Class RealmCacheSession

java.lang.Object
org.keycloak.models.cache.infinispan.RealmCacheSession
All Implemented Interfaces:
CacheRealmProvider, ClientProvider, ClientScopeProvider, GroupProvider, RealmProvider, RoleProvider, Provider, ClientLookupProvider, ClientScopeLookupProvider, GroupLookupProvider, RoleLookupProvider

public class RealmCacheSession extends Object implements CacheRealmProvider
- the high level architecture of this cache is an invalidation cache. - the cache is manual/custom versioned. When a model is updated, we remove it from the cache which causes an invalidation message to be sent across the cluster. - We had to do it this way because Infinispan REPEATABLE_READ wouldn't cut it in invalidation mode. Also, REPEATABLE_READ doesn't work very well on relationships and items that are not in the cache. - There are two Infinispan caches. One clustered that holds actual objects and a another local one that holds revision numbers of cached objects. Whenever a cached object is removed (invalidated), the local revision cache number or that key is bumped higher based on a local version counter. Whenever a cache entry is fetched, this revision number is also fetched and compared against the revision number in the cache entry to see if the cache entry is stale. Whenever a cache entry is added, this revision number is also checked against the revision cache. - Revision entries are actually never removed (although they could be evicted by cache eviction policies). The reason for this is that it is possible for a stale object to be inserted if one thread loads and the data is updated in the database before it is added to the cache. So, we keep the version number around for this. - In a transaction, objects are registered to be invalidated. If an object is marked for invalidation within a transaction a cached object should never be returned. An DB adapter should always be returned. - After DB commits, the objects marked for invalidation are invalidated, or rather removed from the cache. At this time the revision cache entry for this object has its version number bumped. - Whenever an object is marked for invalidation, the cache is also searched for any objects that are related to this object and need to also be evicted/removed. We use the Infinispan Stream SPI for this. ClientList caches: - lists of clients are cached in a specific cache entry i.e. realm clients, find client by clientId - realm client lists need to be invalidated and evited whenever a client is added or removed from a realm. RealmProvider now has addClient/removeClient at its top level. All adapters should use these methods so that the appropriate invalidations can be registered. - whenever a client is added/removed the realm of the client is added to a listInvalidations set this set must be checked before sending back or caching a cached query. This check is required to avoid caching an uncommitted removal/add in a query cache. - when a client is removed, any queries that contain that client must also be removed. - a client removal will also cause anything that is contained and cached within that client to be removed Clustered caches: - There is a Infinispan @Listener registered. If an invalidation event happens, this is treated like the object was removed from the database and will perform evictions based on that assumption. - Eviction events will also cascade other evictions, but not assume this is a db removal. - With an invalidation cache, if you remove an entry on node 1 and this entry does not exist on node 2, node 2 will not receive a @Listener invalidation event. so, hat we have to put a marker entry in the invalidation cache before we read from the DB, so if the DB changes in between reading and adding a cache entry, the cache will be notified and bump the version information. DBs with Repeatable Read: - DBs like MySQL are Repeatable Read by default. So, if you query a Client for instance, it will always return the same result in the same transaction even if the DB was updated in between these queries. This makes it possible to store stale cache entries. To avoid this problem, this class stores the current local version counter at the beginning of the transaction. Whenever an entry is added to the cache, the current counter is compared against the counter at the beginning of the tx. If the current is greater, then don't cache. Groups and Roles: - roles are tricky because of composites. Composite lists are cached too. So, when a role is removed we also iterate and invalidate any role or group that contains that role being removed. - any relationship should be resolved from session.realms(). For example if JPA.getClientByClientId() is invoked, JPA should find the id of the client and then call session.realms().getClientById(). THis is to ensure that the cached object is invoked and all proper invalidation are being invoked.
Version:
$Revision: 1 $
Author:
Bill Burke
  • Field Details

  • Constructor Details

  • Method Details

    • clear

      public void clear()
      Specified by:
      clear in interface CacheRealmProvider
    • getRealmDelegate

      public RealmProvider getRealmDelegate()
      Specified by:
      getRealmDelegate in interface CacheRealmProvider
    • getClientDelegate

      public ClientProvider getClientDelegate()
    • getClientScopeDelegate

      public ClientScopeProvider getClientScopeDelegate()
    • getRoleDelegate

      public RoleProvider getRoleDelegate()
    • getGroupDelegate

      public GroupProvider getGroupDelegate()
    • registerRealmInvalidation

      public void registerRealmInvalidation(String id, String name)
      Specified by:
      registerRealmInvalidation in interface CacheRealmProvider
    • registerClientInvalidation

      public void registerClientInvalidation(String id, String clientId, String realmId)
      Specified by:
      registerClientInvalidation in interface CacheRealmProvider
    • registerClientScopeInvalidation

      public void registerClientScopeInvalidation(String id, String realmId)
      Specified by:
      registerClientScopeInvalidation in interface CacheRealmProvider
    • registerRoleInvalidation

      public void registerRoleInvalidation(String id, String roleName, String roleContainerId)
      Specified by:
      registerRoleInvalidation in interface CacheRealmProvider
    • registerGroupInvalidation

      public void registerGroupInvalidation(String id)
      Specified by:
      registerGroupInvalidation in interface CacheRealmProvider
    • runInvalidations

      protected void runInvalidations()
    • createRealm

      public RealmModel createRealm(String name)
      Description copied from interface: RealmProvider
      Creates new realm with the given name. The internal ID will be generated automatically.
      Specified by:
      createRealm in interface RealmProvider
      Parameters:
      name - String name of the realm
      Returns:
      Model of the created realm.
    • createRealm

      public RealmModel createRealm(String id, String name)
      Description copied from interface: RealmProvider
      Created new realm with given ID and name.
      Specified by:
      createRealm in interface RealmProvider
      Parameters:
      id - Internal ID of the realm or null if one is to be created by the underlying store. If the store expects the ID to have a certain format (for example UUID) and the supplied ID doesn't follow the expected format, the store may replace the id with a new one at its own discretion.
      name - String name of the realm
      Returns:
      Model of the created realm.
    • getRealm

      public RealmModel getRealm(String id)
      Description copied from interface: RealmProvider
      Exact search for a realm by its internal ID.
      Specified by:
      getRealm in interface RealmProvider
      Parameters:
      id - Internal ID of the realm.
      Returns:
      Model of the realm
    • getRealmByName

      public RealmModel getRealmByName(String name)
      Description copied from interface: RealmProvider
      Exact search for a realm by its name.
      Specified by:
      getRealmByName in interface RealmProvider
      Parameters:
      name - String name of the realm
      Returns:
      Model of the realm
    • getRealmsWithProviderTypeStream

      public Stream<RealmModel> getRealmsWithProviderTypeStream(Class<?> type)
      Description copied from interface: RealmProvider
      Returns stream of realms which has component with the given provider type.
      Specified by:
      getRealmsWithProviderTypeStream in interface RealmProvider
      Parameters:
      type - Class<?> Type of the provider.
      Returns:
      Stream of RealmModel. Never returns null.
    • getRealmsStream

      public Stream<RealmModel> getRealmsStream()
      Description copied from interface: RealmProvider
      Returns realms as a stream.
      Specified by:
      getRealmsStream in interface RealmProvider
      Returns:
      Stream of RealmModel. Never returns null.
    • removeRealm

      public boolean removeRealm(String id)
      Description copied from interface: RealmProvider
      Removes realm with the given id.
      Specified by:
      removeRealm in interface RealmProvider
      Parameters:
      id - of realm.
      Returns:
      true if the realm was successfully removed.
    • evictRealmOnRemoval

      public void evictRealmOnRemoval(RealmModel realm)
    • addClient

      public ClientModel addClient(RealmModel realm, String clientId)
      Description copied from interface: ClientProvider
      Adds a client with given clientId to the given realm. The internal ID of the client will be created automatically.
      Specified by:
      addClient in interface ClientProvider
      Parameters:
      realm - Realm owning this client.
      clientId - String that identifies the client to the external parties. Maps to client_id in OIDC or entityID in SAML.
      Returns:
      Model of the created client.
    • addClient

      public ClientModel addClient(RealmModel realm, String id, String clientId)
      Description copied from interface: ClientProvider
      Adds a client with given internal ID and clientId to the given realm.
      Specified by:
      addClient in interface ClientProvider
      Parameters:
      realm - Realm owning this client.
      id - Internal ID of the client or null if one is to be created by the underlying store
      clientId - String that identifies the client to the external parties. Maps to client_id in OIDC or entityID in SAML.
      Returns:
      Model of the created client.
    • getClientsStream

      public Stream<ClientModel> getClientsStream(RealmModel realm, Integer firstResult, Integer maxResults)
      Description copied from interface: ClientProvider
      Returns the clients of the given realm as a stream.
      Specified by:
      getClientsStream in interface ClientProvider
      Parameters:
      realm - Realm.
      firstResult - First result to return. Ignored if negative or null.
      maxResults - Maximum number of results to return. Ignored if negative or null.
      Returns:
      Stream of the clients. Never returns null.
    • getClientsStream

      public Stream<ClientModel> getClientsStream(RealmModel realm)
      Description copied from interface: ClientProvider
      Returns all the clients of the given realm as a stream. Effectively the same as the call getClientsStream(realm, null, null).
      Specified by:
      getClientsStream in interface ClientProvider
      Parameters:
      realm - Realm.
      Returns:
      Stream of the clients. Never returns null.
    • getAlwaysDisplayInConsoleClientsStream

      public Stream<ClientModel> getAlwaysDisplayInConsoleClientsStream(RealmModel realm)
      Description copied from interface: ClientProvider
      Returns a stream of clients that are expected to always show up in account console.
      Specified by:
      getAlwaysDisplayInConsoleClientsStream in interface ClientProvider
      Parameters:
      realm - Realm owning the clients.
      Returns:
      Stream of the clients. Never returns null.
    • getAllRedirectUrisOfEnabledClients

      public Map<ClientModel,Set<String>> getAllRedirectUrisOfEnabledClients(RealmModel realm)
      Description copied from interface: ClientProvider
      Returns a map of (rootUrl, {validRedirectUris}) for all enabled clients.
      Specified by:
      getAllRedirectUrisOfEnabledClients in interface ClientProvider
      Returns:
    • removeClients

      public void removeClients(RealmModel realm)
      Description copied from interface: ClientProvider
      Removes all clients from the given realm.
      Specified by:
      removeClients in interface ClientProvider
      Parameters:
      realm - Realm.
    • removeClient

      public boolean removeClient(RealmModel realm, String id)
      Description copied from interface: ClientProvider
      Removes given client from the given realm.
      Specified by:
      removeClient in interface ClientProvider
      Parameters:
      realm - Realm.
      id - Internal ID of the client
      Returns:
      true if the client existed and has been removed, false otherwise.
    • close

      public void close()
      Specified by:
      close in interface Provider
    • addRealmRole

      public RoleModel addRealmRole(RealmModel realm, String name)
      Description copied from interface: RoleProvider
      Adds a realm role with given name to the given realm. The internal ID of the role will be created automatically.
      Specified by:
      addRealmRole in interface RoleProvider
      Parameters:
      realm - Realm owning this role.
      name - String name of the role.
      Returns:
      Model of the created role.
    • addRealmRole

      public RoleModel addRealmRole(RealmModel realm, String id, String name)
      Description copied from interface: RoleProvider
      Adds a realm role with given internal ID and name to the given realm.
      Specified by:
      addRealmRole in interface RoleProvider
      Parameters:
      realm - Realm owning this role.
      id - Internal ID of the role or null if one is to be created by the underlying store
      name - String name of the role.
      Returns:
      Model of the created client.
    • getRealmRolesStream

      public Stream<RoleModel> getRealmRolesStream(RealmModel realm)
      Description copied from interface: RoleProvider
      Returns all the realm roles of the given realm as a stream. Effectively the same as the call getRealmRolesStream(realm, null, null).
      Specified by:
      getRealmRolesStream in interface RoleProvider
      Parameters:
      realm - Realm.
      Returns:
      Stream of the roles. Never returns null.
    • getClientRolesStream

      public Stream<RoleModel> getClientRolesStream(ClientModel client)
      Description copied from interface: RoleProvider
      Returns all the client roles of the given client. Effectively the same as the call getClientRoles(client, null, null).
      Specified by:
      getClientRolesStream in interface RoleProvider
      Parameters:
      client - Client.
      Returns:
      Stream of the roles. Never returns null.
    • getRealmRolesStream

      public Stream<RoleModel> getRealmRolesStream(RealmModel realm, Integer first, Integer max)
      Description copied from interface: RoleProvider
      Returns the realm roles of the given realm as a stream.
      Specified by:
      getRealmRolesStream in interface RoleProvider
      Parameters:
      realm - Realm.
      first - First result to return. Ignored if negative or null.
      max - Maximum number of results to return. Ignored if negative or null.
      Returns:
      Stream of the roles. Never returns null.
    • getRolesStream

      public Stream<RoleModel> getRolesStream(RealmModel realm, Stream<String> ids, String search, Integer first, Integer max)
      Description copied from interface: RoleProvider
      Returns a paginated stream of roles with given ids and given search value in role names.
      Specified by:
      getRolesStream in interface RoleProvider
      Parameters:
      realm - Realm. Cannot be null.
      ids - Stream of ids. Returns empty Stream when null.
      search - Case-insensitive string to search by role's name or description. Ignored if null.
      first - Index of the first result to return. Ignored if negative or null.
      max - Maximum number of results to return. Ignored if negative or null.
      Returns:
      Stream of desired roles. Never returns null.
    • getClientRolesStream

      public Stream<RoleModel> getClientRolesStream(ClientModel client, Integer first, Integer max)
      Description copied from interface: RoleProvider
      Returns the client roles of the given client.
      Specified by:
      getClientRolesStream in interface RoleProvider
      Parameters:
      client - Client.
      first - First result to return. Ignored if negative or null.
      max - Maximum number of results to return. Ignored if negative or null.
      Returns:
      Stream of the roles. Never returns null.
    • searchForClientRolesStream

      public Stream<RoleModel> searchForClientRolesStream(ClientModel client, String search, Integer first, Integer max)
      Description copied from interface: RoleLookupProvider
      Case-insensitive search for client roles that contain the given string in their name or description.
      Specified by:
      searchForClientRolesStream in interface RoleLookupProvider
      Parameters:
      client - Client.
      search - String to search by role's name or description.
      first - First result to return. Ignored if negative or null.
      max - Maximum number of results to return. Ignored if negative or null.
      Returns:
      Stream of the client roles their name or description contains given search string. Never returns null.
    • searchForClientRolesStream

      public Stream<RoleModel> searchForClientRolesStream(RealmModel realm, Stream<String> ids, String search, Integer first, Integer max)
      Description copied from interface: RoleLookupProvider
      Case-insensitive search for client roles that contain the given string in its name or their client's public identifier (clientId - (client_id in OIDC or entityID in SAML)).
      Specified by:
      searchForClientRolesStream in interface RoleLookupProvider
      Parameters:
      realm - Realm.
      ids - Stream of ids to include in search. Ignored when null. Returns empty Stream when empty.
      search - String to search by role's name or client's public identifier.
      first - First result to return. Ignored if negative or null.
      max - Maximum number of results to return. Ignored if negative or null.
      Returns:
      Stream of the client roles where role name or client public identifier contains given search string. Never returns null.
    • searchForClientRolesStream

      public Stream<RoleModel> searchForClientRolesStream(RealmModel realm, String search, Stream<String> excludedIds, Integer first, Integer max)
      Description copied from interface: RoleLookupProvider
      Case-insensitive search for client roles that contain the given string in their name or their client's public identifier (clientId - (client_id in OIDC or entityID in SAML)).
      Specified by:
      searchForClientRolesStream in interface RoleLookupProvider
      Parameters:
      realm - Realm.
      search - String to search by role's name or client's public identifier.
      excludedIds - Stream of ids to exclude. Ignored if empty or null.
      first - First result to return. Ignored if negative or null.
      max - Maximum number of results to return. Ignored if negative or null.
      Returns:
      Stream of the client roles where role name or client's public identifier contains given search string. Never returns null.
    • searchForRolesStream

      public Stream<RoleModel> searchForRolesStream(RealmModel realm, String search, Integer first, Integer max)
      Description copied from interface: RoleLookupProvider
      Case-insensitive search for roles that contain the given string in their name or description.
      Specified by:
      searchForRolesStream in interface RoleLookupProvider
      Parameters:
      realm - Realm.
      search - Searched substring of the role's name or description.
      first - First result to return. Ignored if negative or null.
      max - Maximum number of results to return. Ignored if negative or null.
      Returns:
      Stream of the realm roles their name or description contains given search string. Never returns null.
    • addClientRole

      public RoleModel addClientRole(ClientModel client, String name)
      Description copied from interface: RoleProvider
      Adds a client role with given name to the given client. The internal ID of the role will be created automatically.
      Specified by:
      addClientRole in interface RoleProvider
      Parameters:
      client - Client owning this role.
      name - String name of the role.
      Returns:
      Model of the created role.
    • addClientRole

      public RoleModel addClientRole(ClientModel client, String id, String name)
      Description copied from interface: RoleProvider
      Adds a client role with given internal ID and name to the given client.
      Specified by:
      addClientRole in interface RoleProvider
      Parameters:
      client - Client owning this role.
      id - Internal ID of the client role or null if one is to be created by the underlying store.
      name - String name of the role.
      Returns:
      Model of the created role.
    • getRealmRole

      public RoleModel getRealmRole(RealmModel realm, String name)
      Description copied from interface: RoleLookupProvider
      Exact search for a role by given name.
      Specified by:
      getRealmRole in interface RoleLookupProvider
      Parameters:
      realm - Realm.
      name - String name of the role.
      Returns:
      Model of the role, or null if no role is found.
    • getClientRole

      public RoleModel getClientRole(ClientModel client, String name)
      Description copied from interface: RoleLookupProvider
      Exact search for a client role by given name.
      Specified by:
      getClientRole in interface RoleLookupProvider
      Parameters:
      client - Client.
      name - String name of the role.
      Returns:
      Model of the role, or null if no role is found.
    • removeRole

      public boolean removeRole(RoleModel role)
      Description copied from interface: RoleProvider
      Removes given realm role from the given realm.
      Specified by:
      removeRole in interface RoleProvider
      Parameters:
      role - Role to be removed.
      Returns:
      true if the role existed and has been removed, false otherwise.
    • removeRoles

      public void removeRoles(RealmModel realm)
      Description copied from interface: RoleProvider
      Removes all roles from the given realm.
      Specified by:
      removeRoles in interface RoleProvider
      Parameters:
      realm - Realm.
    • removeRoles

      public void removeRoles(ClientModel client)
      Description copied from interface: RoleProvider
      Removes all roles from the given client.
      Specified by:
      removeRoles in interface RoleProvider
      Parameters:
      client - Client.
    • getRoleById

      public RoleModel getRoleById(RealmModel realm, String id)
      Description copied from interface: RoleLookupProvider
      Exact search for a role by its internal ID..
      Specified by:
      getRoleById in interface RoleLookupProvider
      Parameters:
      realm - Realm.
      id - Internal ID of the role.
      Returns:
      Model of the role.
    • getGroupById

      public GroupModel getGroupById(RealmModel realm, String id)
      Description copied from interface: GroupLookupProvider
      Returns a group from the given realm with the corresponding id
      Specified by:
      getGroupById in interface GroupLookupProvider
      Parameters:
      realm - Realm.
      id - Id.
      Returns:
      GroupModel with the corresponding id.
    • getGroupByName

      public GroupModel getGroupByName(RealmModel realm, GroupModel parent, String name)
      Description copied from interface: GroupLookupProvider
      Returns a group from the given realm with the corresponding name and parent
      Specified by:
      getGroupByName in interface GroupLookupProvider
      Parameters:
      realm - Realm.
      parent - parent Group. If null top level groups are searched
      name - name.
      Returns:
      GroupModel with the corresponding name.
    • moveGroup

      public void moveGroup(RealmModel realm, GroupModel group, GroupModel toParent)
      Description copied from interface: GroupProvider
      This method is used for moving groups in group structure, for example:
      • making an existing child group child group of some other group,
      • setting a top level group (i.e. group without parent group) child of some group,
      • making a child group top level group (i.e. removing its parent group).
        Specified by:
        moveGroup in interface GroupProvider
        Parameters:
        realm - Realm owning this group.
        group - Group to update.
        toParent - New parent group, or null if we are moving the group to top level group.
      • getGroupsStream

        public Stream<GroupModel> getGroupsStream(RealmModel realm)
        Description copied from interface: GroupProvider
        Returns groups for the given realm.
        Specified by:
        getGroupsStream in interface GroupProvider
        Parameters:
        realm - Realm.
        Returns:
        Stream of groups in the Realm.
      • getGroupsStream

        public Stream<GroupModel> getGroupsStream(RealmModel realm, Stream<String> ids, String search, Integer first, Integer max)
        Description copied from interface: GroupProvider
        Returns a paginated stream of groups with given ids and given search value in group names.
        Specified by:
        getGroupsStream in interface GroupProvider
        Parameters:
        realm - Realm.
        ids - Stream of ids.
        search - Case insensitive string which will be searched for. Ignored if null.
        first - Index of the first result to return. Ignored if negative or null.
        max - Maximum number of results to return. Ignored if negative or null.
        Returns:
        Stream of desired groups. Never returns null.
      • getGroupsCount

        public Long getGroupsCount(RealmModel realm, Stream<String> ids, String search)
        Description copied from interface: GroupProvider
        Returns a number of groups that contains the search string in the name
        Specified by:
        getGroupsCount in interface GroupProvider
        Parameters:
        realm - Realm.
        ids - List of ids.
        search - Case insensitive string which will be searched for. Ignored if null.
        Returns:
        Number of groups.
      • getGroupsCount

        public Long getGroupsCount(RealmModel realm, Boolean onlyTopGroups)
        Description copied from interface: GroupProvider
        Returns a number of groups/top level groups (i.e. groups without parent group) for the given realm.
        Specified by:
        getGroupsCount in interface GroupProvider
        Parameters:
        realm - Realm.
        onlyTopGroups - When true the function returns a count of top level groups only.
        Returns:
        Number of groups/top level groups.
      • getClientsCount

        public long getClientsCount(RealmModel realm)
        Description copied from interface: ClientProvider
        Returns number of clients in the given realm
        Specified by:
        getClientsCount in interface ClientProvider
        Parameters:
        realm - Realm.
        Returns:
        Number of the clients in the given realm.
      • getGroupsCountByNameContaining

        public Long getGroupsCountByNameContaining(RealmModel realm, String search)
        Description copied from interface: GroupProvider
        Returns the number of top level groups containing groups with the given string in name for the given realm.
        Specified by:
        getGroupsCountByNameContaining in interface GroupProvider
        Parameters:
        realm - Realm.
        search - Case insensitive string which will be searched for.
        Returns:
        Number of groups with the given string in its name.
      • getGroupsByRoleStream

        public Stream<GroupModel> getGroupsByRoleStream(RealmModel realm, RoleModel role, Integer firstResult, Integer maxResults)
        Description copied from interface: GroupProvider
        Returns groups with the given role in the given realm.
        Specified by:
        getGroupsByRoleStream in interface GroupProvider
        Parameters:
        realm - Realm.
        role - Role.
        firstResult - First result to return. Ignored if negative or null.
        maxResults - Maximum number of results to return. Ignored if negative or null.
        Returns:
        Stream of groups with the given role. Never returns null.
      • getTopLevelGroupsStream

        public Stream<GroupModel> getTopLevelGroupsStream(RealmModel realm, String search, Boolean exact, Integer first, Integer max)
        Description copied from interface: GroupProvider
        Returns top level groups (i.e. groups without parent group) for the given realm.
        Specified by:
        getTopLevelGroupsStream in interface GroupProvider
        Parameters:
        realm - Realm.
        search - The name that should be matched
        first - First result to return. Ignored if negative or null.
        max - Maximum number of results to return. Ignored if negative or null.
        Returns:
        Stream of top level groups in the realm. Never returns null.
      • searchForGroupByNameStream

        public Stream<GroupModel> searchForGroupByNameStream(RealmModel realm, String search, Integer first, Integer max)
        Description copied from interface: GroupLookupProvider
        Returns the group hierarchy with the given string in name for the given realm. For a matching group node the parent group is fetched by id (with all children) and added to the result stream. This is done until the group node does not have a parent (root group)
        Specified by:
        searchForGroupByNameStream in interface GroupLookupProvider
        Parameters:
        realm - Realm.
        search - Case sensitive searched string.
        first - First result to return. Ignored if negative or null.
        max - Maximum number of results to return. Ignored if negative or null.
        Returns:
        Stream of root groups that have the given string in their name themself or a group in their child-collection has. The returned hierarchy contains siblings that do not necessarily have a matching name. Never returns null.
      • searchForGroupByNameStream

        public Stream<GroupModel> searchForGroupByNameStream(RealmModel realm, String search, Boolean exact, Integer firstResult, Integer maxResults)
        Description copied from interface: GroupLookupProvider
        Returns the group hierarchy with the given string in name for the given realm. For a matching group node the parent group is fetched by id (with all children) and added to the result stream. This is done until the group node does not have a parent (root group)
        Specified by:
        searchForGroupByNameStream in interface GroupLookupProvider
        Parameters:
        realm - Realm.
        search - Case sensitive searched string.
        exact - Boolean which defines whether search param should be matched exactly.
        firstResult - First result to return. Ignored if negative or null.
        maxResults - Maximum number of results to return. Ignored if negative or null.
        Returns:
        Stream of root groups that have the given string in their name themself or a group in their child-collection has. The returned hierarchy contains siblings that do not necessarily have a matching name. Never returns null.
      • searchGroupsByAttributes

        public Stream<GroupModel> searchGroupsByAttributes(RealmModel realm, Map<String,String> attributes, Integer firstResult, Integer maxResults)
        Description copied from interface: GroupLookupProvider
        Returns the groups filtered by attribute names and attribute values for the given realm.
        Specified by:
        searchGroupsByAttributes in interface GroupLookupProvider
        Parameters:
        realm - Realm.
        attributes - name-value pairs that are compared to group attributes.
        firstResult - First result to return. Ignored if negative or null.
        maxResults - Maximum number of results to return. Ignored if negative or null.
        Returns:
        Stream of groups with attributes matching all searched attributes. Never returns null.
      • removeGroup

        public boolean removeGroup(RealmModel realm, GroupModel group)
        Description copied from interface: GroupProvider
        Removes the given group for the given realm.
        Specified by:
        removeGroup in interface GroupProvider
        Parameters:
        realm - Realm.
        group - Group.
        Returns:
        true if the group was removed, false if group doesn't exist or doesn't belong to the given realm
      • createGroup

        public GroupModel createGroup(RealmModel realm, String id, String name, GroupModel toParent)
        Description copied from interface: GroupProvider
        Creates a new group with the given name, id, name and parent to the given realm.
        Specified by:
        createGroup in interface GroupProvider
        Parameters:
        realm - Realm.
        id - Id, will be generated if null.
        name - Name.
        toParent - Parent group, or null if the group is top level group
        Returns:
        Model of the created group
      • addTopLevelGroup

        public void addTopLevelGroup(RealmModel realm, GroupModel subGroup)
        Description copied from interface: GroupProvider
        Removes parent group for the given group in the given realm.
        Specified by:
        addTopLevelGroup in interface GroupProvider
        Parameters:
        realm - Realm.
        subGroup - Group.
      • getClientById

        public ClientModel getClientById(RealmModel realm, String id)
        Description copied from interface: ClientLookupProvider
        Exact search for a client by its internal ID.
        Specified by:
        getClientById in interface ClientLookupProvider
        Parameters:
        realm - Realm to limit the search.
        id - Internal ID
        Returns:
        Model of the client, or null if no client is found.
      • cacheClient

        protected ClientModel cacheClient(RealmModel realm, ClientModel delegate, Long revision)
      • validateCache

        protected ClientModel validateCache(RealmModel realm, CachedClient cached)
      • searchClientsByClientIdStream

        public Stream<ClientModel> searchClientsByClientIdStream(RealmModel realm, String clientId, Integer firstResult, Integer maxResults)
        Description copied from interface: ClientLookupProvider
        Case-insensitive search for clients that contain the given string in their public client identifier.
        Specified by:
        searchClientsByClientIdStream in interface ClientLookupProvider
        Parameters:
        realm - Realm to limit the search for clients.
        clientId - Searched substring of the public client identifier (client_id in OIDC or entityID in SAML.)
        firstResult - First result to return. Ignored if negative or null.
        maxResults - Maximum number of results to return. Ignored if negative or null.
        Returns:
        Stream of ClientModel or an empty stream if no client is found. Never returns null.
      • searchClientsByAttributes

        public Stream<ClientModel> searchClientsByAttributes(RealmModel realm, Map<String,String> attributes, Integer firstResult, Integer maxResults)
        Specified by:
        searchClientsByAttributes in interface ClientLookupProvider
      • searchClientsByAuthenticationFlowBindingOverrides

        public Stream<ClientModel> searchClientsByAuthenticationFlowBindingOverrides(RealmModel realm, Map<String,String> overrides, Integer firstResult, Integer maxResults)
        Specified by:
        searchClientsByAuthenticationFlowBindingOverrides in interface ClientLookupProvider
      • getClientByClientId

        public ClientModel getClientByClientId(RealmModel realm, String clientId)
        Description copied from interface: ClientLookupProvider
        Exact search for a client by its public client identifier.
        Specified by:
        getClientByClientId in interface ClientLookupProvider
        Parameters:
        realm - Realm to limit the search for clients.
        clientId - String that identifies the client to the external parties. Maps to client_id in OIDC or entityID in SAML.
        Returns:
        Model of the client, or null if no client is found.
      • getClientScopeById

        public ClientScopeModel getClientScopeById(RealmModel realm, String id)
        Description copied from interface: ClientScopeLookupProvider
        Exact search for a client scope by its internal ID..
        Specified by:
        getClientScopeById in interface ClientScopeLookupProvider
        Parameters:
        realm - Realm.
        id - Internal ID of the role.
        Returns:
        Model of the client scope.
      • getClientScopesStream

        public Stream<ClientScopeModel> getClientScopesStream(RealmModel realm)
        Description copied from interface: ClientScopeProvider
        Returns all the client scopes of the given realm as a stream.
        Specified by:
        getClientScopesStream in interface ClientScopeProvider
        Parameters:
        realm - Realm.
        Returns:
        Stream of the client scopes. Never returns null.
      • addClientScope

        public ClientScopeModel addClientScope(RealmModel realm, String name)
        Description copied from interface: ClientScopeProvider
        Creates new client scope with given name to the given realm. Spaces in name will be replaced by underscore so that scope name can be used as value of scope parameter. The internal ID will be created automatically.
        Specified by:
        addClientScope in interface ClientScopeProvider
        Parameters:
        realm - Realm owning this client scope.
        name - String name of the client scope.
        Returns:
        Model of the created client scope.
      • addClientScope

        public ClientScopeModel addClientScope(RealmModel realm, String id, String name)
        Description copied from interface: ClientScopeProvider
        Creates new client scope with given internal ID and name to the given realm. Spaces in name will be replaced by underscore so that scope name can be used as value of scope parameter.
        Specified by:
        addClientScope in interface ClientScopeProvider
        Parameters:
        realm - Realm owning this client scope.
        id - Internal ID of the client scope or null if one is to be created by the underlying store
        name - String name of the client scope.
        Returns:
        Model of the created client scope.
      • removeClientScope

        public boolean removeClientScope(RealmModel realm, String id)
        Description copied from interface: ClientScopeProvider
        Removes client scope from the given realm.
        Specified by:
        removeClientScope in interface ClientScopeProvider
        Parameters:
        realm - Realm.
        id - Internal ID of the client scope
        Returns:
        true if the client scope existed and has been removed, false otherwise.
      • removeClientScopes

        public void removeClientScopes(RealmModel realm)
        Description copied from interface: ClientScopeProvider
        Removes all client scopes from the given realm.
        Specified by:
        removeClientScopes in interface ClientScopeProvider
        Parameters:
        realm - Realm.
      • addClientScopes

        public void addClientScopes(RealmModel realm, ClientModel client, Set<ClientScopeModel> clientScopes, boolean defaultScope)
        Description copied from interface: ClientProvider
        Assign clientScopes to the client. Add as default scopes (if parameter 'defaultScope' is true) or optional scopes (if parameter 'defaultScope' is false)
        Specified by:
        addClientScopes in interface ClientProvider
        Parameters:
        realm - Realm.
        client - Client.
        clientScopes - to be assigned
        defaultScope - if true the scopes are assigned as default, or optional in case of false
      • removeClientScope

        public void removeClientScope(RealmModel realm, ClientModel client, ClientScopeModel clientScope)
        Description copied from interface: ClientProvider
        Unassign clientScope from the client.
        Specified by:
        removeClientScope in interface ClientProvider
        Parameters:
        realm - Realm.
        client - Client.
        clientScope - to be unassigned
      • getClientScopes

        public Map<String,ClientScopeModel> getClientScopes(RealmModel realm, ClientModel client, boolean defaultScopes)
        Description copied from interface: ClientLookupProvider
        Return all default scopes (if defaultScope is true) or all optional scopes (if defaultScope is false) linked with the client
        Specified by:
        getClientScopes in interface ClientLookupProvider
        Parameters:
        realm - Realm
        client - Client
        defaultScopes - if true default scopes, if false optional scopes, are returned
        Returns:
        map where key is the name of the clientScope, value is particular clientScope. Returns empty map if no scopes linked (never returns null).
      • addClientScopeToAllClients

        public void addClientScopeToAllClients(RealmModel realm, ClientScopeModel clientScope, boolean defaultClientScope)
        Description copied from interface: ClientProvider
        Add specified client scope to all non bearer-only clients in the realm, which have same protocol as specified client scope. Method may be used just for new client scopes, which are not yet assigned to any clients as if specified clientScope is already assigned to some client, there might be issues related to duplicate entries.
        Specified by:
        addClientScopeToAllClients in interface ClientProvider
        Parameters:
        realm - Realm
        clientScope - client scope from the specified realm, which would be added to all clients
        defaultClientScope - If true, then it will be added as "default" client scope. If false, then it will be added as "optional" client scope
      • createClientInitialAccessModel

        public ClientInitialAccessModel createClientInitialAccessModel(RealmModel realm, int expiration, int count)
        Specified by:
        createClientInitialAccessModel in interface RealmProvider
      • getClientInitialAccessModel

        public ClientInitialAccessModel getClientInitialAccessModel(RealmModel realm, String id)
        Specified by:
        getClientInitialAccessModel in interface RealmProvider
      • removeClientInitialAccessModel

        public void removeClientInitialAccessModel(RealmModel realm, String id)
        Specified by:
        removeClientInitialAccessModel in interface RealmProvider
      • listClientInitialAccessStream

        public Stream<ClientInitialAccessModel> listClientInitialAccessStream(RealmModel realm)
        Description copied from interface: RealmProvider
        Returns client's initial access as a stream.
        Specified by:
        listClientInitialAccessStream in interface RealmProvider
        Parameters:
        realm - RealmModel The realm where to list client's initial access.
        Returns:
        Stream of ClientInitialAccessModel. Never returns null.
      • removeExpiredClientInitialAccess

        public void removeExpiredClientInitialAccess()
        Description copied from interface: RealmProvider
        Removes all expired client initial accesses from all realms.
        Specified by:
        removeExpiredClientInitialAccess in interface RealmProvider
      • saveLocalizationText

        public void saveLocalizationText(RealmModel realm, String locale, String key, String text)
        Specified by:
        saveLocalizationText in interface RealmProvider
      • saveLocalizationTexts

        public void saveLocalizationTexts(RealmModel realm, String locale, Map<String,String> localizationTexts)
        Specified by:
        saveLocalizationTexts in interface RealmProvider
      • updateLocalizationText

        public boolean updateLocalizationText(RealmModel realm, String locale, String key, String text)
        Specified by:
        updateLocalizationText in interface RealmProvider
      • deleteLocalizationTextsByLocale

        public boolean deleteLocalizationTextsByLocale(RealmModel realm, String locale)
        Specified by:
        deleteLocalizationTextsByLocale in interface RealmProvider
      • deleteLocalizationText

        public boolean deleteLocalizationText(RealmModel realm, String locale, String key)
        Specified by:
        deleteLocalizationText in interface RealmProvider
      • getLocalizationTextsById

        public String getLocalizationTextsById(RealmModel realm, String locale, String key)
        Specified by:
        getLocalizationTextsById in interface RealmProvider