Package org.keycloak.credential
Class UserCredentialStoreManager
- java.lang.Object
-
- org.keycloak.storage.AbstractStorageManager<UserStorageProvider,UserStorageProviderModel>
-
- org.keycloak.credential.UserCredentialStoreManager
-
- All Implemented Interfaces:
UserCredentialStore,UserCredentialStore.Streams,OnUserCache,UserCredentialManager,UserCredentialManager.Streams,Provider
public class UserCredentialStoreManager extends AbstractStorageManager<UserStorageProvider,UserStorageProviderModel> implements UserCredentialManager.Streams, OnUserCache
- Version:
- $Revision: 1 $
- Author:
- Bill Burke
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.keycloak.models.UserCredentialManager
UserCredentialManager.Streams
-
Nested classes/interfaces inherited from interface org.keycloak.credential.UserCredentialStore
UserCredentialStore.Streams
-
-
Field Summary
-
Fields inherited from class org.keycloak.storage.AbstractStorageManager
session
-
-
Constructor Summary
Constructors Constructor Description UserCredentialStoreManager(KeycloakSession session)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description CredentialValidationOutputauthenticate(KeycloakSession session, RealmModel realm, CredentialInput input)Given a CredentialInput, authenticate the user.voidclose()CredentialModelcreateCredential(RealmModel realm, UserModel user, CredentialModel cred)CredentialModelcreateCredentialThroughProvider(RealmModel realm, UserModel user, CredentialModel model)Creates a credential from the credentialModel, by looping through the providers to find a match for the typevoiddisableCredentialType(RealmModel realm, UserModel user, String credentialType)Calls disableCredential on UserStorageProvider and UserFederationProviders first, then loop through each CredentialProvider.Stream<String>getConfiguredUserStorageCredentialTypesStream(RealmModel realm, UserModel user)Obtains the credential types provided by the user storage where the specified user is stored.static <T> Stream<T>getCredentialProviders(KeycloakSession session, Class<T> type)Stream<String>getDisableableCredentialTypesStream(RealmModel realm, UserModel user)Obtains the credential types that can be disabled by means of theUserCredentialManager.disableCredentialType(RealmModel, UserModel, String)method.CredentialModelgetStoredCredentialById(RealmModel realm, UserModel user, String id)CredentialModelgetStoredCredentialByNameAndType(RealmModel realm, UserModel user, String name, String type)Stream<CredentialModel>getStoredCredentialsByTypeStream(RealmModel realm, UserModel user, String type)Obtains the stored credentials associated with the specified user that match the specified type.Stream<CredentialModel>getStoredCredentialsStream(RealmModel realm, UserModel user)Obtains the stored credentials associated with the specified user.protected UserCredentialStoregetStoreForUser(UserModel user)booleanisConfiguredFor(RealmModel realm, UserModel user, String type)Checks to see if user has credential type configured.booleanisConfiguredLocally(RealmModel realm, UserModel user, String type)Only loops through each CredentialProvider to see if credential type is configured for the user.booleanisValid(RealmModel realm, UserModel user, List<CredentialInput> inputs)Validates list of credentials.booleanisValid(RealmModel realm, UserModel user, CredentialInput... inputs)Validates list of credentials.booleanmoveCredentialTo(RealmModel realm, UserModel user, String id, String newPreviousCredentialId)voidonCache(RealmModel realm, CachedUserModel user, UserModel delegate)booleanremoveStoredCredential(RealmModel realm, UserModel user, String id)Removes credential with theidfor theuser.booleanupdateCredential(RealmModel realm, UserModel user, CredentialInput input)Updates a credential.voidupdateCredential(RealmModel realm, UserModel user, CredentialModel cred)voidupdateCredentialLabel(RealmModel realm, UserModel user, String credentialId, String userLabel)Updates the credential label and invalidates the cache for the user.-
Methods inherited from class org.keycloak.storage.AbstractStorageManager
consumeEnabledStorageProvidersWithTimeout, flatMapEnabledStorageProvidersWithTimeout, getEnabledStorageProviders, getStorageProviderFactory, getStorageProviderInstance, getStorageProviderInstance, getStorageProviderInstance, getStorageProviderInstance, getStorageProviderModel, getStorageProviderModels, getStorageProviderTimeout, mapEnabledStorageProvidersWithTimeout
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.keycloak.models.UserCredentialManager.Streams
getConfiguredUserStorageCredentialTypes, getDisableableCredentialTypes
-
Methods inherited from interface org.keycloak.credential.UserCredentialStore.Streams
getStoredCredentials, getStoredCredentialsByType
-
-
-
-
Constructor Detail
-
UserCredentialStoreManager
public UserCredentialStoreManager(KeycloakSession session)
-
-
Method Detail
-
getStoreForUser
protected UserCredentialStore getStoreForUser(UserModel user)
-
updateCredential
public void updateCredential(RealmModel realm, UserModel user, CredentialModel cred)
- Specified by:
updateCredentialin interfaceUserCredentialStore
-
createCredential
public CredentialModel createCredential(RealmModel realm, UserModel user, CredentialModel cred)
- Specified by:
createCredentialin interfaceUserCredentialStore
-
removeStoredCredential
public boolean removeStoredCredential(RealmModel realm, UserModel user, String id)
Description copied from interface:UserCredentialStoreRemoves credential with theidfor theuser.- Specified by:
removeStoredCredentialin interfaceUserCredentialStore- Parameters:
realm- realm.user- userid- id- Returns:
trueif the credential was removed,falseotherwise TODO: Make this method return Boolean so that store can return "I don't know" answer, this can be used for example in async stores
-
getStoredCredentialById
public CredentialModel getStoredCredentialById(RealmModel realm, UserModel user, String id)
- Specified by:
getStoredCredentialByIdin interfaceUserCredentialStore
-
getStoredCredentialsStream
public Stream<CredentialModel> getStoredCredentialsStream(RealmModel realm, UserModel user)
Description copied from interface:UserCredentialStoreObtains the stored credentials associated with the specified user.- Specified by:
getStoredCredentialsStreamin interfaceUserCredentialStore- Specified by:
getStoredCredentialsStreamin interfaceUserCredentialStore.Streams- Parameters:
realm- a reference to the realm.user- the user whose credentials are being searched.- Returns:
- a non-null
Streamof credentials.
-
getStoredCredentialsByTypeStream
public Stream<CredentialModel> getStoredCredentialsByTypeStream(RealmModel realm, UserModel user, String type)
Description copied from interface:UserCredentialStoreObtains the stored credentials associated with the specified user that match the specified type.- Specified by:
getStoredCredentialsByTypeStreamin interfaceUserCredentialStore- Specified by:
getStoredCredentialsByTypeStreamin interfaceUserCredentialStore.Streams- Parameters:
realm- a reference to the realm.user- the user whose credentials are being searched.type- the type of credentials being searched.- Returns:
- a non-null
Streamof credentials.
-
getStoredCredentialByNameAndType
public CredentialModel getStoredCredentialByNameAndType(RealmModel realm, UserModel user, String name, String type)
- Specified by:
getStoredCredentialByNameAndTypein interfaceUserCredentialStore
-
moveCredentialTo
public boolean moveCredentialTo(RealmModel realm, UserModel user, String id, String newPreviousCredentialId)
- Specified by:
moveCredentialToin interfaceUserCredentialStore
-
isValid
public boolean isValid(RealmModel realm, UserModel user, CredentialInput... inputs)
Description copied from interface:UserCredentialManagerValidates list of credentials. Will call UserStorageProvider and UserFederationProviders first, then loop through each CredentialProvider.- Specified by:
isValidin interfaceUserCredentialManager- Returns:
-
createCredentialThroughProvider
public CredentialModel createCredentialThroughProvider(RealmModel realm, UserModel user, CredentialModel model)
Description copied from interface:UserCredentialManagerCreates a credential from the credentialModel, by looping through the providers to find a match for the type- Specified by:
createCredentialThroughProviderin interfaceUserCredentialManager- Returns:
-
updateCredentialLabel
public void updateCredentialLabel(RealmModel realm, UserModel user, String credentialId, String userLabel)
Description copied from interface:UserCredentialManagerUpdates the credential label and invalidates the cache for the user.- Specified by:
updateCredentialLabelin interfaceUserCredentialManager
-
isValid
public boolean isValid(RealmModel realm, UserModel user, List<CredentialInput> inputs)
Description copied from interface:UserCredentialManagerValidates list of credentials. Will call UserStorageProvider and UserFederationProviders first, then loop through each CredentialProvider.- Specified by:
isValidin interfaceUserCredentialManager- Returns:
-
getCredentialProviders
public static <T> Stream<T> getCredentialProviders(KeycloakSession session, Class<T> type)
-
updateCredential
public boolean updateCredential(RealmModel realm, UserModel user, CredentialInput input)
Description copied from interface:UserCredentialManagerUpdates a credential. Will call UserStorageProvider and UserFederationProviders first, then loop through each CredentialProvider. Update is finished whenever any one provider returns true.- Specified by:
updateCredentialin interfaceUserCredentialManager- Returns:
- true if credential was successfully updated by UserStorage or any CredentialInputUpdater
-
disableCredentialType
public void disableCredentialType(RealmModel realm, UserModel user, String credentialType)
Description copied from interface:UserCredentialManagerCalls disableCredential on UserStorageProvider and UserFederationProviders first, then loop through each CredentialProvider.- Specified by:
disableCredentialTypein interfaceUserCredentialManager
-
getDisableableCredentialTypesStream
public Stream<String> getDisableableCredentialTypesStream(RealmModel realm, UserModel user)
Description copied from interface:UserCredentialManagerObtains the credential types that can be disabled by means of theUserCredentialManager.disableCredentialType(RealmModel, UserModel, String)method.- Specified by:
getDisableableCredentialTypesStreamin interfaceUserCredentialManager- Specified by:
getDisableableCredentialTypesStreamin interfaceUserCredentialManager.Streams- Parameters:
realm- a reference to the realm.user- the user whose credentials are being searched.- Returns:
- a non-null
Streamof credential types.
-
isConfiguredFor
public boolean isConfiguredFor(RealmModel realm, UserModel user, String type)
Description copied from interface:UserCredentialManagerChecks to see if user has credential type configured. Looks in UserStorageProvider or UserFederationProvider first, then loops through each CredentialProvider.- Specified by:
isConfiguredForin interfaceUserCredentialManager- Returns:
-
isConfiguredLocally
public boolean isConfiguredLocally(RealmModel realm, UserModel user, String type)
Description copied from interface:UserCredentialManagerOnly loops through each CredentialProvider to see if credential type is configured for the user. This allows UserStorageProvider and UserFederationProvider isValid() implementations to punt to local storage when validating a credential that has been overriden in Keycloak storage.- Specified by:
isConfiguredLocallyin interfaceUserCredentialManager- Returns:
-
authenticate
public CredentialValidationOutput authenticate(KeycloakSession session, RealmModel realm, CredentialInput input)
Description copied from interface:UserCredentialManagerGiven a CredentialInput, authenticate the user. This is used in the case where the credential must be processed to determine and find the user. An example is Kerberos where the kerberos token might be validated and processed by a variety of different storage providers.- Specified by:
authenticatein interfaceUserCredentialManager- Returns:
-
onCache
public void onCache(RealmModel realm, CachedUserModel user, UserModel delegate)
- Specified by:
onCachein interfaceOnUserCache
-
getConfiguredUserStorageCredentialTypesStream
public Stream<String> getConfiguredUserStorageCredentialTypesStream(RealmModel realm, UserModel user)
Description copied from interface:UserCredentialManagerObtains the credential types provided by the user storage where the specified user is stored. Examples of returned values are "password", "otp", etc. This method will always return an empty stream for "local" users - i.e. users that are not backed by any user storage.- Specified by:
getConfiguredUserStorageCredentialTypesStreamin interfaceUserCredentialManager- Specified by:
getConfiguredUserStorageCredentialTypesStreamin interfaceUserCredentialManager.Streams- Parameters:
realm- a reference to the realm.user- a reference to the user.- Returns:
- a non-null
Streamof credential types.
-
-