComponentModel
public static ComponentModel getComponentModel(KeycloakSessionFactory factory, String realmId, String componentId) -
getComponentFactory
public static <T extends Provider> ProviderFactory<T> getComponentFactory(KeycloakSessionFactory factory, Class<T> providerClass, Config.Scope config, String spiName) -
getMasterRealmAdminApplicationClientId
-
createComponentModel
-
toLowerCaseSafe
-
setupDefaultRole
Creates default role for particular realm with the given name.- Parameters:
realm
- RealmdefaultRoleName
- Name of the newly created defaultRole
-
setupOfflineRole
-
setupDeleteAccount
-
deepFindAuthenticationExecutions
public static void deepFindAuthenticationExecutions(RealmModel realm, AuthenticationFlowModel flow, List<AuthenticationExecutionModel> result) Recursively find all AuthenticationExecutionModel from specified flow or all it's subflows- Parameters:
realm
-flow
-result
- input should be empty list. At the end will be all executions added to this list
-
resolveAttribute
public static Collection<String> resolveAttribute(GroupModel group, String name, boolean aggregateAttrs) -
resolveAttribute
public static Collection<String> resolveAttribute(UserModel user, String name, boolean aggregateAttrs) -
findGroupByPath
Finds group by path. Path is separated by '/' character. For example: /group/subgroup/subsubgroup The method takes into consideration also groups with '/' in their name. For example: /group/sub/group/subgroup- Parameters:
session
- Keycloak sessionrealm
- The realmpath
- Path that will be searched among groups- Returns:
GroupModel
corresponding to the givenpath
ornull
if no group was found
-
findGroupByPath
Finds group by path. Variant when you have the path already separated by group names.- Parameters:
session
- Keycloak sessionrealm
- The realmpath
- Path The path hierarchy of groups- Returns:
GroupModel
corresponding to the givenpath
ornull
if no group was found
-
buildGroupPath
-
buildGroupPath
-
normalizeGroupPath
-
getClientScopeMappingsStream
public static Stream<RoleModel> getClientScopeMappingsStream(ClientModel client, ScopeContainerModel container) -
getRoleFromString
-
parseRole
-
buildRoleQualifier
-
isFlowUsed
Check to see if a flow is currently in use- Parameters:
realm
-model
-- Returns:
-
deepDeleteAuthenticationFlow
public static void deepDeleteAuthenticationFlow(RealmModel realm, AuthenticationFlowModel authFlow, Runnable flowUnavailableHandler, Runnable builtinFlowHandler) Recursively remove authentication flow (including all subflows and executions) from the model storage- Parameters:
realm
-authFlow
- flow to deleteflowUnavailableHandler
- Will be executed when flow or some of it's subflow is nullbuiltinFlowHandler
- will be executed when flow is built-in flow
-
getClientScopeByName
-
findClientScopeById
public static ClientScopeModel findClientScopeById(RealmModel realm, ClientModel client, String clientScopeId) Lookup clientScope OR client by id. Method is useful if you know just ID, but you don't know if underlying model is clientScope or client -
convertClientScopeName
Replace spaces in the name with underscore, so that scope name can be used as value of scope parameter -
setupAuthorizationServices
-
suspendJtaTransaction
-
getIdentityProviderDisplayName
public static String getIdentityProviderDisplayName(KeycloakSession session, IdentityProviderModel provider) -
isRealmProviderJpa
- Returns:
- true if implementation of realmProvider is "jpa" . Which is always the case in standard Keycloak installations.
-
getSecretLengthByAuthenticationType
public static int getSecretLengthByAuthenticationType(String clientAuthenticatorType, String signingAlg) - Parameters:
clientAuthenticatorType
-- Returns:
- secret size based on authentication type
-
isUsernameCaseSensitive
Returnstrue
if given realm has attributeConstants.REALM_ATTR_USERNAME_CASE_SENSITIVE
set and its value istrue
. Otherwise default value of it is returned. The default setting can be seen atConstants.REALM_ATTR_USERNAME_CASE_SENSITIVE_DEFAULT
.- Parameters:
realm
-- Returns:
- See the description
- Throws:
NullPointerException
- ifrealm
isnull
-
setDefaultGroups
public static void setDefaultGroups(KeycloakSession session, RealmModel realm, Stream<String> groups) Sets the default groups on the realm- Parameters:
session
-realm
-groups
-- Throws:
RuntimeException
- if a group does not exist
-