Class UserStorageManager

All Implemented Interfaces:
OnUserCache, UserProvider, Provider, OnCreateComponent, OnUpdateComponent, UserBulkUpdateProvider, UserCountMethodsProvider, UserLookupProvider, UserQueryMethodsProvider, UserQueryProvider, UserRegistrationProvider, UserProfileDecorator

Version:
$Revision: 1 $
Author:
Bill Burke
  • Constructor Details

  • Method Details

    • localStorage

      protected UserProvider localStorage()
    • importValidation

      protected UserModel importValidation(RealmModel realm, UserModel user)
      Allows a UserStorageProvider to proxy and/or synchronize an imported user.
      Parameters:
      realm -
      user -
      Returns:
    • getUserByCredential

      public CredentialValidationOutput getUserByCredential(RealmModel realm, CredentialInput input)
      Specified by:
      getUserByCredential in interface UserLookupProvider
    • deleteInvalidUser

      protected void deleteInvalidUser(RealmModel realm, UserModel user)
    • importValidation

      protected Stream<UserModel> importValidation(RealmModel realm, Stream<UserModel> users)
    • query

      protected Stream<UserModel> query(org.keycloak.storage.UserStorageManager.PaginatedQuery pagedQuery, RealmModel realm, Integer firstResult, Integer maxResults)
    • query

      protected Stream<UserModel> query(org.keycloak.storage.UserStorageManager.PaginatedQuery pagedQuery, org.keycloak.storage.UserStorageManager.CountQuery countQuery, RealmModel realm, Integer firstResult, Integer maxResults)
    • addUser

      public UserModel addUser(RealmModel realm, String username)
      UserRegistrationProvider methods implementations start here
      Specified by:
      addUser in interface UserRegistrationProvider
      Parameters:
      realm - a reference to the realm
      username - a username the created user will be assigned
      Returns:
      a model of created user
    • removeUser

      public boolean removeUser(RealmModel realm, UserModel user)
      Description copied from interface: UserRegistrationProvider
      Called if user originated from this provider. If a local user is linked to this provider, this method will be called before local storage's removeUser() method is invoked. If you are using an import strategy, and this is a local user linked to this provider, this method will be called before local storage's removeUser() method is invoked. Also, you DO NOT need to remove the imported user. The runtime will handle this for you.
      Specified by:
      removeUser in interface UserRegistrationProvider
      Parameters:
      realm - a reference to the realm
      user - a reference to the user that is removed
      Returns:
      true if the user was removed, false otherwise
    • getUserById

      public UserModel getUserById(RealmModel realm, String id)
      UserRegistrationProvider methods implementations end here UserLookupProvider methods implementations start here
      Specified by:
      getUserById in interface UserLookupProvider
      Parameters:
      realm - the realm model
      id - id of the user
      Returns:
      found user model, or null if no such user exists
    • getUserByUsername

      public UserModel getUserByUsername(RealmModel realm, String username)
      Description copied from interface: UserLookupProvider
      Exact search for a user by its username. Returns a user with the given username belonging to the realm
      Specified by:
      getUserByUsername in interface UserLookupProvider
      Parameters:
      realm - the realm model
      username - (case-sensitivity is controlled by storage)
      Returns:
      found user model, or null if no such user exists
    • getUserByEmail

      public UserModel getUserByEmail(RealmModel realm, String email)
      Description copied from interface: UserLookupProvider
      Returns a user with the given email belonging to the realm
      Specified by:
      getUserByEmail in interface UserLookupProvider
      Parameters:
      realm - the realm model
      email - email address
      Returns:
      found user model, or null if no such user exists
    • getGroupMembersStream

      public Stream<UserModel> getGroupMembersStream(RealmModel realm, GroupModel group, Integer firstResult, Integer maxResults)
      UserLookupProvider methods implementations end here UserQueryProvider methods implementation start here
      Specified by:
      getGroupMembersStream in interface UserQueryMethodsProvider
      Parameters:
      realm - a reference to the realm.
      group - a reference to the group.
      firstResult - first result to return. Ignored if negative, zero, or null.
      maxResults - maximum number of results to return. Ignored if negative or null.
      Returns:
      a non-null Stream of users that belong to the group.
    • getRoleMembersStream

      public Stream<UserModel> getRoleMembersStream(RealmModel realm, RoleModel role, Integer firstResult, Integer maxResults)
      Description copied from interface: UserQueryMethodsProvider
      Searches for users that have the specified role.
      Specified by:
      getRoleMembersStream in interface UserQueryMethodsProvider
      Parameters:
      realm - a reference to the realm.
      role - a reference to the role.
      firstResult - first result to return. Ignored if negative or null.
      maxResults - maximum number of results to return. Ignored if negative or null.
      Returns:
      a non-null Stream of users that have the specified role.
    • getUsersCount

      public int getUsersCount(RealmModel realm, boolean includeServiceAccount)
      Description copied from interface: UserCountMethodsProvider
      Returns the number of users.
      Specified by:
      getUsersCount in interface UserCountMethodsProvider
      Parameters:
      realm - the realm
      includeServiceAccount - if true, the number of users will also include service accounts. Otherwise, only the number of users.
      Returns:
      the number of users
    • getUsersCount

      public int getUsersCount(RealmModel realm)
      Description copied from interface: UserCountMethodsProvider
      Returns the number of users, without consider any service account.
      Specified by:
      getUsersCount in interface UserCountMethodsProvider
      Parameters:
      realm - the realm
      Returns:
      the number of users
    • getUsersCount

      public int getUsersCount(RealmModel realm, Set<String> groupIds)
      Description copied from interface: UserCountMethodsProvider
      Returns the number of users that are in at least one of the groups given.
      Specified by:
      getUsersCount in interface UserCountMethodsProvider
      Parameters:
      realm - the realm
      groupIds - set of groups IDs, the returned user needs to belong to at least one of them
      Returns:
      the number of users that are in at least one of the groups
    • getUsersCount

      public int getUsersCount(RealmModel realm, String search)
      Description copied from interface: UserCountMethodsProvider
      Returns the number of users that would be returned by a call to searchForUserStream
      Specified by:
      getUsersCount in interface UserCountMethodsProvider
      Parameters:
      realm - the realm
      search - case insensitive list of strings separated by whitespaces.
      Returns:
      number of users that match the search
    • getUsersCount

      public int getUsersCount(RealmModel realm, String search, Set<String> groupIds)
      Description copied from interface: UserCountMethodsProvider
      Returns the number of users that would be returned by a call to searchForUserStream and are members of at least one of the groups given by the groupIds set.
      Specified by:
      getUsersCount in interface UserCountMethodsProvider
      Parameters:
      realm - the realm
      search - case insensitive list of strings separated by whitespaces.
      groupIds - set of groups IDs, the returned user needs to belong to at least one of them
      Returns:
      number of users that match the search and given groups
    • getUsersCount

      public int getUsersCount(RealmModel realm, Map<String,String> params)
      Description copied from interface: UserCountMethodsProvider
      Returns the number of users that match the given filter parameters.
      Specified by:
      getUsersCount in interface UserCountMethodsProvider
      Parameters:
      realm - the realm
      params - filter parameters
      Returns:
      number of users that match the given filters
    • getUsersCount

      public int getUsersCount(RealmModel realm, Map<String,String> params, Set<String> groupIds)
      Description copied from interface: UserCountMethodsProvider
      Returns the number of users that match the given filter parameters and is in at least one of the given groups.
      Specified by:
      getUsersCount in interface UserCountMethodsProvider
      Parameters:
      realm - the realm
      params - filter parameters
      groupIds - set if groups to check for
      Returns:
      number of users that match the given filters and groups
    • searchForUserStream

      public Stream<UserModel> searchForUserStream(RealmModel realm, Map<String,String> attributes, Integer firstResult, Integer maxResults)
      Description copied from interface: UserQueryMethodsProvider
      Searches for user by parameter. If possible, implementations should treat the parameter values as partial match patterns (i.e. in RDMBS terms use LIKE).

      Valid parameters are:

      • UserModel.SEARCH - search for users whose username, email, first name or last name contain any of the strings in search separated by whitespace, when SEARCH is set all other params are ignored
      • UserModel.FIRST_NAME - first name (case insensitive string)
      • UserModel.LAST_NAME - last name (case insensitive string)
      • UserModel.EMAIL - email (case insensitive string)
      • UserModel.USERNAME - username (case insensitive string)
      • UserModel.EXACT - whether search with FIRST_NAME, LAST_NAME, USERNAME or EMAIL should be exact match
      • UserModel.EMAIL_VERIFIED - search only for users with verified/non-verified email (true/false)
      • UserModel.ENABLED - search only for enabled/disabled users (true/false)
      • UserModel.IDP_ALIAS - search only for users that have a federated identity from idp with the given alias configured (case sensitive string)
      • UserModel.IDP_USER_ID - search for users with federated identity with the given userId (case sensitive string)

      Any other parameters will be treated as custom user attributes.

      This method is used by the REST API when querying users.

      Specified by:
      searchForUserStream in interface UserQueryMethodsProvider
      Parameters:
      realm - a reference to the realm.
      attributes - a map containing the search parameters.
      firstResult - first result to return. Ignored if negative, zero, or null.
      maxResults - maximum number of results to return. Ignored if negative or null.
      Returns:
      a non-null Stream of users that match the search criteria.
    • searchForUserByUserAttributeStream

      public Stream<UserModel> searchForUserByUserAttributeStream(RealmModel realm, String attrName, String attrValue)
      Description copied from interface: UserQueryMethodsProvider
      Searches for users that have a specific attribute with a specific value.
      Specified by:
      searchForUserByUserAttributeStream in interface UserQueryMethodsProvider
      Parameters:
      realm - a reference to the realm.
      attrName - the attribute name.
      attrValue - the attribute value.
      Returns:
      a non-null Stream of users that match the search criteria.
    • grantToAllUsers

      public void grantToAllUsers(RealmModel realm, RoleModel role)
      UserQueryProvider methods implementation end here UserBulkUpdateProvider methods implementation start here
      Specified by:
      grantToAllUsers in interface UserBulkUpdateProvider
      Parameters:
      realm - Realm
      role - Role to be granted
    • preRemove

      public void preRemove(RealmModel realm)
      UserBulkUpdateProvider methods implementation end here UserStorageProvider methods implementations start here -> no StorageProviders involved
      Specified by:
      preRemove in interface UserProvider
      Parameters:
      realm - a reference to the realm
    • preRemove

      public void preRemove(RealmModel realm, GroupModel group)
      Description copied from interface: UserProvider
      Called when a group is removed. Should remove the group membership for each user.
      Specified by:
      preRemove in interface UserProvider
      Parameters:
      realm - a reference to the realm
      group - the group model
    • preRemove

      public void preRemove(RealmModel realm, RoleModel role)
      Description copied from interface: UserProvider
      Called when a role is removed. Should remove the role membership for each user.
      Specified by:
      preRemove in interface UserProvider
      Parameters:
      realm - a reference to the realm
      role - the role model
    • addUser

      public UserModel addUser(RealmModel realm, String id, String username, boolean addDefaultRoles, boolean addDefaultRequiredActions)
      UserStorageProvider methods implementation end here UserProvider methods implementations start here -> no StorageProviders involved
      Specified by:
      addUser in interface UserProvider
      Parameters:
      realm - the realm that user will be created in
      id - id of the new user. Should be generated to a random value if null.
      username - username
      addDefaultRoles - if true, the user should join all realm default roles
      addDefaultRequiredActions - if true, all default required actions are added to the created user
      Returns:
      model of created user
    • addFederatedIdentity

      public void addFederatedIdentity(RealmModel realm, UserModel user, FederatedIdentityModel socialLink)
      Description copied from interface: UserProvider
      Adds a federated identity link for the user within the realm
      Specified by:
      addFederatedIdentity in interface UserProvider
      Parameters:
      realm - a reference to the realm
      user - the user model
      socialLink - the federated identity model containing all details of the association between the user and the identity provider
    • updateFederatedIdentity

      public void updateFederatedIdentity(RealmModel realm, UserModel federatedUser, FederatedIdentityModel federatedIdentityModel)
      Description copied from interface: UserProvider
      Update details of association between the federatedUser and the idp given by the federatedIdentityModel
      Specified by:
      updateFederatedIdentity in interface UserProvider
      Parameters:
      realm - a reference to the realm
      federatedUser - the user model
      federatedIdentityModel - the federated identity model containing all details of the association between the user and the identity provider
    • removeFederatedIdentity

      public boolean removeFederatedIdentity(RealmModel realm, UserModel user, String socialProvider)
      Description copied from interface: UserProvider
      Removes federation link between the user and the identity provider given by its id
      Specified by:
      removeFederatedIdentity in interface UserProvider
      Parameters:
      realm - a reference to the realm
      user - the user model
      socialProvider - alias of the identity provider, see IdentityProviderModel.getAlias()
      Returns:
      true if the association was removed, false otherwise TODO: Make this method return Boolean so that store can return "I don't know" answer, this can be used for example in async stores
    • preRemove

      public void preRemove(RealmModel realm, IdentityProviderModel provider)
      Description copied from interface: UserProvider
      Called when an identity provider is removed. Should remove all federated identities assigned to users from the provider.
      Specified by:
      preRemove in interface UserProvider
      Parameters:
      realm - a reference to the realm
      provider - provider model
    • addConsent

      public void addConsent(RealmModel realm, String userId, UserConsentModel consent)
      Description copied from interface: UserProvider
      Add user consent for the user.
      Specified by:
      addConsent in interface UserProvider
      Parameters:
      realm - a reference to the realm
      userId - id of the user
      consent - all details corresponding to the granted consent
    • getConsentByClient

      public UserConsentModel getConsentByClient(RealmModel realm, String userId, String clientInternalId)
      Description copied from interface: UserProvider
      Returns UserConsentModel given by a user with the userId for the client with clientInternalId
      Specified by:
      getConsentByClient in interface UserProvider
      Parameters:
      realm - a reference to the realm
      userId - id of the user
      clientInternalId - id of the client
      Returns:
      consent given by the user to the client or null if no consent or user exists
    • getConsentsStream

      public Stream<UserConsentModel> getConsentsStream(RealmModel realm, String userId)
      Description copied from interface: UserProvider
      Obtains the consents associated with the user identified by the specified userId.
      Specified by:
      getConsentsStream in interface UserProvider
      Parameters:
      realm - a reference to the realm.
      userId - the user identifier.
      Returns:
      a non-null Stream of consents associated with the user.
    • updateConsent

      public void updateConsent(RealmModel realm, String userId, UserConsentModel consent)
      Description copied from interface: UserProvider
      Update client scopes in the stored user consent
      Specified by:
      updateConsent in interface UserProvider
      Parameters:
      realm - a reference to the realm
      userId - id of the user
      consent - new details of the user consent
    • revokeConsentForClient

      public boolean revokeConsentForClient(RealmModel realm, String userId, String clientInternalId)
      Description copied from interface: UserProvider
      Remove a user consent given by the user id and client id
      Specified by:
      revokeConsentForClient in interface UserProvider
      Parameters:
      realm - a reference to the realm
      userId - id of the user
      clientInternalId - id of the client
      Returns:
      true if the consent was removed, false otherwise TODO: Make this method return Boolean so that store can return "I don't know" answer, this can be used for example in async stores
    • setNotBeforeForUser

      public void setNotBeforeForUser(RealmModel realm, UserModel user, int notBefore)
      Description copied from interface: UserProvider
      Sets the notBefore value for the given user
      Specified by:
      setNotBeforeForUser in interface UserProvider
      Parameters:
      realm - a reference to the realm
      user - the user model
      notBefore - new value for notBefore
    • getNotBeforeOfUser

      public int getNotBeforeOfUser(RealmModel realm, UserModel user)
      Description copied from interface: UserProvider
      Gets the notBefore value for the given user
      Specified by:
      getNotBeforeOfUser in interface UserProvider
      Parameters:
      realm - a reference to the realm
      user - the user model
      Returns:
      the value of notBefore
    • getUserByFederatedIdentity

      public UserModel getUserByFederatedIdentity(RealmModel realm, FederatedIdentityModel socialLink)
      Description copied from interface: UserProvider
      Returns a userModel that corresponds to the given socialLink.
      Specified by:
      getUserByFederatedIdentity in interface UserProvider
      Parameters:
      realm - a reference to the realm
      socialLink - the socialLink
      Returns:
      the user corresponding to socialLink and null if no such user exists
    • getServiceAccount

      public UserModel getServiceAccount(ClientModel client)
      Description copied from interface: UserProvider
      Return a UserModel representing service account of the client
      Specified by:
      getServiceAccount in interface UserProvider
      Parameters:
      client - the client model
      Returns:
      userModel representing service account of the client
    • getFederatedIdentitiesStream

      public Stream<FederatedIdentityModel> getFederatedIdentitiesStream(RealmModel realm, UserModel user)
      Description copied from interface: UserProvider
      Obtains the federated identities of the specified user.
      Specified by:
      getFederatedIdentitiesStream in interface UserProvider
      Parameters:
      realm - a reference to the realm.
      user - the reference to the user.
      Returns:
      a non-null Stream of federated identities associated with the user.
    • getFederatedIdentity

      public FederatedIdentityModel getFederatedIdentity(RealmModel realm, UserModel user, String socialProvider)
      Description copied from interface: UserProvider
      Returns details of the association between the user and the socialProvider.
      Specified by:
      getFederatedIdentity in interface UserProvider
      Parameters:
      realm - a reference to the realm
      user - the user model
      socialProvider - the id of the identity provider
      Returns:
      federatedIdentityModel or null if no association exists
    • preRemove

      public void preRemove(RealmModel realm, ClientModel client)
      Description copied from interface: UserProvider
      Called when a client is removed. Should remove all user consents associated with the client
      Specified by:
      preRemove in interface UserProvider
      Parameters:
      realm - a reference to the realm
      client - the client model
    • preRemove

      public void preRemove(ProtocolMapperModel protocolMapper)
      Description copied from interface: UserProvider
      Called when a protocolMapper is removed
      Specified by:
      preRemove in interface UserProvider
      Parameters:
      protocolMapper - the protocolMapper model
    • preRemove

      public void preRemove(ClientScopeModel clientScope)
      Description copied from interface: UserProvider
      Called when a client scope is removed. Should remove the clientScope from each user consent
      Specified by:
      preRemove in interface UserProvider
      Parameters:
      clientScope - the clientScope model
    • preRemove

      public void preRemove(RealmModel realm, ComponentModel component)
      Description copied from interface: UserProvider
      Called when a component is removed. Should remove all data in UserStorage associated with removed component. For example,
      • if component corresponds to UserStorageProvider all imported users from the provider should be removed,
      • if component corresponds to ClientStorageProvider all consents granted for clients imported from the provider should be removed
      Specified by:
      preRemove in interface UserProvider
      Parameters:
      realm - a reference to the realm
      component - the component model
    • removeImportedUsers

      public void removeImportedUsers(RealmModel realm, String storageProviderId)
      Description copied from interface: UserProvider
      Removes any imported users from a specific User Storage Provider.
      Specified by:
      removeImportedUsers in interface UserProvider
      Parameters:
      realm - a reference to the realm
      storageProviderId - id of the user storage provider
    • unlinkUsers

      public void unlinkUsers(RealmModel realm, String storageProviderId)
      Description copied from interface: UserProvider
      Set federation link to null to imported users of a specific User Storage Provider
      Specified by:
      unlinkUsers in interface UserProvider
      Parameters:
      realm - a reference to the realm
      storageProviderId - id of the storage provider
    • close

      public void close()
      UserProvider methods implementations end here
      Specified by:
      close in interface Provider
    • onCreate

      public void onCreate(KeycloakSession session, RealmModel realm, ComponentModel model)
      Specified by:
      onCreate in interface OnCreateComponent
    • onUpdate

      public void onUpdate(KeycloakSession session, RealmModel realm, ComponentModel oldModel, ComponentModel newModel)
      Specified by:
      onUpdate in interface OnUpdateComponent
    • onCache

      public void onCache(RealmModel realm, CachedUserModel user, UserModel delegate)
      Specified by:
      onCache in interface OnUserCache
    • decorateUserProfile

      public List<AttributeMetadata> decorateUserProfile(String providerId, UserProfileMetadata metadata)
      Description copied from interface: UserProfileDecorator

      Decorates user profile with additional metadata. For instance, metadata attributes, which are available just for your user-storage provider can be added there, so they are available just for the users coming from your provider.

      This method is invoked every time a user is being managed through a user profile provider.

      Specified by:
      decorateUserProfile in interface UserProfileDecorator
      Parameters:
      providerId - the id of the user storage provider to which the user is associated with
      metadata - the current UserProfileMetadata for the current realm
      Returns:
      a list of attribute metadata.The AttributeMetadata returned from this method overrides any other metadata already set in metadata for a given attribute.