Class RealmCacheSession
java.lang.Object
org.keycloak.models.cache.infinispan.RealmCacheSession
- All Implemented Interfaces:
CacheRealmProvider
,ClientProvider
,ClientScopeProvider
,GroupProvider
,RealmProvider
,RoleProvider
,Provider
,ClientLookupProvider
,ClientScopeLookupProvider
,GroupLookupProvider
,RoleLookupProvider
- the high level architecture of this cache is an invalidation cache.
- the cache is manual/custom versioned. When a model is updated, we remove it from the cache
which causes an invalidation message to be sent across the cluster.
- We had to do it this way because Infinispan REPEATABLE_READ
wouldn't cut it in invalidation mode. Also, REPEATABLE_READ doesn't work very well on relationships and items that are
not in the cache.
- There are two Infinispan caches. One clustered that holds actual objects and a another local one that holds revision
numbers of cached objects. Whenever a cached object is removed (invalidated), the local revision
cache number or that key is bumped higher based on a local version counter. Whenever a cache entry is fetched, this
revision number is also fetched and compared against the revision number in the cache entry to see if the cache entry
is stale. Whenever a cache entry is added, this revision number is also checked against the revision cache.
- Revision entries are actually never removed (although they could be evicted by cache eviction policies). The reason for this
is that it is possible for a stale object to be inserted if one thread loads and the data is updated in the database before
it is added to the cache. So, we keep the version number around for this.
- In a transaction, objects are registered to be invalidated. If an object is marked for invalidation within a transaction
a cached object should never be returned. An DB adapter should always be returned.
- After DB commits, the objects marked for invalidation are invalidated, or rather removed from the cache. At this time
the revision cache entry for this object has its version number bumped.
- Whenever an object is marked for invalidation, the cache is also searched for any objects that are related to this object
and need to also be evicted/removed. We use the Infinispan Stream SPI for this.
ClientList caches:
- lists of clients are cached in a specific cache entry i.e. realm clients, find client by clientId
- realm client lists need to be invalidated and evited whenever a client is added or removed from a realm. RealmProvider
now has addClient/removeClient at its top level. All adapters should use these methods so that the appropriate invalidations
can be registered.
- whenever a client is added/removed the realm of the client is added to a listInvalidations set
this set must be checked before sending back or caching a cached query. This check is required to
avoid caching an uncommitted removal/add in a query cache.
- when a client is removed, any queries that contain that client must also be removed.
- a client removal will also cause anything that is contained and cached within that client to be removed
Clustered caches:
- There is a Infinispan @Listener registered. If an invalidation event happens, this is treated like
the object was removed from the database and will perform evictions based on that assumption.
- Eviction events will also cascade other evictions, but not assume this is a db removal.
- With an invalidation cache, if you remove an entry on node 1 and this entry does not exist on node 2, node 2 will not receive a @Listener invalidation event.
so, hat we have to put a marker entry in the invalidation cache before we read from the DB, so if the DB changes in between reading and adding a cache entry, the cache will be notified and bump
the version information.
DBs with Repeatable Read:
- DBs like MySQL are Repeatable Read by default. So, if you query a Client for instance, it will always return the same result in the same transaction even if the DB
was updated in between these queries. This makes it possible to store stale cache entries. To avoid this problem, this class stores the current local version counter
at the beginning of the transaction. Whenever an entry is added to the cache, the current counter is compared against the counter at the beginning of the tx. If the current
is greater, then don't cache.
Groups and Roles:
- roles are tricky because of composites. Composite lists are cached too. So, when a role is removed
we also iterate and invalidate any role or group that contains that role being removed.
- any relationship should be resolved from session.realms(). For example if JPA.getClientByClientId() is invoked,
JPA should find the id of the client and then call session.realms().getClientById(). THis is to ensure that the cached
object is invoked and all proper invalidation are being invoked.
- Version:
- $Revision: 1 $
- Author:
- Bill Burke
-
Field Summary
Modifier and TypeFieldDescriptionprotected RealmCacheManager
protected ClientProvider
protected ClientScopeProvider
protected GroupProvider
protected Set<InvalidationEvent>
protected static final org.jboss.logging.Logger
protected Map<String,
ClientModel> protected Map<String,
ClientScopeAdapter> protected Map<String,
GroupAdapter> protected Map<String,
RealmAdapter> protected Map<String,
RoleAdapter> static final String
protected RealmProvider
protected RoleProvider
static final String
protected KeycloakSession
protected boolean
protected final long
protected boolean
Fields inherited from interface org.keycloak.models.GroupProvider
DEFAULT_ESCAPE_SLASHES
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionaddClient
(RealmModel realm, String clientId) Adds a client with givenclientId
to the given realm.addClient
(RealmModel realm, String id, String clientId) Adds a client with given internal ID andclientId
to the given realm.addClientRole
(ClientModel client, String name) Adds a client role with givenname
to the given client.addClientRole
(ClientModel client, String id, String name) Adds a client role with given internal ID andname
to the given client.addClientScope
(RealmModel realm, String name) Creates new client scope with givenname
to the given realm.addClientScope
(RealmModel realm, String id, String name) Creates new client scope with given internal ID andname
to the given realm.void
addClientScopes
(RealmModel realm, ClientModel client, Set<ClientScopeModel> clientScopes, boolean defaultScope) Assign clientScopes to the client.void
addClientScopeToAllClients
(RealmModel realm, ClientScopeModel clientScope, boolean defaultClientScope) Add specified client scope to all non bearer-only clients in the realm, which have same protocol as specified client scope.addRealmRole
(RealmModel realm, String name) Adds a realm role with givenname
to the given realm.addRealmRole
(RealmModel realm, String id, String name) Adds a realm role with given internal ID andname
to the given realm.void
addTopLevelGroup
(RealmModel realm, GroupModel subGroup) Removes parent group for the given group in the given realm.protected ClientModel
cacheClient
(RealmModel realm, ClientModel delegate, Long revision) void
clear()
void
close()
createClientInitialAccessModel
(RealmModel realm, int expiration, int count) createGroup
(RealmModel realm, String id, String name, GroupModel toParent) Creates a new group with the given name, id, name and parent to the given realm.createRealm
(String name) Creates new realm with the given name.createRealm
(String id, String name) Created new realm with given ID and name.boolean
deleteLocalizationText
(RealmModel realm, String locale, String key) boolean
deleteLocalizationTextsByLocale
(RealmModel realm, String locale) void
evictRealmOnRemoval
(RealmModel realm) Returns a map of (rootUrl, {validRedirectUris}) for all enabled clients.Returns a stream of clients that are expected to always show up in account console.getClientByClientId
(RealmModel realm, String clientId) Exact search for a client by its public client identifier.getClientById
(RealmModel realm, String id) Exact search for a client by its internal ID.getClientInitialAccessModel
(RealmModel realm, String id) getClientRole
(ClientModel client, String name) Exact search for a client role by given name.getClientRolesStream
(ClientModel client) Returns all the client roles of the given client.getClientRolesStream
(ClientModel client, Integer first, Integer max) Returns the client roles of the given client.getClientScopeById
(RealmModel realm, String id) Exact search for a client scope by its internal ID..getClientScopes
(RealmModel realm, ClientModel client, boolean defaultScopes) Return all default scopes (ifdefaultScope
istrue
) or all optional scopes (ifdefaultScope
isfalse
) linked with the clientgetClientScopesStream
(RealmModel realm) Returns all the client scopes of the given realm as a stream.long
getClientsCount
(RealmModel realm) Returns number of clients in the given realmgetClientsStream
(RealmModel realm) Returns all the clients of the given realm as a stream.getClientsStream
(RealmModel realm, Integer firstResult, Integer maxResults) Returns the clients of the given realm as a stream.getGroupById
(RealmModel realm, String id) Returns a group from the given realm with the corresponding idgetGroupByName
(RealmModel realm, GroupModel parent, String name) Returns a group from the given realm with the corresponding name and parentgetGroupsByRoleStream
(RealmModel realm, RoleModel role, Integer firstResult, Integer maxResults) Returns groups with the given role in the given realm.getGroupsCount
(RealmModel realm, Boolean onlyTopGroups) Returns a number of groups/top level groups (i.e.getGroupsCount
(RealmModel realm, Stream<String> ids, String search) Returns a number of groups that contains the search string in the namegetGroupsCountByNameContaining
(RealmModel realm, String search) Returns the number of top level groups containing groups with the given string in name for the given realm.getGroupsStream
(RealmModel realm) Returns groups for the given realm.getGroupsStream
(RealmModel realm, Stream<String> ids, String search, Integer first, Integer max) Returns a paginated stream of groups with given ids and given search value in group names.getLocalizationTextsById
(RealmModel realm, String locale, String key) Exact search for a realm by its internal ID.getRealmByName
(String name) Exact search for a realm by its name.getRealmRole
(RealmModel realm, String name) Exact search for a role by given name.getRealmRolesStream
(RealmModel realm) Returns all the realm roles of the given realm as a stream.getRealmRolesStream
(RealmModel realm, Integer first, Integer max) Returns the realm roles of the given realm as a stream.Returns realms as a stream.getRealmsWithProviderTypeStream
(Class<?> type) Returns stream of realms which has component with the given provider type.getRoleById
(RealmModel realm, String id) Exact search for a role by its internal ID..getRolesStream
(RealmModel realm, Stream<String> ids, String search, Integer first, Integer max) Returns a paginated stream of roles with given ids and given search value in role names.getTopLevelGroupsStream
(RealmModel realm, String search, Boolean exact, Integer first, Integer max) Returns top level groups (i.e.Returns client's initial access as a stream.void
moveGroup
(RealmModel realm, GroupModel group, GroupModel toParent) This method is used for moving groups in group structure, for example: making an existing child group child group of some other group, setting a top level group (i.e.void
registerClientInvalidation
(String id, String clientId, String realmId) void
registerClientScopeInvalidation
(String id, String realmId) void
void
registerRealmInvalidation
(String id, String name) void
registerRoleInvalidation
(String id, String roleName, String roleContainerId) boolean
removeClient
(RealmModel realm, String id) Removes given client from the given realm.void
removeClientInitialAccessModel
(RealmModel realm, String id) void
removeClients
(RealmModel realm) Removes all clients from the given realm.boolean
removeClientScope
(RealmModel realm, String id) Removes client scope from the given realm.void
removeClientScope
(RealmModel realm, ClientModel client, ClientScopeModel clientScope) Unassign clientScope from the client.void
removeClientScopes
(RealmModel realm) Removes all client scopes from the given realm.void
Removes all expired client initial accesses from all realms.boolean
removeGroup
(RealmModel realm, GroupModel group) Removes the given group for the given realm.boolean
removeRealm
(String id) Removes realm with the given id.boolean
removeRole
(RoleModel role) Removes given realm role from the given realm.void
removeRoles
(ClientModel client) Removes all roles from the given client.void
removeRoles
(RealmModel realm) Removes all roles from the given realm.protected void
void
saveLocalizationText
(RealmModel realm, String locale, String key, String text) void
saveLocalizationTexts
(RealmModel realm, String locale, Map<String, String> localizationTexts) searchClientsByAttributes
(RealmModel realm, Map<String, String> attributes, Integer firstResult, Integer maxResults) searchClientsByAuthenticationFlowBindingOverrides
(RealmModel realm, Map<String, String> overrides, Integer firstResult, Integer maxResults) searchClientsByClientIdStream
(RealmModel realm, String clientId, Integer firstResult, Integer maxResults) Case-insensitive search for clients that contain the given string in their public client identifier.searchForClientRolesStream
(ClientModel client, String search, Integer first, Integer max) Case-insensitive search for client roles that contain the given string in their name or description.searchForClientRolesStream
(RealmModel realm, String search, Stream<String> excludedIds, Integer first, Integer max) Case-insensitive search for client roles that contain the given string in their name or their client's public identifier (clientId - (client_id
in OIDC orentityID
in SAML)).searchForClientRolesStream
(RealmModel realm, Stream<String> ids, String search, Integer first, Integer max) Case-insensitive search for client roles that contain the given string in its name or their client's public identifier (clientId - (client_id
in OIDC orentityID
in SAML)).searchForGroupByNameStream
(RealmModel realm, String search, Boolean exact, Integer firstResult, Integer maxResults) Returns the group hierarchy with the given string in name for the given realm.searchForGroupByNameStream
(RealmModel realm, String search, Integer first, Integer max) Returns the group hierarchy with the given string in name for the given realm.searchForRolesStream
(RealmModel realm, String search, Integer first, Integer max) Case-insensitive search for roles that contain the given string in their name or description.searchGroupsByAttributes
(RealmModel realm, Map<String, String> attributes, Integer firstResult, Integer maxResults) Returns the groups filtered by attribute names and attribute values for the given realm.boolean
updateLocalizationText
(RealmModel realm, String locale, String key, String text) protected ClientModel
validateCache
(RealmModel realm, CachedClient cached) Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.keycloak.models.GroupProvider
createGroup, createGroup, createGroup, getGroupsStream, getGroupsStream, getTopLevelGroupsStream, getTopLevelGroupsStream
Methods inherited from interface org.keycloak.models.RealmProvider
decreaseRemainingCount
-
Field Details
-
logger
protected static final org.jboss.logging.Logger logger -
REALM_CLIENTS_QUERY_SUFFIX
- See Also:
-
ROLES_QUERY_SUFFIX
- See Also:
-
cache
-
session
-
realmDelegate
-
clientDelegate
-
clientScopeDelegate
-
groupDelegate
-
roleDelegate
-
transactionActive
protected boolean transactionActive -
setRollbackOnly
protected boolean setRollbackOnly -
managedRealms
-
managedApplications
-
managedClientScopes
-
managedRoles
-
managedGroups
-
listInvalidations
-
invalidations
-
invalidationEvents
-
startupRevision
protected final long startupRevision
-
-
Constructor Details
-
RealmCacheSession
-
-
Method Details
-
clear
public void clear()- Specified by:
clear
in interfaceCacheRealmProvider
-
getRealmDelegate
- Specified by:
getRealmDelegate
in interfaceCacheRealmProvider
-
getClientDelegate
-
getClientScopeDelegate
-
getRoleDelegate
-
getGroupDelegate
-
registerRealmInvalidation
- Specified by:
registerRealmInvalidation
in interfaceCacheRealmProvider
-
registerClientInvalidation
- Specified by:
registerClientInvalidation
in interfaceCacheRealmProvider
-
registerClientScopeInvalidation
- Specified by:
registerClientScopeInvalidation
in interfaceCacheRealmProvider
-
registerRoleInvalidation
- Specified by:
registerRoleInvalidation
in interfaceCacheRealmProvider
-
registerGroupInvalidation
- Specified by:
registerGroupInvalidation
in interfaceCacheRealmProvider
-
runInvalidations
protected void runInvalidations() -
createRealm
Description copied from interface:RealmProvider
Creates new realm with the given name. The internal ID will be generated automatically.- Specified by:
createRealm
in interfaceRealmProvider
- Parameters:
name
- String name of the realm- Returns:
- Model of the created realm.
-
createRealm
Description copied from interface:RealmProvider
Created new realm with given ID and name.- Specified by:
createRealm
in interfaceRealmProvider
- Parameters:
id
- Internal ID of the realm ornull
if one is to be created by the underlying store. If the store expects the ID to have a certain format (for exampleUUID
) and the supplied ID doesn't follow the expected format, the store may replace theid
with a new one at its own discretion.name
- String name of the realm- Returns:
- Model of the created realm.
-
getRealm
Description copied from interface:RealmProvider
Exact search for a realm by its internal ID.- Specified by:
getRealm
in interfaceRealmProvider
- Parameters:
id
- Internal ID of the realm.- Returns:
- Model of the realm
-
getRealmByName
Description copied from interface:RealmProvider
Exact search for a realm by its name.- Specified by:
getRealmByName
in interfaceRealmProvider
- Parameters:
name
- String name of the realm- Returns:
- Model of the realm
-
getRealmsWithProviderTypeStream
Description copied from interface:RealmProvider
Returns stream of realms which has component with the given provider type.- Specified by:
getRealmsWithProviderTypeStream
in interfaceRealmProvider
- Parameters:
type
-Class<?>
Type of the provider.- Returns:
- Stream of
RealmModel
. Never returnsnull
.
-
getRealmsStream
Description copied from interface:RealmProvider
Returns realms as a stream.- Specified by:
getRealmsStream
in interfaceRealmProvider
- Returns:
- Stream of
RealmModel
. Never returnsnull
.
-
removeRealm
Description copied from interface:RealmProvider
Removes realm with the given id.- Specified by:
removeRealm
in interfaceRealmProvider
- Parameters:
id
- of realm.- Returns:
true
if the realm was successfully removed.
-
evictRealmOnRemoval
-
addClient
Description copied from interface:ClientProvider
Adds a client with givenclientId
to the given realm. The internal ID of the client will be created automatically.- Specified by:
addClient
in interfaceClientProvider
- Parameters:
realm
- Realm owning this client.clientId
- String that identifies the client to the external parties. Maps toclient_id
in OIDC orentityID
in SAML.- Returns:
- Model of the created client.
-
addClient
Description copied from interface:ClientProvider
Adds a client with given internal ID andclientId
to the given realm.- Specified by:
addClient
in interfaceClientProvider
- Parameters:
realm
- Realm owning this client.id
- Internal ID of the client ornull
if one is to be created by the underlying storeclientId
- String that identifies the client to the external parties. Maps toclient_id
in OIDC orentityID
in SAML.- Returns:
- Model of the created client.
-
getClientsStream
public Stream<ClientModel> getClientsStream(RealmModel realm, Integer firstResult, Integer maxResults) Description copied from interface:ClientProvider
Returns the clients of the given realm as a stream.- Specified by:
getClientsStream
in interfaceClientProvider
- Parameters:
realm
- Realm.firstResult
- First result to return. Ignored if negative ornull
.maxResults
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of the clients. Never returns
null
.
-
getClientsStream
Description copied from interface:ClientProvider
Returns all the clients of the given realm as a stream. Effectively the same as the callgetClientsStream(realm, null, null)
.- Specified by:
getClientsStream
in interfaceClientProvider
- Parameters:
realm
- Realm.- Returns:
- Stream of the clients. Never returns
null
.
-
getAlwaysDisplayInConsoleClientsStream
Description copied from interface:ClientProvider
Returns a stream of clients that are expected to always show up in account console.- Specified by:
getAlwaysDisplayInConsoleClientsStream
in interfaceClientProvider
- Parameters:
realm
- Realm owning the clients.- Returns:
- Stream of the clients. Never returns
null
.
-
getAllRedirectUrisOfEnabledClients
Description copied from interface:ClientProvider
Returns a map of (rootUrl, {validRedirectUris}) for all enabled clients.- Specified by:
getAllRedirectUrisOfEnabledClients
in interfaceClientProvider
- Returns:
-
removeClients
Description copied from interface:ClientProvider
Removes all clients from the given realm.- Specified by:
removeClients
in interfaceClientProvider
- Parameters:
realm
- Realm.
-
removeClient
Description copied from interface:ClientProvider
Removes given client from the given realm.- Specified by:
removeClient
in interfaceClientProvider
- Parameters:
realm
- Realm.id
- Internal ID of the client- Returns:
true
if the client existed and has been removed,false
otherwise.
-
close
public void close() -
addRealmRole
Description copied from interface:RoleProvider
Adds a realm role with givenname
to the given realm. The internal ID of the role will be created automatically.- Specified by:
addRealmRole
in interfaceRoleProvider
- Parameters:
realm
- Realm owning this role.name
- String name of the role.- Returns:
- Model of the created role.
-
addRealmRole
Description copied from interface:RoleProvider
Adds a realm role with given internal ID andname
to the given realm.- Specified by:
addRealmRole
in interfaceRoleProvider
- Parameters:
realm
- Realm owning this role.id
- Internal ID of the role ornull
if one is to be created by the underlying storename
- String name of the role.- Returns:
- Model of the created client.
-
getRealmRolesStream
Description copied from interface:RoleProvider
Returns all the realm roles of the given realm as a stream. Effectively the same as the callgetRealmRolesStream(realm, null, null)
.- Specified by:
getRealmRolesStream
in interfaceRoleProvider
- Parameters:
realm
- Realm.- Returns:
- Stream of the roles. Never returns
null
.
-
getClientRolesStream
Description copied from interface:RoleProvider
Returns all the client roles of the given client. Effectively the same as the callgetClientRoles(client, null, null)
.- Specified by:
getClientRolesStream
in interfaceRoleProvider
- Parameters:
client
- Client.- Returns:
- Stream of the roles. Never returns
null
.
-
getRealmRolesStream
Description copied from interface:RoleProvider
Returns the realm roles of the given realm as a stream.- Specified by:
getRealmRolesStream
in interfaceRoleProvider
- Parameters:
realm
- Realm.first
- First result to return. Ignored if negative ornull
.max
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of the roles. Never returns
null
.
-
getRolesStream
public Stream<RoleModel> getRolesStream(RealmModel realm, Stream<String> ids, String search, Integer first, Integer max) Description copied from interface:RoleProvider
Returns a paginated stream of roles with given ids and given search value in role names.- Specified by:
getRolesStream
in interfaceRoleProvider
- Parameters:
realm
- Realm. Cannot benull
.ids
- Stream of ids. Returns emptyStream
whennull
.search
- Case-insensitive string to search by role's name or description. Ignored ifnull
.first
- Index of the first result to return. Ignored if negative ornull
.max
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of desired roles. Never returns
null
.
-
getClientRolesStream
Description copied from interface:RoleProvider
Returns the client roles of the given client.- Specified by:
getClientRolesStream
in interfaceRoleProvider
- Parameters:
client
- Client.first
- First result to return. Ignored if negative ornull
.max
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of the roles. Never returns
null
.
-
searchForClientRolesStream
public Stream<RoleModel> searchForClientRolesStream(ClientModel client, String search, Integer first, Integer max) Description copied from interface:RoleLookupProvider
Case-insensitive search for client roles that contain the given string in their name or description.- Specified by:
searchForClientRolesStream
in interfaceRoleLookupProvider
- Parameters:
client
- Client.search
- String to search by role's name or description.first
- First result to return. Ignored if negative ornull
.max
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of the client roles their name or description contains given search string.
Never returns
null
.
-
searchForClientRolesStream
public Stream<RoleModel> searchForClientRolesStream(RealmModel realm, Stream<String> ids, String search, Integer first, Integer max) Description copied from interface:RoleLookupProvider
Case-insensitive search for client roles that contain the given string in its name or their client's public identifier (clientId - (client_id
in OIDC orentityID
in SAML)).- Specified by:
searchForClientRolesStream
in interfaceRoleLookupProvider
- Parameters:
realm
- Realm.ids
- Stream of ids to include in search. Ignored whennull
. Returns emptyStream
when empty.search
- String to search by role's name or client's public identifier.first
- First result to return. Ignored if negative ornull
.max
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of the client roles where role name or client public identifier contains given search string.
Never returns
null
.
-
searchForClientRolesStream
public Stream<RoleModel> searchForClientRolesStream(RealmModel realm, String search, Stream<String> excludedIds, Integer first, Integer max) Description copied from interface:RoleLookupProvider
Case-insensitive search for client roles that contain the given string in their name or their client's public identifier (clientId - (client_id
in OIDC orentityID
in SAML)).- Specified by:
searchForClientRolesStream
in interfaceRoleLookupProvider
- Parameters:
realm
- Realm.search
- String to search by role's name or client's public identifier.excludedIds
- Stream of ids to exclude. Ignored if empty ornull
.first
- First result to return. Ignored if negative ornull
.max
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of the client roles where role name or client's public identifier contains given search string.
Never returns
null
.
-
searchForRolesStream
public Stream<RoleModel> searchForRolesStream(RealmModel realm, String search, Integer first, Integer max) Description copied from interface:RoleLookupProvider
Case-insensitive search for roles that contain the given string in their name or description.- Specified by:
searchForRolesStream
in interfaceRoleLookupProvider
- Parameters:
realm
- Realm.search
- Searched substring of the role's name or description.first
- First result to return. Ignored if negative ornull
.max
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of the realm roles their name or description contains given search string.
Never returns
null
.
-
addClientRole
Description copied from interface:RoleProvider
Adds a client role with givenname
to the given client. The internal ID of the role will be created automatically.- Specified by:
addClientRole
in interfaceRoleProvider
- Parameters:
client
- Client owning this role.name
- String name of the role.- Returns:
- Model of the created role.
-
addClientRole
Description copied from interface:RoleProvider
Adds a client role with given internal ID andname
to the given client.- Specified by:
addClientRole
in interfaceRoleProvider
- Parameters:
client
- Client owning this role.id
- Internal ID of the client role ornull
if one is to be created by the underlying store.name
- String name of the role.- Returns:
- Model of the created role.
-
getRealmRole
Description copied from interface:RoleLookupProvider
Exact search for a role by given name.- Specified by:
getRealmRole
in interfaceRoleLookupProvider
- Parameters:
realm
- Realm.name
- String name of the role.- Returns:
- Model of the role, or
null
if no role is found.
-
getClientRole
Description copied from interface:RoleLookupProvider
Exact search for a client role by given name.- Specified by:
getClientRole
in interfaceRoleLookupProvider
- Parameters:
client
- Client.name
- String name of the role.- Returns:
- Model of the role, or
null
if no role is found.
-
removeRole
Description copied from interface:RoleProvider
Removes given realm role from the given realm.- Specified by:
removeRole
in interfaceRoleProvider
- Parameters:
role
- Role to be removed.- Returns:
true
if the role existed and has been removed,false
otherwise.
-
removeRoles
Description copied from interface:RoleProvider
Removes all roles from the given realm.- Specified by:
removeRoles
in interfaceRoleProvider
- Parameters:
realm
- Realm.
-
removeRoles
Description copied from interface:RoleProvider
Removes all roles from the given client.- Specified by:
removeRoles
in interfaceRoleProvider
- Parameters:
client
- Client.
-
getRoleById
Description copied from interface:RoleLookupProvider
Exact search for a role by its internal ID..- Specified by:
getRoleById
in interfaceRoleLookupProvider
- Parameters:
realm
- Realm.id
- Internal ID of the role.- Returns:
- Model of the role.
-
getGroupById
Description copied from interface:GroupLookupProvider
Returns a group from the given realm with the corresponding id- Specified by:
getGroupById
in interfaceGroupLookupProvider
- Parameters:
realm
- Realm.id
- Id.- Returns:
- GroupModel with the corresponding id.
-
getGroupByName
Description copied from interface:GroupLookupProvider
Returns a group from the given realm with the corresponding name and parent- Specified by:
getGroupByName
in interfaceGroupLookupProvider
- Parameters:
realm
- Realm.parent
- parent Group. Ifnull
top level groups are searchedname
- name.- Returns:
- GroupModel with the corresponding name.
-
moveGroup
Description copied from interface:GroupProvider
This method is used for moving groups in group structure, for example:- making an existing child group child group of some other group,
- setting a top level group (i.e. group without parent group) child of some group,
- making a child group top level group (i.e. removing its parent group).
- Specified by:
moveGroup
in interfaceGroupProvider
- Parameters:
realm
- Realm owning this group.group
- Group to update.toParent
- New parent group, ornull
if we are moving the group to top level group.
-
getGroupsStream
Description copied from interface:GroupProvider
Returns groups for the given realm.- Specified by:
getGroupsStream
in interfaceGroupProvider
- Parameters:
realm
- Realm.- Returns:
- Stream of groups in the Realm.
-
getGroupsStream
public Stream<GroupModel> getGroupsStream(RealmModel realm, Stream<String> ids, String search, Integer first, Integer max) Description copied from interface:GroupProvider
Returns a paginated stream of groups with given ids and given search value in group names.- Specified by:
getGroupsStream
in interfaceGroupProvider
- Parameters:
realm
- Realm.ids
- Stream of ids.search
- Case insensitive string which will be searched for. Ignored if null.first
- Index of the first result to return. Ignored if negative ornull
.max
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of desired groups. Never returns
null
.
-
getGroupsCount
Description copied from interface:GroupProvider
Returns a number of groups that contains the search string in the name- Specified by:
getGroupsCount
in interfaceGroupProvider
- Parameters:
realm
- Realm.ids
- List of ids.search
- Case insensitive string which will be searched for. Ignored if null.- Returns:
- Number of groups.
-
getGroupsCount
Description copied from interface:GroupProvider
Returns a number of groups/top level groups (i.e. groups without parent group) for the given realm.- Specified by:
getGroupsCount
in interfaceGroupProvider
- Parameters:
realm
- Realm.onlyTopGroups
- When true the function returns a count of top level groups only.- Returns:
- Number of groups/top level groups.
-
getClientsCount
Description copied from interface:ClientProvider
Returns number of clients in the given realm- Specified by:
getClientsCount
in interfaceClientProvider
- Parameters:
realm
- Realm.- Returns:
- Number of the clients in the given realm.
-
getGroupsCountByNameContaining
Description copied from interface:GroupProvider
Returns the number of top level groups containing groups with the given string in name for the given realm.- Specified by:
getGroupsCountByNameContaining
in interfaceGroupProvider
- Parameters:
realm
- Realm.search
- Case insensitive string which will be searched for.- Returns:
- Number of groups with the given string in its name.
-
getGroupsByRoleStream
public Stream<GroupModel> getGroupsByRoleStream(RealmModel realm, RoleModel role, Integer firstResult, Integer maxResults) Description copied from interface:GroupProvider
Returns groups with the given role in the given realm.- Specified by:
getGroupsByRoleStream
in interfaceGroupProvider
- Parameters:
realm
- Realm.role
- Role.firstResult
- First result to return. Ignored if negative ornull
.maxResults
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of groups with the given role. Never returns
null
.
-
getTopLevelGroupsStream
public Stream<GroupModel> getTopLevelGroupsStream(RealmModel realm, String search, Boolean exact, Integer first, Integer max) Description copied from interface:GroupProvider
Returns top level groups (i.e. groups without parent group) for the given realm.- Specified by:
getTopLevelGroupsStream
in interfaceGroupProvider
- Parameters:
realm
- Realm.search
- The name that should be matchedfirst
- First result to return. Ignored if negative ornull
.max
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of top level groups in the realm. Never returns
null
.
-
searchForGroupByNameStream
public Stream<GroupModel> searchForGroupByNameStream(RealmModel realm, String search, Integer first, Integer max) Description copied from interface:GroupLookupProvider
Returns the group hierarchy with the given string in name for the given realm. For a matching group node the parent group is fetched by id (with all children) and added to the result stream. This is done until the group node does not have a parent (root group)- Specified by:
searchForGroupByNameStream
in interfaceGroupLookupProvider
- Parameters:
realm
- Realm.search
- Case sensitive searched string.first
- First result to return. Ignored if negative ornull
.max
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of root groups that have the given string in their name themself or a group in their child-collection has.
The returned hierarchy contains siblings that do not necessarily have a matching name. Never returns
null
.
-
searchForGroupByNameStream
public Stream<GroupModel> searchForGroupByNameStream(RealmModel realm, String search, Boolean exact, Integer firstResult, Integer maxResults) Description copied from interface:GroupLookupProvider
Returns the group hierarchy with the given string in name for the given realm. For a matching group node the parent group is fetched by id (with all children) and added to the result stream. This is done until the group node does not have a parent (root group)- Specified by:
searchForGroupByNameStream
in interfaceGroupLookupProvider
- Parameters:
realm
- Realm.search
- Case sensitive searched string.exact
- Boolean which defines whether search param should be matched exactly.firstResult
- First result to return. Ignored if negative ornull
.maxResults
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of root groups that have the given string in their name themself or a group in their child-collection has.
The returned hierarchy contains siblings that do not necessarily have a matching name. Never returns
null
.
-
searchGroupsByAttributes
public Stream<GroupModel> searchGroupsByAttributes(RealmModel realm, Map<String, String> attributes, Integer firstResult, Integer maxResults) Description copied from interface:GroupLookupProvider
Returns the groups filtered by attribute names and attribute values for the given realm.- Specified by:
searchGroupsByAttributes
in interfaceGroupLookupProvider
- Parameters:
realm
- Realm.attributes
- name-value pairs that are compared to group attributes.firstResult
- First result to return. Ignored if negative ornull
.maxResults
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of groups with attributes matching all searched attributes. Never returns
null
.
-
removeGroup
Description copied from interface:GroupProvider
Removes the given group for the given realm.- Specified by:
removeGroup
in interfaceGroupProvider
- Parameters:
realm
- Realm.group
- Group.- Returns:
- true if the group was removed, false if group doesn't exist or doesn't belong to the given realm
-
createGroup
Description copied from interface:GroupProvider
Creates a new group with the given name, id, name and parent to the given realm.- Specified by:
createGroup
in interfaceGroupProvider
- Parameters:
realm
- Realm.id
- Id, will be generated ifnull
.name
- Name.toParent
- Parent group, ornull
if the group is top level group- Returns:
- Model of the created group
-
addTopLevelGroup
Description copied from interface:GroupProvider
Removes parent group for the given group in the given realm.- Specified by:
addTopLevelGroup
in interfaceGroupProvider
- Parameters:
realm
- Realm.subGroup
- Group.
-
getClientById
Description copied from interface:ClientLookupProvider
Exact search for a client by its internal ID.- Specified by:
getClientById
in interfaceClientLookupProvider
- Parameters:
realm
- Realm to limit the search.id
- Internal ID- Returns:
- Model of the client, or
null
if no client is found.
-
cacheClient
-
validateCache
-
searchClientsByClientIdStream
public Stream<ClientModel> searchClientsByClientIdStream(RealmModel realm, String clientId, Integer firstResult, Integer maxResults) Description copied from interface:ClientLookupProvider
Case-insensitive search for clients that contain the given string in their public client identifier.- Specified by:
searchClientsByClientIdStream
in interfaceClientLookupProvider
- Parameters:
realm
- Realm to limit the search for clients.clientId
- Searched substring of the public client identifier (client_id
in OIDC orentityID
in SAML.)firstResult
- First result to return. Ignored if negative ornull
.maxResults
- Maximum number of results to return. Ignored if negative ornull
.- Returns:
- Stream of ClientModel or an empty stream if no client is found. Never returns
null
.
-
searchClientsByAttributes
public Stream<ClientModel> searchClientsByAttributes(RealmModel realm, Map<String, String> attributes, Integer firstResult, Integer maxResults) - Specified by:
searchClientsByAttributes
in interfaceClientLookupProvider
-
searchClientsByAuthenticationFlowBindingOverrides
public Stream<ClientModel> searchClientsByAuthenticationFlowBindingOverrides(RealmModel realm, Map<String, String> overrides, Integer firstResult, Integer maxResults) - Specified by:
searchClientsByAuthenticationFlowBindingOverrides
in interfaceClientLookupProvider
-
getClientByClientId
Description copied from interface:ClientLookupProvider
Exact search for a client by its public client identifier.- Specified by:
getClientByClientId
in interfaceClientLookupProvider
- Parameters:
realm
- Realm to limit the search for clients.clientId
- String that identifies the client to the external parties. Maps toclient_id
in OIDC orentityID
in SAML.- Returns:
- Model of the client, or
null
if no client is found.
-
getClientScopeById
Description copied from interface:ClientScopeLookupProvider
Exact search for a client scope by its internal ID..- Specified by:
getClientScopeById
in interfaceClientScopeLookupProvider
- Parameters:
realm
- Realm.id
- Internal ID of the role.- Returns:
- Model of the client scope.
-
getClientScopesStream
Description copied from interface:ClientScopeProvider
Returns all the client scopes of the given realm as a stream.- Specified by:
getClientScopesStream
in interfaceClientScopeProvider
- Parameters:
realm
- Realm.- Returns:
- Stream of the client scopes. Never returns
null
.
-
addClientScope
Description copied from interface:ClientScopeProvider
Creates new client scope with givenname
to the given realm. Spaces inname
will be replaced by underscore so that scope name can be used as value of scope parameter. The internal ID will be created automatically.- Specified by:
addClientScope
in interfaceClientScopeProvider
- Parameters:
realm
- Realm owning this client scope.name
- String name of the client scope.- Returns:
- Model of the created client scope.
-
addClientScope
Description copied from interface:ClientScopeProvider
Creates new client scope with given internal ID andname
to the given realm. Spaces inname
will be replaced by underscore so that scope name can be used as value of scope parameter.- Specified by:
addClientScope
in interfaceClientScopeProvider
- Parameters:
realm
- Realm owning this client scope.id
- Internal ID of the client scope ornull
if one is to be created by the underlying storename
- String name of the client scope.- Returns:
- Model of the created client scope.
-
removeClientScope
Description copied from interface:ClientScopeProvider
Removes client scope from the given realm.- Specified by:
removeClientScope
in interfaceClientScopeProvider
- Parameters:
realm
- Realm.id
- Internal ID of the client scope- Returns:
true
if the client scope existed and has been removed,false
otherwise.
-
removeClientScopes
Description copied from interface:ClientScopeProvider
Removes all client scopes from the given realm.- Specified by:
removeClientScopes
in interfaceClientScopeProvider
- Parameters:
realm
- Realm.
-
addClientScopes
public void addClientScopes(RealmModel realm, ClientModel client, Set<ClientScopeModel> clientScopes, boolean defaultScope) Description copied from interface:ClientProvider
Assign clientScopes to the client. Add as default scopes (if parameter 'defaultScope' is true) or optional scopes (if parameter 'defaultScope' is false)- Specified by:
addClientScopes
in interfaceClientProvider
- Parameters:
realm
- Realm.client
- Client.clientScopes
- to be assigneddefaultScope
- if true the scopes are assigned as default, or optional in case of false
-
removeClientScope
Description copied from interface:ClientProvider
Unassign clientScope from the client.- Specified by:
removeClientScope
in interfaceClientProvider
- Parameters:
realm
- Realm.client
- Client.clientScope
- to be unassigned
-
getClientScopes
public Map<String,ClientScopeModel> getClientScopes(RealmModel realm, ClientModel client, boolean defaultScopes) Description copied from interface:ClientLookupProvider
Return all default scopes (ifdefaultScope
istrue
) or all optional scopes (ifdefaultScope
isfalse
) linked with the client- Specified by:
getClientScopes
in interfaceClientLookupProvider
- Parameters:
realm
- Realmclient
- ClientdefaultScopes
- if true default scopes, if false optional scopes, are returned- Returns:
- map where key is the name of the clientScope, value is particular clientScope. Returns empty map if no scopes linked (never returns null).
-
addClientScopeToAllClients
public void addClientScopeToAllClients(RealmModel realm, ClientScopeModel clientScope, boolean defaultClientScope) Description copied from interface:ClientProvider
Add specified client scope to all non bearer-only clients in the realm, which have same protocol as specified client scope. Method may be used just for new client scopes, which are not yet assigned to any clients as if specified clientScope is already assigned to some client, there might be issues related to duplicate entries.- Specified by:
addClientScopeToAllClients
in interfaceClientProvider
- Parameters:
realm
- RealmclientScope
- client scope from the specified realm, which would be added to all clientsdefaultClientScope
- If true, then it will be added as "default" client scope. If false, then it will be added as "optional" client scope
-
createClientInitialAccessModel
public ClientInitialAccessModel createClientInitialAccessModel(RealmModel realm, int expiration, int count) - Specified by:
createClientInitialAccessModel
in interfaceRealmProvider
-
getClientInitialAccessModel
- Specified by:
getClientInitialAccessModel
in interfaceRealmProvider
-
removeClientInitialAccessModel
- Specified by:
removeClientInitialAccessModel
in interfaceRealmProvider
-
listClientInitialAccessStream
Description copied from interface:RealmProvider
Returns client's initial access as a stream.- Specified by:
listClientInitialAccessStream
in interfaceRealmProvider
- Parameters:
realm
-RealmModel
The realm where to list client's initial access.- Returns:
- Stream of
ClientInitialAccessModel
. Never returnsnull
.
-
removeExpiredClientInitialAccess
public void removeExpiredClientInitialAccess()Description copied from interface:RealmProvider
Removes all expired client initial accesses from all realms.- Specified by:
removeExpiredClientInitialAccess
in interfaceRealmProvider
-
saveLocalizationText
- Specified by:
saveLocalizationText
in interfaceRealmProvider
-
saveLocalizationTexts
public void saveLocalizationTexts(RealmModel realm, String locale, Map<String, String> localizationTexts) - Specified by:
saveLocalizationTexts
in interfaceRealmProvider
-
updateLocalizationText
- Specified by:
updateLocalizationText
in interfaceRealmProvider
-
deleteLocalizationTextsByLocale
- Specified by:
deleteLocalizationTextsByLocale
in interfaceRealmProvider
-
deleteLocalizationText
- Specified by:
deleteLocalizationText
in interfaceRealmProvider
-
getLocalizationTextsById
- Specified by:
getLocalizationTextsById
in interfaceRealmProvider
-