Interface UserCredentialManager

    • Method Detail

      • isValid

        boolean isValid​(RealmModel realm,
                        UserModel user,
                        List<CredentialInput> inputs)
        Validates list of credentials. Will call UserStorageProvider and UserFederationProviders first, then loop through each CredentialProvider.
        Parameters:
        realm -
        user -
        inputs -
        Returns:
      • isValid

        boolean isValid​(RealmModel realm,
                        UserModel user,
                        CredentialInput... inputs)
        Validates list of credentials. Will call UserStorageProvider and UserFederationProviders first, then loop through each CredentialProvider.
        Parameters:
        realm -
        user -
        inputs -
        Returns:
      • updateCredential

        boolean updateCredential​(RealmModel realm,
                                 UserModel user,
                                 CredentialInput input)
        Updates a credential. Will call UserStorageProvider and UserFederationProviders first, then loop through each CredentialProvider. Update is finished whenever any one provider returns true.
        Parameters:
        realm -
        user -
        Returns:
        true if credential was successfully updated by UserStorage or any CredentialInputUpdater
      • createCredentialThroughProvider

        CredentialModel createCredentialThroughProvider​(RealmModel realm,
                                                        UserModel user,
                                                        CredentialModel model)
        Creates a credential from the credentialModel, by looping through the providers to find a match for the type
        Parameters:
        realm -
        user -
        model -
        Returns:
      • updateCredentialLabel

        void updateCredentialLabel​(RealmModel realm,
                                   UserModel user,
                                   String credentialId,
                                   String userLabel)
        Updates the credential label and invalidates the cache for the user.
        Parameters:
        realm -
        user -
        credentialId -
        userLabel -
      • disableCredentialType

        void disableCredentialType​(RealmModel realm,
                                   UserModel user,
                                   String credentialType)
        Calls disableCredential on UserStorageProvider and UserFederationProviders first, then loop through each CredentialProvider.
        Parameters:
        realm -
        user -
        credentialType -
      • isConfiguredFor

        boolean isConfiguredFor​(RealmModel realm,
                                UserModel user,
                                String type)
        Checks to see if user has credential type configured. Looks in UserStorageProvider or UserFederationProvider first, then loops through each CredentialProvider.
        Parameters:
        realm -
        user -
        type -
        Returns:
      • isConfiguredLocally

        boolean isConfiguredLocally​(RealmModel realm,
                                    UserModel user,
                                    String type)
        Only loops through each CredentialProvider to see if credential type is configured for the user. This allows UserStorageProvider and UserFederationProvider isValid() implementations to punt to local storage when validating a credential that has been overriden in Keycloak storage.
        Parameters:
        realm -
        user -
        type -
        Returns:
      • authenticate

        CredentialValidationOutput authenticate​(KeycloakSession session,
                                                RealmModel realm,
                                                CredentialInput input)
        Given a CredentialInput, authenticate the user. This is used in the case where the credential must be processed to determine and find the user. An example is Kerberos where the kerberos token might be validated and processed by a variety of different storage providers.
        Parameters:
        session -
        realm -
        input -
        Returns:
      • getConfiguredUserStorageCredentialTypes

        @Deprecated
        List<String> getConfiguredUserStorageCredentialTypes​(RealmModel realm,
                                                             UserModel user)
        Return credential types, which are provided by the user storage where user is stored. Returned values can contain for example "password", "otp" etc. This will always return empty list for "local" users, which are not backed by any user storage
        Returns:
      • getConfiguredUserStorageCredentialTypesStream

        default Stream<String> getConfiguredUserStorageCredentialTypesStream​(RealmModel realm,
                                                                             UserModel user)
        Obtains the credential types provided by the user storage where the specified user is stored. Examples of returned values are "password", "otp", etc.

        This method will always return an empty stream for "local" users - i.e. users that are not backed by any user storage.

        Parameters:
        realm - a reference to the realm.
        user - a reference to the user.
        Returns:
        a non-null Stream of credential types.