public class LDAPStorageProvider extends Object implements UserStorageProvider, CredentialInputValidator, CredentialInputUpdater, CredentialAuthentication, UserLookupProvider, UserRegistrationProvider, UserQueryProvider, ImportedUserValidation
UserStorageProvider.EditMode
Modifier and Type | Field and Description |
---|---|
protected UserStorageProvider.EditMode |
editMode |
protected LDAPStorageProviderFactory |
factory |
protected LDAPProviderKerberosConfig |
kerberosConfig |
protected LDAPIdentityStore |
ldapIdentityStore |
protected LDAPStorageMapperManager |
mapperManager |
protected UserStorageProviderModel |
model |
protected KeycloakSession |
session |
protected Set<String> |
supportedCredentialTypes |
protected PasswordUpdateCallback |
updater |
protected LDAPStorageUserManager |
userManager |
Constructor and Description |
---|
LDAPStorageProvider(LDAPStorageProviderFactory factory,
KeycloakSession session,
ComponentModel model,
LDAPIdentityStore ldapIdentityStore) |
Modifier and Type | Method and Description |
---|---|
UserModel |
addUser(RealmModel realm,
String username)
All storage providers that implement this interface will be looped through.
|
CredentialValidationOutput |
authenticate(RealmModel realm,
CredentialInput cred) |
void |
close() |
void |
disableCredentialType(RealmModel realm,
UserModel user,
String credentialType) |
protected UserModel |
findOrCreateAuthenticatedUser(RealmModel realm,
String username)
Called after successful kerberos authentication
|
Set<String> |
getDisableableCredentialTypes(RealmModel realm,
UserModel user)
Returns a set of credential types that can be disabled by disableCredentialType() method
|
UserStorageProvider.EditMode |
getEditMode() |
List<UserModel> |
getGroupMembers(RealmModel realm,
GroupModel group)
Get users that belong to a specific group.
|
List<UserModel> |
getGroupMembers(RealmModel realm,
GroupModel group,
int firstResult,
int maxResults)
Get users that belong to a specific group.
|
LDAPIdentityStore |
getLdapIdentityStore() |
LDAPStorageMapperManager |
getMapperManager() |
UserStorageProviderModel |
getModel() |
KeycloakSession |
getSession() |
Set<String> |
getSupportedCredentialTypes() |
UserModel |
getUserByEmail(String email,
RealmModel realm) |
UserModel |
getUserById(String id,
RealmModel realm) |
UserModel |
getUserByUsername(String username,
RealmModel realm) |
LDAPStorageUserManager |
getUserManager() |
List<UserModel> |
getUsers(RealmModel realm) |
List<UserModel> |
getUsers(RealmModel realm,
int firstResult,
int maxResults) |
int |
getUsersCount(RealmModel realm)
Returns the number of users, without consider any service account.
|
protected UserModel |
importUserFromLDAP(KeycloakSession session,
RealmModel realm,
LDAPObject ldapUser) |
boolean |
isConfiguredFor(RealmModel realm,
UserModel user,
String credentialType) |
boolean |
isValid(RealmModel realm,
UserModel user,
CredentialInput input)
Tests whether a credential is valid
|
protected LDAPObject |
loadAndValidateUser(RealmModel realm,
UserModel local) |
LDAPObject |
loadLDAPUserByUsername(RealmModel realm,
String username) |
List<UserModel> |
loadUsersByUsernames(List<String> usernames,
RealmModel realm) |
void |
preRemove(RealmModel realm)
Callback when a realm is removed.
|
void |
preRemove(RealmModel realm,
GroupModel group)
Callback when a group is removed.
|
void |
preRemove(RealmModel realm,
RoleModel role)
Callback when a role is removed.
|
protected UserModel |
proxy(RealmModel realm,
UserModel local,
LDAPObject ldapObject,
boolean newUser) |
protected LDAPObject |
queryByEmail(RealmModel realm,
String email) |
boolean |
removeUser(RealmModel realm,
UserModel user)
Called if user originated from this provider.
|
List<UserModel> |
searchForUser(Map<String,String> params,
RealmModel realm)
Search for user by parameter.
|
List<UserModel> |
searchForUser(Map<String,String> params,
RealmModel realm,
int firstResult,
int maxResults)
Search for user by parameter.
|
List<UserModel> |
searchForUser(String search,
RealmModel realm)
Search for users with username, email or first + last name that is like search string.
|
List<UserModel> |
searchForUser(String search,
RealmModel realm,
int firstResult,
int maxResults)
Search for users with username, email or first + last name that is like search string.
|
List<UserModel> |
searchForUserByUserAttribute(String attrName,
String attrValue,
RealmModel realm)
Search for users that have a specific attribute with a specific value.
|
protected List<LDAPObject> |
searchLDAP(RealmModel realm,
Map<String,String> attributes,
int maxResults) |
void |
setUpdater(PasswordUpdateCallback updater) |
boolean |
supportsCredentialAuthenticationFor(String type) |
boolean |
supportsCredentialType(String credentialType) |
boolean |
synchronizeRegistrations() |
boolean |
updateCredential(RealmModel realm,
UserModel user,
CredentialInput input) |
UserModel |
validate(RealmModel realm,
UserModel local)
If this method returns null, then the user in local storage will be removed
|
boolean |
validPassword(RealmModel realm,
UserModel user,
String password) |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
countUsersInGroups, getRoleMembers, getRoleMembers, getUsersCount, getUsersCount, getUsersCount, getUsersCount, getUsersCount, getUsersCount
protected LDAPStorageProviderFactory factory
protected KeycloakSession session
protected UserStorageProviderModel model
protected LDAPIdentityStore ldapIdentityStore
protected UserStorageProvider.EditMode editMode
protected LDAPProviderKerberosConfig kerberosConfig
protected PasswordUpdateCallback updater
protected LDAPStorageMapperManager mapperManager
protected LDAPStorageUserManager userManager
public LDAPStorageProvider(LDAPStorageProviderFactory factory, KeycloakSession session, ComponentModel model, LDAPIdentityStore ldapIdentityStore)
public void setUpdater(PasswordUpdateCallback updater)
public KeycloakSession getSession()
public LDAPIdentityStore getLdapIdentityStore()
public UserStorageProvider.EditMode getEditMode()
public UserStorageProviderModel getModel()
public LDAPStorageMapperManager getMapperManager()
public LDAPStorageUserManager getUserManager()
public UserModel validate(RealmModel realm, UserModel local)
ImportedUserValidation
validate
in interface ImportedUserValidation
protected UserModel proxy(RealmModel realm, UserModel local, LDAPObject ldapObject, boolean newUser)
public boolean supportsCredentialAuthenticationFor(String type)
supportsCredentialAuthenticationFor
in interface CredentialAuthentication
public List<UserModel> searchForUserByUserAttribute(String attrName, String attrValue, RealmModel realm)
UserQueryProvider
searchForUserByUserAttribute
in interface UserQueryProvider
UserFederatedStorageProvider
public boolean synchronizeRegistrations()
public UserModel addUser(RealmModel realm, String username)
UserRegistrationProvider
addUser
in interface UserRegistrationProvider
public boolean removeUser(RealmModel realm, UserModel user)
UserRegistrationProvider
removeUser
in interface UserRegistrationProvider
public UserModel getUserById(String id, RealmModel realm)
getUserById
in interface UserLookupProvider
public int getUsersCount(RealmModel realm)
UserQueryProvider
getUsersCount
in interface UserQueryProvider
realm
- the realmpublic List<UserModel> getUsers(RealmModel realm)
getUsers
in interface UserQueryProvider
public List<UserModel> getUsers(RealmModel realm, int firstResult, int maxResults)
getUsers
in interface UserQueryProvider
public List<UserModel> searchForUser(String search, RealmModel realm)
UserQueryProvider
searchForUser
in interface UserQueryProvider
public List<UserModel> searchForUser(String search, RealmModel realm, int firstResult, int maxResults)
UserQueryProvider
searchForUser
in interface UserQueryProvider
public List<UserModel> searchForUser(Map<String,String> params, RealmModel realm)
UserQueryProvider
searchForUser
in interface UserQueryProvider
public List<UserModel> searchForUser(Map<String,String> params, RealmModel realm, int firstResult, int maxResults)
UserQueryProvider
searchForUser
in interface UserQueryProvider
public List<UserModel> getGroupMembers(RealmModel realm, GroupModel group)
UserQueryProvider
getGroupMembers
in interface UserQueryProvider
UserFederatedStorageProvider
public List<UserModel> getGroupMembers(RealmModel realm, GroupModel group, int firstResult, int maxResults)
UserQueryProvider
getGroupMembers
in interface UserQueryProvider
UserFederatedStorageProvider
public List<UserModel> loadUsersByUsernames(List<String> usernames, RealmModel realm)
protected List<LDAPObject> searchLDAP(RealmModel realm, Map<String,String> attributes, int maxResults)
protected LDAPObject loadAndValidateUser(RealmModel realm, UserModel local)
local
- public UserModel getUserByUsername(String username, RealmModel realm)
getUserByUsername
in interface UserLookupProvider
protected UserModel importUserFromLDAP(KeycloakSession session, RealmModel realm, LDAPObject ldapUser)
protected LDAPObject queryByEmail(RealmModel realm, String email)
public UserModel getUserByEmail(String email, RealmModel realm)
getUserByEmail
in interface UserLookupProvider
public void preRemove(RealmModel realm)
UserStorageProvider
preRemove
in interface UserStorageProvider
public void preRemove(RealmModel realm, RoleModel role)
UserStorageProvider
preRemove
in interface UserStorageProvider
public void preRemove(RealmModel realm, GroupModel group)
UserStorageProvider
preRemove
in interface UserStorageProvider
public boolean validPassword(RealmModel realm, UserModel user, String password)
public boolean updateCredential(RealmModel realm, UserModel user, CredentialInput input)
updateCredential
in interface CredentialInputUpdater
public void disableCredentialType(RealmModel realm, UserModel user, String credentialType)
disableCredentialType
in interface CredentialInputUpdater
public Set<String> getDisableableCredentialTypes(RealmModel realm, UserModel user)
CredentialInputUpdater
getDisableableCredentialTypes
in interface CredentialInputUpdater
public boolean supportsCredentialType(String credentialType)
supportsCredentialType
in interface CredentialInputUpdater
supportsCredentialType
in interface CredentialInputValidator
public boolean isConfiguredFor(RealmModel realm, UserModel user, String credentialType)
isConfiguredFor
in interface CredentialInputValidator
public boolean isValid(RealmModel realm, UserModel user, CredentialInput input)
CredentialInputValidator
isValid
in interface CredentialInputValidator
realm
- The realm in which to which the credential belongs touser
- The user for which to test the credentialinput
- the credential details to verifypublic CredentialValidationOutput authenticate(RealmModel realm, CredentialInput cred)
authenticate
in interface CredentialAuthentication
protected UserModel findOrCreateAuthenticatedUser(RealmModel realm, String username)
realm
- realmusername
- username without realm prefixpublic LDAPObject loadLDAPUserByUsername(RealmModel realm, String username)
Copyright © 2020 JBoss by Red Hat. All rights reserved.