Package org.keycloak.credential
Class UserCredentialStoreManager
- java.lang.Object
-
- org.keycloak.storage.AbstractStorageManager<UserStorageProvider,UserStorageProviderModel>
-
- org.keycloak.credential.UserCredentialStoreManager
-
- All Implemented Interfaces:
UserCredentialStore
,UserCredentialStore.Streams
,OnUserCache
,UserCredentialManager
,UserCredentialManager.Streams
,Provider
public class UserCredentialStoreManager extends AbstractStorageManager<UserStorageProvider,UserStorageProviderModel> implements UserCredentialManager.Streams, OnUserCache
- Version:
- $Revision: 1 $
- Author:
- Bill Burke
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.keycloak.models.UserCredentialManager
UserCredentialManager.Streams
-
Nested classes/interfaces inherited from interface org.keycloak.credential.UserCredentialStore
UserCredentialStore.Streams
-
-
Field Summary
-
Fields inherited from class org.keycloak.storage.AbstractStorageManager
session
-
-
Constructor Summary
Constructors Constructor Description UserCredentialStoreManager(KeycloakSession session)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description CredentialValidationOutput
authenticate(KeycloakSession session, RealmModel realm, CredentialInput input)
Given a CredentialInput, authenticate the user.void
close()
CredentialModel
createCredential(RealmModel realm, UserModel user, CredentialModel cred)
CredentialModel
createCredentialThroughProvider(RealmModel realm, UserModel user, CredentialModel model)
Creates a credential from the credentialModel, by looping through the providers to find a match for the typevoid
disableCredentialType(RealmModel realm, UserModel user, String credentialType)
Calls disableCredential on UserStorageProvider and UserFederationProviders first, then loop through each CredentialProvider.Stream<String>
getConfiguredUserStorageCredentialTypesStream(RealmModel realm, UserModel user)
Obtains the credential types provided by the user storage where the specified user is stored.static <T> Stream<T>
getCredentialProviders(KeycloakSession session, Class<T> type)
Stream<String>
getDisableableCredentialTypesStream(RealmModel realm, UserModel user)
Obtains the credential types that can be disabled by means of theUserCredentialManager.disableCredentialType(RealmModel, UserModel, String)
method.CredentialModel
getStoredCredentialById(RealmModel realm, UserModel user, String id)
CredentialModel
getStoredCredentialByNameAndType(RealmModel realm, UserModel user, String name, String type)
Stream<CredentialModel>
getStoredCredentialsByTypeStream(RealmModel realm, UserModel user, String type)
Obtains the stored credentials associated with the specified user that match the specified type.Stream<CredentialModel>
getStoredCredentialsStream(RealmModel realm, UserModel user)
Obtains the stored credentials associated with the specified user.protected UserCredentialStore
getStoreForUser(UserModel user)
boolean
isConfiguredFor(RealmModel realm, UserModel user, String type)
Checks to see if user has credential type configured.boolean
isConfiguredLocally(RealmModel realm, UserModel user, String type)
Only loops through each CredentialProvider to see if credential type is configured for the user.boolean
isValid(RealmModel realm, UserModel user, List<CredentialInput> inputs)
Validates list of credentials.boolean
isValid(RealmModel realm, UserModel user, CredentialInput... inputs)
Validates list of credentials.boolean
moveCredentialTo(RealmModel realm, UserModel user, String id, String newPreviousCredentialId)
void
onCache(RealmModel realm, CachedUserModel user, UserModel delegate)
boolean
removeStoredCredential(RealmModel realm, UserModel user, String id)
Removes credential with theid
for theuser
.boolean
updateCredential(RealmModel realm, UserModel user, CredentialInput input)
Updates a credential.void
updateCredential(RealmModel realm, UserModel user, CredentialModel cred)
void
updateCredentialLabel(RealmModel realm, UserModel user, String credentialId, String userLabel)
Updates the credential label and invalidates the cache for the user.-
Methods inherited from class org.keycloak.storage.AbstractStorageManager
consumeEnabledStorageProvidersWithTimeout, flatMapEnabledStorageProvidersWithTimeout, getEnabledStorageProviders, getStorageProviderFactory, getStorageProviderInstance, getStorageProviderInstance, getStorageProviderInstance, getStorageProviderInstance, getStorageProviderModel, getStorageProviderModels, getStorageProviderTimeout, mapEnabledStorageProvidersWithTimeout
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.keycloak.models.UserCredentialManager.Streams
getConfiguredUserStorageCredentialTypes, getDisableableCredentialTypes
-
Methods inherited from interface org.keycloak.credential.UserCredentialStore.Streams
getStoredCredentials, getStoredCredentialsByType
-
-
-
-
Constructor Detail
-
UserCredentialStoreManager
public UserCredentialStoreManager(KeycloakSession session)
-
-
Method Detail
-
getStoreForUser
protected UserCredentialStore getStoreForUser(UserModel user)
-
updateCredential
public void updateCredential(RealmModel realm, UserModel user, CredentialModel cred)
- Specified by:
updateCredential
in interfaceUserCredentialStore
-
createCredential
public CredentialModel createCredential(RealmModel realm, UserModel user, CredentialModel cred)
- Specified by:
createCredential
in interfaceUserCredentialStore
-
removeStoredCredential
public boolean removeStoredCredential(RealmModel realm, UserModel user, String id)
Description copied from interface:UserCredentialStore
Removes credential with theid
for theuser
.- Specified by:
removeStoredCredential
in interfaceUserCredentialStore
- Parameters:
realm
- realm.user
- userid
- id- Returns:
true
if the credential was removed,false
otherwise TODO: Make this method return Boolean so that store can return "I don't know" answer, this can be used for example in async stores
-
getStoredCredentialById
public CredentialModel getStoredCredentialById(RealmModel realm, UserModel user, String id)
- Specified by:
getStoredCredentialById
in interfaceUserCredentialStore
-
getStoredCredentialsStream
public Stream<CredentialModel> getStoredCredentialsStream(RealmModel realm, UserModel user)
Description copied from interface:UserCredentialStore
Obtains the stored credentials associated with the specified user.- Specified by:
getStoredCredentialsStream
in interfaceUserCredentialStore
- Specified by:
getStoredCredentialsStream
in interfaceUserCredentialStore.Streams
- Parameters:
realm
- a reference to the realm.user
- the user whose credentials are being searched.- Returns:
- a non-null
Stream
of credentials.
-
getStoredCredentialsByTypeStream
public Stream<CredentialModel> getStoredCredentialsByTypeStream(RealmModel realm, UserModel user, String type)
Description copied from interface:UserCredentialStore
Obtains the stored credentials associated with the specified user that match the specified type.- Specified by:
getStoredCredentialsByTypeStream
in interfaceUserCredentialStore
- Specified by:
getStoredCredentialsByTypeStream
in interfaceUserCredentialStore.Streams
- Parameters:
realm
- a reference to the realm.user
- the user whose credentials are being searched.type
- the type of credentials being searched.- Returns:
- a non-null
Stream
of credentials.
-
getStoredCredentialByNameAndType
public CredentialModel getStoredCredentialByNameAndType(RealmModel realm, UserModel user, String name, String type)
- Specified by:
getStoredCredentialByNameAndType
in interfaceUserCredentialStore
-
moveCredentialTo
public boolean moveCredentialTo(RealmModel realm, UserModel user, String id, String newPreviousCredentialId)
- Specified by:
moveCredentialTo
in interfaceUserCredentialStore
-
isValid
public boolean isValid(RealmModel realm, UserModel user, CredentialInput... inputs)
Description copied from interface:UserCredentialManager
Validates list of credentials. Will call UserStorageProvider and UserFederationProviders first, then loop through each CredentialProvider.- Specified by:
isValid
in interfaceUserCredentialManager
- Returns:
-
createCredentialThroughProvider
public CredentialModel createCredentialThroughProvider(RealmModel realm, UserModel user, CredentialModel model)
Description copied from interface:UserCredentialManager
Creates a credential from the credentialModel, by looping through the providers to find a match for the type- Specified by:
createCredentialThroughProvider
in interfaceUserCredentialManager
- Returns:
-
updateCredentialLabel
public void updateCredentialLabel(RealmModel realm, UserModel user, String credentialId, String userLabel)
Description copied from interface:UserCredentialManager
Updates the credential label and invalidates the cache for the user.- Specified by:
updateCredentialLabel
in interfaceUserCredentialManager
-
isValid
public boolean isValid(RealmModel realm, UserModel user, List<CredentialInput> inputs)
Description copied from interface:UserCredentialManager
Validates list of credentials. Will call UserStorageProvider and UserFederationProviders first, then loop through each CredentialProvider.- Specified by:
isValid
in interfaceUserCredentialManager
- Returns:
-
getCredentialProviders
public static <T> Stream<T> getCredentialProviders(KeycloakSession session, Class<T> type)
-
updateCredential
public boolean updateCredential(RealmModel realm, UserModel user, CredentialInput input)
Description copied from interface:UserCredentialManager
Updates a credential. Will call UserStorageProvider and UserFederationProviders first, then loop through each CredentialProvider. Update is finished whenever any one provider returns true.- Specified by:
updateCredential
in interfaceUserCredentialManager
- Returns:
- true if credential was successfully updated by UserStorage or any CredentialInputUpdater
-
disableCredentialType
public void disableCredentialType(RealmModel realm, UserModel user, String credentialType)
Description copied from interface:UserCredentialManager
Calls disableCredential on UserStorageProvider and UserFederationProviders first, then loop through each CredentialProvider.- Specified by:
disableCredentialType
in interfaceUserCredentialManager
-
getDisableableCredentialTypesStream
public Stream<String> getDisableableCredentialTypesStream(RealmModel realm, UserModel user)
Description copied from interface:UserCredentialManager
Obtains the credential types that can be disabled by means of theUserCredentialManager.disableCredentialType(RealmModel, UserModel, String)
method.- Specified by:
getDisableableCredentialTypesStream
in interfaceUserCredentialManager
- Specified by:
getDisableableCredentialTypesStream
in interfaceUserCredentialManager.Streams
- Parameters:
realm
- a reference to the realm.user
- the user whose credentials are being searched.- Returns:
- a non-null
Stream
of credential types.
-
isConfiguredFor
public boolean isConfiguredFor(RealmModel realm, UserModel user, String type)
Description copied from interface:UserCredentialManager
Checks to see if user has credential type configured. Looks in UserStorageProvider or UserFederationProvider first, then loops through each CredentialProvider.- Specified by:
isConfiguredFor
in interfaceUserCredentialManager
- Returns:
-
isConfiguredLocally
public boolean isConfiguredLocally(RealmModel realm, UserModel user, String type)
Description copied from interface:UserCredentialManager
Only loops through each CredentialProvider to see if credential type is configured for the user. This allows UserStorageProvider and UserFederationProvider isValid() implementations to punt to local storage when validating a credential that has been overriden in Keycloak storage.- Specified by:
isConfiguredLocally
in interfaceUserCredentialManager
- Returns:
-
authenticate
public CredentialValidationOutput authenticate(KeycloakSession session, RealmModel realm, CredentialInput input)
Description copied from interface:UserCredentialManager
Given a CredentialInput, authenticate the user. This is used in the case where the credential must be processed to determine and find the user. An example is Kerberos where the kerberos token might be validated and processed by a variety of different storage providers.- Specified by:
authenticate
in interfaceUserCredentialManager
- Returns:
-
onCache
public void onCache(RealmModel realm, CachedUserModel user, UserModel delegate)
- Specified by:
onCache
in interfaceOnUserCache
-
getConfiguredUserStorageCredentialTypesStream
public Stream<String> getConfiguredUserStorageCredentialTypesStream(RealmModel realm, UserModel user)
Description copied from interface:UserCredentialManager
Obtains the credential types provided by the user storage where the specified user is stored. Examples of returned values are "password", "otp", etc. This method will always return an empty stream for "local" users - i.e. users that are not backed by any user storage.- Specified by:
getConfiguredUserStorageCredentialTypesStream
in interfaceUserCredentialManager
- Specified by:
getConfiguredUserStorageCredentialTypesStream
in interfaceUserCredentialManager.Streams
- Parameters:
realm
- a reference to the realm.user
- a reference to the user.- Returns:
- a non-null
Stream
of credential types.
-
-